This commit was generated by cvs2svn to compensate for changes in r178825,

which included commits to RCS files with non-trunk default branches.

182 files changed, 16376 insertions, 4049 deletions

diff --git a/crypto/heimdal/appl/Makefile.am b/crypto/heimdal/appl/Makefile.am
index e867521..8f26703 100644
--- a/crypto/heimdal/appl/Makefile.am
+++ b/crypto/heimdal/appl/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.24 2001/01/27 18:34:39 assar Exp $
+# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -13,6 +13,7 @@ SUBDIRS = 					\
 	  ftp					\
 	  login					\
 	  $(dir_otp)				\
+	  gssmask				\
 	  popper				\
 	  push					\
 	  rsh					\
diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in
index 6846105..52834fa 100644
--- a/crypto/heimdal/appl/Makefile.in
+++ b/crypto/heimdal/appl/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,20 +14,16 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.24 2001/01/27 18:34:39 assar Exp $
+# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -39,6 +35,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -46,16 +43,14 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 subdir = appl
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -68,6 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -76,16 +72,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 depcomp =
@@ -94,23 +94,20 @@ SOURCES =
 DIST_SOURCES =
 RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
 	html-recursive info-recursive install-data-recursive \
-	install-exec-recursive install-info-recursive \
-	install-recursive installcheck-recursive installdirs-recursive \
-	pdf-recursive ps-recursive uninstall-info-recursive \
-	uninstall-recursive
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = afsutil ftp login otp popper push rsh rcp su xnlock \
-	telnet test kx kf dceutils
+DIST_SUBDIRS = afsutil ftp login otp gssmask popper push rsh rcp su \
+	xnlock telnet test kx kf dceutils
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -120,8 +117,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -132,11 +127,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -144,42 +138,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -197,12 +176,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -212,15 +188,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -229,6 +204,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -240,15 +216,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -256,74 +227,79 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -340,6 +316,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 @OTP_TRUE@dir_otp = otp
 @DCE_TRUE@dir_dce = dceutils
@@ -348,6 +325,7 @@ SUBDIRS = \
 	  ftp					\
 	  login					\
 	  $(dir_otp)				\
+	  gssmask				\
 	  popper				\
 	  push					\
 	  rsh					\
@@ -363,7 +341,7 @@ SUBDIRS = \
 all: all-recursive
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -400,10 +378,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 # This directory's subdirectories are mostly independent; you can cd
 # into them and run `make' without going through this Makefile.
 # To change the values of `make' variables: instead of editing Makefiles,
@@ -411,7 +385,13 @@ uninstall-info-am:
 #     (which will cause the Makefiles to be regenerated when you run `make');
 # (2) otherwise, pass the desired values on the `make' command line.
 $(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -423,15 +403,20 @@ $(RECURSIVE_TARGETS):
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done; \
 	if test "$$dot_seen" = "no"; then \
 	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
 	fi; test -z "$$fail"
 
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	case "$@" in \
 	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
@@ -452,7 +437,7 @@ maintainer-clean-recursive:
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done && test -z "$$fail"
 tags-recursive:
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -477,14 +462,16 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	tags=; \
 	here=`pwd`; \
-	if (etags --etags-include --version) >/dev/null 2>&1; then \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
 	  include_option=--etags-include; \
+	  empty_fix=.; \
 	else \
 	  include_option=--include; \
+	  empty_fix=; \
 	fi; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && \
+	    test ! -f $$subdir/TAGS || \
 	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
 	  fi; \
 	done; \
@@ -494,9 +481,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -521,23 +510,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/.. $(distdir)/../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -551,12 +538,16 @@ distdir: $(DISTFILES)
 	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
 	    test -d "$(distdir)/$$subdir" \
-	    || mkdir "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
 	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
 	    (cd $$subdir && \
 	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="../$(top_distdir)" \
-	        distdir="../$(distdir)/$$subdir" \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
 	        distdir) \
 	      || exit 1; \
 	  fi; \
@@ -589,7 +580,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -600,8 +591,7 @@ clean-am: clean-generic clean-libtool mostlyclean-am
 
 distclean: distclean-recursive
 	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
+distclean-am: clean-am distclean-generic distclean-tags
 
 dvi: dvi-recursive
 
@@ -617,14 +607,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-recursive
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-recursive
+
 install-info: install-info-recursive
 
 install-man:
 
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
@@ -643,22 +641,27 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am all-local check \
-	check-am check-local clean clean-generic clean-libtool \
-	clean-recursive ctags ctags-recursive distclean \
-	distclean-generic distclean-libtool distclean-recursive \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am all-local check check-am check-local clean \
+	clean-generic clean-libtool ctags ctags-recursive dist-hook \
+	distclean distclean-generic distclean-libtool distclean-tags \
+	distdir dvi dvi-am html html-am info info-am install \
+	install-am install-data install-data-am install-data-hook \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-exec-hook install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -673,8 +676,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -684,19 +687,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -712,7 +727,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -782,14 +797,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog
index c3f5605..c6cfd39 100644
--- a/crypto/heimdal/appl/afsutil/ChangeLog
+++ b/crypto/heimdal/appl/afsutil/ChangeLog
@@ -1,11 +1,59 @@
-2003-08-25  Love Hörnquist Åstrand  <lha@it.su.se>
+2007-04-11  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* afslog.c: 1.22->1.23: (do_afslog): is cell is unset, set it
-	"<default cell>" for error printing
+	* pagsh.1,afslog.1: - options must be lexicographically ordered;
+	  again, options without arguments must be placed before options
+	  with arguments.  - manual page cross references are done using
+	  the macro `.Xr', not the macro `.Nm' (used for command names
+	  instead).
+	
+	From Igor Sobrado.
+	
+2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: Add man_MANS to EXTRA_DIST
+	
+2006-01-03  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* afslog.1: Document options to allow select principal or
+	credential cache when doing afslog.
+
+	* afslog.c: Add options to allow select principal or credential
+	cache when doing afslog.
+	
+2005-02-12  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: man_MANS += pagsh.1
+
+	* pagsh.c: add --cache-type that allows the user to control the
+	resulting credential cache type, inherit the type from the
+	invoking process
+
+	* pagsh.1: manpage for pagsh
+
+2004-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* afslog.c: use negative string help string for arg_negative_flag
+	Pointed out by Harald Barth
+	
+2004-07-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* pagsh.c: use setprogname, if we stripped off -c, try use the
+	fallback code
+	
+2003-10-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* pagsh.c: mkstemp formats must end in exactly six X's
+
+2003-07-15  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* afslog.c (do_afslog): is cell is unset, set it "<default cell>"
+	for error printing
+
+	* pagsh.c: unconditionally set KRBTKFILE
 	
 2003-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* afslog.c: 1.21->1.22: (log_func): drop the error number
+	* afslog.c (log_func): drop the error number
 	
 2003-04-14  Love Hörnquist Åstrand  <lha@it.su.se>
 
diff --git a/crypto/heimdal/appl/afsutil/Makefile.am b/crypto/heimdal/appl/afsutil/Makefile.am
index 0e6c4eb..365897b 100644
--- a/crypto/heimdal/appl/afsutil/Makefile.am
+++ b/crypto/heimdal/appl/afsutil/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+AM_CPPFLAGS += $(INCLUDE_krb4)
 
 bin_PROGRAMS = afslog pagsh
 
@@ -10,11 +10,13 @@ afslog_SOURCES = afslog.c
 
 pagsh_SOURCES  = pagsh.c
 
-man_MANS = afslog.1
+man_MANS = afslog.1 pagsh.1
 
 LDADD = $(LIB_kafs) \
 	$(LIB_krb4) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in
index be6de83..e50ac2e 100644
--- a/crypto/heimdal/appl/afsutil/Makefile.in
+++ b/crypto/heimdal/appl/afsutil/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
 subdir = appl/afsutil
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,16 +74,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
@@ -112,17 +110,18 @@ pagsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
 DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
 man1dir = $(mandir)/man1
@@ -131,13 +130,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -147,8 +140,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -159,11 +150,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -171,42 +161,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -224,12 +199,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -239,15 +211,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -256,6 +227,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -267,15 +239,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -283,74 +250,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -367,21 +340,23 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 afslog_SOURCES = afslog.c
 pagsh_SOURCES = pagsh.c
-man_MANS = afslog.1
+man_MANS = afslog.1 pagsh.1
 LDADD = $(LIB_kafs) \
 	$(LIB_krb4) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -413,7 +388,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -441,10 +416,10 @@ clean-binPROGRAMS:
 	done
 afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES) 
 	@rm -f afslog$(EXEEXT)
-	$(LINK) $(afslog_LDFLAGS) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
+	$(LINK) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
 pagsh$(EXEEXT): $(pagsh_OBJECTS) $(pagsh_DEPENDENCIES) 
 	@rm -f pagsh$(EXEEXT)
-	$(LINK) $(pagsh_LDFLAGS) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
+	$(LINK) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -466,13 +441,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -536,9 +507,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -563,23 +536,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -599,7 +570,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -620,7 +591,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -632,7 +603,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -648,14 +619,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -675,23 +654,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-man1 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am uninstall-man \
-	uninstall-man1
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-binPROGRAMS uninstall-hook \
+	uninstall-man uninstall-man1
 
 
 install-suid-programs:
@@ -706,8 +692,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -717,19 +703,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -745,7 +743,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -815,14 +813,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/afslog.1 b/crypto/heimdal/appl/afsutil/afslog.1
index c0bfaac..aa4b9d6 100644
--- a/crypto/heimdal/appl/afsutil/afslog.1
+++ b/crypto/heimdal/appl/afsutil/afslog.1
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2002 Kungliga Tekniska Högskolan
+.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan
 .\" (Royal Institute of Technology, Stockholm, Sweden). 
 .\" All rights reserved. 
 .\"
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\" $Id: afslog.1,v 1.3 2003/03/18 04:29:34 lha Exp $
+.\" $Id: afslog.1 20310 2007-04-11 11:22:23Z lha $
 .\"
 .Dd November 26, 2002
 .Dt AFSLOG 1
@@ -40,24 +40,30 @@
 obtain AFS tokens
 .Sh SYNOPSIS
 .Nm
+.Op Fl h | Fl -help
+.Op Fl -no-v4
+.Op Fl -no-v5
+.Op Fl u | Fl -unlog
+.Op Fl v | Fl -verbose
+.Op Fl -version
 .Oo Fl c Ar cell \*(Ba Xo
 .Fl -cell= Ns Ar cell
 .Xc
 .Oc
-.Oo Fl p Ar path \*(Ba Xo
-.Fl -file= Ns Ar path
-.Xc
-.Oc
 .Oo Fl k Ar realm \*(Ba Xo
 .Fl -realm= Ns Ar realm
 .Xc
 .Oc
-.Op Fl -no-v4
-.Op Fl -no-v5
-.Op Fl u | Fl -unlog
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
+.Oo Fl P Ar principal \*(Ba Xo
+.Fl -principal= Ns Ar principal
+.Xc
+.Oc
+.Bk -words
+.Oo Fl p Ar path \*(Ba Xo
+.Fl -file= Ns Ar path
+.Xc
+.Oc
+.Ek
 .Op Ar cell | path ...
 .Sh DESCRIPTION
 .Nm
@@ -71,23 +77,6 @@ decides upon.
 .Pp
 Supported options:
 .Bl -tag -width Ds
-.It Xo
-.Fl c Ar cell,
-.Fl -cell= Ns Ar cell
-.Xc
-This specified one or more cell names to get tokens for.
-.It Xo
-.Fl p Ar path ,
-.Fl -file= Ns Ar path
-.Xc
-This specified one or more file paths for which tokens should be
-obtained.
-.It Xo
-.Fl k Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-This is the Kerberos realm the AFS servers live in, this should
-normally not be specified.
 .It Fl -no-v4
 This makes
 .Nm
@@ -97,6 +86,15 @@ This makes
 .Nm
 not try using Kerberos 5.
 .It Xo
+.Fl P Ar principal ,
+.Fl -principal Ar principal
+.Xc
+select what Kerberos 5 principal to use.
+.It Fl -cache Ar cache
+select what Kerberos 5 credential cache to use.
+.Fl -principal
+overrides this option.
+.It Xo
 .Fl u ,
 .Fl -unlog
 .Xc
@@ -110,7 +108,25 @@ and
 .Fl -verbose
 .Xc
 Adds more verbosity for what is actually going on.
+.It Xo
+.Fl c Ar cell,
+.Fl -cell= Ns Ar cell
+.Xc
+This specified one or more cell names to get tokens for.
+.It Xo
+.Fl k Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+This is the Kerberos realm the AFS servers live in, this should
+normally not be specified.
+.It Xo
+.Fl p Ar path ,
+.Fl -file= Ns Ar path
+.Xc
+This specified one or more file paths for which tokens should be
+obtained.
 .El
+.Pp
 Instead of using
 .Fl c
 and
diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c
index 0d85a1e..6ca5b20 100644
--- a/crypto/heimdal/appl/afsutil/afslog.c
+++ b/crypto/heimdal/appl/afsutil/afslog.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: afslog.c,v 1.21.2.2 2003/08/25 11:43:51 lha Exp $");
+RCSID("$Id: afslog.c 16438 2006-01-03 09:27:54Z lha $");
 #endif
 #include <ctype.h>
 #ifdef KRB5
@@ -49,9 +49,6 @@ RCSID("$Id: afslog.c,v 1.21.2.2 2003/08/25 11:43:51 lha Exp $");
 
 static int help_flag;
 static int version_flag;
-#if 0
-static int create_user;
-#endif
 static getarg_strings cells;
 static char *realm;
 static getarg_strings files;
@@ -61,6 +58,8 @@ static int verbose;
 static int use_krb4 = 1;
 #endif
 #ifdef KRB5
+static char *client_string;
+static char *cache_string;
 static int use_krb5 = 1;
 #endif
 
@@ -70,13 +69,12 @@ struct getargs args[] = {
     { "realm",	'k', arg_string, &realm, "realm for afs cell", "realm" },
     { "unlog",	'u', arg_flag, &unlog_flag, "remove tokens" },
 #ifdef KRB4
-    { "v4",	 0, arg_negative_flag, &use_krb4, "use Kerberos 4" },
+    { "v4",	 0, arg_negative_flag, &use_krb4, "don't use Kerberos 4" },
 #endif
 #ifdef KRB5
-    { "v5",	 0, arg_negative_flag, &use_krb5, "use Kerberos 5" },
-#endif
-#if 0
-    { "create-user", 0, arg_flag, &create_user, "create user if not found" },
+    { "principal",'P',arg_string,&client_string,"principal to use","principal"},
+    { "cache",   0,  arg_string, &cache_string, "ccache to use", "cache"},
+    { "v5",	 0,  arg_negative_flag, &use_krb5, "don't use Kerberos 5" },
 #endif
     { "verbose",'v', arg_flag, &verbose },
     { "version", 0,  arg_flag, &version_flag },
@@ -131,43 +129,6 @@ expand_cell_name(const char *cell)
     return cell;
 }
 
-#if 0
-static int
-createuser (char *cell)
-{
-    char cellbuf[64];
-    char name[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    char cmd[1024];
-
-    if (cell == NULL) {
-	FILE *f;
-	int len;
-
-	f = fopen (_PATH_THISCELL, "r");
-	if (f == NULL)
-	    err (1, "open(%s)", _PATH_THISCELL);
-	if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
-	    err (1, "read cellname from %s", _PATH_THISCELL);
-	len = strlen(cellbuf);
-	if (cellbuf[len-1] == '\n')
-	    cellbuf[len-1] = '\0';
-	cell = cellbuf;
-    }
-
-    if(krb_get_default_principal(name, instance, realm))
-	errx (1, "Could not even figure out who you are");
-
-    snprintf (cmd, sizeof(cmd),
-	      "pts createuser %s%s%s@%s -cell %s",
-	      name, *instance ? "." : "", instance, strlwr(realm),
-	      cell);
-    DEBUG("Executing %s", cmd);
-    return system(cmd);
-}
-#endif
-
 static void
 usage(int ecode)
 {
@@ -234,14 +195,14 @@ do_afslog(const char *cell)
 
 #ifdef KRB5
     if(context != NULL && id != NULL && use_krb5) {
-	k5ret = krb5_afslog(context, id, cell, NULL);
+	k5ret = krb5_afslog(context, id, cell, realm);
 	if(k5ret == 0)
 	    return 0;
     }
 #endif
 #if KRB4
     if (use_krb4) {
-	k4ret = krb_afslog(cell, NULL);
+	k4ret = krb_afslog(cell, realm);
 	if(k4ret == 0)
 	    return 0;
     }
@@ -297,11 +258,29 @@ main(int argc, char **argv)
     }
 #ifdef KRB5
     ret = krb5_init_context(&context);
-    if (ret)
+    if (ret) {
 	context = NULL;
-    else
-	if(krb5_cc_default(context, &id) != 0)
-	    id = NULL;
+    } else {
+	if (client_string) {
+	    krb5_principal client;
+
+	    ret = krb5_parse_name(context, client_string, &client);
+	    if (ret == 0)
+		ret = krb5_cc_cache_match(context, client, NULL, &id);
+	    if (ret)
+		id = NULL;
+	}
+	if (id == NULL && cache_string) {
+	    if(krb5_cc_resolve(context, cache_string, &id) != 0) {
+		krb5_warnx(context, "failed to open kerberos 5 cache '%s'",
+			   cache_string);
+		id = NULL;
+	    }
+	}
+	if (id == NULL)
+	    if(krb5_cc_default(context, &id) != 0)
+		id = NULL;
+    }
 #endif
 
     if (verbose)
diff --git a/crypto/heimdal/appl/afsutil/pagsh.1 b/crypto/heimdal/appl/afsutil/pagsh.1
new file mode 100644
index 0000000..c3e93d4
--- /dev/null
+++ b/crypto/heimdal/appl/afsutil/pagsh.1
@@ -0,0 +1,92 @@
+.\" Copyright (c) 2005 Kungliga Tekniska Högskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden). 
+.\" All rights reserved. 
+.\"
+.\" Redistribution and use in source and binary forms, with or without 
+.\" modification, are permitted provided that the following conditions 
+.\" are met: 
+.\"
+.\" 1. Redistributions of source code must retain the above copyright 
+.\"    notice, this list of conditions and the following disclaimer. 
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright 
+.\"    notice, this list of conditions and the following disclaimer in the 
+.\"    documentation and/or other materials provided with the distribution. 
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors 
+.\"    may be used to endorse or promote products derived from this software 
+.\"    without specific prior written permission. 
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+.\" SUCH DAMAGE. 
+.\" 
+.\" $Id: pagsh.1 20311 2007-04-11 11:27:51Z lha $
+.\"
+.Dd February 12, 2005
+.Dt PAGSH 1
+.Os Heimdal
+.Sh NAME
+.Nm pagsh
+.Nd
+creates a new credential cache sandbox
+.Sh SYNOPSIS
+.Nm
+.Op Fl c
+.Op Fl h | Fl -help
+.Op Fl -version
+.Op Fl -cache-type= Ns Ar string
+.Ar command [args...]
+.Sh DESCRIPTION
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl c
+.Xc
+.It Xo
+.Fl -cache-type= Ns Ar string
+.Xc
+.It Xo
+.Fl h ,
+.Fl -help
+.Xc
+.It Xo
+.Fl -version
+.Xc
+.El
+.Pp
+.Nm
+creates a new credential cache sandbox for the user to live in.
+If AFS is installed on the computer, the user is put in a newly
+created PAG.
+.Pp
+For Kerberos 5, the credential cache type that is used is the same as
+the credential cache type that was used at the time of
+.Nm
+invocation.
+The credential cache type can be controlled by the option
+.Fl -cache-type .
+.Sh EXAMPLES
+Create a new sandbox where new credentials can be used, while the old
+credentials can be used by other processes.
+.Bd -literal -offset indent
+$ klist
+Credentials cache: FILE:/tmp/krb5cc_913
+        Principal: lha@E.KTH.SE
+
+  Issued           Expires          Principal
+Feb 12 10:08:31  Feb 12 20:06:36  krbtgt/E.KTH.SE@E.KTH.SE
+$ pagsh
+$ klist
+klist: No ticket file: /tmp/krb5cc_03014a
+.Ed
+.Sh SEE ALSO
+.Xr afslog 1
diff --git a/crypto/heimdal/appl/afsutil/pagsh.c b/crypto/heimdal/appl/afsutil/pagsh.c
index d61dba2..d975fad 100644
--- a/crypto/heimdal/appl/afsutil/pagsh.c
+++ b/crypto/heimdal/appl/afsutil/pagsh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -35,7 +35,7 @@
 #include <config.h>
 #endif
 
-RCSID("$Id: pagsh.c,v 1.6 2002/08/23 17:54:20 assar Exp $");
+RCSID("$Id: pagsh.c 14574 2005-02-12 14:23:28Z lha $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -64,12 +64,22 @@ RCSID("$Id: pagsh.c,v 1.6 2002/08/23 17:54:20 assar Exp $");
 #include <roken.h>
 #include <getarg.h>
 
+#ifndef TKT_ROOT
+#define TKT_ROOT "/tmp/tkt"
+#endif
+
 static int help_flag;
 static int version_flag;
 static int c_flag;
+#ifdef KRB5
+static char *typename_arg;
+#endif
 
 struct getargs getargs[] = {
     { NULL,	'c', arg_flag, &c_flag },
+#ifdef KRB5
+    { "cache-type", 0,  arg_string, &typename_arg },
+#endif
     { "version", 0,  arg_flag, &version_flag },
     { "help",	'h', arg_flag, &help_flag },
 };
@@ -90,94 +100,140 @@ usage(int ecode)
 int
 main(int argc, char **argv)
 {
-  int f;
-  char tf[1024];
-  char *p;
-
-  char *path;
-  char **args;
-  int i;
-  int optind = 0;
-
-  set_progname(argv[0]);
-  if(getarg(getargs, num_args, argc, argv, &optind))
-      usage(1);
-  if(help_flag)
-      usage(0);
-  if(version_flag) {
-      print_version(NULL);
-      exit(0);
-  }
-
-  argc -= optind;
-  argv += optind;
+    int f;
+    char tf[1024];
+    char *p;
+
+    char *path;
+    char **args;
+    int i;
+    int optind = 0;
+
+    setprogname(argv[0]);
+    if(getarg(getargs, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    argc -= optind;
+    argv += optind;
 
 #ifdef KRB5
-  snprintf (tf, sizeof(tf), "%sXXXXXX", KRB5_DEFAULT_CCROOT);
-  f = mkstemp (tf + 5);
-  close (f);
-  unlink (tf + 5);
-  esetenv("KRB5CCNAME", tf, 1);
+    {
+	const krb5_cc_ops *type;
+	krb5_error_code ret;
+	krb5_context context;
+	krb5_ccache id;
+	const char *name;
+
+	ret = krb5_init_context(&context);
+	if (ret) /* XXX should this really call exit ? */
+	    errx(1, "no kerberos 5 support");
+
+	if (typename_arg == NULL) {
+	    char *s;
+
+	    name = krb5_cc_default_name(context);
+	    if (name == NULL)
+		krb5_errx(context, 1, "Failed getting default "
+			  "credential cache type");
+	    
+	    typename_arg = strdup(name);
+	    if (typename_arg == NULL)
+		errx(1, "strdup");
+	    
+	    s = strchr(typename_arg, ':');
+	    if (s)
+		*s = '\0';
+	}
+
+	type = krb5_cc_get_prefix_ops(context, typename_arg);
+	if (type == NULL)
+	    krb5_err(context, 1, ret, "Failed getting ops for %s "
+		     "credential cache", typename_arg);
+     
+	ret = krb5_cc_gen_new(context, type, &id);
+	if (ret)
+	    krb5_err(context, 1, ret, "Failed generating credential cache");
+
+	name = krb5_cc_get_name(context, id);
+	if (name == NULL)
+	    krb5_errx(context, 1, "Generated credential cache have no name");
+
+	snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name);
+
+	ret = krb5_cc_close(context, id);
+	if (ret)
+	    krb5_err(context, 1, ret, "Failed closing credential cache");
+
+	krb5_free_context(context);
+
+	esetenv("KRB5CCNAME", tf, 1);
+    }
 #endif
 
-#ifdef KRB4
-  snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
-  f = mkstemp (tf);
-  close (f);
-  unlink (tf);
-  esetenv("KRBTKFILE", tf, 1);
-#endif
+    snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
+    f = mkstemp (tf);
+    if (f < 0)
+	err(1, "mkstemp failed");
+    close (f);
+    unlink (tf);
+    esetenv("KRBTKFILE", tf, 1);
 
-  i = 0;
+    i = 0;
 
-  args = (char **) malloc((argc + 10)*sizeof(char *));
-  if (args == NULL)
-      errx (1, "Out of memory allocating %lu bytes",
-	    (unsigned long)((argc + 10)*sizeof(char *)));
+    args = (char **) malloc((argc + 10)*sizeof(char *));
+    if (args == NULL)
+	errx (1, "Out of memory allocating %lu bytes",
+	      (unsigned long)((argc + 10)*sizeof(char *)));
   
-  if(*argv == NULL) {
-    path = getenv("SHELL");
-    if(path == NULL){
-      struct passwd *pw = k_getpwuid(geteuid());
-      path = strdup(pw->pw_shell);
+    if(*argv == NULL) {
+	path = getenv("SHELL");
+	if(path == NULL){
+	    struct passwd *pw = k_getpwuid(geteuid());
+	    path = strdup(pw->pw_shell);
+	}
+    } else {
+	path = strdup(*argv++);
     }
-  } else {
-    path = strdup(*argv++);
-  }
-  if (path == NULL)
-      errx (1, "Out of memory copying path");
+    if (path == NULL)
+	errx (1, "Out of memory copying path");
   
-  p=strrchr(path, '/');
-  if(p)
-    args[i] = strdup(p+1);
-  else
-    args[i] = strdup(path);
-
-  if (args[i++] == NULL)
-      errx (1, "Out of memory copying arguments");
+    p=strrchr(path, '/');
+    if(p)
+	args[i] = strdup(p+1);
+    else
+	args[i] = strdup(path);
+
+    if (args[i++] == NULL)
+	errx (1, "Out of memory copying arguments");
   
-  while(*argv)
-    args[i++] = *argv++;
-
-  args[i++] = NULL;
-
-  if(k_hasafs())
-    k_setpag();
-
-  unsetenv("PAGPID");
-  execvp(path, args);
-  if (errno == ENOENT) {
-      char **sh_args = malloc ((i + 2) * sizeof(char *));
-      int j;
-
-      if (sh_args == NULL)
-	  errx (1, "Out of memory copying sh arguments");
-      for (j = 1; j < i; ++j)
-	  sh_args[j + 2] = args[j];
-      sh_args[0] = "sh";
-      sh_args[1] = "-c";
-      sh_args[2] = path;
-      execv ("/bin/sh", sh_args);
-  }
-  err (1, "execvp");
+    while(*argv)
+	args[i++] = *argv++;
+
+    args[i++] = NULL;
+
+    if(k_hasafs())
+	k_setpag();
+
+    unsetenv("PAGPID");
+    execvp(path, args);
+    if (errno == ENOENT || c_flag) {
+	char **sh_args = malloc ((i + 2) * sizeof(char *));
+	int j;
+
+	if (sh_args == NULL)
+	    errx (1, "Out of memory copying sh arguments");
+	for (j = 1; j < i; ++j)
+	    sh_args[j + 2] = args[j];
+	sh_args[0] = "sh";
+	sh_args[1] = "-c";
+	sh_args[2] = path;
+	execv ("/bin/sh", sh_args);
+    }
+    err (1, "execvp");
 }
diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog
index 74ed742..139e193 100644
--- a/crypto/heimdal/appl/ftp/ChangeLog
+++ b/crypto/heimdal/appl/ftp/ChangeLog
@@ -1,6 +1,189 @@
-2004-08-20  Love Hörnquist Åstrand <lha@it.su.se>
+2007-07-12  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* ftp/ftp.c: 1.77: send ABOR protect with security layer if its there
+	* ftp/gssapi.c: Fix pointer vs strict alias rules.
+
+2007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/security.c: if no mech have no session, its ok, just don't
+	call it.
+
+	* ftp/security.h: provide prototype for sec_userok().
+
+	* move ksetpag after initgroups to make it work on Linux when its
+	without syscall hooks to change sys_setgroups preserve the
+	pag. From Alexsander Boström.
+	
+2007-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/Makefile.am: don't clean yacc/lex files in CLEANFILES,
+	maintainers clean will do that for us.
+	
+2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/Makefile.am: Add man_MANS to EXTRA_DIST
+
+	* ftp/Makefile.am: Add man_MANS to EXTRA_DIST
+	
+2006-08-08  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpd.c: Add comment by seteuid call isn't not needed.
+
+	* ftpd/ftpd.c: Check return values from seteuid, prompted by MIT
+	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
+	
+2006-06-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/gss_userok.c (gss_userok): create a local krb5_context and
+	use that instead of the libgssapi context (that might not exist).
+	
+2006-05-05  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Rename u_intXX_t to uintXX_t
+
+2006-03-23  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/ftp.1: Add undocument flags and spelling, from Ted Percival
+	<Ted.Percival@quest.com>
+	
+2006-02-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.8: fix grammar in --no-insecure-oob option (partly
+	from Thomas Klausner)
+	
+2006-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/ftp.c: Indent.
+	
+2006-01-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.c (pass): remove unused variable in the !OTP case
+	
+2005-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* ftpd/ls.c: Check return value from asprintf instead of string !=
+	NULL since it undefined behavior on Linux. From Björn Sandell
+
+	* ftpd/gss_userok.c: Check return value from asprintf instead of
+	string != NULL since it undefined behavior on Linux. From Björn
+	Sandell
+
+	* ftpd/ftpd.c: Check return value from asprintf instead of string
+	!= NULL since it undefined behavior on Linux. From Björn Sandell
+
+	* ftp/gssapi.c: Check return value from asprintf instead of string
+	!= NULL since it undefined behavior on Linux. From Björn Sandell
+	
+2005-10-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftp/ftp.1: document -x
+	
+	* ftp/security.h: implement cprotect (from MIT)
+	
+	* ftp/security.c: add -x (encrypt) option; implement cprotect
+	(from MIT); make sure we CCC if switching to clear-text command
+	channel
+
+	* ftp/cmdtab.c: implement cprotect (from MIT)
+	
+	* ftp/ruserpass.c: if doing command line encryption (-x), ignore
+	prot commands in .netrc
+
+	* ftp/ftp_var.h: add -x (encrypt) option
+	
+	* ftp/globals.c: add -x (encrypt) option
+	
+	* ftp/main.c: add -x (encrypt) option
+	
+2005-07-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpcmd.y: Fix shadow warning.
+
+	* ftp/security.c: Fix shadow warning.
+	* ftp/security.c: Fix shadow warnings.
+	
+	* ftp/ruserpass.c: Fix shadow warnings.
+
+	* ftp/ftp.c: Fix shadow warnings.
+	
+	* ftp/cmds.c: fix shadow warnings
+
+	* Add Kerberos 5 klist, old patch from Tomas Nyström (remove krb4
+	support). Support klist in client for kerberos 5 clase.
+	Clean up delegation of gss tokens and do afslog.
+
+2005-07-13  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/gssapi.c (gss_adat): avoid leaking memory
+	(gss_auth): always try next kname if there is one, independant of
+	min_stat
+
+	* ftp/gssapi.c: avoid const warning, use sin4 instead of sin to
+	avoid shadow warning, free target_name
+
+2005-07-09  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/security.c: keep track of if CCC was passed
+
+	* ftpd/extern.h: variable to keep track of if CCC was passed
+
+	* ftpd/ftpcmd.y: sprinkel check_secure, check if CCC was passed in
+	check_secure
+
+2005-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpd.c (filename_check): change signednes of p to avoid
+	warning, move typecasts
+
+2005-05-29  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpd.c: avoid 'unused variable' warnings
+
+2005-05-10  David Love  <fx@gnu.org>
+
+	* ftpd/pathnames.h: #ifdef protect _PATH_ISSUE
+
+2005-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/domacro.c: handle string trunctions
+
+2005-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/security.c: use strlcat
+	
+	* ftp/domacro.c: use strlcpy
+	
+2005-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/security.c: cast size_t to unsigned long
+
+2005-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpd.c (statcmd): cast argument to isdigit to unsigned char
+
+	* ftp/cmds.c (mget): cast char to unsigned char to make sure its
+	not negative when passing it to tolower
+
+2005-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/ftp.c: fix 3 'var' might be used uninitialized warnings
+
+2005-04-04 Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/cmds.c: MacOS is also a unix that doesn't define
+	__unix__/unix While here, rewrite this part of the function to not
+	modify that string, but rather take a copy of it and them modify
+	is, all this just to pacify gcc
+	
+2005-01-09 Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/domacro.c: cast argument to is* to unsigned char
+
+	* ftp/ftp.c: cast argument to tolower to unsigned char
+
+2004-08-20 Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/ftp.c: send ABOR protect with security layer if its there
 
 	* ftpd/{ftpd_locl.h, extern.h, ftpcmd.y, ftpd.8, ftpd.c}:
 	Remove all traces of setjmp/longjmp.
@@ -12,51 +195,95 @@
 	most places since the code no longer look and is structured the same
 	way.
 
-	extern.h: 1.25
-	ftpcmd.y: 1.65
-	ftpd.8: 1.22
-	ftpd.c: 1.170
-	ftpd_locl.h: 1.14
+2004-08-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftp/main.c: reverse help strings for --no-gss-bindings and
+	--no-gss-delegate
+
+2004-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpcmd.y: make cbuf 64k to handle lager tickets From:
+	MAAAAA MOOOR <huaraz@btinternet.com>
 	
-2004-06-21  Love Hörnquist Åstrand <lha@it.su.se>
+2004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* ftpd/ftpcmd.y: 1.64: make cbuf 64k to handle lager tickets From:
-	MAAAAA MOOOR <huaraz@btinternet.com> 1.63: strncasecmp returns
-	integer so don't compare with NULL
+	* ftpd/ftpd.c (main): setpag if there is krb4 OR krb5 support
 	
-2004-03-14  Love Hörnquist Åstrand <lha@it.su.se>
+2003-12-19  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* ftpd/ftpd.c: 1.169: (main): setpag if there is krb4 OR krb5
-	support
+	* ftp/security.h: add ftp_do_gss_delegate
+	
+	* ftp/main.c (getargs): negative flag for delegating gss creds
+	
+	* ftp/gssapi.c (ftp_do_gss_delegate): delegate creds (default on)
+	
+2003-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
 
-2003-08-20  Love Hörnquist Åstrand <lha@it.su.se>
+	* ftp/ftp.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+	
+	* ftp/cmds.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+	
+2003-07-19  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* ftpd/ftpd.8: 1.20->1.21: document --gss-bindings
+	* ftp/security.h: add ftp_do_gss_bindings
+	
+	* ftp/ftp.1: fix mdoc bug
 	
-	* ftpd/ftpd.c: 1.166->1.168: wrap gssapi stuff with KRB5,
-	(args): add gss-bindings
+	* ftp/ftp.1: document --no-gss-bindings
 
-	* ftp/main.c: 1.33->1.35: wrap gssapi stuff with KRB5,
-	(args): add gss-bindings
+	* ftp/gssapi.c: Optionally support gss bindings, client does it by
+	default, server not.  This is to make it work for clients behind
+	NAT.
+
+	* ftp/main.c (args): add gss-bindings
 	(main): set ftp_do_gss_bindings to 1 to make client use them
+
+	* ftpd/ftpd.c (args): add gss-bindings
+	
+	* ftpd/ftpd.8: document --gss-bindings
+	
+2003-06-13  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftp/gssapi.c (gss_adat): fix name allocation bug
+
+2003-05-21  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/gss_userok.c (gss_userok): release delegated cred handle
+	
+	* ftp/gssapi.c (gss_adat): remove poking inside the delegated
+	handle, also fixes problem where to much memory was allocated
+	
+	* ftpd/gss_userok.c (gss_userok): remove poking inside the
+	delegated handle
+
+2003-05-14  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftpd/ftpcmd.y: support afslog <cell> and afslog when compiled
+	with krb5
+
+2003-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ftp/cmdtab.c: include afslog in both the krb4 and krb5 case
+	
+	* ftp/kauth.c: include afslog in both the krb4 and krb5 case
+	
+	* ftp/Makefile.am: always include auth.c
 	
-	* ftp/security.h: 1.9->1.10: add ftp_do_gss_bindings
+2003-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
 	
-	* ftp/gssapi.c: 1.24->1.25: Optionally support gss bindings,
-	client does it by default, server not.  This is to make it work
-	for clients behind NAT.
+	* ftpd/Makefile.am: always include auth.c
 
-	* ftp/ftp.1: 1.12->1.15: gssapi bindings + madoc fixes
+	* ftpd/kauth.c: do afslog in the krb5 case too
 	
-2003-08-15  Love Hörnquist Åstrand <lha@it.su.se>
+2003-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* ftp/gssapi.c: 1.23->1.24: (gss_adat): fix name allocation bug
+	* ftp/ftp.1: replace > with \*[Gt]
 	
-2003-04-16  Love Hörnquist Åstrand <lha@it.su.se>
+2003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftpd/ftpd.c: make sure argument to is* functions are unsigned
 	
-2003-04-06  Love Hörnquist Åstrand <lha@it.su.se>
+2003-04-06  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftpd/ftpd.8: s/kerberos/Kerberos/
 	
@@ -64,7 +291,7 @@
 
 	* ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize
 
-2003-03-18  Love Hörnquist Åstrand <lha@it.su.se>
+2003-03-18  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag
 	(its done in main)
@@ -78,17 +305,17 @@
 
 	* ftpd/ftpd_locl.h: always include kafs
 	
-2003-03-16  Love Hörnquist Åstrand <lha@it.su.se>
+2003-03-16  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftp/gssapi.c (gss_adat): now that gss_export_name exports a
 	principal, bandaid with gss_display_name, and check that oid is
 	GSS_KRB5_NT_PRINCIPAL_NAME, also free memory
 	
-2003-02-25  Love Hörnquist Åstrand <lha@it.su.se>
+2003-02-25  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftp/gssapi.c (gss_auth): print out the name we authenticated too
 	
-2003-02-25  Love Hörnquist Åstrand <lha@it.su.se>
+2003-02-25  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* ftpd/ls.c: use readlink with bufsize - 1, From NetBSD
 
diff --git a/crypto/heimdal/appl/ftp/Makefile.am b/crypto/heimdal/appl/ftp/Makefile.am
index f8831a3..44116ee 100644
--- a/crypto/heimdal/appl/ftp/Makefile.am
+++ b/crypto/heimdal/appl/ftp/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
+# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
 
 include $(top_srcdir)/Makefile.am.common
 
diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in
index c1b7c39..3bb9eda 100644
--- a/crypto/heimdal/appl/ftp/Makefile.in
+++ b/crypto/heimdal/appl/ftp/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,20 +14,16 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
+# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -39,6 +35,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -46,16 +43,14 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 subdir = appl/ftp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -68,6 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -76,16 +72,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 depcomp =
@@ -94,22 +94,19 @@ SOURCES =
 DIST_SOURCES =
 RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
 	html-recursive info-recursive install-data-recursive \
-	install-exec-recursive install-info-recursive \
-	install-recursive installcheck-recursive installdirs-recursive \
-	pdf-recursive ps-recursive uninstall-info-recursive \
-	uninstall-recursive
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
 ETAGS = etags
 CTAGS = ctags
 DIST_SUBDIRS = $(SUBDIRS)
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -119,8 +116,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -131,11 +126,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -143,42 +137,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -196,12 +175,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -211,15 +187,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -228,6 +203,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -239,15 +215,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -255,74 +226,79 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -339,12 +315,13 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 SUBDIRS = common ftp ftpd
 all: all-recursive
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -381,10 +358,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 # This directory's subdirectories are mostly independent; you can cd
 # into them and run `make' without going through this Makefile.
 # To change the values of `make' variables: instead of editing Makefiles,
@@ -392,7 +365,13 @@ uninstall-info-am:
 #     (which will cause the Makefiles to be regenerated when you run `make');
 # (2) otherwise, pass the desired values on the `make' command line.
 $(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -404,15 +383,20 @@ $(RECURSIVE_TARGETS):
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done; \
 	if test "$$dot_seen" = "no"; then \
 	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
 	fi; test -z "$$fail"
 
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	case "$@" in \
 	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
@@ -433,7 +417,7 @@ maintainer-clean-recursive:
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done && test -z "$$fail"
 tags-recursive:
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -458,14 +442,16 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	tags=; \
 	here=`pwd`; \
-	if (etags --etags-include --version) >/dev/null 2>&1; then \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
 	  include_option=--etags-include; \
+	  empty_fix=.; \
 	else \
 	  include_option=--include; \
+	  empty_fix=; \
 	fi; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && \
+	    test ! -f $$subdir/TAGS || \
 	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
 	  fi; \
 	done; \
@@ -475,9 +461,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -502,23 +490,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -529,15 +515,19 @@ distdir: $(DISTFILES)
 	    || exit 1; \
 	  fi; \
 	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
 	    test -d "$(distdir)/$$subdir" \
-	    || mkdir "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
 	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
 	    (cd $$subdir && \
 	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="../$(top_distdir)" \
-	        distdir="../$(distdir)/$$subdir" \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
 	        distdir) \
 	      || exit 1; \
 	  fi; \
@@ -570,7 +560,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -581,8 +571,7 @@ clean-am: clean-generic clean-libtool mostlyclean-am
 
 distclean: distclean-recursive
 	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
+distclean-am: clean-am distclean-generic distclean-tags
 
 dvi: dvi-recursive
 
@@ -598,14 +587,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-recursive
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-recursive
+
 install-info: install-info-recursive
 
 install-man:
 
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
@@ -624,22 +621,27 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am all-local check \
-	check-am check-local clean clean-generic clean-libtool \
-	clean-recursive ctags ctags-recursive distclean \
-	distclean-generic distclean-libtool distclean-recursive \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am all-local check check-am check-local clean \
+	clean-generic clean-libtool ctags ctags-recursive dist-hook \
+	distclean distclean-generic distclean-libtool distclean-tags \
+	distdir dvi dvi-am html html-am info info-am install \
+	install-am install-data install-data-am install-data-hook \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-exec-hook install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -654,8 +656,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -665,19 +667,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -693,7 +707,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -763,14 +777,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.am b/crypto/heimdal/appl/ftp/common/Makefile.am
index 4fab07b..304fcd1 100644
--- a/crypto/heimdal/appl/ftp/common/Makefile.am
+++ b/crypto/heimdal/appl/ftp/common/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
+# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4) 
+AM_CPPFLAGS += $(INCLUDE_krb4) 
 
 noinst_LIBRARIES = libcommon.a
 
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in
index 02e525f..1c5338a 100644
--- a/crypto/heimdal/appl/ftp/common/Makefile.in
+++ b/crypto/heimdal/appl/ftp/common/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
+# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(libcommon_a_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -49,16 +44,14 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 subdir = appl/ftp/common
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -71,6 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -79,48 +73,47 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-ARFLAGS = cru
 LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
 libcommon_a_AR = $(AR) $(ARFLAGS)
 libcommon_a_LIBADD =
 am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT)
 libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(libcommon_a_SOURCES)
 DIST_SOURCES = $(libcommon_a_SOURCES)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -130,8 +123,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -142,11 +133,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -154,42 +144,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -207,12 +182,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -222,15 +194,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -239,6 +210,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -250,15 +222,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -266,74 +233,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) 
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -350,6 +323,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 noinst_LIBRARIES = libcommon.a
 libcommon_a_SOURCES = \
@@ -360,7 +334,7 @@ libcommon_a_SOURCES = \
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -419,10 +393,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
@@ -443,9 +413,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -470,23 +442,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -524,7 +494,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -537,7 +507,7 @@ clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -553,14 +523,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man:
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -580,19 +558,26 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
 
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-info-am
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -607,8 +592,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -618,19 +603,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -646,7 +643,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -716,14 +713,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/buffer.c b/crypto/heimdal/appl/ftp/common/buffer.c
index ba7773b..3bca113 100644
--- a/crypto/heimdal/appl/ftp/common/buffer.c
+++ b/crypto/heimdal/appl/ftp/common/buffer.c
@@ -36,7 +36,7 @@
 #include <err.h>
 #include "roken.h"
 
-RCSID("$Id: buffer.c,v 1.4 2000/10/23 04:49:25 joda Exp $");
+RCSID("$Id: buffer.c 9129 2000-10-23 04:49:25Z joda $");
 
 /*
  * Allocate a buffer enough to handle st->st_blksize, if
diff --git a/crypto/heimdal/appl/ftp/common/common.h b/crypto/heimdal/appl/ftp/common/common.h
index 5949b25..7616859 100644
--- a/crypto/heimdal/appl/ftp/common/common.h
+++ b/crypto/heimdal/appl/ftp/common/common.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */
+/* $Id: common.h 7463 1999-12-02 16:58:55Z joda $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
diff --git a/crypto/heimdal/appl/ftp/common/sockbuf.c b/crypto/heimdal/appl/ftp/common/sockbuf.c
index 460cc6f..bb9068a 100644
--- a/crypto/heimdal/appl/ftp/common/sockbuf.c
+++ b/crypto/heimdal/appl/ftp/common/sockbuf.c
@@ -39,7 +39,7 @@
 #include <sys/socket.h>
 #endif
 
-RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
+RCSID("$Id: sockbuf.c 7463 1999-12-02 16:58:55Z joda $");
 
 void
 set_buffer_size(int fd, int read)
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.am b/crypto/heimdal/appl/ftp/ftp/Makefile.am
index 9f4927d..24679dc 100644
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.am
+++ b/crypto/heimdal/appl/ftp/ftp/Makefile.am
@@ -1,15 +1,15 @@
-# $Id: Makefile.am,v 1.15 2001/08/28 08:31:21 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des)
+AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 
 bin_PROGRAMS = ftp
 
 CHECK_LOCAL = 
 
 if KRB4
-krb4_sources = krb4.c kauth.c
+krb4_sources = krb4.c
 endif
 if KRB5
 krb5_sources = gssapi.c
@@ -29,10 +29,11 @@ ftp_SOURCES = \
 	globals.c \
 	security.c \
 	security.h \
+	kauth.c \
 	$(krb4_sources) \
 	$(krb5_sources)
 
-EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
+EXTRA_ftp_SOURCES = krb4.c gssapi.c
 
 man_MANS = ftp.1
 
@@ -41,6 +42,8 @@ LDADD = \
 	$(LIB_gssapi) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken) \
 	$(LIB_readline)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in
index da8fef7..431d087 100644
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.in
+++ b/crypto/heimdal/appl/ftp/ftp/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.15 2001/08/28 08:31:21 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = ftp$(EXEEXT)
 subdir = appl/ftp/ftp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,16 +74,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
@@ -97,35 +95,31 @@ binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS)
 am__ftp_SOURCES_DIST = cmds.c cmdtab.c extern.h ftp.c ftp_locl.h \
 	ftp_var.h main.c pathnames.h ruserpass.c domacro.c globals.c \
-	security.c security.h krb4.c kauth.c gssapi.c
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
+	security.c security.h kauth.c krb4.c gssapi.c
+@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
 @KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT)
 am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \
 	main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \
-	globals.$(OBJEXT) security.$(OBJEXT) $(am__objects_1) \
-	$(am__objects_2)
+	globals.$(OBJEXT) security.$(OBJEXT) kauth.$(OBJEXT) \
+	$(am__objects_1) $(am__objects_2)
 ftp_OBJECTS = $(am_ftp_OBJECTS)
 ftp_LDADD = $(LDADD)
-@KRB5_TRUE@am__DEPENDENCIES_1 =  \
-@KRB5_TRUE@	$(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-am__DEPENDENCIES_3 =
-ftp_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
-	$(am__DEPENDENCIES_3) $(am__DEPENDENCIES_3) \
-	$(am__DEPENDENCIES_3)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+am__DEPENDENCIES_1 =
+ftp_DEPENDENCIES = ../common/libcommon.a $(LIB_gssapi) $(LIB_krb5) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
 DIST_SOURCES = $(am__ftp_SOURCES_DIST) $(EXTRA_ftp_SOURCES)
 man1dir = $(mandir)/man1
@@ -134,13 +128,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -150,8 +138,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -162,11 +148,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -174,42 +159,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -227,12 +197,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -242,15 +209,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -259,6 +225,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -270,15 +237,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -286,74 +248,81 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	-I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) \
+	$(INCLUDE_hcrypto)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -370,9 +339,10 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 CHECK_LOCAL = 
-@KRB4_TRUE@krb4_sources = krb4.c kauth.c
+@KRB4_TRUE@krb4_sources = krb4.c
 @KRB5_TRUE@krb5_sources = gssapi.c
 ftp_SOURCES = \
 	cmds.c \
@@ -388,24 +358,26 @@ ftp_SOURCES = \
 	globals.c \
 	security.c \
 	security.h \
+	kauth.c \
 	$(krb4_sources) \
 	$(krb5_sources)
 
-EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
+EXTRA_ftp_SOURCES = krb4.c gssapi.c
 man_MANS = ftp.1
 LDADD = \
 	../common/libcommon.a \
 	$(LIB_gssapi) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken) \
 	$(LIB_readline)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -437,7 +409,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -465,7 +437,7 @@ clean-binPROGRAMS:
 	done
 ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES) 
 	@rm -f ftp$(EXEEXT)
-	$(LINK) $(ftp_LDFLAGS) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
+	$(LINK) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -487,13 +459,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -557,9 +525,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -584,23 +554,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -620,7 +588,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -641,7 +609,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -653,7 +621,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -669,14 +637,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -696,23 +672,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-man1 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am uninstall-man \
-	uninstall-man1
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-binPROGRAMS uninstall-hook \
+	uninstall-man uninstall-man1
 
 
 install-suid-programs:
@@ -727,8 +710,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -738,19 +721,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -766,7 +761,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -836,14 +831,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c
index a7928eb..86f4ff4 100644
--- a/crypto/heimdal/appl/ftp/ftp/cmds.c
+++ b/crypto/heimdal/appl/ftp/ftp/cmds.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.44 2001/08/05 06:39:14 assar Exp $");
+RCSID("$Id: cmds.c 15673 2005-07-19 18:19:33Z lha $");
 
 typedef void (*sighand)(int);
 
@@ -142,7 +142,7 @@ setpeer(int argc, char **argv)
 		if (autologin)
 			login(argv[1]);
 
-#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) || defined(__NetBSD__)) && NBBY == 8
+#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) || defined(__NetBSD__) || defined(__APPLE__)) && NBBY == 8
 /*
  * this ifdef is to keep someone form "porting" this to an incompatible
  * system and not checking this out. This way they have to think about it.
@@ -150,22 +150,23 @@ setpeer(int argc, char **argv)
 		overbose = verbose;
 		if (debug == 0)
 			verbose = -1;
-		if (command("SYST") == COMPLETE && overbose) {
-			char *cp, c;
-			cp = strchr(reply_string+4, ' ');
+		if (command("SYST") == COMPLETE && overbose && strlen(reply_string) > 4) {
+			char *cp, *p;
+
+			cp = strdup(reply_string + 4);
 			if (cp == NULL)
-				cp = strchr(reply_string+4, '\r');
-			if (cp) {
-				if (cp[-1] == '.')
-					cp--;
-				c = *cp;
-				*cp = '\0';
+			    errx(1, "strdup: out of memory");
+			p = strchr(cp, ' ');
+			if (p == NULL)
+				p = strchr(cp, '\r');
+			if (p) {
+				if (p[-1] == '.')
+					p--;
+				*p = '\0';
 			}
 
-			printf("Remote system type is %s.\n",
-				reply_string+4);
-			if (cp)
-				*cp = c;
+			printf("Remote system type is %s.\n", cp);
+			free(cp);
 		}
 		if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
 			if (proxy)
@@ -573,28 +574,28 @@ reget(int argc, char **argv)
 void
 get(int argc, char **argv)
 {
-    char *mode;
+    char *filemode;
 
     if (restart_point) {
 	if (curtype == TYPE_I)
-	    mode = "r+wb";
+	    filemode = "r+wb";
 	else
-	    mode = "r+w";
+	    filemode = "r+w";
     } else {
 	if (curtype == TYPE_I)
-	    mode = "wb";
+	    filemode = "wb";
 	else
-	    mode = "w";
+	    filemode = "w";
     }
 
-    getit(argc, argv, 0, mode);
+    getit(argc, argv, 0, filemode);
 }
 
 /*
  * Receive one file.
  */
 int
-getit(int argc, char **argv, int restartit, char *mode)
+getit(int argc, char **argv, int restartit, char *filemode)
 {
 	int loc = 0;
 	int local_given = 1;
@@ -695,7 +696,7 @@ getit(int argc, char **argv, int restartit, char *mode)
 		}
 	}
 
-	recvrequest("RETR", argv[2], argv[1], mode,
+	recvrequest("RETR", argv[2], argv[1], filemode,
 		    argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
 	restart_point = 0;
 	return (0);
@@ -736,7 +737,7 @@ mget(int argc, char **argv)
 		if (mflag && confirm(argv[0], cp)) {
 			tp = cp;
 			if (mcase) {
-				for (tp2 = tmpbuf; (ch = *tp++);)
+				for (tp2 = tmpbuf;(ch = (unsigned char)*tp++);)
 					*tp2++ = tolower(ch);
 				*tp2 = '\0';
 				tp = tmpbuf;
@@ -772,7 +773,7 @@ remglob(char **argv, int doswitch)
     static FILE *ftemp = NULL;
     static char **args;
     int oldverbose, oldhash;
-    char *cp, *mode;
+    char *cp, *filemode;
 
     if (!mflag) {
 	if (!doglob) {
@@ -807,8 +808,8 @@ remglob(char **argv, int doswitch)
 	if (doswitch) {
 	    pswitch(!proxy);
 	}
-	for (mode = "w"; *++argv != NULL; mode = "a")
-	    recvrequest ("NLST", temp, *argv, mode, 0, 0);
+	for (filemode = "w"; *++argv != NULL; filemode = "a")
+	    recvrequest ("NLST", temp, *argv, filemode, 0, 0);
 	if (doswitch) {
 	    pswitch(!proxy);
 	}
@@ -1187,7 +1188,7 @@ mls(int argc, char **argv)
 {
 	sighand oldintr;
 	int ointer, i;
-	char *cmd, mode[1], *dest;
+	char *cmd, filemode[2], *dest;
 
 	if (argc < 2 && !another(&argc, &argv, "remote-files"))
 		goto usage;
@@ -1210,9 +1211,10 @@ usage:
 	mflag = 1;
 	oldintr = signal(SIGINT, mabort);
 	setjmp(jabort);
+	filemode[1] = '\0';
 	for (i = 1; mflag && i < argc-1; ++i) {
-		*mode = (i == 1) ? 'w' : 'a';
-		recvrequest(cmd, dest, argv[i], mode, 0, 1);
+		*filemode = (i == 1) ? 'w' : 'a';
+		recvrequest(cmd, dest, argv[i], filemode, 0, 1);
 		if (!mflag && fromatty) {
 			ointer = interactive;
 			interactive = 1;
@@ -1235,8 +1237,8 @@ shell(int argc, char **argv)
 {
 	pid_t pid;
 	RETSIGTYPE (*old1)(int), (*old2)(int);
-	char shellnam[40], *shell, *namep; 
-	int status;
+	char shellnam[40], *shellpath, *namep; 
+	int waitstatus;
 
 	old1 = signal (SIGINT, SIG_IGN);
 	old2 = signal (SIGQUIT, SIG_IGN);
@@ -1245,32 +1247,32 @@ shell(int argc, char **argv)
 			close(pid);
 		signal(SIGINT, SIG_DFL);
 		signal(SIGQUIT, SIG_DFL);
-		shell = getenv("SHELL");
-		if (shell == NULL)
-			shell = _PATH_BSHELL;
-		namep = strrchr(shell,'/');
+		shellpath = getenv("SHELL");
+		if (shellpath == NULL)
+			shellpath = _PATH_BSHELL;
+		namep = strrchr(shellpath, '/');
 		if (namep == NULL)
-			namep = shell;
+			namep = shellpath;
 		snprintf (shellnam, sizeof(shellnam),
 			  "-%s", ++namep);
 		if (strcmp(namep, "sh") != 0)
 			shellnam[0] = '+';
 		if (debug) {
-			printf ("%s\n", shell);
+			printf ("%s\n", shellpath);
 			fflush (stdout);
 		}
 		if (argc > 1) {
-			execl(shell,shellnam,"-c",altarg,(char *)0);
+			execl(shellpath,shellnam,"-c",altarg,(char *)0);
 		}
 		else {
-			execl(shell,shellnam,(char *)0);
+			execl(shellpath,shellnam,(char *)0);
 		}
-		warn("%s", shell);
+		warn("%s", shellpath);
 		code = -1;
 		exit(1);
 	}
 	if (pid > 0)
-		while (waitpid(-1, &status, 0) != pid)
+		while (waitpid(-1, &waitstatus, 0) != pid)
 			;
 	signal(SIGINT, old1);
 	signal(SIGQUIT, old2);
@@ -1289,7 +1291,7 @@ shell(int argc, char **argv)
 void
 user(int argc, char **argv)
 {
-	char acct[80];
+	char acctstr[80];
 	int n, aflag = 0;
 	char tmp[256];
 
@@ -1303,7 +1305,7 @@ user(int argc, char **argv)
 	n = command("USER %s", argv[1]);
 	if (n == CONTINUE) {
 	    if (argc < 3 ) {
-		des_read_pw_string (tmp,
+		UI_UTIL_read_pw_string (tmp,
 				    sizeof(tmp),
 				    "Password: ", 0);
 		argv[2] = tmp;
@@ -1314,9 +1316,9 @@ user(int argc, char **argv)
 	if (n == CONTINUE) {
 		if (argc < 4) {
 			printf("Account: "); fflush(stdout);
-			fgets(acct, sizeof(acct) - 1, stdin);
-			acct[strlen(acct) - 1] = '\0';
-			argv[3] = acct; argc++;
+			fgets(acctstr, sizeof(acctstr) - 1, stdin);
+			acctstr[strcspn(acctstr, "\r\n")] = '\0';
+			argv[3] = acctstr; argc++;
 		}
 		n = command("ACCT %s", argv[3]);
 		aflag++;
@@ -1532,15 +1534,15 @@ disconnect(int argc, char **argv)
 int
 confirm(char *cmd, char *file)
 {
-	char line[BUFSIZ];
+	char buf[BUFSIZ];
 
 	if (!interactive)
 		return (1);
 	printf("%s %s? ", cmd, file);
 	fflush(stdout);
-	if (fgets(line, sizeof line, stdin) == NULL)
+	if (fgets(buf, sizeof buf, stdin) == NULL)
 		return (0);
-	return (*line == 'y' || *line == 'Y');
+	return (*buf == 'y' || *buf == 'Y');
 }
 
 void
@@ -1581,22 +1583,22 @@ globulize(char **cpp)
 void
 account(int argc, char **argv)
 {
-	char acct[50];
+	char acctstr[50];
 
 	if (argc > 1) {
 		++argv;
 		--argc;
-		strlcpy (acct, *argv, sizeof(acct));
+		strlcpy (acctstr, *argv, sizeof(acctstr));
 		while (argc > 1) {
 			--argc;
 			++argv;
-			strlcat(acct, *argv, sizeof(acct));
+			strlcat(acctstr, *argv, sizeof(acctstr));
 		}
 	}
 	else {
-	    des_read_pw_string(acct, sizeof(acct), "Account:", 0);
+	    UI_UTIL_read_pw_string(acctstr, sizeof(acctstr), "Account:", 0);
 	}
-	command("ACCT %s", acct);
+	command("ACCT %s", acctstr);
 }
 
 jmp_buf abortprox;
@@ -2125,3 +2127,17 @@ newer(int argc, char **argv)
 		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
 			argv[2], argv[1]);
 }
+
+void
+klist(int argc, char **argv)
+{
+    int ret;
+    if(argc != 1){
+	printf("usage: %s\n", argv[0]);
+	code = -1;
+	return;
+    }
+    
+    ret = command("SITE KLIST");
+    code = (ret == COMPLETE);
+}
diff --git a/crypto/heimdal/appl/ftp/ftp/cmdtab.c b/crypto/heimdal/appl/ftp/ftp/cmdtab.c
index 5dc96ef..1c65e71 100644
--- a/crypto/heimdal/appl/ftp/ftp/cmdtab.c
+++ b/crypto/heimdal/appl/ftp/ftp/cmdtab.c
@@ -105,11 +105,18 @@ char	userhelp[] =	"send new user information";
 char	verbosehelp[] =	"toggle verbose mode";
 
 char	prothelp[] = 	"set protection level";
+char	prothelp_c[] =	"set command protection level";
 #ifdef KRB4
 char	kauthhelp[] = 	"get remote tokens";
+#endif
+#if defined(KRB4) || defined(KRB5)
 char	klisthelp[] =	"show remote tickets";
+#endif
+#ifdef KRB4
 char	kdestroyhelp[] = "destroy remote tickets";
 char	krbtkfilehelp[] = "set filename of remote tickets";
+#endif
+#if defined(KRB4) || defined(KRB5)
 char	afsloghelp[] = 	"obtain remote AFS tokens";
 #endif
 
@@ -187,12 +194,20 @@ struct cmd cmdtab[] = {
 	{ "verbose",	verbosehelp,	0,	0,	0,	setverbose },
 	{ "?",		helphelp,	0,	0,	1,	help },
 
-	{ "prot", 	prothelp, 	0, 	1, 	0,	sec_prot },
+	{ "protect", 	prothelp, 	0, 	1, 	0,	sec_prot },
+	/* what MIT uses */
+	{ "cprotect",	prothelp_c,	0,	1,	1,	sec_prot_command },
 #ifdef KRB4
 	{ "kauth", 	kauthhelp, 	0, 	1, 	0,	kauth },
+#endif
+#if defined(KRB4) || defined(KRB5)
 	{ "klist", 	klisthelp, 	0, 	1, 	0,	klist },
+#endif
+#ifdef KRB4
 	{ "kdestroy",	kdestroyhelp,	0,	1,	0,	kdestroy },
 	{ "krbtkfile",	krbtkfilehelp,	0,	1,	0,	krbtkfile },
+#endif
+#if defined(KRB4) || defined(KRB5)
 	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
 #endif
 	
diff --git a/crypto/heimdal/appl/ftp/ftp/domacro.c b/crypto/heimdal/appl/ftp/ftp/domacro.c
index d91660d..f0be87a 100644
--- a/crypto/heimdal/appl/ftp/ftp/domacro.c
+++ b/crypto/heimdal/appl/ftp/ftp/domacro.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $");
+RCSID("$Id: domacro.c 14951 2005-04-25 13:09:26Z lha $");
 
 void
 domacro(int argc, char **argv)
@@ -60,24 +60,29 @@ domacro(int argc, char **argv)
 TOP:
 	cp1 = macros[i].mac_start;
 	while (cp1 != macros[i].mac_end) {
-		while (isspace(*cp1)) {
+		while (isspace((unsigned char)*cp1)) {
 			cp1++;
 		}
 		cp2 = line;
 		while (*cp1 != '\0') {
+		      size_t len;
 		      switch(*cp1) {
 		   	    case '\\':
-				 *cp2++ = *++cp1;
+				if (line + sizeof(line) - 2 < cp2)
+				    goto out;
+				*cp2++ = *++cp1;
 				 break;
 			    case '$':
-				 if (isdigit(*(cp1+1))) {
+				 if (isdigit((unsigned char)*(cp1+1))) {
 				    j = 0;
-				    while (isdigit(*++cp1)) {
+				    while (isdigit((unsigned char)*++cp1)) {
 					  j = 10*j +  *cp1 - '0';
 				    }
 				    cp1--;
 				    if (argc - 2 >= j) {
-					strcpy(cp2, argv[j+1]);
+					len = sizeof(line) - (cp2 - line) - 1;
+					if (strlcpy(cp2, argv[j+1], len) >= len)
+					    goto out;
 					cp2 += strlen(argv[j+1]);
 				    }
 				    break;
@@ -86,13 +91,17 @@ TOP:
 					loopflg = 1;
 					cp1++;
 					if (count < argc) {
-					   strcpy(cp2, argv[count]);
+					   len = sizeof(line) - (cp2 - line) - 1;
+					   if (strlcpy(cp2, argv[count], len) >= len)
+					       goto out;
 					   cp2 += strlen(argv[count]);
 					}
 					break;
 				}
 				/* intentional drop through */
 			    default:
+				if (line + sizeof(line) - 2 < cp2)
+				    goto out;
 				*cp2++ = *cp1;
 				break;
 		      }
@@ -100,6 +109,7 @@ TOP:
 			 cp1++;
 		      }
 		}
+	out:
 		*cp2 = '\0';
 		makeargv();
 		c = getcmd(margv[0]);
@@ -123,7 +133,7 @@ TOP:
 			if (bell && c->c_bell) {
 				putchar('\007');
 			}
-			strcpy(line, line2);
+			strlcpy(line, line2, sizeof(line));
 			makeargv();
 			argc = margc;
 			argv = margv;
diff --git a/crypto/heimdal/appl/ftp/ftp/extern.h b/crypto/heimdal/appl/ftp/ftp/extern.h
index 337bed6..a38ccd9 100644
--- a/crypto/heimdal/appl/ftp/ftp/extern.h
+++ b/crypto/heimdal/appl/ftp/ftp/extern.h
@@ -33,7 +33,7 @@
  *	@(#)extern.h	8.3 (Berkeley) 10/9/94
  */
 
-/* $Id: extern.h,v 1.19 2000/09/19 13:15:12 assar Exp $ */
+/* $Id: extern.h 9075 2000-09-19 13:15:12Z assar $ */
 
 #include <setjmp.h>
 #include <stdlib.h>
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1
index 282aab8..5b8b8f6 100644
--- a/crypto/heimdal/appl/ftp/ftp/ftp.1
+++ b/crypto/heimdal/appl/ftp/ftp/ftp.1
@@ -33,7 +33,7 @@
 .\"
 .\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
 .\"
-.Dd April 27, 1996
+.Dd March 23, 2006
 .Dt FTP 1
 .Os BSD 4.2
 .Sh NAME
@@ -43,30 +43,35 @@
 file transfer program
 .Sh SYNOPSIS
 .Nm ftp
-.Op Fl t
-.Op Fl v
+.Op Fl K
 .Op Fl d
+.Op Fl g
 .Op Fl i
+.Op Fl l
 .Op Fl n
-.Op Fl g
 .Op Fl p
-.Op Fl l
+.Op Fl t
+.Op Fl v
+.Op Fl x
 .Op Fl -no-gss-bindings
+.Op Fl -no-gss-delegate
 .Op Ar host
 .Sh DESCRIPTION
-.Nm Ftp
+.Nm
 is the user interface to the
 .Tn ARPANET
 standard File Transfer Protocol.
 The program allows a user to transfer files to and from a
 remote network site.
 .Pp
-Modifications has been made so that it almost follows the ftpsec
-Internet draft.
+Modifications have been made so that it almost follows the FTP
+Security Extensions, RFC 2228.
 .Pp
 Options may be specified at the command line, or to the
 command interpreter.
 .Bl -tag -width flag
+.It Fl K
+Disable Kerberos authentication.
 .It Fl t
 Enables packet tracing.
 .It Fl v
@@ -98,10 +103,15 @@ Turn on passive mode.
 Enables debugging.
 .It Fl g
 Disables file name globbing.
-.It Fl -no-gss-bindings
-use GSS-API bindings when talking to peer (ie make sure IP addresses match).
+ .It Fl -no-gss-bindings
+Don't use GSS-API bindings when talking to peer. IP addresses will not
+be checked to ensure they match.
+.It Fl -no-gss-delegate
+Disable delegation of GSSAPI credentials.
 .It Fl l
 Disables command line editing.
+.It Fl x
+Encrypt command and data channel.
 .El
 .Pp
 The client host with which
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c
index a6cb90e..0a00bd2 100644
--- a/crypto/heimdal/appl/ftp/ftp/ftp.c
+++ b/crypto/heimdal/appl/ftp/ftp/ftp.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID ("$Id: ftp.c,v 1.75.2.1 2004/08/20 14:59:06 lha Exp $");
+RCSID ("$Id: ftp.c 16650 2006-01-24 08:16:08Z lha $");
 
 struct sockaddr_storage hisctladdr_ss;
 struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@@ -79,6 +79,7 @@ hookup (const char *host, int port)
     strlcpy (hostnamebuf, host, sizeof(hostnamebuf));
     hostname = hostnamebuf;
 
+    s = -1;
     for (a = ai; a != NULL; a = a->ai_next) {
 	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
 	if (s < 0)
@@ -100,12 +101,13 @@ hookup (const char *host, int port)
 			     
 	    warn ("connect %s", addrstr);
 	    close (s);
+	    s = -1;
 	    continue;
 	}
 	break;
     }
     freeaddrinfo (ai);
-    if (error < 0) {
+    if (s < 0) {
 	warnx ("failed to contact %s", host);
 	code = -1;
 	return NULL;
@@ -164,7 +166,7 @@ login (char *host)
 {
     char tmp[80];
     char defaultpass[128];
-    char *user, *pass, *acct;
+    char *userstr, *pass, *acctstr;
     int n, aflag = 0;
 
     char *myname = NULL;
@@ -173,7 +175,7 @@ login (char *host)
     if (pw != NULL)
 	myname = pw->pw_name;
 
-    user = pass = acct = 0;
+    userstr = pass = acctstr = 0;
 
     if(sec_login(host))
 	printf("\n*** Using plaintext user and password ***\n\n");
@@ -181,11 +183,11 @@ login (char *host)
 	printf("Authentication successful.\n\n");
     }
 
-    if (ruserpass (host, &user, &pass, &acct) < 0) {
+    if (ruserpass (host, &userstr, &pass, &acctstr) < 0) {
 	code = -1;
 	return (0);
     }
-    while (user == NULL) {
+    while (userstr == NULL) {
 	if (myname)
 	    printf ("Name (%s:%s): ", host, myname);
 	else
@@ -194,19 +196,19 @@ login (char *host)
 	if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
 	    tmp[strlen (tmp) - 1] = '\0';
 	if (*tmp == '\0')
-	    user = myname;
+	    userstr = myname;
 	else
-	    user = tmp;
+	    userstr = tmp;
     }
-    strlcpy(username, user, sizeof(username));
-    n = command("USER %s", user);
+    strlcpy(username, userstr, sizeof(username));
+    n = command("USER %s", userstr);
     if (n == COMPLETE) 
        n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */
     else if(n == CONTINUE) {
 	if (pass == NULL) {
 	    char prompt[128];
 	    if(myname && 
-	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
+	       (!strcmp(userstr, "ftp") || !strcmp(userstr, "anonymous"))) {
 		snprintf(defaultpass, sizeof(defaultpass), 
 			 "%s@%s", myname, mydomain);
 		snprintf(prompt, sizeof(prompt), 
@@ -219,7 +221,7 @@ login (char *host)
 	    }
 	    if (pass == NULL) {
 		pass = defaultpass;
-		des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+		UI_UTIL_read_pw_string (tmp, sizeof (tmp), prompt, 0);
 		if (tmp[0])
 		    pass = tmp;
 	    }
@@ -228,16 +230,16 @@ login (char *host)
     }
     if (n == CONTINUE) {
 	aflag++;
-	acct = tmp;
-	des_read_pw_string (acct, 128, "Account:", 0);
-	n = command ("ACCT %s", acct);
+	acctstr = tmp;
+	UI_UTIL_read_pw_string (acctstr, 128, "Account:", 0);
+	n = command ("ACCT %s", acctstr);
     }
     if (n != COMPLETE) {
 	warnx ("Login failed.");
 	return (0);
     }
-    if (!aflag && acct != NULL)
-	command ("ACCT %s", acct);
+    if (!aflag && acctstr != NULL)
+	command ("ACCT %s", acctstr);
     if (proxy)
 	return (1);
     for (n = 0; n < macnum; ++n) {
@@ -351,7 +353,7 @@ getreply (int expecteof)
 	    continue;
 	case '\n':
 	    *p++ = '\0';
-	    if(isdigit(buf[0])){
+	    if(isdigit((unsigned char)buf[0])){
 		sscanf(buf, "%d", &code);
 		if(code == 631){
 		    code = 0;
@@ -390,15 +392,15 @@ getreply (int expecteof)
 			osa.sa_handler (SIGINT);
 #endif
 		    if (code == 227 || code == 229) {
-			char *p;
-
-			p = strchr (reply_string, '(');
-			if (p) {
-			    p++;
-			    strlcpy(pasv, p, sizeof(pasv));
-			    p = strrchr(pasv, ')');
-			    if (p)
-				*p = '\0';
+			char *q;
+
+			q = strchr (reply_string, '(');
+			if (q) {
+			    q++;
+			    strlcpy(pasv, q, sizeof(pasv));
+			    q = strrchr(pasv, ')');
+			    if (q)
+				*q = '\0';
 			}
 		    }
 		    return code / 100;
@@ -727,6 +729,8 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
 	case TYPE_L:
 	    rc = lseek (fileno (fin), restart_point, SEEK_SET);
 	    break;
+	default:
+	    abort();
 	}
 	if (rc < 0) {
 	    warn ("local: %s", local);
@@ -859,7 +863,7 @@ void
 recvrequest (char *cmd, char *local, char *remote,
 	     char *lmode, int printnames, int local_given)
 {
-    FILE *fout, *din = 0;
+    FILE *fout = NULL, *din = NULL;
     int (*closefunc) (FILE *);
     sighand oldintr, oldintp;
     int c, d, is_retr, tcrflag, bare_lfs = 0;
@@ -1166,7 +1170,7 @@ parse_epsv (const char *str)
 }
 
 static int
-parse_pasv (struct sockaddr_in *sin, const char *str)
+parse_pasv (struct sockaddr_in *sin4, const char *str)
 {
     int a0, a1, a2, a3, p0, p1;
 
@@ -1192,11 +1196,11 @@ parse_pasv (struct sockaddr_in *sin, const char *str)
 	printf ("Can't parse passive mode string.\n");
 	return -1;
     }
-    memset (sin, 0, sizeof(*sin));
-    sin->sin_family      = AF_INET;
-    sin->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
+    memset (sin4, 0, sizeof(*sin4));
+    sin4->sin_family      = AF_INET;
+    sin4->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
 				  (a2 << 8) | a3);
-    sin->sin_port = htons ((p0 << 8) | p1);
+    sin4->sin_port = htons ((p0 << 8) | p1);
     return 0;
 }
 
@@ -1318,10 +1322,10 @@ noport:
 	verbose = overbose;
 
 	if (result == ERROR) {
-	    struct sockaddr_in *sin = (struct sockaddr_in *)data_addr;
+	    struct sockaddr_in *sin4 = (struct sockaddr_in *)data_addr;
 
-	    unsigned int a = ntohl(sin->sin_addr.s_addr);
-	    unsigned int p = ntohs(sin->sin_port);
+	    unsigned int a = ntohl(sin4->sin_addr.s_addr);
+	    unsigned int p = ntohs(sin4->sin_port);
 
 	    if (data_addr->sa_family != AF_INET) {
 		warnx ("remote server doesn't support EPRT");
@@ -1544,7 +1548,7 @@ abortpt (int sig)
 void
 proxtrans (char *cmd, char *local, char *remote)
 {
-    sighand oldintr;
+    sighand oldintr = NULL;
     int secndflag = 0, prox_type, nfnd;
     char *cmd2;
     fd_set mask;
@@ -1616,7 +1620,8 @@ abort:
 	pswitch (1);
 	if (ptabflg)
 	    code = -1;
-	signal (SIGINT, oldintr);
+	if (oldintr)
+	    signal (SIGINT, oldintr);
 	return;
     }
     if (cpend)
@@ -1751,8 +1756,8 @@ abort_remote (FILE * din)
 	errx (1, "fd too large");
     FD_SET (fileno (cin), &mask);
     if (din) {
-    if (fileno (din) >= FD_SETSIZE)
-	errx (1, "fd too large");
+	if (fileno (din) >= FD_SETSIZE)
+	    errx (1, "fd too large");
 	FD_SET (fileno (din), &mask);
     }
     if ((nfnd = empty (&mask, 10)) <= 0) {
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_var.h b/crypto/heimdal/appl/ftp/ftp/ftp_var.h
index 3dbe6b4..75ec495 100644
--- a/crypto/heimdal/appl/ftp/ftp/ftp_var.h
+++ b/crypto/heimdal/appl/ftp/ftp/ftp_var.h
@@ -57,6 +57,7 @@ extern int	debug;			/* debugging level */
 extern int	bell;			/* ring bell on cmd completion */
 extern int	doglob;			/* glob local file names */
 extern int	autologin;		/* establish user account on connection */
+extern int	doencrypt;
 extern int	proxy;			/* proxy server connection active */
 extern int	proxflag;		/* proxy connection exists */
 extern int	sunique;		/* store files on server with unique name */
diff --git a/crypto/heimdal/appl/ftp/ftp/globals.c b/crypto/heimdal/appl/ftp/ftp/globals.c
index 8a0e1c9..52f8048 100644
--- a/crypto/heimdal/appl/ftp/ftp/globals.c
+++ b/crypto/heimdal/appl/ftp/ftp/globals.c
@@ -1,5 +1,5 @@
 #include "ftp_locl.h"
-RCSID("$Id: globals.c,v 1.8 2000/11/15 22:56:08 assar Exp $");
+RCSID("$Id: globals.c 16160 2005-10-12 09:42:47Z joda $");
 
 /*
  * Options and other state info.
@@ -15,6 +15,7 @@ int	lineedit;		/* use line-editing */
 int	debug;			/* debugging level */
 int	bell;			/* ring bell on cmd completion */
 int	doglob;			/* glob local file names */
+int	doencrypt;		/* try to use encryption */
 int	autologin;		/* establish user account on connection */
 int	proxy;			/* proxy server connection active */
 int	proxflag;		/* proxy connection exists */
diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c
index 65742e8..9432feb 100644
--- a/crypto/heimdal/appl/ftp/ftp/gssapi.c
+++ b/crypto/heimdal/appl/ftp/ftp/gssapi.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -39,14 +39,16 @@
 #include <gssapi.h>
 #include <krb5_err.h>
 
-RCSID("$Id: gssapi.c,v 1.22.2.2 2003/08/20 16:41:24 lha Exp $");
+RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $");
 
 int ftp_do_gss_bindings = 0;
+int ftp_do_gss_delegate = 1;
 
 struct gss_data {
     gss_ctx_id_t context_hdl;
     char *client_name;
     gss_cred_id_t delegated_cred_handle;
+    void *mech_data;
 };
 
 static int
@@ -54,7 +56,7 @@ gss_init(void *app_data)
 {
     struct gss_data *d = app_data;
     d->context_hdl = GSS_C_NO_CONTEXT;
-    d->delegated_cred_handle = NULL;
+    d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 #if defined(FTP_SERVER)
     return 0;
 #else
@@ -62,7 +64,7 @@ gss_init(void *app_data)
 #ifdef KRB5
     return !use_kerberos;
 #else
-    return 0
+    return 0;
 #endif /* KRB5 */
 #endif /* FTP_SERVER */
 }
@@ -130,7 +132,7 @@ gss_encode(void *app_data, void *from, int length, int level, void **to)
 }
 
 static void
-sockaddr_to_gss_address (const struct sockaddr *sa,
+sockaddr_to_gss_address (struct sockaddr *sa,
 			 OM_uint32 *addr_type,
 			 gss_buffer_desc *gss_addr)
 {
@@ -146,10 +148,10 @@ sockaddr_to_gss_address (const struct sockaddr *sa,
     }
 #endif
     case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
 
 	gss_addr->length = 4;
-	gss_addr->value  = &sin->sin_addr;
+	gss_addr->value  = &sin4->sin_addr;
 	*addr_type       = GSS_C_AF_INET;
 	break;
     }
@@ -193,15 +195,6 @@ gss_adat(void *app_data, void *buf, size_t len)
     input_token.value = buf;
     input_token.length = len;
 
-    d->delegated_cred_handle = malloc(sizeof(*d->delegated_cred_handle));
-    if (d->delegated_cred_handle == NULL) {
-	reply(500, "Out of memory");
-	goto out;
-    }
-
-    memset ((char*)d->delegated_cred_handle, 0,
-	    sizeof(*d->delegated_cred_handle));
-    
     maj_stat = gss_accept_sec_context (&min_stat,
 				       &d->context_hdl,
 				       GSS_C_NO_CREDENTIAL,
@@ -222,6 +215,7 @@ gss_adat(void *app_data, void *buf, size_t len)
 	    reply(535, "Out of memory base64-encoding.");
 	    return -1;
 	}
+	gss_release_buffer(&min_stat, &output_token);
     }
     if(maj_stat == GSS_S_COMPLETE){
 	char *name;
@@ -277,11 +271,14 @@ gss_adat(void *app_data, void *buf, size_t len)
 	reply(431, "Security resource unavailable");
     }
   out:
+    if (client_name)
+	gss_release_name(&min_stat, &client_name);
     free(p);
     return 0;
 }
 
 int gss_userok(void*, char*);
+int gss_session(void*, char*);
 
 struct sec_server_mech gss_server_mech = {
     "GSSAPI",
@@ -297,7 +294,8 @@ struct sec_server_mech gss_server_mech = {
     gss_adat,
     NULL, /* pbsz */
     NULL, /* ccc */
-    gss_userok
+    gss_userok,
+    gss_session
 };
 
 #else /* FTP_SERVER */
@@ -309,12 +307,14 @@ import_name(const char *kname, const char *host, gss_name_t *target_name)
 {
     OM_uint32 maj_stat, min_stat;
     gss_buffer_desc name;
+    char *str;
 
-    name.length = asprintf((char**)&name.value, "%s@%s", kname, host);
-    if (name.value == NULL) {
+    name.length = asprintf(&str, "%s@%s", kname, host);
+    if (str == NULL) {
 	printf("Out of memory\n");
 	return AUTH_ERROR;
     }
+    name.value = str;
 
     maj_stat = gss_import_name(&min_stat,
 			       &name,
@@ -334,6 +334,7 @@ import_name(const char *kname, const char *host, gss_name_t *target_name)
 	printf("Error importing name %s: %s\n", 
 	       (char *)name.value,
 	       (char *)status_string.value);
+	free(name.value);
 	gss_release_buffer(&new_stat, &status_string);
 	return AUTH_ERROR;
     }
@@ -353,6 +354,7 @@ gss_auth(void *app_data, char *host)
     int n;
     gss_channel_bindings_t bindings;
     struct gss_data *d = app_data;
+    OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
 
     const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
 	    
@@ -380,14 +382,16 @@ gss_auth(void *app_data, char *host)
     } else
 	bindings = GSS_C_NO_CHANNEL_BINDINGS;
 
+    if (ftp_do_gss_delegate)
+	mech_flags |= GSS_C_DELEG_FLAG;
+
     while(!context_established) {
 	maj_stat = gss_init_sec_context(&min_stat,
 					GSS_C_NO_CREDENTIAL,
 					&d->context_hdl,
 					target_name,
 					GSS_C_NO_OID,
-                                        GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
-                                          | GSS_C_DELEG_FLAG,
+                                        mech_flags,
 					0,
 					bindings,
 					&input,
@@ -400,7 +404,12 @@ gss_auth(void *app_data, char *host)
 	    OM_uint32 msg_ctx = 0;
 	    gss_buffer_desc status_string;
 
-	    if(min_stat == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN && *kname != NULL) {
+	    d->context_hdl = GSS_C_NO_CONTEXT;
+
+	    gss_release_name(&min_stat, &target_name);
+
+	    if(*kname != NULL) {
+
 		if(import_name(*kname++, host, &target_name)) {
 		    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 			free(bindings);
@@ -466,6 +475,8 @@ gss_auth(void *app_data, char *host)
 	}
     }
 
+    gss_release_name(&min_stat, &target_name);
+
     if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 	free(bindings);
     if (input.value)
diff --git a/crypto/heimdal/appl/ftp/ftp/kauth.c b/crypto/heimdal/appl/ftp/ftp/kauth.c
index 613593a..36305d2 100644
--- a/crypto/heimdal/appl/ftp/ftp/kauth.c
+++ b/crypto/heimdal/appl/ftp/ftp/kauth.c
@@ -32,8 +32,10 @@
  */
 
 #include "ftp_locl.h"
+RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $");
+
+#ifdef KRB4
 #include <krb.h>
-RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $");
 
 void
 kauth(int argc, char **argv)
@@ -142,20 +144,6 @@ kauth(int argc, char **argv)
 }
 
 void
-klist(int argc, char **argv)
-{
-    int ret;
-    if(argc != 1){
-	printf("usage: %s\n", argv[0]);
-	code = -1;
-	return;
-    }
-    
-    ret = command("SITE KLIST");
-    code = (ret == COMPLETE);
-}
-
-void
 kdestroy(int argc, char **argv)
 {
     int ret;
@@ -180,6 +168,9 @@ krbtkfile(int argc, char **argv)
     ret = command("SITE KRBTKFILE %s", argv[1]);
     code = (ret == COMPLETE);
 }
+#endif
+
+#if defined(KRB4) || defined(KRB5)
 
 void
 afslog(int argc, char **argv)
@@ -196,3 +187,7 @@ afslog(int argc, char **argv)
 	ret = command("SITE AFSLOG");
     code = (ret == COMPLETE);
 }
+
+#else
+int ftp_afslog_placeholder;
+#endif
diff --git a/crypto/heimdal/appl/ftp/ftp/krb4.c b/crypto/heimdal/appl/ftp/ftp/krb4.c
index d057ed7..408b7fa 100644
--- a/crypto/heimdal/appl/ftp/ftp/krb4.c
+++ b/crypto/heimdal/appl/ftp/ftp/krb4.c
@@ -38,7 +38,7 @@
 #endif
 #include <krb.h>
 
-RCSID("$Id: krb4.c,v 1.38 2000/06/21 02:46:09 assar Exp $");
+RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $");
 
 #ifdef FTP_SERVER
 #define LOCAL_ADDR ctrl_addr
@@ -121,7 +121,7 @@ krb4_adat(void *app_data, void *buf, size_t len)
     AUTH_DAT auth_dat;
     char *p;
     int kerror;
-    u_int32_t cs;
+    uint32_t cs;
     char msg[35]; /* size of encrypted block */
     int tmp_len;
     struct krb4_data *d = app_data;
@@ -240,7 +240,7 @@ krb4_auth(void *app_data, char *host)
     KTEXT_ST adat;
     MSG_DAT msg_data;
     int checksum;
-    u_int32_t cs;
+    uint32_t cs;
     struct krb4_data *d = app_data;
     struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
     struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c
index 071f601..c78cd4a 100644
--- a/crypto/heimdal/appl/ftp/ftp/main.c
+++ b/crypto/heimdal/appl/ftp/ftp/main.c
@@ -38,7 +38,7 @@
 #include "ftp_locl.h"
 #include <getarg.h>
 
-RCSID("$Id: main.c,v 1.33.2.1 2003/08/20 16:43:14 lha Exp $");
+RCSID("$Id: main.c 16160 2005-10-12 09:42:47Z joda $");
 
 static int help_flag;
 static int version_flag;
@@ -61,12 +61,16 @@ struct getargs getargs[] = {
       "Packet tracing", NULL},
 #ifdef KRB5
     { "gss-bindings", 0,  arg_negative_flag, &ftp_do_gss_bindings,
-      "Use GSS-API bindings", NULL},
+      "Don't use GSS-API bindings", NULL},
+    { "gss-delegate", 0,  arg_negative_flag, &ftp_do_gss_delegate,
+      "Disable delegation of GSS-API credentials", NULL},
 #endif
     { NULL,	'v', arg_counter, &verbose,
       "verbosity", NULL},
     { NULL,	'K', arg_negative_flag, &use_kerberos,
       "Disable kerberos authentication", NULL},
+    { "encrypt", 'x', arg_flag, &doencrypt,
+      "Encrypt command and data channel if possible" },
     { "version", 0,  arg_flag, &version_flag },
     { "help",	'h', arg_flag, &help_flag },
 };
diff --git a/crypto/heimdal/appl/ftp/ftp/ruserpass.c b/crypto/heimdal/appl/ftp/ftp/ruserpass.c
index b22f699..8c0cd8d 100644
--- a/crypto/heimdal/appl/ftp/ftp/ruserpass.c
+++ b/crypto/heimdal/appl/ftp/ftp/ruserpass.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: ruserpass.c,v 1.19 2000/01/08 07:45:11 assar Exp $");
+RCSID("$Id: ruserpass.c 16161 2005-10-12 09:44:24Z joda $");
 
 static	int token (void);
 static	FILE *cfile;
@@ -69,39 +69,39 @@ static struct toktab {
  */
 
 static char *
-guess_domain (char *hostname, size_t sz)
+guess_domain (char *hostname_str, size_t sz)
 {
     struct addrinfo *ai, *a;
     struct addrinfo hints;
     int error;
     char *dot;
 
-    if (gethostname (hostname, sz) < 0) {
-	strlcpy (hostname, "", sz);
+    if (gethostname (hostname_str, sz) < 0) {
+	strlcpy (hostname_str, "", sz);
 	return "";
     }
-    dot = strchr (hostname, '.');
+    dot = strchr (hostname_str, '.');
     if (dot != NULL)
 	return dot + 1;
 
     memset (&hints, 0, sizeof(hints));
     hints.ai_flags = AI_CANONNAME;
 
-    error = getaddrinfo (hostname, NULL, &hints, &ai);
+    error = getaddrinfo (hostname_str, NULL, &hints, &ai);
     if (error)
-	return hostname;
+	return hostname_str;
 
     for (a = ai; a != NULL; a = a->ai_next)
 	if (a->ai_canonname != NULL) {
-	    strlcpy (hostname, ai->ai_canonname, sz);
+	    strlcpy (hostname_str, ai->ai_canonname, sz);
 	    break;
 	}
     freeaddrinfo (ai);
-    dot = strchr (hostname, '.');
+    dot = strchr (hostname_str, '.');
     if (dot != NULL)
 	return dot + 1;
     else
-	return hostname;
+	return hostname_str;
 }
 
 int
@@ -256,7 +256,7 @@ next:
 	    break;
 	case PROT:
 	    token();
-	    if(sec_request_prot(tokval) < 0)
+	    if(doencrypt == 0 && sec_request_prot(tokval) < 0)
 		warnx("Unknown protection level \"%s\"", tokval);
 	    break;
 	default:
diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c
index db67775..2a4803f 100644
--- a/crypto/heimdal/appl/ftp/ftp/security.c
+++ b/crypto/heimdal/appl/ftp/ftp/security.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -37,7 +37,7 @@
 #include "ftp_locl.h"
 #endif
 
-RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $");
+RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $");
 
 static enum protection_level command_prot;
 static enum protection_level data_prot;
@@ -189,16 +189,16 @@ sec_get_data(int fd, struct buffer *buf, int level)
 }
 
 static size_t
-buffer_read(struct buffer *buf, void *data, size_t len)
+buffer_read(struct buffer *buf, void *dataptr, size_t len)
 {
     len = min(len, buf->size - buf->index);
-    memcpy(data, (char*)buf->data + buf->index, len);
+    memcpy(dataptr, (char*)buf->data + buf->index, len);
     buf->index += len;
     return len;
 }
 
 static size_t
-buffer_write(struct buffer *buf, void *data, size_t len)
+buffer_write(struct buffer *buf, void *dataptr, size_t len)
 {
     if(buf->index + len > buf->size) {
 	void *tmp;
@@ -211,29 +211,29 @@ buffer_write(struct buffer *buf, void *data, size_t len)
 	buf->data = tmp;
 	buf->size = buf->index + len;
     }
-    memcpy((char*)buf->data + buf->index, data, len);
+    memcpy((char*)buf->data + buf->index, dataptr, len);
     buf->index += len;
     return len;
 }
 
 int
-sec_read(int fd, void *data, int length)
+sec_read(int fd, void *dataptr, int length)
 {
     size_t len;
     int rx = 0;
 
     if(sec_complete == 0 || data_prot == 0)
-	return read(fd, data, length);
+	return read(fd, dataptr, length);
 
     if(in_buffer.eof_flag){
 	in_buffer.eof_flag = 0;
 	return 0;
     }
     
-    len = buffer_read(&in_buffer, data, length);
+    len = buffer_read(&in_buffer, dataptr, length);
     length -= len;
     rx += len;
-    data = (char*)data + len;
+    dataptr = (char*)dataptr + len;
     
     while(length){
 	int ret;
@@ -246,10 +246,10 @@ sec_read(int fd, void *data, int length)
 		in_buffer.eof_flag = 1;
 	    return rx;
 	}
-	len = buffer_read(&in_buffer, data, length);
+	len = buffer_read(&in_buffer, dataptr, length);
 	length -= len;
 	rx += len;
-	data = (char*)data + len;
+	dataptr = (char*)dataptr + len;
     }
     return rx;
 }
@@ -282,21 +282,21 @@ sec_fflush(FILE *F)
 }
 
 int
-sec_write(int fd, char *data, int length)
+sec_write(int fd, char *dataptr, int length)
 {
     int len = buffer_size;
     int tx = 0;
       
     if(data_prot == prot_clear)
-	return write(fd, data, length);
+	return write(fd, dataptr, length);
 
     len -= (*mech->overhead)(app_data, data_prot, len);
     while(length){
 	if(length < len)
 	    len = length;
-	sec_send(fd, data, len);
+	sec_send(fd, dataptr, len);
 	length -= len;
-	data += len;
+	dataptr += len;
 	tx += len;
     }
     return tx;
@@ -310,8 +310,11 @@ sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
     if(data_prot == prot_clear)
 	return vfprintf(f, fmt, ap);
     else {
-	vasprintf(&buf, fmt, ap);
-	ret = buffer_write(&out_buffer, buf, strlen(buf));
+	int len;
+	len = vasprintf(&buf, fmt, ap);
+	if (len == -1)
+	    return len;
+	ret = buffer_write(&out_buffer, buf, len);
 	free(buf);
 	return ret;
     }
@@ -348,7 +351,7 @@ sec_read_msg(char *s, int level)
 {
     int len;
     char *buf;
-    int code;
+    int return_code;
     
     buf = malloc(strlen(s));
     len = base64_decode(s + 4, buf); /* XXX */
@@ -360,14 +363,14 @@ sec_read_msg(char *s, int level)
     buf[len] = '\0';
 
     if(buf[3] == '-')
-	code = 0;
+	return_code = 0;
     else
-	sscanf(buf, "%d", &code);
+	sscanf(buf, "%d", &return_code);
     if(buf[len-1] == '\n')
 	buf[len-1] = '\0';
     strcpy(s, buf);
     free(buf);
-    return code;
+    return return_code;
 }
 
 int
@@ -379,7 +382,10 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap)
     if(!sec_complete)
 	return vfprintf(f, fmt, ap);
     
-    vasprintf(&buf, fmt, ap);
+    if (vasprintf(&buf, fmt, ap) == -1) {
+	printf("Failed to allocate command.\n");
+	return -1;
+    }
     len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
     free(buf);
     if(len < 0) {
@@ -426,6 +432,8 @@ sec_fprintf(FILE *f, const char *fmt, ...)
 
 #ifdef FTP_SERVER
 
+int ccc_passed;
+
 void
 auth(char *auth_name)
 {
@@ -529,9 +537,10 @@ prot(char *pl)
 void ccc(void)
 {
     if(sec_complete){
-	if(mech->ccc && (*mech->ccc)(app_data) == 0)
+	if(mech->ccc && (*mech->ccc)(app_data) == 0) {
 	    command_prot = data_prot = prot_clear;
-	else
+	    ccc_passed = 1;
+	} else
 	    reply(534, "You must be joking.");
     }else
 	reply(503, "Incomplete security data exchange.");
@@ -540,13 +549,13 @@ void ccc(void)
 void mec(char *msg, enum protection_level level)
 {
     void *buf;
-    size_t len;
+    size_t len, buf_size;
     if(!sec_complete) {
 	reply(503, "Incomplete security data exchange.");
 	return;
     }
-    buf = malloc(strlen(msg) + 2); /* XXX go figure out where that 2
-				      comes from :-) */
+    buf_size = strlen(msg) + 2;
+    buf = malloc(buf_size);
     len = base64_decode(msg, buf);
     command_prot = level;
     if(len == (size_t)-1) {
@@ -560,17 +569,25 @@ void mec(char *msg, enum protection_level level)
     }
     ((char*)buf)[len] = '\0';
     if(strstr((char*)buf, "\r\n") == NULL)
-	strcat((char*)buf, "\r\n");
+	strlcat((char*)buf, "\r\n", buf_size);
     new_ftp_command(buf);
 }
 
 /* ------------------------------------------------------------ */
 
 int
-sec_userok(char *user)
+sec_userok(char *userstr)
 {
     if(sec_complete)
-	return (*mech->userok)(app_data, user);
+	return (*mech->userok)(app_data, userstr);
+    return 0;
+}
+
+int
+sec_session(char *user)
+{
+    if(sec_complete && mech->session)
+	return (*mech->session)(app_data, user);
     return 0;
 }
 
@@ -660,7 +677,15 @@ sec_prot_internal(int level)
 enum protection_level
 set_command_prot(enum protection_level level)
 {
+    int ret;
     enum protection_level old = command_prot;
+    if(level != command_prot && level == prot_clear) {
+	ret = command("CCC");
+	if(ret != COMPLETE) {
+	    printf("Failed to clear command channel.\n");
+	    return -1;
+	}
+    }
     command_prot = level;
     return old;
 }
@@ -670,8 +695,13 @@ sec_prot(int argc, char **argv)
 {
     int level = -1;
 
-    if(argc < 2 || argc > 3)
+    if(argc > 3)
 	goto usage;
+
+    if(argc == 1) {
+	sec_status();
+	return;
+    }
     if(!sec_complete) {
 	printf("No security data exchange has taken place.\n");
 	code = -1;
@@ -694,9 +724,12 @@ sec_prot(int argc, char **argv)
 	    code = -1;
 	    return;
 	}
-    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
-	set_command_prot(level);
-    else
+    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
+	if(set_command_prot(level) < 0) {
+	    code = -1;
+	    return;
+	}
+    } else
 	goto usage;
     code = 0;
     return;
@@ -706,6 +739,46 @@ sec_prot(int argc, char **argv)
     code = -1;
 }
 
+void
+sec_prot_command(int argc, char **argv)
+{
+    int level;
+
+    if(argc > 2)
+	goto usage;
+
+    if(!sec_complete) {
+	printf("No security data exchange has taken place.\n");
+	code = -1;
+	return;
+    }
+
+    if(argc == 1) {
+	sec_status();
+    } else {
+	level = name_to_level(argv[1]);
+	if(level == -1)
+	    goto usage;
+    
+	if((*mech->check_prot)(app_data, level)) {
+	    printf("%s does not implement %s protection.\n", 
+		   mech->name, level_to_name(level));
+	    code = -1;
+	    return;
+	}
+	if(set_command_prot(level) < 0) {
+	    code = -1;
+	    return;
+	}
+    }
+    code = 0;
+    return;
+ usage:
+    printf("usage: %s [clear|safe|confidential|private]\n",
+	   argv[0]);
+    code = -1;
+}
+
 static enum protection_level request_data_prot;
 
 void
@@ -741,7 +814,7 @@ sec_login(char *host)
 
 	tmp = realloc(app_data, (*m)->size);
 	if (tmp == NULL) {
-	    warnx ("realloc %u failed", (*m)->size);
+	    warnx ("realloc %lu failed", (unsigned long)(*m)->size);
 	    return -1;
 	}
 	app_data = tmp;
@@ -777,7 +850,12 @@ sec_login(char *host)
 	}
 	mech = *m;
 	sec_complete = 1;
-	command_prot = prot_safe;
+	if(doencrypt) {
+	    command_prot = prot_private;
+	    request_data_prot = prot_private; 
+	} else {
+	    command_prot = prot_safe;
+	}
 	break;
     }
     
diff --git a/crypto/heimdal/appl/ftp/ftp/security.h b/crypto/heimdal/appl/ftp/ftp/security.h
index 5e14ebd..85ba23e 100644
--- a/crypto/heimdal/appl/ftp/ftp/security.h
+++ b/crypto/heimdal/appl/ftp/ftp/security.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: security.h,v 1.9.12.1 2003/08/20 16:41:53 lha Exp $ */
+/* $Id: security.h 21224 2007-06-20 10:15:13Z lha $ */
 
 #ifndef __security_h__
 #define __security_h__
@@ -70,6 +70,7 @@ struct sec_server_mech {
     size_t (*pbsz)(void *, size_t);
     int (*ccc)(void*);
     int (*userok)(void*, char*);
+    int (*session)(void*, char*);
 };
 
 #define AUTH_OK		0
@@ -77,6 +78,7 @@ struct sec_server_mech {
 #define AUTH_ERROR	2
 
 extern int ftp_do_gss_bindings;
+extern int ftp_do_gss_delegate;
 #ifdef FTP_SERVER
 extern struct sec_server_mech krb4_server_mech, gss_server_mech;
 #else
@@ -119,12 +121,14 @@ void prot (char *);
 void delete_ftp_command (void);
 void new_ftp_command (char *);
 int sec_userok (char *);
+int sec_session(char *);
 int secure_command (void);
 enum protection_level get_command_prot(void);
 #else
 void sec_end (void);
 int sec_login (char *);
 void sec_prot (int, char **);
+void sec_prot_command (int, char **);
 int sec_request_prot (char *);
 void sec_set_protection_level (void);
 void sec_status (void);
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.am b/crypto/heimdal/appl/ftp/ftpd/Makefile.am
index 20f8b57..b404876 100644
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.am
+++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.am
@@ -1,15 +1,15 @@
-# $Id: Makefile.am,v 1.26 2001/09/06 12:18:34 assar Exp $
+# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
 
 libexec_PROGRAMS = ftpd
 
 CHECK_LOCAL = 
 
 if KRB4
-krb4_sources = krb4.c kauth.c
+krb4_sources = krb4.c
 endif
 if KRB5
 krb5_sources = gssapi.c gss_userok.c
@@ -25,6 +25,8 @@ ftpd_SOURCES =		\
 	pathnames.h	\
 	popen.c		\
 	security.c	\
+	kauth.c		\
+	klist.c		\
 	$(krb4_sources) \
 	$(krb5_sources)
 
@@ -41,7 +43,7 @@ krb4.c:
 gssapi.c:
 	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
 
-CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
+CLEANFILES = security.c security.h krb4.c gssapi.c
 
 man_MANS = ftpd.8 ftpusers.5
 
@@ -51,5 +53,7 @@ LDADD = ../common/libcommon.a \
 	$(LIB_krb5) \
 	$(LIB_kafs) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
index b6d8f62..c7a6a8f 100644
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in
+++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.26 2001/09/06 12:18:34 assar Exp $
+# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ libexec_PROGRAMS = ftpd$(EXEEXT)
 subdir = appl/ftp/ftpd
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,56 +74,61 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" \
+	"$(DESTDIR)$(man8dir)"
 libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(libexec_PROGRAMS)
 am__ftpd_SOURCES_DIST = extern.h ftpcmd.y ftpd.c ftpd_locl.h logwtmp.c \
-	ls.c pathnames.h popen.c security.c krb4.c kauth.c gssapi.c \
-	gss_userok.c
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
+	ls.c pathnames.h popen.c security.c kauth.c klist.c krb4.c \
+	gssapi.c gss_userok.c
+@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
 @KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT)
 am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
 	ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \
-	$(am__objects_1) $(am__objects_2)
+	kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) \
+	$(am__objects_2)
 ftpd_OBJECTS = $(am_ftpd_OBJECTS)
 ftpd_LDADD = $(LDADD)
 am__DEPENDENCIES_1 =
-@KRB5_TRUE@am__DEPENDENCIES_2 =  \
-@KRB5_TRUE@	$(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@am__DEPENDENCIES_3 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-am__DEPENDENCIES_4 = $(top_builddir)/lib/kafs/libkafs.la \
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
 	$(am__DEPENDENCIES_1)
 ftpd_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
-	$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+	$(LIB_gssapi) $(LIB_krb5) $(am__DEPENDENCIES_2) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
 YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) \
-	$(AM_YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
+YLWRAP = $(top_srcdir)/ylwrap
 SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
 DIST_SOURCES = $(am__ftpd_SOURCES_DIST) $(EXTRA_ftpd_SOURCES)
 man5dir = $(mandir)/man5
@@ -139,13 +138,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -155,8 +148,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -167,11 +158,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -179,42 +169,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -232,12 +207,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -247,15 +219,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -264,6 +235,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -275,15 +247,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -291,74 +258,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	-I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -375,9 +348,10 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 CHECK_LOCAL = 
-@KRB4_TRUE@krb4_sources = krb4.c kauth.c
+@KRB4_TRUE@krb4_sources = krb4.c
 @KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c
 ftpd_SOURCES = \
 	extern.h	\
@@ -389,11 +363,13 @@ ftpd_SOURCES = \
 	pathnames.h	\
 	popen.c		\
 	security.c	\
+	kauth.c		\
+	klist.c		\
 	$(krb4_sources) \
 	$(krb5_sources)
 
 EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
+CLEANFILES = security.c security.h krb4.c gssapi.c
 man_MANS = ftpd.8 ftpusers.5
 LDADD = ../common/libcommon.a \
 	$(LIB_otp) \
@@ -401,13 +377,14 @@ LDADD = ../common/libcommon.a \
 	$(LIB_krb5) \
 	$(LIB_kafs) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -439,7 +416,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
 	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -467,7 +444,7 @@ clean-libexecPROGRAMS:
 	done
 ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) 
 	@rm -f ftpd$(EXEEXT)
-	$(LINK) $(ftpd_LDFLAGS) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
+	$(LINK) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -485,37 +462,16 @@ distclean-compile:
 	$(LTCOMPILE) -c -o $@ $<
 
 .y.c:
-	$(YACCCOMPILE) $<
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@t && mv $@t $@
-	rm -f y.tab.c
+	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
 
 mostlyclean-libtool:
 	-rm -f *.lo
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man5: $(man5_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)"
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
 	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -560,7 +516,7 @@ uninstall-man5:
 	done
 install-man8: $(man8_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
 	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -624,9 +580,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -651,23 +609,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -687,7 +643,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -709,7 +665,7 @@ clean-generic:
 	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -723,7 +679,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -739,14 +695,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-libexecPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man5 install-man8
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -766,23 +730,29 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man5 uninstall-man8
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man5 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-info-am \
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-man5 install-man8 \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
 	uninstall-libexecPROGRAMS uninstall-man uninstall-man5 \
 	uninstall-man8
 
@@ -799,8 +769,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -810,19 +780,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -838,7 +820,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -908,15 +890,40 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
 
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+
 $(ftpd_OBJECTS): security.h
 
 security.c:
diff --git a/crypto/heimdal/appl/ftp/ftpd/extern.h b/crypto/heimdal/appl/ftp/ftpd/extern.h
index 751d04c..db40f2f 100644
--- a/crypto/heimdal/appl/ftp/ftpd/extern.h
+++ b/crypto/heimdal/appl/ftp/ftpd/extern.h
@@ -107,9 +107,12 @@ void	klist(void);
 void	cond_kdestroy(void);
 void	kdestroy(void);
 void	krbtkfile(const char *tkfile);
-void	afslog(const char *cell);
+void	afslog(const char *, int);
 void	afsunlog(void);
 
+extern int do_destroy_tickets;
+extern char *k5ccname;
+
 int	find(char *);
 
 int	builtin_ls(FILE*, const char*);
@@ -130,6 +133,7 @@ extern	int logging;
 extern	int type;
 extern off_t file_size;
 extern off_t byte_count;
+extern	int ccc_passed;
 
 extern	int form;
 extern	int debug;
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c
new file mode 100644
index 0000000..94eadee
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c
@@ -0,0 +1,3551 @@
+/* A Bison parser, made by GNU Bison 2.3.  */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+   Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.  */
+
+/* As a special exception, you may create a larger work that contains
+   part or all of the Bison parser skeleton and distribute that work
+   under terms of your choice, so long as that work isn't itself a
+   parser generator using the skeleton or a modified version thereof
+   as a parser skeleton.  Alternatively, if you modify or redistribute
+   the parser skeleton itself, you may (at your option) remove this
+   special exception, which will cause the skeleton and the resulting
+   Bison output files to be licensed under the GNU General Public
+   License without this special exception.
+
+   This special exception was added by the Free Software Foundation in
+   version 2.2 of Bison.  */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+   simplifying the original so-called "semantic" parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Bison version.  */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 0
+
+/* Using locations.  */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     A = 258,
+     B = 259,
+     C = 260,
+     E = 261,
+     F = 262,
+     I = 263,
+     L = 264,
+     N = 265,
+     P = 266,
+     R = 267,
+     S = 268,
+     T = 269,
+     SP = 270,
+     CRLF = 271,
+     COMMA = 272,
+     USER = 273,
+     PASS = 274,
+     ACCT = 275,
+     REIN = 276,
+     QUIT = 277,
+     PORT = 278,
+     PASV = 279,
+     TYPE = 280,
+     STRU = 281,
+     MODE = 282,
+     RETR = 283,
+     STOR = 284,
+     APPE = 285,
+     MLFL = 286,
+     MAIL = 287,
+     MSND = 288,
+     MSOM = 289,
+     MSAM = 290,
+     MRSQ = 291,
+     MRCP = 292,
+     ALLO = 293,
+     REST = 294,
+     RNFR = 295,
+     RNTO = 296,
+     ABOR = 297,
+     DELE = 298,
+     CWD = 299,
+     LIST = 300,
+     NLST = 301,
+     SITE = 302,
+     sTAT = 303,
+     HELP = 304,
+     NOOP = 305,
+     MKD = 306,
+     RMD = 307,
+     PWD = 308,
+     CDUP = 309,
+     STOU = 310,
+     SMNT = 311,
+     SYST = 312,
+     SIZE = 313,
+     MDTM = 314,
+     EPRT = 315,
+     EPSV = 316,
+     UMASK = 317,
+     IDLE = 318,
+     CHMOD = 319,
+     AUTH = 320,
+     ADAT = 321,
+     PROT = 322,
+     PBSZ = 323,
+     CCC = 324,
+     MIC = 325,
+     CONF = 326,
+     ENC = 327,
+     KAUTH = 328,
+     KLIST = 329,
+     KDESTROY = 330,
+     KRBTKFILE = 331,
+     AFSLOG = 332,
+     LOCATE = 333,
+     URL = 334,
+     FEAT = 335,
+     OPTS = 336,
+     LEXERR = 337,
+     STRING = 338,
+     NUMBER = 339
+   };
+#endif
+/* Tokens.  */
+#define A 258
+#define B 259
+#define C 260
+#define E 261
+#define F 262
+#define I 263
+#define L 264
+#define N 265
+#define P 266
+#define R 267
+#define S 268
+#define T 269
+#define SP 270
+#define CRLF 271
+#define COMMA 272
+#define USER 273
+#define PASS 274
+#define ACCT 275
+#define REIN 276
+#define QUIT 277
+#define PORT 278
+#define PASV 279
+#define TYPE 280
+#define STRU 281
+#define MODE 282
+#define RETR 283
+#define STOR 284
+#define APPE 285
+#define MLFL 286
+#define MAIL 287
+#define MSND 288
+#define MSOM 289
+#define MSAM 290
+#define MRSQ 291
+#define MRCP 292
+#define ALLO 293
+#define REST 294
+#define RNFR 295
+#define RNTO 296
+#define ABOR 297
+#define DELE 298
+#define CWD 299
+#define LIST 300
+#define NLST 301
+#define SITE 302
+#define sTAT 303
+#define HELP 304
+#define NOOP 305
+#define MKD 306
+#define RMD 307
+#define PWD 308
+#define CDUP 309
+#define STOU 310
+#define SMNT 311
+#define SYST 312
+#define SIZE 313
+#define MDTM 314
+#define EPRT 315
+#define EPSV 316
+#define UMASK 317
+#define IDLE 318
+#define CHMOD 319
+#define AUTH 320
+#define ADAT 321
+#define PROT 322
+#define PBSZ 323
+#define CCC 324
+#define MIC 325
+#define CONF 326
+#define ENC 327
+#define KAUTH 328
+#define KLIST 329
+#define KDESTROY 330
+#define KRBTKFILE 331
+#define AFSLOG 332
+#define LOCATE 333
+#define URL 334
+#define FEAT 335
+#define OPTS 336
+#define LEXERR 337
+#define STRING 338
+#define NUMBER 339
+
+
+
+
+/* Copy the first part of user declarations.  */
+#line 43 "ftpcmd.y"
+
+
+#include "ftpd_locl.h"
+RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $");
+
+off_t	restart_point;
+
+static	int hasyyerrored;
+
+
+static	int cmd_type;
+static	int cmd_form;
+static	int cmd_bytesz;
+char	cbuf[64*1024];
+char	*fromname;
+
+struct tab {
+	char	*name;
+	short	token;
+	short	state;
+	short	implemented;	/* 1 if command is implemented */
+	char	*help;
+};
+
+extern struct tab cmdtab[];
+extern struct tab sitetab[];
+
+static char		*copy (char *);
+static void		 help (struct tab *, char *);
+static struct tab *
+			 lookup (struct tab *, char *);
+static void		 sizecmd (char *);
+static RETSIGTYPE	 toolong (int);
+static int		 yylex (void);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+
+
+/* Enabling traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table.  */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 86 "ftpcmd.y"
+{
+	int	i;
+	char   *s;
+}
+/* Line 193 of yacc.c.  */
+#line 312 "ftpcmd.c"
+	YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations.  */
+
+
+/* Line 216 of yacc.c.  */
+#line 325 "ftpcmd.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+#  define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+#  define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# else
+#  define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+#  if ENABLE_NLS
+#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+#   define YY_(msgid) dgettext ("bison-runtime", msgid)
+#  endif
+# endif
+# ifndef YY_
+#  define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E.  */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions.  */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+    int i;
+#endif
+{
+  return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# ifdef YYSTACK_USE_ALLOCA
+#  if YYSTACK_USE_ALLOCA
+#   ifdef __GNUC__
+#    define YYSTACK_ALLOC __builtin_alloca
+#   elif defined __BUILTIN_VA_ARG_INCR
+#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+#   elif defined _AIX
+#    define YYSTACK_ALLOC __alloca
+#   elif defined _MSC_VER
+#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+#    define alloca _alloca
+#   else
+#    define YYSTACK_ALLOC alloca
+#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#     ifndef _STDLIB_H
+#      define _STDLIB_H 1
+#     endif
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's `empty if-body' warning.  */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+    /* The OS might guarantee only one guard page at the bottom of the stack,
+       and a page size can be as small as 4096 bytes.  So we cannot safely
+       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
+       to allow for a few compiler-allocated temporary stack slots.  */
+#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+#  endif
+# else
+#  define YYSTACK_ALLOC YYMALLOC
+#  define YYSTACK_FREE YYFREE
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+#  endif
+#  if (defined __cplusplus && ! defined _STDLIB_H \
+       && ! ((defined YYMALLOC || defined malloc) \
+	     && (defined YYFREE || defined free)))
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   ifndef _STDLIB_H
+#    define _STDLIB_H 1
+#   endif
+#  endif
+#  ifndef YYMALLOC
+#   define YYMALLOC malloc
+#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+#  ifndef YYFREE
+#   define YYFREE free
+#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+     && (! defined __cplusplus \
+	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  yytype_int16 yyss;
+  YYSTYPE yyvs;
+  };
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+      + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if defined __GNUC__ && 1 < __GNUC__
+#   define YYCOPY(To, From, Count) \
+      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+#  else
+#   define YYCOPY(To, From, Count)		\
+      do					\
+	{					\
+	  YYSIZE_T yyi;				\
+	  for (yyi = 0; yyi < (Count); yyi++)	\
+	    (To)[yyi] = (From)[yyi];		\
+	}					\
+      while (YYID (0))
+#  endif
+# endif
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack)					\
+    do									\
+      {									\
+	YYSIZE_T yynewbytes;						\
+	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+	Stack = &yyptr->Stack;						\
+	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+	yyptr += yynewbytes / sizeof (*yyptr);				\
+      }									\
+    while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state.  */
+#define YYFINAL  2
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   327
+
+/* YYNTOKENS -- Number of terminals.  */
+#define YYNTOKENS  85
+/* YYNNTS -- Number of nonterminals.  */
+#define YYNNTS  18
+/* YYNRULES -- Number of rules.  */
+#define YYNRULES  98
+/* YYNRULES -- Number of states.  */
+#define YYNSTATES  317
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   339
+
+#define YYTRANSLATE(YYX)						\
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+static const yytype_uint8 yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
+      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
+      35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
+      45,    46,    47,    48,    49,    50,    51,    52,    53,    54,
+      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
+      65,    66,    67,    68,    69,    70,    71,    72,    73,    74,
+      75,    76,    77,    78,    79,    80,    81,    82,    83,    84
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+   YYRHS.  */
+static const yytype_uint16 yyprhs[] =
+{
+       0,     0,     3,     4,     7,    10,    16,    22,    28,    34,
+      38,    42,    48,    54,    60,    66,    72,    82,    88,    94,
+     100,   104,   110,   114,   120,   126,   130,   136,   142,   146,
+     150,   156,   160,   166,   170,   176,   182,   186,   190,   194,
+     200,   206,   214,   220,   228,   238,   244,   252,   260,   266,
+     272,   280,   286,   294,   302,   308,   314,   318,   324,   330,
+     334,   337,   343,   349,   354,   359,   365,   371,   375,   380,
+     385,   390,   392,   393,   395,   397,   409,   411,   413,   415,
+     417,   421,   423,   427,   429,   431,   435,   438,   440,   442,
+     444,   446,   448,   450,   452,   454,   456,   458,   460
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
+static const yytype_int8 yyrhs[] =
+{
+      86,     0,    -1,    -1,    86,    87,    -1,    86,    88,    -1,
+      18,    15,    89,    16,   102,    -1,    19,    15,    90,    16,
+     102,    -1,    23,    15,    92,    16,   102,    -1,    60,    15,
+      83,    16,   102,    -1,    24,    16,   101,    -1,    61,    16,
+     101,    -1,    61,    15,    83,    16,   101,    -1,    25,    15,
+      94,    16,   102,    -1,    26,    15,    95,    16,   102,    -1,
+      27,    15,    96,    16,   102,    -1,    38,    15,    84,    16,
+     102,    -1,    38,    15,    84,    15,    12,    15,    84,    16,
+     102,    -1,    28,    15,    97,    16,   101,    -1,    29,    15,
+      97,    16,   101,    -1,    30,    15,    97,    16,   101,    -1,
+      46,    16,   101,    -1,    46,    15,    83,    16,   101,    -1,
+      45,    16,   101,    -1,    45,    15,    97,    16,   101,    -1,
+      48,    15,    97,    16,   101,    -1,    48,    16,   102,    -1,
+      43,    15,    97,    16,   100,    -1,    41,    15,    97,    16,
+     100,    -1,    42,    16,   102,    -1,    44,    16,   101,    -1,
+      44,    15,    97,    16,   101,    -1,    49,    16,   102,    -1,
+      49,    15,    83,    16,   102,    -1,    50,    16,   102,    -1,
+      51,    15,    97,    16,   101,    -1,    52,    15,    97,    16,
+     100,    -1,    53,    16,   101,    -1,    54,    16,   101,    -1,
+      80,    16,   102,    -1,    81,    15,    83,    16,   102,    -1,
+      47,    15,    49,    16,   102,    -1,    47,    15,    49,    15,
+      83,    16,   102,    -1,    47,    15,    62,    16,   101,    -1,
+      47,    15,    62,    15,    99,    16,   100,    -1,    47,    15,
+      64,    15,    99,    15,    97,    16,   100,    -1,    47,    15,
+      63,    16,   102,    -1,    47,    15,    63,    15,    84,    16,
+     102,    -1,    47,    15,    73,    15,    83,    16,   101,    -1,
+      47,    15,    74,    16,   101,    -1,    47,    15,    75,    16,
+     101,    -1,    47,    15,    76,    15,    83,    16,   101,    -1,
+      47,    15,    77,    16,   101,    -1,    47,    15,    77,    15,
+      83,    16,   101,    -1,    47,    15,    78,    15,    83,    16,
+     101,    -1,    47,    15,    79,    16,   102,    -1,    55,    15,
+      97,    16,   101,    -1,    57,    16,   102,    -1,    58,    15,
+      97,    16,   101,    -1,    59,    15,    97,    16,   101,    -1,
+      22,    16,   102,    -1,     1,    16,    -1,    40,    15,    97,
+      16,   100,    -1,    39,    15,    91,    16,   102,    -1,    65,
+      15,    83,    16,    -1,    66,    15,    83,    16,    -1,    68,
+      15,    84,    16,   102,    -1,    67,    15,    83,    16,   102,
+      -1,    69,    16,   102,    -1,    70,    15,    83,    16,    -1,
+      71,    15,    83,    16,    -1,    72,    15,    83,    16,    -1,
+      83,    -1,    -1,    83,    -1,    84,    -1,    84,    17,    84,
+      17,    84,    17,    84,    17,    84,    17,    84,    -1,    10,
+      -1,    14,    -1,     5,    -1,     3,    -1,     3,    15,    93,
+      -1,     6,    -1,     6,    15,    93,    -1,     8,    -1,     9,
+      -1,     9,    15,    91,    -1,     9,    91,    -1,     7,    -1,
+      12,    -1,    11,    -1,    13,    -1,     4,    -1,     5,    -1,
+      98,    -1,    83,    -1,    84,    -1,   101,    -1,   102,    -1,
+      -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+static const yytype_uint16 yyrline[] =
+{
+       0,   129,   129,   131,   136,   140,   146,   153,   164,   170,
+     175,   180,   186,   223,   237,   251,   257,   263,   272,   281,
+     290,   295,   304,   309,   315,   322,   327,   334,   348,   353,
+     358,   365,   370,   387,   392,   399,   406,   411,   416,   426,
+     433,   438,   443,   451,   464,   478,   485,   502,   525,   530,
+     539,   552,   563,   576,   583,   588,   595,   613,   630,   658,
+     665,   671,   681,   691,   696,   701,   706,   711,   716,   721,
+     726,   734,   739,   742,   746,   750,   763,   767,   771,   778,
+     783,   788,   793,   798,   802,   807,   813,   821,   825,   829,
+     836,   840,   844,   851,   879,   883,   909,   917,   928
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "A", "B", "C", "E", "F", "I", "L", "N",
+  "P", "R", "S", "T", "SP", "CRLF", "COMMA", "USER", "PASS", "ACCT",
+  "REIN", "QUIT", "PORT", "PASV", "TYPE", "STRU", "MODE", "RETR", "STOR",
+  "APPE", "MLFL", "MAIL", "MSND", "MSOM", "MSAM", "MRSQ", "MRCP", "ALLO",
+  "REST", "RNFR", "RNTO", "ABOR", "DELE", "CWD", "LIST", "NLST", "SITE",
+  "sTAT", "HELP", "NOOP", "MKD", "RMD", "PWD", "CDUP", "STOU", "SMNT",
+  "SYST", "SIZE", "MDTM", "EPRT", "EPSV", "UMASK", "IDLE", "CHMOD", "AUTH",
+  "ADAT", "PROT", "PBSZ", "CCC", "MIC", "CONF", "ENC", "KAUTH", "KLIST",
+  "KDESTROY", "KRBTKFILE", "AFSLOG", "LOCATE", "URL", "FEAT", "OPTS",
+  "LEXERR", "STRING", "NUMBER", "$accept", "cmd_list", "cmd", "rcmd",
+  "username", "password", "byte_size", "host_port", "form_code",
+  "type_code", "struct_code", "mode_code", "pathname", "pathstring",
+  "octal_number", "check_login_no_guest", "check_login", "check_secure", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+   token YYLEX-NUM.  */
+static const yytype_uint16 yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
+     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
+     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
+     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
+     335,   336,   337,   338,   339
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const yytype_uint8 yyr1[] =
+{
+       0,    85,    86,    86,    86,    87,    87,    87,    87,    87,
+      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
+      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
+      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
+      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
+      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
+      87,    88,    88,    88,    88,    88,    88,    88,    88,    88,
+      88,    89,    90,    90,    91,    92,    93,    93,    93,    94,
+      94,    94,    94,    94,    94,    94,    94,    95,    95,    95,
+      96,    96,    96,    97,    98,    99,   100,   101,   102
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+static const yytype_uint8 yyr2[] =
+{
+       0,     2,     0,     2,     2,     5,     5,     5,     5,     3,
+       3,     5,     5,     5,     5,     5,     9,     5,     5,     5,
+       3,     5,     3,     5,     5,     3,     5,     5,     3,     3,
+       5,     3,     5,     3,     5,     5,     3,     3,     3,     5,
+       5,     7,     5,     7,     9,     5,     7,     7,     5,     5,
+       7,     5,     7,     7,     5,     5,     3,     5,     5,     3,
+       2,     5,     5,     4,     4,     5,     5,     3,     4,     4,
+       4,     1,     0,     1,     1,    11,     1,     1,     1,     1,
+       3,     1,     3,     1,     1,     3,     2,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     1,     1,     0
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
+   means the default is an error.  */
+static const yytype_uint8 yydefact[] =
+{
+       2,     0,     1,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     3,     4,
+      60,     0,    72,    98,     0,    98,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,    98,     0,     0,    98,
+       0,    98,     0,    98,     0,     0,    98,     0,    98,    98,
+       0,     0,    98,    98,     0,    98,     0,     0,     0,     0,
+      98,     0,     0,     0,     0,    98,     0,     0,     0,    98,
+       0,    71,     0,    73,     0,    59,     0,     0,     9,    97,
+      79,    81,    83,    84,     0,    87,    89,    88,     0,    91,
+      92,    90,     0,    94,     0,    93,     0,     0,     0,    74,
+       0,     0,     0,    28,     0,     0,    29,     0,    22,     0,
+      20,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,    25,     0,    31,    33,     0,     0,    36,
+      37,     0,    56,     0,     0,     0,     0,    10,     0,     0,
+       0,     0,    67,     0,     0,     0,    38,     0,    98,    98,
+       0,    98,     0,     0,     0,    86,    98,    98,    98,    98,
+      98,    98,     0,    98,    98,    98,    98,    98,    98,    98,
+      98,     0,    98,     0,    98,     0,    98,     0,     0,    98,
+      98,     0,     0,    98,     0,    98,    98,    98,    98,    98,
+      98,    98,    98,    98,    98,    63,    64,    98,    98,    68,
+      69,    70,    98,     5,     6,     0,     7,    78,    76,    77,
+      80,    82,    85,    12,    13,    14,    17,    18,    19,     0,
+      15,    62,    61,    96,    27,    26,    30,    23,    21,     0,
+      40,    95,     0,    42,     0,    45,     0,     0,    48,    49,
+       0,     0,    51,     0,    54,    24,    32,    34,    35,    55,
+      57,    58,     8,    11,    66,    65,    39,     0,     0,    98,
+      98,    98,     0,    98,    98,    98,    98,     0,     0,    41,
+      43,    46,     0,    47,    50,    52,    53,     0,    98,    98,
+       0,    16,    44,     0,     0,     0,    75
+};
+
+/* YYDEFGOTO[NTERM-NUM].  */
+static const yytype_int16 yydefgoto[] =
+{
+      -1,     1,    48,    49,   102,   104,   130,   107,   240,   114,
+     118,   122,   124,   125,   262,   252,   253,   109
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
+#define YYPACT_NINF -196
+static const yytype_int16 yypact[] =
+{
+    -196,   246,  -196,     3,    13,    20,    11,    24,    21,    26,
+      30,    45,    66,    67,    68,    69,    70,    71,    72,    76,
+      73,    -7,    -5,    15,    78,    28,    32,    80,    79,    82,
+      83,    91,    93,    94,    96,    97,    98,    38,   100,   101,
+     102,   103,   104,   106,   107,   108,   111,   109,  -196,  -196,
+    -196,   -66,    36,  -196,    14,  -196,    12,    22,     1,    46,
+      46,    46,    25,    48,    46,    46,  -196,    46,    46,  -196,
+      46,  -196,    53,  -196,    27,    46,  -196,    55,  -196,  -196,
+      46,    46,  -196,  -196,    46,  -196,    46,    46,    56,    59,
+    -196,    60,    61,    62,    63,  -196,    65,    77,    85,  -196,
+      86,  -196,   114,  -196,   115,  -196,   120,   130,  -196,  -196,
+     135,   136,  -196,   -11,   138,  -196,  -196,  -196,   139,  -196,
+    -196,  -196,   143,  -196,   145,  -196,   147,   156,    47,  -196,
+     157,   162,   165,  -196,   166,   168,  -196,   170,  -196,   174,
+    -196,    49,    52,    54,   137,   177,   178,   179,   181,    64,
+     182,   183,   184,  -196,   185,  -196,  -196,   186,   187,  -196,
+    -196,   188,  -196,   189,   190,   191,   192,  -196,   193,   194,
+     195,   196,  -196,   197,   198,   199,  -196,   200,  -196,  -196,
+     133,  -196,     2,     2,    48,  -196,  -196,  -196,  -196,  -196,
+    -196,  -196,   206,  -196,  -196,  -196,  -196,  -196,  -196,  -196,
+    -196,   110,  -196,   140,  -196,   141,  -196,   140,   144,  -196,
+    -196,   146,   148,  -196,   149,  -196,  -196,  -196,  -196,  -196,
+    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,
+    -196,  -196,  -196,  -196,  -196,   202,  -196,  -196,  -196,  -196,
+    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,   205,
+    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,   207,
+    -196,  -196,   210,  -196,   212,  -196,   215,   217,  -196,  -196,
+     218,   219,  -196,   221,  -196,  -196,  -196,  -196,  -196,  -196,
+    -196,  -196,  -196,  -196,  -196,  -196,  -196,   155,   158,  -196,
+    -196,  -196,    46,  -196,  -196,  -196,  -196,   204,   224,  -196,
+    -196,  -196,   225,  -196,  -196,  -196,  -196,   159,  -196,  -196,
+     227,  -196,  -196,   161,   231,   167,  -196
+};
+
+/* YYPGOTO[NTERM-NUM].  */
+static const yytype_int16 yypgoto[] =
+{
+    -196,  -196,  -196,  -196,  -196,  -196,  -110,  -196,    39,  -196,
+    -196,  -196,    -9,  -196,    42,  -195,   -33,   -53
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule which
+   number is the opposite.  If zero, do what YYDEFACT says.
+   If YYTABLE_NINF, syntax error.  */
+#define YYTABLE_NINF -1
+static const yytype_uint16 yytable[] =
+{
+     105,   254,   255,   185,   184,   119,   120,   237,    68,    69,
+      70,    71,   238,   133,   121,   110,   239,   101,   111,    50,
+     112,   113,   108,   153,   278,   155,   156,    53,    51,   115,
+      72,    73,   162,   116,   117,    52,   136,    55,   138,    54,
+     140,    56,   172,    75,    76,    57,   176,    77,    78,   159,
+     160,   126,   127,    89,    90,   131,   132,   167,   134,   135,
+      58,   137,   192,   193,   201,   202,   152,   203,   204,   205,
+     206,   157,   158,   129,   242,   161,   141,   163,   164,   212,
+     213,    59,    60,    61,    62,    63,    64,    65,    67,   142,
+     143,   144,    66,    74,    80,   300,    79,    81,   106,    82,
+     145,   146,   147,   148,   149,   150,   151,    83,    84,   128,
+      85,    86,    87,    88,   312,    91,    92,    93,    94,   103,
+      95,    96,    97,    98,   100,   233,   234,    99,   236,   123,
+     178,   179,   129,   243,   244,   245,   139,   180,   154,   165,
+     250,   251,   166,   168,   169,   170,   181,   171,   173,   260,
+     182,   183,   207,   265,   186,   187,   246,   247,   248,   188,
+     174,   189,   274,   190,   276,   256,   257,   258,   175,   177,
+     282,   263,   191,   194,   284,   285,   268,   269,   195,   286,
+     272,   196,   197,   275,   198,   277,   199,   279,   280,   281,
+     200,   283,   208,   259,   209,   210,   211,   214,     0,   215,
+     216,   217,   218,   219,   220,   221,   222,   223,   224,   225,
+     226,   227,   228,   229,   230,   231,   232,   235,   249,   287,
+     288,   307,   241,   289,   261,   264,   290,   267,   291,   270,
+     292,   271,   273,   293,   294,   295,   299,   296,   301,   297,
+     308,   309,   298,   310,   313,   314,     2,     3,   315,   266,
+       0,   316,     0,     0,     0,   311,     0,     0,     0,     0,
+     303,   304,   305,   306,     4,     5,     0,     0,     6,     7,
+       8,     9,    10,    11,    12,    13,    14,     0,     0,     0,
+       0,     0,     0,   302,    15,    16,    17,    18,    19,    20,
+      21,    22,    23,    24,    25,    26,    27,    28,    29,    30,
+      31,    32,     0,    33,    34,    35,    36,    37,     0,     0,
+       0,    38,    39,    40,    41,    42,    43,    44,    45,     0,
+       0,     0,     0,     0,     0,     0,    46,    47
+};
+
+static const yytype_int16 yycheck[] =
+{
+      53,   196,   197,   113,    15,     4,     5,     5,    15,    16,
+      15,    16,    10,    66,    13,     3,    14,    83,     6,    16,
+       8,     9,    55,    76,   219,    78,    79,    16,    15,     7,
+      15,    16,    85,    11,    12,    15,    69,    16,    71,    15,
+      73,    15,    95,    15,    16,    15,    99,    15,    16,    82,
+      83,    60,    61,    15,    16,    64,    65,    90,    67,    68,
+      15,    70,    15,    16,    15,    16,    75,    15,    16,    15,
+      16,    80,    81,    84,   184,    84,    49,    86,    87,    15,
+      16,    15,    15,    15,    15,    15,    15,    15,    15,    62,
+      63,    64,    16,    15,    15,   290,    16,    15,    84,    16,
+      73,    74,    75,    76,    77,    78,    79,    16,    15,    84,
+      16,    15,    15,    15,   309,    15,    15,    15,    15,    83,
+      16,    15,    15,    15,    15,   178,   179,    16,   181,    83,
+      16,    16,    84,   186,   187,   188,    83,    17,    83,    83,
+     193,   194,    83,    83,    83,    83,    16,    84,    83,   202,
+      15,    15,    15,   206,    16,    16,   189,   190,   191,    16,
+      83,    16,   215,    16,   217,   198,   199,   200,    83,    83,
+     223,   204,    16,    16,   227,   228,   209,   210,    16,   232,
+     213,    16,    16,   216,    16,   218,    16,   220,   221,   222,
+      16,   224,    15,    83,    16,    16,    15,    15,    -1,    16,
+      16,    16,    16,    16,    16,    16,    16,    16,    16,    16,
+      16,    16,    16,    16,    16,    16,    16,    84,    12,    17,
+      15,    17,   183,    16,    84,    84,    16,    83,    16,    83,
+      15,    83,    83,    16,    16,    16,   289,    16,   291,    84,
+      16,    16,    84,    84,    17,    84,     0,     1,    17,   207,
+      -1,    84,    -1,    -1,    -1,   308,    -1,    -1,    -1,    -1,
+     293,   294,   295,   296,    18,    19,    -1,    -1,    22,    23,
+      24,    25,    26,    27,    28,    29,    30,    -1,    -1,    -1,
+      -1,    -1,    -1,   292,    38,    39,    40,    41,    42,    43,
+      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
+      54,    55,    -1,    57,    58,    59,    60,    61,    -1,    -1,
+      -1,    65,    66,    67,    68,    69,    70,    71,    72,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    80,    81
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+   symbol of state STATE-NUM.  */
+static const yytype_uint8 yystos[] =
+{
+       0,    86,     0,     1,    18,    19,    22,    23,    24,    25,
+      26,    27,    28,    29,    30,    38,    39,    40,    41,    42,
+      43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
+      53,    54,    55,    57,    58,    59,    60,    61,    65,    66,
+      67,    68,    69,    70,    71,    72,    80,    81,    87,    88,
+      16,    15,    15,    16,    15,    16,    15,    15,    15,    15,
+      15,    15,    15,    15,    15,    15,    16,    15,    15,    16,
+      15,    16,    15,    16,    15,    15,    16,    15,    16,    16,
+      15,    15,    16,    16,    15,    16,    15,    15,    15,    15,
+      16,    15,    15,    15,    15,    16,    15,    15,    15,    16,
+      15,    83,    89,    83,    90,   102,    84,    92,   101,   102,
+       3,     6,     8,     9,    94,     7,    11,    12,    95,     4,
+       5,    13,    96,    83,    97,    98,    97,    97,    84,    84,
+      91,    97,    97,   102,    97,    97,   101,    97,   101,    83,
+     101,    49,    62,    63,    64,    73,    74,    75,    76,    77,
+      78,    79,    97,   102,    83,   102,   102,    97,    97,   101,
+     101,    97,   102,    97,    97,    83,    83,   101,    83,    83,
+      83,    84,   102,    83,    83,    83,   102,    83,    16,    16,
+      17,    16,    15,    15,    15,    91,    16,    16,    16,    16,
+      16,    16,    15,    16,    16,    16,    16,    16,    16,    16,
+      16,    15,    16,    15,    16,    15,    16,    15,    15,    16,
+      16,    15,    15,    16,    15,    16,    16,    16,    16,    16,
+      16,    16,    16,    16,    16,    16,    16,    16,    16,    16,
+      16,    16,    16,   102,   102,    84,   102,     5,    10,    14,
+      93,    93,    91,   102,   102,   102,   101,   101,   101,    12,
+     102,   102,   100,   101,   100,   100,   101,   101,   101,    83,
+     102,    84,    99,   101,    84,   102,    99,    83,   101,   101,
+      83,    83,   101,    83,   102,   101,   102,   101,   100,   101,
+     101,   101,   102,   101,   102,   102,   102,    17,    15,    16,
+      16,    16,    15,    16,    16,    16,    16,    84,    84,   102,
+     100,   102,    97,   101,   101,   101,   101,    17,    16,    16,
+      84,   102,   100,    17,    84,    17,    84
+};
+
+#define yyerrok		(yyerrstatus = 0)
+#define yyclearin	(yychar = YYEMPTY)
+#define YYEMPTY		(-2)
+#define YYEOF		0
+
+#define YYACCEPT	goto yyacceptlab
+#define YYABORT		goto yyabortlab
+#define YYERROR		goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror.  This remains here temporarily
+   to ease the transition to the new meaning of YYERROR, for GCC.
+   Once GCC version 2 has supplanted version 1, this can go.  */
+
+#define YYFAIL		goto yyerrlab
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)					\
+do								\
+  if (yychar == YYEMPTY && yylen == 1)				\
+    {								\
+      yychar = (Token);						\
+      yylval = (Value);						\
+      yytoken = YYTRANSLATE (yychar);				\
+      YYPOPSTACK (1);						\
+      goto yybackup;						\
+    }								\
+  else								\
+    {								\
+      yyerror (YY_("syntax error: cannot back up")); \
+      YYERROR;							\
+    }								\
+while (YYID (0))
+
+
+#define YYTERROR	1
+#define YYERRCODE	256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+   If N is 0, then set CURRENT to the empty location which ends
+   the previous symbol: RHS[0] (always defined).  */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N)				\
+    do									\
+      if (YYID (N))                                                    \
+	{								\
+	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
+	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
+	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
+	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
+	}								\
+      else								\
+	{								\
+	  (Current).first_line   = (Current).last_line   =		\
+	    YYRHSLOC (Rhs, 0).last_line;				\
+	  (Current).first_column = (Current).last_column =		\
+	    YYRHSLOC (Rhs, 0).last_column;				\
+	}								\
+    while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+   This macro was not mandated originally: define only if we know
+   we won't break user code: when these are the locations we know.  */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+#  define YY_LOCATION_PRINT(File, Loc)			\
+     fprintf (File, "%d.%d-%d.%d",			\
+	      (Loc).first_line, (Loc).first_column,	\
+	      (Loc).last_line,  (Loc).last_column)
+# else
+#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments.  */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)			\
+do {						\
+  if (yydebug)					\
+    YYFPRINTF Args;				\
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
+do {									  \
+  if (yydebug)								  \
+    {									  \
+      YYFPRINTF (stderr, "%s ", Title);					  \
+      yy_symbol_print (stderr,						  \
+		  Type, Value); \
+      YYFPRINTF (stderr, "\n");						  \
+    }									  \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE const * const yyvaluep;
+#endif
+{
+  if (!yyvaluep)
+    return;
+# ifdef YYPRINT
+  if (yytype < YYNTOKENS)
+    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+  YYUSE (yyoutput);
+# endif
+  switch (yytype)
+    {
+      default:
+	break;
+    }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE const * const yyvaluep;
+#endif
+{
+  if (yytype < YYNTOKENS)
+    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+  else
+    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+  YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included).                                                   |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+    yytype_int16 *bottom;
+    yytype_int16 *top;
+#endif
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (; bottom <= top; ++bottom)
+    YYFPRINTF (stderr, " %d", *bottom);
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)				\
+do {								\
+  if (yydebug)							\
+    yy_stack_print ((Bottom), (Top));				\
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+    YYSTYPE *yyvsp;
+    int yyrule;
+#endif
+{
+  int yynrhs = yyr2[yyrule];
+  int yyi;
+  unsigned long int yylno = yyrline[yyrule];
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+	     yyrule - 1, yylno);
+  /* The symbols being reduced.  */
+  for (yyi = 0; yyi < yynrhs; yyi++)
+    {
+      fprintf (stderr, "   $%d = ", yyi + 1);
+      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+		       &(yyvsp[(yyi + 1) - (yynrhs)])
+		       		       );
+      fprintf (stderr, "\n");
+    }
+}
+
+# define YY_REDUCE_PRINT(Rule)		\
+do {					\
+  if (yydebug)				\
+    yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef	YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined __GLIBC__ && defined _STRING_H
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+    const char *yystr;
+#endif
+{
+  YYSIZE_T yylen;
+  for (yylen = 0; yystr[yylen]; yylen++)
+    continue;
+  return yylen;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+    char *yydest;
+    const char *yysrc;
+#endif
+{
+  char *yyd = yydest;
+  const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+   quotes and backslashes, so that it's suitable for yyerror.  The
+   heuristic is that double-quoting is unnecessary unless the string
+   contains an apostrophe, a comma, or backslash (other than
+   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
+   null, do not copy; instead, return the length of what the result
+   would have been.  */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+  if (*yystr == '"')
+    {
+      YYSIZE_T yyn = 0;
+      char const *yyp = yystr;
+
+      for (;;)
+	switch (*++yyp)
+	  {
+	  case '\'':
+	  case ',':
+	    goto do_not_strip_quotes;
+
+	  case '\\':
+	    if (*++yyp != '\\')
+	      goto do_not_strip_quotes;
+	    /* Fall through.  */
+	  default:
+	    if (yyres)
+	      yyres[yyn] = *yyp;
+	    yyn++;
+	    break;
+
+	  case '"':
+	    if (yyres)
+	      yyres[yyn] = '\0';
+	    return yyn;
+	  }
+    do_not_strip_quotes: ;
+    }
+
+  if (! yyres)
+    return yystrlen (yystr);
+
+  return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
+   including the terminating null byte.  If YYRESULT is null, do not
+   copy anything; just return the number of bytes that would be
+   copied.  As a special case, return 0 if an ordinary "syntax error"
+   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
+   size calculation.  */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+  int yyn = yypact[yystate];
+
+  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+    return 0;
+  else
+    {
+      int yytype = YYTRANSLATE (yychar);
+      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+      YYSIZE_T yysize = yysize0;
+      YYSIZE_T yysize1;
+      int yysize_overflow = 0;
+      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+      int yyx;
+
+# if 0
+      /* This is so xgettext sees the translatable formats that are
+	 constructed on the fly.  */
+      YY_("syntax error, unexpected %s");
+      YY_("syntax error, unexpected %s, expecting %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+      char *yyfmt;
+      char const *yyf;
+      static char const yyunexpected[] = "syntax error, unexpected %s";
+      static char const yyexpecting[] = ", expecting %s";
+      static char const yyor[] = " or %s";
+      char yyformat[sizeof yyunexpected
+		    + sizeof yyexpecting - 1
+		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+		       * (sizeof yyor - 1))];
+      char const *yyprefix = yyexpecting;
+
+      /* Start YYX at -YYN if negative to avoid negative indexes in
+	 YYCHECK.  */
+      int yyxbegin = yyn < 0 ? -yyn : 0;
+
+      /* Stay within bounds of both yycheck and yytname.  */
+      int yychecklim = YYLAST - yyn + 1;
+      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+      int yycount = 1;
+
+      yyarg[0] = yytname[yytype];
+      yyfmt = yystpcpy (yyformat, yyunexpected);
+
+      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+	  {
+	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+	      {
+		yycount = 1;
+		yysize = yysize0;
+		yyformat[sizeof yyunexpected - 1] = '\0';
+		break;
+	      }
+	    yyarg[yycount++] = yytname[yyx];
+	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+	    yysize_overflow |= (yysize1 < yysize);
+	    yysize = yysize1;
+	    yyfmt = yystpcpy (yyfmt, yyprefix);
+	    yyprefix = yyor;
+	  }
+
+      yyf = YY_(yyformat);
+      yysize1 = yysize + yystrlen (yyf);
+      yysize_overflow |= (yysize1 < yysize);
+      yysize = yysize1;
+
+      if (yysize_overflow)
+	return YYSIZE_MAXIMUM;
+
+      if (yyresult)
+	{
+	  /* Avoid sprintf, as that infringes on the user's name space.
+	     Don't have undefined behavior even if the translation
+	     produced a string with the wrong number of "%s"s.  */
+	  char *yyp = yyresult;
+	  int yyi = 0;
+	  while ((*yyp = *yyf) != '\0')
+	    {
+	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+		{
+		  yyp += yytnamerr (yyp, yyarg[yyi++]);
+		  yyf += 2;
+		}
+	      else
+		{
+		  yyp++;
+		  yyf++;
+		}
+	    }
+	}
+      return yysize;
+    }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+    const char *yymsg;
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  YYUSE (yyvaluep);
+
+  if (!yymsg)
+    yymsg = "Deleting";
+  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+  switch (yytype)
+    {
+
+      default:
+	break;
+    }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes.  */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol.  */
+int yychar;
+
+/* The semantic value of the look-ahead symbol.  */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far.  */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+    void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+  
+  int yystate;
+  int yyn;
+  int yyresult;
+  /* Number of tokens to shift before error messages enabled.  */
+  int yyerrstatus;
+  /* Look-ahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+#if YYERROR_VERBOSE
+  /* Buffer for error messages, and its allocated size.  */
+  char yymsgbuf[128];
+  char *yymsg = yymsgbuf;
+  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+  /* Three stacks and their tools:
+     `yyss': related to states,
+     `yyvs': related to semantic values,
+     `yyls': related to locations.
+
+     Refer to the stacks thru separate pointers, to allow yyoverflow
+     to reallocate them elsewhere.  */
+
+  /* The state stack.  */
+  yytype_int16 yyssa[YYINITDEPTH];
+  yytype_int16 *yyss = yyssa;
+  yytype_int16 *yyssp;
+
+  /* The semantic value stack.  */
+  YYSTYPE yyvsa[YYINITDEPTH];
+  YYSTYPE *yyvs = yyvsa;
+  YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
+
+  YYSIZE_T yystacksize = YYINITDEPTH;
+
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+
+
+  /* The number of symbols on the RHS of the reduced rule.
+     Keep to zero when no symbol should be popped.  */
+  int yylen = 0;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY;		/* Cause a token to be read.  */
+
+  /* Initialize stack pointers.
+     Waste one element of value and location stack
+     so that they stay on the same level as the state stack.
+     The wasted elements are never initialized.  */
+
+  yyssp = yyss;
+  yyvsp = yyvs;
+
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed.  So pushing a state here evens the stacks.  */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+	/* Give user a chance to reallocate the stack.  Use copies of
+	   these so that the &'s don't force the real ones into
+	   memory.  */
+	YYSTYPE *yyvs1 = yyvs;
+	yytype_int16 *yyss1 = yyss;
+
+
+	/* Each stack pointer address is followed by the size of the
+	   data in use in that stack, in bytes.  This used to be a
+	   conditional around just the two extra args, but that might
+	   be undefined if yyoverflow is a macro.  */
+	yyoverflow (YY_("memory exhausted"),
+		    &yyss1, yysize * sizeof (*yyssp),
+		    &yyvs1, yysize * sizeof (*yyvsp),
+
+		    &yystacksize);
+
+	yyss = yyss1;
+	yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyexhaustedlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+	goto yyexhaustedlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+	yystacksize = YYMAXDEPTH;
+
+      {
+	yytype_int16 *yyss1 = yyss;
+	union yyalloc *yyptr =
+	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+	if (! yyptr)
+	  goto yyexhaustedlab;
+	YYSTACK_RELOCATE (yyss);
+	YYSTACK_RELOCATE (yyvs);
+
+#  undef YYSTACK_RELOCATE
+	if (yyss1 != yyssa)
+	  YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+		  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+	YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+  /* Do appropriate processing given the current state.  Read a
+     look-ahead token if we need one and don't already have one.  */
+
+  /* First try to decide what to do without reference to look-ahead token.  */
+  yyn = yypact[yystate];
+  if (yyn == YYPACT_NINF)
+    goto yydefault;
+
+  /* Not known => get a look-ahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = YYLEX;
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yyn == 0 || yyn == YYTABLE_NINF)
+	goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  /* Shift the look-ahead token.  */
+  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+  /* Discard the shifted token unless it is eof.  */
+  if (yychar != YYEOF)
+    yychar = YYEMPTY;
+
+  yystate = yyn;
+  *++yyvsp = yylval;
+
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     `$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 3:
+#line 132 "ftpcmd.y"
+    {
+			fromname = (char *) 0;
+			restart_point = (off_t) 0;
+		}
+    break;
+
+  case 5:
+#line 141 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			user((yyvsp[(3) - (5)].s));
+		    free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 6:
+#line 147 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			pass((yyvsp[(3) - (5)].s));
+		    memset ((yyvsp[(3) - (5)].s), 0, strlen((yyvsp[(3) - (5)].s)));
+		    free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 7:
+#line 154 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			usedefault = 0;
+			if (pdata >= 0) {
+				close(pdata);
+				pdata = -1;
+			}
+			reply(200, "PORT command successful.");
+		    }
+		}
+    break;
+
+  case 8:
+#line 165 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			eprt ((yyvsp[(3) - (5)].s));
+		    free ((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 9:
+#line 171 "ftpcmd.y"
+    {
+		    if((yyvsp[(3) - (3)].i))
+			pasv ();
+		}
+    break;
+
+  case 10:
+#line 176 "ftpcmd.y"
+    {
+		    if((yyvsp[(3) - (3)].i))
+			epsv (NULL);
+		}
+    break;
+
+  case 11:
+#line 181 "ftpcmd.y"
+    {
+		    if((yyvsp[(5) - (5)].i))
+			epsv ((yyvsp[(3) - (5)].s));
+		    free ((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 12:
+#line 187 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			switch (cmd_type) {
+
+			case TYPE_A:
+				if (cmd_form == FORM_N) {
+					reply(200, "Type set to A.");
+					type = cmd_type;
+					form = cmd_form;
+				} else
+					reply(504, "Form must be N.");
+				break;
+
+			case TYPE_E:
+				reply(504, "Type E not implemented.");
+				break;
+
+			case TYPE_I:
+				reply(200, "Type set to I.");
+				type = cmd_type;
+				break;
+
+			case TYPE_L:
+#if NBBY == 8
+				if (cmd_bytesz == 8) {
+					reply(200,
+					    "Type set to L (byte size 8).");
+					type = cmd_type;
+				} else
+					reply(504, "Byte size must be 8.");
+#else /* NBBY == 8 */
+				UNIMPLEMENTED for NBBY != 8
+#endif /* NBBY == 8 */
+			}
+		    }
+		}
+    break;
+
+  case 13:
+#line 224 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			switch ((yyvsp[(3) - (5)].i)) {
+
+			case STRU_F:
+				reply(200, "STRU F ok.");
+				break;
+
+			default:
+				reply(504, "Unimplemented STRU type.");
+			}
+		    }
+		}
+    break;
+
+  case 14:
+#line 238 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			switch ((yyvsp[(3) - (5)].i)) {
+
+			case MODE_S:
+				reply(200, "MODE S ok.");
+				break;
+
+			default:
+				reply(502, "Unimplemented MODE type.");
+			}
+		    }
+		}
+    break;
+
+  case 15:
+#line 252 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			reply(202, "ALLO command ignored.");
+		    }
+		}
+    break;
+
+  case 16:
+#line 258 "ftpcmd.y"
+    {
+		    if ((yyvsp[(9) - (9)].i)) {
+			reply(202, "ALLO command ignored.");
+		    }
+		}
+    break;
+
+  case 17:
+#line 264 "ftpcmd.y"
+    {
+			char *name = (yyvsp[(3) - (5)].s);
+
+			if ((yyvsp[(5) - (5)].i) && name != NULL)
+				retrieve(0, name);
+			if (name != NULL)
+				free(name);
+		}
+    break;
+
+  case 18:
+#line 273 "ftpcmd.y"
+    {
+			char *name = (yyvsp[(3) - (5)].s);
+
+			if ((yyvsp[(5) - (5)].i) && name != NULL)
+				do_store(name, "w", 0);
+			if (name != NULL)
+				free(name);
+		}
+    break;
+
+  case 19:
+#line 282 "ftpcmd.y"
+    {
+			char *name = (yyvsp[(3) - (5)].s);
+
+			if ((yyvsp[(5) - (5)].i) && name != NULL)
+				do_store(name, "a", 0);
+			if (name != NULL)
+				free(name);
+		}
+    break;
+
+  case 20:
+#line 291 "ftpcmd.y"
+    {
+			if ((yyvsp[(3) - (3)].i))
+				send_file_list(".");
+		}
+    break;
+
+  case 21:
+#line 296 "ftpcmd.y"
+    {
+			char *name = (yyvsp[(3) - (5)].s);
+
+			if ((yyvsp[(5) - (5)].i) && name != NULL)
+				send_file_list(name);
+			if (name != NULL)
+				free(name);
+		}
+    break;
+
+  case 22:
+#line 305 "ftpcmd.y"
+    {
+		    if((yyvsp[(3) - (3)].i))
+			list_file(".");
+		}
+    break;
+
+  case 23:
+#line 310 "ftpcmd.y"
+    {
+		    if((yyvsp[(5) - (5)].i))
+			list_file((yyvsp[(3) - (5)].s));
+		    free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 24:
+#line 316 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				statfilecmd((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 25:
+#line 323 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i))
+			statcmd();
+		}
+    break;
+
+  case 26:
+#line 328 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				do_delete((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 27:
+#line 335 "ftpcmd.y"
+    {
+			if((yyvsp[(5) - (5)].i)){
+				if (fromname) {
+					renamecmd(fromname, (yyvsp[(3) - (5)].s));
+					free(fromname);
+					fromname = (char *) 0;
+				} else {
+					reply(503, "Bad sequence of commands.");
+				}
+			}
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 28:
+#line 349 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i))
+			reply(225, "ABOR command successful.");
+		}
+    break;
+
+  case 29:
+#line 354 "ftpcmd.y"
+    {
+			if ((yyvsp[(3) - (3)].i))
+				cwd(pw->pw_dir);
+		}
+    break;
+
+  case 30:
+#line 359 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				cwd((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 31:
+#line 366 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i))
+			help(cmdtab, (char *) 0);
+		}
+    break;
+
+  case 32:
+#line 371 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			char *cp = (yyvsp[(3) - (5)].s);
+
+			if (strncasecmp(cp, "SITE", 4) == 0) {
+				cp = (yyvsp[(3) - (5)].s) + 4;
+				if (*cp == ' ')
+					cp++;
+				if (*cp)
+					help(sitetab, cp);
+				else
+					help(sitetab, (char *) 0);
+			} else
+				help(cmdtab, (yyvsp[(3) - (5)].s));
+		    }
+		}
+    break;
+
+  case 33:
+#line 388 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i))
+			reply(200, "NOOP command successful.");
+		}
+    break;
+
+  case 34:
+#line 393 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				makedir((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 35:
+#line 400 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				removedir((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 36:
+#line 407 "ftpcmd.y"
+    {
+			if ((yyvsp[(3) - (3)].i))
+				pwd();
+		}
+    break;
+
+  case 37:
+#line 412 "ftpcmd.y"
+    {
+			if ((yyvsp[(3) - (3)].i))
+				cwd("..");
+		}
+    break;
+
+  case 38:
+#line 417 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i)) {
+			lreply(211, "Supported features:");
+			lreply(0, " MDTM");
+			lreply(0, " REST STREAM");
+			lreply(0, " SIZE");
+			reply(211, "End");
+		    }
+		}
+    break;
+
+  case 39:
+#line 427 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			reply(501, "Bad options");
+		    free ((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 40:
+#line 434 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			help(sitetab, (char *) 0);
+		}
+    break;
+
+  case 41:
+#line 439 "ftpcmd.y"
+    {
+		    if ((yyvsp[(7) - (7)].i))
+			help(sitetab, (yyvsp[(5) - (7)].s));
+		}
+    break;
+
+  case 42:
+#line 444 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i)) {
+				int oldmask = umask(0);
+				umask(oldmask);
+				reply(200, "Current UMASK is %03o", oldmask);
+			}
+		}
+    break;
+
+  case 43:
+#line 452 "ftpcmd.y"
+    {
+			if ((yyvsp[(7) - (7)].i)) {
+				if (((yyvsp[(5) - (7)].i) == -1) || ((yyvsp[(5) - (7)].i) > 0777)) {
+					reply(501, "Bad UMASK value");
+				} else {
+					int oldmask = umask((yyvsp[(5) - (7)].i));
+					reply(200,
+					      "UMASK set to %03o (was %03o)",
+					      (yyvsp[(5) - (7)].i), oldmask);
+				}
+			}
+		}
+    break;
+
+  case 44:
+#line 465 "ftpcmd.y"
+    {
+			if ((yyvsp[(9) - (9)].i) && (yyvsp[(7) - (9)].s) != NULL) {
+				if ((yyvsp[(5) - (9)].i) > 0777)
+					reply(501,
+				"CHMOD: Mode value must be between 0 and 0777");
+				else if (chmod((yyvsp[(7) - (9)].s), (yyvsp[(5) - (9)].i)) < 0)
+					perror_reply(550, (yyvsp[(7) - (9)].s));
+				else
+					reply(200, "CHMOD command successful.");
+			}
+			if ((yyvsp[(7) - (9)].s) != NULL)
+				free((yyvsp[(7) - (9)].s));
+		}
+    break;
+
+  case 45:
+#line 479 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			reply(200,
+			    "Current IDLE time limit is %d seconds; max %d",
+				ftpd_timeout, maxtimeout);
+		}
+    break;
+
+  case 46:
+#line 486 "ftpcmd.y"
+    {
+		    if ((yyvsp[(7) - (7)].i)) {
+			if ((yyvsp[(5) - (7)].i) < 30 || (yyvsp[(5) - (7)].i) > maxtimeout) {
+				reply(501,
+			"Maximum IDLE time must be between 30 and %d seconds",
+				    maxtimeout);
+			} else {
+				ftpd_timeout = (yyvsp[(5) - (7)].i);
+				alarm((unsigned) ftpd_timeout);
+				reply(200,
+				    "Maximum IDLE time set to %d seconds",
+				    ftpd_timeout);
+			}
+		    }
+		}
+    break;
+
+  case 47:
+#line 503 "ftpcmd.y"
+    {
+#ifdef KRB4
+			char *p;
+			
+			if(guest)
+				reply(500, "Can't be done as guest.");
+			else{
+				if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL){
+				    p = strpbrk((yyvsp[(5) - (7)].s), " \t");
+				    if(p){
+					*p++ = 0;
+					kauth((yyvsp[(5) - (7)].s), p + strspn(p, " \t"));
+				    }else
+					kauth((yyvsp[(5) - (7)].s), NULL);
+				}
+			}
+			if((yyvsp[(5) - (7)].s) != NULL)
+			    free((yyvsp[(5) - (7)].s));
+#else
+			reply(500, "Command not implemented.");
+#endif
+		}
+    break;
+
+  case 48:
+#line 526 "ftpcmd.y"
+    {
+		    if((yyvsp[(5) - (5)].i))
+			klist();
+		}
+    break;
+
+  case 49:
+#line 531 "ftpcmd.y"
+    {
+#ifdef KRB4
+		    if((yyvsp[(5) - (5)].i))
+			kdestroy();
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+    break;
+
+  case 50:
+#line 540 "ftpcmd.y"
+    {
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s))
+			krbtkfile((yyvsp[(5) - (7)].s));
+		    if((yyvsp[(5) - (7)].s))
+			free((yyvsp[(5) - (7)].s));
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+    break;
+
+  case 51:
+#line 553 "ftpcmd.y"
+    {
+#if defined(KRB4) || defined(KRB5)
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if((yyvsp[(5) - (5)].i))
+			afslog(NULL, 0);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+    break;
+
+  case 52:
+#line 564 "ftpcmd.y"
+    {
+#if defined(KRB4) || defined(KRB5)
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if((yyvsp[(7) - (7)].i))
+			afslog((yyvsp[(5) - (7)].s), 0);
+		    if((yyvsp[(5) - (7)].s))
+			free((yyvsp[(5) - (7)].s));
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+    break;
+
+  case 53:
+#line 577 "ftpcmd.y"
+    {
+		    if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL)
+			find((yyvsp[(5) - (7)].s));
+		    if((yyvsp[(5) - (7)].s) != NULL)
+			free((yyvsp[(5) - (7)].s));
+		}
+    break;
+
+  case 54:
+#line 584 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			reply(200, "http://www.pdc.kth.se/heimdal/");
+		}
+    break;
+
+  case 55:
+#line 589 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				do_store((yyvsp[(3) - (5)].s), "w", 1);
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 56:
+#line 596 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i)) {
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+			reply(215, "UNIX Type: L%d", NBBY);
+#else
+			reply(215, "UNKNOWN Type: L%d", NBBY);
+#endif
+		    }
+		}
+    break;
+
+  case 57:
+#line 614 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+				sizecmd((yyvsp[(3) - (5)].s));
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 58:
+#line 631 "ftpcmd.y"
+    {
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) {
+				struct stat stbuf;
+				if (stat((yyvsp[(3) - (5)].s), &stbuf) < 0)
+					reply(550, "%s: %s",
+					    (yyvsp[(3) - (5)].s), strerror(errno));
+				else if (!S_ISREG(stbuf.st_mode)) {
+					reply(550,
+					      "%s: not a plain file.", (yyvsp[(3) - (5)].s));
+				} else {
+					struct tm *t;
+					time_t mtime = stbuf.st_mtime;
+
+					t = gmtime(&mtime);
+					reply(213,
+					      "%04d%02d%02d%02d%02d%02d",
+					      t->tm_year + 1900,
+					      t->tm_mon + 1,
+					      t->tm_mday,
+					      t->tm_hour,
+					      t->tm_min,
+					      t->tm_sec);
+				}
+			}
+			if ((yyvsp[(3) - (5)].s) != NULL)
+				free((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 59:
+#line 659 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i)) {
+			reply(221, "Goodbye.");
+			dologout(0);
+		    }
+		}
+    break;
+
+  case 60:
+#line 666 "ftpcmd.y"
+    {
+			yyerrok;
+		}
+    break;
+
+  case 61:
+#line 672 "ftpcmd.y"
+    {
+			restart_point = (off_t) 0;
+			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s)) {
+				fromname = renamefrom((yyvsp[(3) - (5)].s));
+				if (fromname == (char *) 0 && (yyvsp[(3) - (5)].s)) {
+					free((yyvsp[(3) - (5)].s));
+				}
+			}
+		}
+    break;
+
+  case 62:
+#line 682 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i)) {
+			fromname = (char *) 0;
+			restart_point = (yyvsp[(3) - (5)].i);	/* XXX $3 is only "int" */
+			reply(350, "Restarting at %ld. %s",
+			      (long)restart_point,
+			      "Send STORE or RETRIEVE to initiate transfer.");
+		    }
+		}
+    break;
+
+  case 63:
+#line 692 "ftpcmd.y"
+    {
+			auth((yyvsp[(3) - (4)].s));
+			free((yyvsp[(3) - (4)].s));
+		}
+    break;
+
+  case 64:
+#line 697 "ftpcmd.y"
+    {
+			adat((yyvsp[(3) - (4)].s));
+			free((yyvsp[(3) - (4)].s));
+		}
+    break;
+
+  case 65:
+#line 702 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			pbsz((yyvsp[(3) - (5)].i));
+		}
+    break;
+
+  case 66:
+#line 707 "ftpcmd.y"
+    {
+		    if ((yyvsp[(5) - (5)].i))
+			prot((yyvsp[(3) - (5)].s));
+		}
+    break;
+
+  case 67:
+#line 712 "ftpcmd.y"
+    {
+		    if ((yyvsp[(3) - (3)].i))
+			ccc();
+		}
+    break;
+
+  case 68:
+#line 717 "ftpcmd.y"
+    {
+			mec((yyvsp[(3) - (4)].s), prot_safe);
+			free((yyvsp[(3) - (4)].s));
+		}
+    break;
+
+  case 69:
+#line 722 "ftpcmd.y"
+    {
+			mec((yyvsp[(3) - (4)].s), prot_confidential);
+			free((yyvsp[(3) - (4)].s));
+		}
+    break;
+
+  case 70:
+#line 727 "ftpcmd.y"
+    {
+			mec((yyvsp[(3) - (4)].s), prot_private);
+			free((yyvsp[(3) - (4)].s));
+		}
+    break;
+
+  case 72:
+#line 739 "ftpcmd.y"
+    {
+			(yyval.s) = (char *)calloc(1, sizeof(char));
+		}
+    break;
+
+  case 75:
+#line 752 "ftpcmd.y"
+    {
+			struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
+
+			sin4->sin_family = AF_INET;
+			sin4->sin_port = htons((yyvsp[(9) - (11)].i) * 256 + (yyvsp[(11) - (11)].i));
+			sin4->sin_addr.s_addr = 
+			    htonl(((yyvsp[(1) - (11)].i) << 24) | ((yyvsp[(3) - (11)].i) << 16) | ((yyvsp[(5) - (11)].i) << 8) | (yyvsp[(7) - (11)].i));
+		}
+    break;
+
+  case 76:
+#line 764 "ftpcmd.y"
+    {
+			(yyval.i) = FORM_N;
+		}
+    break;
+
+  case 77:
+#line 768 "ftpcmd.y"
+    {
+			(yyval.i) = FORM_T;
+		}
+    break;
+
+  case 78:
+#line 772 "ftpcmd.y"
+    {
+			(yyval.i) = FORM_C;
+		}
+    break;
+
+  case 79:
+#line 779 "ftpcmd.y"
+    {
+			cmd_type = TYPE_A;
+			cmd_form = FORM_N;
+		}
+    break;
+
+  case 80:
+#line 784 "ftpcmd.y"
+    {
+			cmd_type = TYPE_A;
+			cmd_form = (yyvsp[(3) - (3)].i);
+		}
+    break;
+
+  case 81:
+#line 789 "ftpcmd.y"
+    {
+			cmd_type = TYPE_E;
+			cmd_form = FORM_N;
+		}
+    break;
+
+  case 82:
+#line 794 "ftpcmd.y"
+    {
+			cmd_type = TYPE_E;
+			cmd_form = (yyvsp[(3) - (3)].i);
+		}
+    break;
+
+  case 83:
+#line 799 "ftpcmd.y"
+    {
+			cmd_type = TYPE_I;
+		}
+    break;
+
+  case 84:
+#line 803 "ftpcmd.y"
+    {
+			cmd_type = TYPE_L;
+			cmd_bytesz = NBBY;
+		}
+    break;
+
+  case 85:
+#line 808 "ftpcmd.y"
+    {
+			cmd_type = TYPE_L;
+			cmd_bytesz = (yyvsp[(3) - (3)].i);
+		}
+    break;
+
+  case 86:
+#line 814 "ftpcmd.y"
+    {
+			cmd_type = TYPE_L;
+			cmd_bytesz = (yyvsp[(2) - (2)].i);
+		}
+    break;
+
+  case 87:
+#line 822 "ftpcmd.y"
+    {
+			(yyval.i) = STRU_F;
+		}
+    break;
+
+  case 88:
+#line 826 "ftpcmd.y"
+    {
+			(yyval.i) = STRU_R;
+		}
+    break;
+
+  case 89:
+#line 830 "ftpcmd.y"
+    {
+			(yyval.i) = STRU_P;
+		}
+    break;
+
+  case 90:
+#line 837 "ftpcmd.y"
+    {
+			(yyval.i) = MODE_S;
+		}
+    break;
+
+  case 91:
+#line 841 "ftpcmd.y"
+    {
+			(yyval.i) = MODE_B;
+		}
+    break;
+
+  case 92:
+#line 845 "ftpcmd.y"
+    {
+			(yyval.i) = MODE_C;
+		}
+    break;
+
+  case 93:
+#line 852 "ftpcmd.y"
+    {
+			/*
+			 * Problem: this production is used for all pathname
+			 * processing, but only gives a 550 error reply.
+			 * This is a valid reply in some cases but not in others.
+			 */
+			if (logged_in && (yyvsp[(1) - (1)].s) && *(yyvsp[(1) - (1)].s) == '~') {
+				glob_t gl;
+				int flags =
+				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+				memset(&gl, 0, sizeof(gl));
+				if (glob((yyvsp[(1) - (1)].s), flags, NULL, &gl) ||
+				    gl.gl_pathc == 0) {
+					reply(550, "not found");
+					(yyval.s) = NULL;
+				} else {
+					(yyval.s) = strdup(gl.gl_pathv[0]);
+				}
+				globfree(&gl);
+				free((yyvsp[(1) - (1)].s));
+			} else
+				(yyval.s) = (yyvsp[(1) - (1)].s);
+		}
+    break;
+
+  case 95:
+#line 884 "ftpcmd.y"
+    {
+			int ret, dec, multby, digit;
+
+			/*
+			 * Convert a number that was read as decimal number
+			 * to what it would be if it had been read as octal.
+			 */
+			dec = (yyvsp[(1) - (1)].i);
+			multby = 1;
+			ret = 0;
+			while (dec) {
+				digit = dec%10;
+				if (digit > 7) {
+					ret = -1;
+					break;
+				}
+				ret += digit * multby;
+				multby *= 8;
+				dec /= 10;
+			}
+			(yyval.i) = ret;
+		}
+    break;
+
+  case 96:
+#line 910 "ftpcmd.y"
+    {
+			(yyval.i) = (yyvsp[(1) - (1)].i) && !guest;
+			if((yyvsp[(1) - (1)].i) && !(yyval.i))
+				reply(550, "Permission denied");
+		}
+    break;
+
+  case 97:
+#line 918 "ftpcmd.y"
+    {
+		    if((yyvsp[(1) - (1)].i)) {
+			if(((yyval.i) = logged_in) == 0)
+			    reply(530, "Please login with USER and PASS.");
+		    } else
+			(yyval.i) = 0;
+		}
+    break;
+
+  case 98:
+#line 928 "ftpcmd.y"
+    {
+		    (yyval.i) = 1;
+		    if(sec_complete && !ccc_passed && !secure_command()) {
+			(yyval.i) = 0;
+			reply(533, "Command protection level denied "
+			      "for paranoid reasons.");
+		    }
+		}
+    break;
+
+
+/* Line 1267 of yacc.c.  */
+#line 2778 "ftpcmd.c"
+      default: break;
+    }
+  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+
+
+  /* Now `shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if ! YYERROR_VERBOSE
+      yyerror (YY_("syntax error"));
+#else
+      {
+	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+	  {
+	    YYSIZE_T yyalloc = 2 * yysize;
+	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
+	    if (yymsg != yymsgbuf)
+	      YYSTACK_FREE (yymsg);
+	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+	    if (yymsg)
+	      yymsg_alloc = yyalloc;
+	    else
+	      {
+		yymsg = yymsgbuf;
+		yymsg_alloc = sizeof yymsgbuf;
+	      }
+	  }
+
+	if (0 < yysize && yysize <= yymsg_alloc)
+	  {
+	    (void) yysyntax_error (yymsg, yystate, yychar);
+	    yyerror (yymsg);
+	  }
+	else
+	  {
+	    yyerror (YY_("syntax error"));
+	    if (yysize != 0)
+	      goto yyexhaustedlab;
+	  }
+      }
+#endif
+    }
+
+
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse look-ahead token after an
+	 error, discard it.  */
+
+      if (yychar <= YYEOF)
+	{
+	  /* Return failure if at end of input.  */
+	  if (yychar == YYEOF)
+	    YYABORT;
+	}
+      else
+	{
+	  yydestruct ("Error: discarding",
+		      yytoken, &yylval);
+	  yychar = YYEMPTY;
+	}
+    }
+
+  /* Else will try to reuse look-ahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR.  |
+`---------------------------------------------------*/
+yyerrorlab:
+
+  /* Pacify compilers like GCC when the user code never invokes
+     YYERROR and the label yyerrorlab therefore never appears in user
+     code.  */
+  if (/*CONSTCOND*/ 0)
+     goto yyerrorlab;
+
+  /* Do not reclaim the symbols of the rule which action triggered
+     this YYERROR.  */
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+  yystate = *yyssp;
+  goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR.  |
+`-------------------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (yyn != YYPACT_NINF)
+	{
+	  yyn += YYTERROR;
+	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+	    {
+	      yyn = yytable[yyn];
+	      if (0 < yyn)
+		break;
+	    }
+	}
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+	YYABORT;
+
+
+      yydestruct ("Error: popping",
+		  yystos[yystate], yyvsp);
+      YYPOPSTACK (1);
+      yystate = *yyssp;
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  *++yyvsp = yylval;
+
+
+  /* Shift the error token.  */
+  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here.  |
+`-------------------------------------------------*/
+yyexhaustedlab:
+  yyerror (YY_("memory exhausted"));
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+  if (yychar != YYEOF && yychar != YYEMPTY)
+     yydestruct ("Cleanup: discarding lookahead",
+		 yytoken, &yylval);
+  /* Do not reclaim the symbols of the rule which action triggered
+     this YYABORT or YYACCEPT.  */
+  YYPOPSTACK (yylen);
+  YY_STACK_PRINT (yyss, yyssp);
+  while (yyssp != yyss)
+    {
+      yydestruct ("Cleanup: popping",
+		  yystos[*yyssp], yyvsp);
+      YYPOPSTACK (1);
+    }
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+  if (yymsg != yymsgbuf)
+    YYSTACK_FREE (yymsg);
+#endif
+  /* Make sure YYID is used.  */
+  return YYID (yyresult);
+}
+
+
+#line 938 "ftpcmd.y"
+
+
+#define	CMD	0	/* beginning of command */
+#define	ARGS	1	/* expect miscellaneous arguments */
+#define	STR1	2	/* expect SP followed by STRING */
+#define	STR2	3	/* expect STRING */
+#define	OSTR	4	/* optional SP then STRING */
+#define	ZSTR1	5	/* SP then optional STRING */
+#define	ZSTR2	6	/* optional STRING after SP */
+#define	SITECMD	7	/* SITE command */
+#define	NSTR	8	/* Number followed by a string */
+
+struct tab cmdtab[] = {		/* In order defined in RFC 765 */
+	{ "USER", USER, STR1, 1,	"<sp> username" },
+	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
+	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
+	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
+	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
+	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
+	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
+	{ "EPRT", EPRT, STR1, 1,	"<sp> string" },
+	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
+	{ "EPSV", EPSV, OSTR, 1,	"[<sp> foo]" },
+	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
+	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
+	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
+	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
+	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
+	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
+	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
+	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
+	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
+	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
+	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
+	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
+	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
+	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
+	{ "REST", REST, ARGS, 1,	"<sp> offset (restart command)" },
+	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
+	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
+	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
+	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
+	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
+	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
+	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
+	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
+	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
+	{ "NOOP", NOOP, ARGS, 1,	"" },
+	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
+	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
+	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
+	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
+	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
+	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
+	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
+	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
+	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
+	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
+	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
+
+	/* extensions from RFC2228 */
+	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
+	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
+	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
+	{ "PROT", PROT,	STR1, 1,	"<sp> prot-level" },
+	{ "CCC",  CCC,	ARGS, 1,	"" },
+	{ "MIC",  MIC,	STR1, 1,	"<sp> integrity command" },
+	{ "CONF", CONF,	STR1, 1,	"<sp> confidentiality command" },
+	{ "ENC",  ENC,	STR1, 1,	"<sp> privacy command" },
+
+	/* RFC2389 */
+	{ "FEAT", FEAT, ARGS, 1,	"" },
+	{ "OPTS", OPTS, ARGS, 1,	"<sp> command [<sp> options]" },
+
+	{ NULL,   0,    0,    0,	0 }
+};
+
+struct tab sitetab[] = {
+	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
+	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
+	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
+	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
+
+	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
+	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
+	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
+	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
+	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
+
+	{ "LOCATE", LOCATE, STR1, 1,	"<sp> globexpr" },
+	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
+
+	{ "URL",  URL,  ARGS, 1,	"?" },
+	
+	{ NULL,   0,    0,    0,	0 }
+};
+
+static struct tab *
+lookup(struct tab *p, char *cmd)
+{
+
+	for (; p->name != NULL; p++)
+		if (strcmp(cmd, p->name) == 0)
+			return (p);
+	return (0);
+}
+
+/*
+ * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+char *
+ftpd_getline(char *s, int n)
+{
+	int c;
+	char *cs;
+
+	cs = s;
+
+	/* might still be data within the security MIC/CONF/ENC */
+	if(ftp_command){
+	    strlcpy(s, ftp_command, n);
+	    if (debug)
+		syslog(LOG_DEBUG, "command: %s", s);
+	    return s;
+	}
+	while ((c = getc(stdin)) != EOF) {
+		c &= 0377;
+		if (c == IAC) {
+		    if ((c = getc(stdin)) != EOF) {
+			c &= 0377;
+			switch (c) {
+			case WILL:
+			case WONT:
+				c = getc(stdin);
+				printf("%c%c%c", IAC, DONT, 0377&c);
+				fflush(stdout);
+				continue;
+			case DO:
+			case DONT:
+				c = getc(stdin);
+				printf("%c%c%c", IAC, WONT, 0377&c);
+				fflush(stdout);
+				continue;
+			case IAC:
+				break;
+			default:
+				continue;	/* ignore command */
+			}
+		    }
+		}
+		*cs++ = c;
+		if (--n <= 0 || c == '\n')
+			break;
+	}
+	if (c == EOF && cs == s)
+		return (NULL);
+	*cs++ = '\0';
+	if (debug) {
+		if (!guest && strncasecmp("pass ", s, 5) == 0) {
+			/* Don't syslog passwords */
+			syslog(LOG_DEBUG, "command: %.5s ???", s);
+		} else {
+			char *cp;
+			int len;
+
+			/* Don't syslog trailing CR-LF */
+			len = strlen(s);
+			cp = s + len - 1;
+			while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+				--cp;
+				--len;
+			}
+			syslog(LOG_DEBUG, "command: %.*s", len, s);
+		}
+	}
+#ifdef XXX
+	fprintf(stderr, "%s\n", s);
+#endif
+	return (s);
+}
+
+static RETSIGTYPE
+toolong(int signo)
+{
+
+	reply(421,
+	    "Timeout (%d seconds): closing control connection.",
+	      ftpd_timeout);
+	if (logging)
+		syslog(LOG_INFO, "User %s timed out after %d seconds",
+		    (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
+	dologout(1);
+	SIGRETURN(0);
+}
+
+static int
+yylex(void)
+{
+	static int cpos, state;
+	char *cp, *cp2;
+	struct tab *p;
+	int n;
+	char c;
+
+	for (;;) {
+		switch (state) {
+
+		case CMD:
+			hasyyerrored = 0;
+
+			signal(SIGALRM, toolong);
+			alarm((unsigned) ftpd_timeout);
+			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
+				reply(221, "You could at least say goodbye.");
+				dologout(0);
+			}
+			alarm(0);
+#ifdef HAVE_SETPROCTITLE
+			if (strncasecmp(cbuf, "PASS", 4) != 0)
+				setproctitle("%s: %s", proctitle, cbuf);
+#endif /* HAVE_SETPROCTITLE */
+			if ((cp = strchr(cbuf, '\r'))) {
+				*cp++ = '\n';
+				*cp = '\0';
+			}
+			if ((cp = strpbrk(cbuf, " \n")))
+				cpos = cp - cbuf;
+			if (cpos == 0)
+				cpos = 4;
+			c = cbuf[cpos];
+			cbuf[cpos] = '\0';
+			strupr(cbuf);
+			p = lookup(cmdtab, cbuf);
+			cbuf[cpos] = c;
+			if (p != 0) {
+				if (p->implemented == 0) {
+					nack(p->name);
+					hasyyerrored = 1;
+					break;
+				}
+				state = p->state;
+				yylval.s = p->name;
+				return (p->token);
+			}
+			break;
+
+		case SITECMD:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				return (SP);
+			}
+			cp = &cbuf[cpos];
+			if ((cp2 = strpbrk(cp, " \n")))
+				cpos = cp2 - cbuf;
+			c = cbuf[cpos];
+			cbuf[cpos] = '\0';
+			strupr(cp);
+			p = lookup(sitetab, cp);
+			cbuf[cpos] = c;
+			if (p != 0) {
+				if (p->implemented == 0) {
+					state = CMD;
+					nack(p->name);
+					hasyyerrored = 1;
+					break;
+				}
+				state = p->state;
+				yylval.s = p->name;
+				return (p->token);
+			}
+			state = CMD;
+			break;
+
+		case OSTR:
+			if (cbuf[cpos] == '\n') {
+				state = CMD;
+				return (CRLF);
+			}
+			/* FALLTHROUGH */
+
+		case STR1:
+		case ZSTR1:
+		dostr1:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				if(state == OSTR)
+				    state = STR2;
+				else
+				    state++;
+				return (SP);
+			}
+			break;
+
+		case ZSTR2:
+			if (cbuf[cpos] == '\n') {
+				state = CMD;
+				return (CRLF);
+			}
+			/* FALLTHROUGH */
+
+		case STR2:
+			cp = &cbuf[cpos];
+			n = strlen(cp);
+			cpos += n - 1;
+			/*
+			 * Make sure the string is nonempty and \n terminated.
+			 */
+			if (n > 1 && cbuf[cpos] == '\n') {
+				cbuf[cpos] = '\0';
+				yylval.s = copy(cp);
+				cbuf[cpos] = '\n';
+				state = ARGS;
+				return (STRING);
+			}
+			break;
+
+		case NSTR:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				return (SP);
+			}
+			if (isdigit((unsigned char)cbuf[cpos])) {
+				cp = &cbuf[cpos];
+				while (isdigit((unsigned char)cbuf[++cpos]))
+					;
+				c = cbuf[cpos];
+				cbuf[cpos] = '\0';
+				yylval.i = atoi(cp);
+				cbuf[cpos] = c;
+				state = STR1;
+				return (NUMBER);
+			}
+			state = STR1;
+			goto dostr1;
+
+		case ARGS:
+			if (isdigit((unsigned char)cbuf[cpos])) {
+				cp = &cbuf[cpos];
+				while (isdigit((unsigned char)cbuf[++cpos]))
+					;
+				c = cbuf[cpos];
+				cbuf[cpos] = '\0';
+				yylval.i = atoi(cp);
+				cbuf[cpos] = c;
+				return (NUMBER);
+			}
+			switch (cbuf[cpos++]) {
+
+			case '\n':
+				state = CMD;
+				return (CRLF);
+
+			case ' ':
+				return (SP);
+
+			case ',':
+				return (COMMA);
+
+			case 'A':
+			case 'a':
+				return (A);
+
+			case 'B':
+			case 'b':
+				return (B);
+
+			case 'C':
+			case 'c':
+				return (C);
+
+			case 'E':
+			case 'e':
+				return (E);
+
+			case 'F':
+			case 'f':
+				return (F);
+
+			case 'I':
+			case 'i':
+				return (I);
+
+			case 'L':
+			case 'l':
+				return (L);
+
+			case 'N':
+			case 'n':
+				return (N);
+
+			case 'P':
+			case 'p':
+				return (P);
+
+			case 'R':
+			case 'r':
+				return (R);
+
+			case 'S':
+			case 's':
+				return (S);
+
+			case 'T':
+			case 't':
+				return (T);
+
+			}
+			break;
+
+		default:
+			fatal("Unknown state in scanner.");
+		}
+		yyerror(NULL);
+		state = CMD;
+		return (0);
+	}
+}
+
+/* ARGSUSED */
+void
+yyerror(char *s)
+{
+	char *cp;
+
+	if (hasyyerrored)
+	    return;
+
+	if ((cp = strchr(cbuf,'\n')))
+		*cp = '\0';
+	reply(500, "'%s': command not understood.", cbuf);
+	hasyyerrored = 1;
+}
+
+static char *
+copy(char *s)
+{
+	char *p;
+
+	p = strdup(s);
+	if (p == NULL)
+		fatal("Ran out of memory.");
+	return p;
+}
+
+static void
+help(struct tab *ctab, char *s)
+{
+	struct tab *c;
+	int width, NCMDS;
+	char *t;
+	char buf[1024];
+
+	if (ctab == sitetab)
+		t = "SITE ";
+	else
+		t = "";
+	width = 0, NCMDS = 0;
+	for (c = ctab; c->name != NULL; c++) {
+		int len = strlen(c->name);
+
+		if (len > width)
+			width = len;
+		NCMDS++;
+	}
+	width = (width + 8) &~ 7;
+	if (s == 0) {
+		int i, j, w;
+		int columns, lines;
+
+		lreply(214, "The following %scommands are recognized %s.",
+		    t, "(* =>'s unimplemented)");
+		columns = 76 / width;
+		if (columns == 0)
+			columns = 1;
+		lines = (NCMDS + columns - 1) / columns;
+		for (i = 0; i < lines; i++) {
+		    strlcpy (buf, "   ", sizeof(buf));
+		    for (j = 0; j < columns; j++) {
+			c = ctab + j * lines + i;
+			snprintf (buf + strlen(buf),
+				  sizeof(buf) - strlen(buf),
+				  "%s%c",
+				  c->name,
+				  c->implemented ? ' ' : '*');
+			if (c + lines >= &ctab[NCMDS])
+			    break;
+			w = strlen(c->name) + 1;
+			while (w < width) {
+			    strlcat (buf,
+					     " ",
+					     sizeof(buf));
+			    w++;
+			}
+		    }
+		    lreply(214, "%s", buf);
+		}
+		reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
+		return;
+	}
+	strupr(s);
+	c = lookup(ctab, s);
+	if (c == (struct tab *)0) {
+		reply(502, "Unknown command %s.", s);
+		return;
+	}
+	if (c->implemented)
+		reply(214, "Syntax: %s%s %s", t, c->name, c->help);
+	else
+		reply(214, "%s%-*s\t%s; unimplemented.", t, width,
+		    c->name, c->help);
+}
+
+static void
+sizecmd(char *filename)
+{
+	switch (type) {
+	case TYPE_L:
+	case TYPE_I: {
+		struct stat stbuf;
+		if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
+			reply(550, "%s: not a plain file.", filename);
+		else
+			reply(213, "%lu", (unsigned long)stbuf.st_size);
+		break;
+	}
+	case TYPE_A: {
+		FILE *fin;
+		int c;
+		size_t count;
+		struct stat stbuf;
+		fin = fopen(filename, "r");
+		if (fin == NULL) {
+			perror_reply(550, filename);
+			return;
+		}
+		if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
+			reply(550, "%s: not a plain file.", filename);
+			fclose(fin);
+			return;
+		}
+
+		count = 0;
+		while((c=getc(fin)) != EOF) {
+			if (c == '\n')	/* will get expanded to \r\n */
+				count++;
+			count++;
+		}
+		fclose(fin);
+
+		reply(213, "%lu", (unsigned long)count);
+		break;
+	}
+	default:
+		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
+	}
+}
+
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
index 9c5fa4c..963a6a0 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
@@ -43,7 +43,7 @@
 %{
 
 #include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y,v 1.61.10.2 2004/08/20 15:15:46 lha Exp $");
+RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $");
 
 off_t	restart_point;
 
@@ -137,30 +137,35 @@ cmd_list
 	;
 
 cmd
-	: USER SP username CRLF
+	: USER SP username CRLF check_secure
 		{
+		    if ($5)
 			user($3);
-			free($3);
+		    free($3);
 		}
-	| PASS SP password CRLF
+	| PASS SP password CRLF check_secure
 		{
+		    if ($5)
 			pass($3);
-			memset ($3, 0, strlen($3));
-			free($3);
+		    memset ($3, 0, strlen($3));
+		    free($3);
 		}
-	| PORT SP host_port CRLF
+	| PORT SP host_port CRLF check_secure
 		{
+		    if ($5) {
 			usedefault = 0;
 			if (pdata >= 0) {
 				close(pdata);
 				pdata = -1;
 			}
 			reply(200, "PORT command successful.");
+		    }
 		}
-	| EPRT SP STRING CRLF
+	| EPRT SP STRING CRLF check_secure
 		{
+		    if ($5)
 			eprt ($3);
-			free ($3);
+		    free ($3);
 		}
 	| PASV CRLF check_login
 		{
@@ -178,8 +183,9 @@ cmd
 			epsv ($3);
 		    free ($3);
 		}
-	| TYPE SP type_code CRLF
+	| TYPE SP type_code CRLF check_secure
 		{
+		    if ($5) {
 			switch (cmd_type) {
 
 			case TYPE_A:
@@ -212,9 +218,11 @@ cmd
 				UNIMPLEMENTED for NBBY != 8
 #endif /* NBBY == 8 */
 			}
+		    }
 		}
-	| STRU SP struct_code CRLF
+	| STRU SP struct_code CRLF check_secure
 		{
+		    if ($5) {
 			switch ($3) {
 
 			case STRU_F:
@@ -224,9 +232,11 @@ cmd
 			default:
 				reply(504, "Unimplemented STRU type.");
 			}
+		    }
 		}
-	| MODE SP mode_code CRLF
+	| MODE SP mode_code CRLF check_secure
 		{
+		    if ($5) {
 			switch ($3) {
 
 			case MODE_S:
@@ -236,14 +246,19 @@ cmd
 			default:
 				reply(502, "Unimplemented MODE type.");
 			}
+		    }
 		}
-	| ALLO SP NUMBER CRLF
+	| ALLO SP NUMBER CRLF check_secure
 		{
+		    if ($5) {
 			reply(202, "ALLO command ignored.");
+		    }
 		}
-	| ALLO SP NUMBER SP R SP NUMBER CRLF
+	| ALLO SP NUMBER SP R SP NUMBER CRLF check_secure
 		{
+		    if ($9) {
 			reply(202, "ALLO command ignored.");
+		    }
 		}
 	| RETR SP pathname CRLF check_login
 		{
@@ -304,10 +319,11 @@ cmd
 			if ($3 != NULL)
 				free($3);
 		}
-	| sTAT CRLF
+	| sTAT CRLF check_secure
 		{
+		    if ($3)
 			statcmd();
-	}
+		}
 	| DELE SP pathname CRLF check_login_no_guest
 		{
 			if ($5 && $3 != NULL)
@@ -329,8 +345,9 @@ cmd
 			if ($3 != NULL)
 				free($3);
 		}
-	| ABOR CRLF
+	| ABOR CRLF check_secure
 		{
+		    if ($3)
 			reply(225, "ABOR command successful.");
 		}
 	| CWD CRLF check_login
@@ -345,12 +362,14 @@ cmd
 			if ($3 != NULL)
 				free($3);
 		}
-	| HELP CRLF
+	| HELP CRLF check_secure
 		{
+		    if ($3)
 			help(cmdtab, (char *) 0);
 		}
-	| HELP SP STRING CRLF
+	| HELP SP STRING CRLF check_secure
 		{
+		    if ($5) {
 			char *cp = $3;
 
 			if (strncasecmp(cp, "SITE", 4) == 0) {
@@ -363,9 +382,11 @@ cmd
 					help(sitetab, (char *) 0);
 			} else
 				help(cmdtab, $3);
+		    }
 		}
-	| NOOP CRLF
+	| NOOP CRLF check_secure
 		{
+		    if ($3)
 			reply(200, "NOOP command successful.");
 		}
 	| MKD SP pathname CRLF check_login
@@ -392,26 +413,31 @@ cmd
 			if ($3)
 				cwd("..");
 		}
-	| FEAT CRLF
+	| FEAT CRLF check_secure
 		{
+		    if ($3) {
 			lreply(211, "Supported features:");
 			lreply(0, " MDTM");
 			lreply(0, " REST STREAM");
 			lreply(0, " SIZE");
 			reply(211, "End");
+		    }
 		}
-	| OPTS SP STRING CRLF
+	| OPTS SP STRING CRLF check_secure
 		{
-			free ($3);
+		    if ($5)
 			reply(501, "Bad options");
+		    free ($3);
 		}
 
-	| SITE SP HELP CRLF
+	| SITE SP HELP CRLF check_secure
 		{
+		    if ($5)
 			help(sitetab, (char *) 0);
 		}
-	| SITE SP HELP SP STRING CRLF
+	| SITE SP HELP SP STRING CRLF check_secure
 		{
+		    if ($7)
 			help(sitetab, $5);
 		}
 	| SITE SP UMASK CRLF check_login
@@ -449,14 +475,16 @@ cmd
 			if ($7 != NULL)
 				free($7);
 		}
-	| SITE SP IDLE CRLF
+	| SITE SP IDLE CRLF check_secure
 		{
+		    if ($5)
 			reply(200,
 			    "Current IDLE time limit is %d seconds; max %d",
 				ftpd_timeout, maxtimeout);
 		}
-	| SITE SP IDLE SP NUMBER CRLF
+	| SITE SP IDLE SP NUMBER CRLF check_secure
 		{
+		    if ($7) {
 			if ($5 < 30 || $5 > maxtimeout) {
 				reply(501,
 			"Maximum IDLE time must be between 30 and %d seconds",
@@ -468,6 +496,7 @@ cmd
 				    "Maximum IDLE time set to %d seconds",
 				    ftpd_timeout);
 			}
+		    }
 		}
 
 	| SITE SP KAUTH SP STRING CRLF check_login
@@ -495,12 +524,8 @@ cmd
 		}
 	| SITE SP KLIST CRLF check_login
 		{
-#ifdef KRB4
 		    if($5)
 			klist();
-#else
-		    reply(500, "Command not implemented.");
-#endif
 		}
 	| SITE SP KDESTROY CRLF check_login
 		{
@@ -526,22 +551,22 @@ cmd
 		}
 	| SITE SP AFSLOG CRLF check_login
 		{
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
 		    if(guest)
 			reply(500, "Can't be done as guest.");
 		    else if($5)
-			afslog(NULL);
+			afslog(NULL, 0);
 #else
 		    reply(500, "Command not implemented.");
 #endif
 		}
 	| SITE SP AFSLOG SP STRING CRLF check_login
 		{
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
 		    if(guest)
 			reply(500, "Can't be done as guest.");
 		    else if($7)
-			afslog($5);
+			afslog($5, 0);
 		    if($5)
 			free($5);
 #else
@@ -555,9 +580,10 @@ cmd
 		    if($5 != NULL)
 			free($5);
 		}
-	| SITE SP URL CRLF
+	| SITE SP URL CRLF check_secure
 		{
-			reply(200, "http://www.pdc.kth.se/kth-krb/");
+		    if ($5)
+			reply(200, "http://www.pdc.kth.se/heimdal/");
 		}
 	| STOU SP pathname CRLF check_login
 		{
@@ -566,13 +592,15 @@ cmd
 			if ($3 != NULL)
 				free($3);
 		}
-	| SYST CRLF
+	| SYST CRLF check_secure
 		{
+		    if ($3) {
 #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
-		    reply(215, "UNIX Type: L%d", NBBY);
+			reply(215, "UNIX Type: L%d", NBBY);
 #else
-		    reply(215, "UNKNOWN Type: L%d", NBBY);
+			reply(215, "UNKNOWN Type: L%d", NBBY);
 #endif
+		    }
 		}
 
 		/*
@@ -627,10 +655,12 @@ cmd
 			if ($3 != NULL)
 				free($3);
 		}
-	| QUIT CRLF
+	| QUIT CRLF check_secure
 		{
+		    if ($3) {
 			reply(221, "Goodbye.");
 			dologout(0);
+		    }
 		}
 	| error CRLF
 		{
@@ -648,13 +678,15 @@ rcmd
 				}
 			}
 		}
-	| REST SP byte_size CRLF
+	| REST SP byte_size CRLF check_secure
 		{
+		    if ($5) {
 			fromname = (char *) 0;
 			restart_point = $3;	/* XXX $3 is only "int" */
 			reply(350, "Restarting at %ld. %s",
 			      (long)restart_point,
 			      "Send STORE or RETRIEVE to initiate transfer.");
+		    }
 		}
 	| AUTH SP STRING CRLF
 		{
@@ -666,16 +698,19 @@ rcmd
 			adat($3);
 			free($3);
 		}
-	| PBSZ SP NUMBER CRLF
+	| PBSZ SP NUMBER CRLF check_secure
 		{
+		    if ($5)
 			pbsz($3);
 		}
-	| PROT SP STRING CRLF
+	| PROT SP STRING CRLF check_secure
 		{
+		    if ($5)
 			prot($3);
 		}
-	| CCC CRLF
+	| CCC CRLF check_secure
 		{
+		    if ($3)
 			ccc();
 		}
 	| MIC SP STRING CRLF
@@ -715,11 +750,11 @@ host_port
 	: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
 		NUMBER COMMA NUMBER
 		{
-			struct sockaddr_in *sin = (struct sockaddr_in *)data_dest;
+			struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
 
-			sin->sin_family = AF_INET;
-			sin->sin_port = htons($9 * 256 + $11);
-			sin->sin_addr.s_addr = 
+			sin4->sin_family = AF_INET;
+			sin4->sin_port = htons($9 * 256 + $11);
+			sin4->sin_addr.s_addr = 
 			    htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
 		}
 	;
@@ -892,7 +927,7 @@ check_login : check_secure
 check_secure : /* empty */
 		{
 		    $$ = 1;
-		    if(sec_complete && !secure_command()) {
+		    if(sec_complete && !ccc_passed && !secure_command()) {
 			$$ = 0;
 			reply(533, "Command protection level denied "
 			      "for paranoid reasons.");
@@ -1352,13 +1387,13 @@ help(struct tab *ctab, char *s)
 {
 	struct tab *c;
 	int width, NCMDS;
-	char *type;
+	char *t;
 	char buf[1024];
 
 	if (ctab == sitetab)
-		type = "SITE ";
+		t = "SITE ";
 	else
-		type = "";
+		t = "";
 	width = 0, NCMDS = 0;
 	for (c = ctab; c->name != NULL; c++) {
 		int len = strlen(c->name);
@@ -1373,7 +1408,7 @@ help(struct tab *ctab, char *s)
 		int columns, lines;
 
 		lreply(214, "The following %scommands are recognized %s.",
-		    type, "(* =>'s unimplemented)");
+		    t, "(* =>'s unimplemented)");
 		columns = 76 / width;
 		if (columns == 0)
 			columns = 1;
@@ -1409,9 +1444,9 @@ help(struct tab *ctab, char *s)
 		return;
 	}
 	if (c->implemented)
-		reply(214, "Syntax: %s%s %s", type, c->name, c->help);
+		reply(214, "Syntax: %s%s %s", t, c->name, c->help);
 	else
-		reply(214, "%s%-*s\t%s; unimplemented.", type, width,
+		reply(214, "%s%-*s\t%s; unimplemented.", t, width,
 		    c->name, c->help);
 }
 
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
index b630641..0dfed9f 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
@@ -156,8 +156,8 @@ allowed anonymous upload filename chars
 .Fl -no-insecure-oob
 .Xc
 don't allow insecure out of band.
-Heimdal ftp client before 0.7 doesn't support secure oob, so turning
-on this options makes them no longer work.
+Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning
+on this option makes them no longer work.
 .El
 .Pp
 The file
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
index 88bb4a1..2005a4f 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
@@ -38,7 +38,7 @@
 #endif
 #include "getarg.h"
 
-RCSID("$Id: ftpd.c,v 1.166.2.3 2004/08/20 15:16:37 lha Exp $");
+RCSID("$Id: ftpd.c 21222 2007-06-20 10:11:14Z lha $");
 
 static char version[] = "Version 6.00";
 
@@ -138,9 +138,9 @@ static int	 handleoobcmd(void);
 static int	 checkuser (char *, char *);
 static int	 checkaccess (char *);
 static FILE	*dataconn (const char *, off_t, const char *);
-static void	 dolog (struct sockaddr *sa, int len);
+static void	 dolog (struct sockaddr *, int);
 static void	 end_login (void);
-static FILE	*getdatasock (const char *);
+static FILE	*getdatasock (const char *, int);
 static char	*gunique (char *);
 static RETSIGTYPE	 lostconn (int);
 static int	 receive_data (FILE *, FILE *);
@@ -280,10 +280,6 @@ main(int argc, char **argv)
 	krb_set_tkt_string(tkfile);
 #endif
     }
-#if defined(KRB4) || defined(KRB5)
-    if(k_hasafs())
-	k_setpag();
-#endif
 
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
@@ -595,14 +591,15 @@ user(char *name)
 	if (logging)
 	    strlcpy(curname, name, sizeof(curname));
 	if(sec_complete) {
-	    if(sec_userok(name) == 0)
+	    if(sec_userok(name) == 0) {
 		do_login(232, name);
-	    else
+		sec_session(name);
+	    } else
 		reply(530, "User %s access denied.", name);
 	} else {
+#ifdef OTP
 		char ss[256];
 
-#ifdef OTP
 		if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
 			reply(331, "Password %s for %s required.",
 			      ss, name);
@@ -613,9 +610,9 @@ user(char *name)
 		    reply(331, "Password required for %s.", name);
 		    askpasswd = 1;
 		} else {
-		    char *s;
-		    
 #ifdef OTP
+		    char *s;
+
 		    if ((s = otp_error (&otp_ctx)) != NULL)
 			lreply(530, "OTP: %s", s);
 #endif
@@ -727,6 +724,10 @@ int do_login(int code, char *passwd)
 	return -1;
     }
     initgroups(pw->pw_name, pw->pw_gid);
+#if defined(KRB4) || defined(KRB5)
+    if(k_hasafs())
+	k_setpag();
+#endif
 
     /* open wtmp before chroot */
     ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
@@ -835,7 +836,8 @@ static void
 end_login(void)
 {
 
-	seteuid((uid_t)0);
+	if (seteuid((uid_t)0) < 0)
+		fatal("Failed to seteuid");
 	if (logged_in)
 		ftpd_logwtmp(ttyline, "", "");
 	pw = NULL;
@@ -933,9 +935,8 @@ pass(char *passwd)
 		    if (rval)
 			rval = unix_verify_user(pw->pw_name, passwd);
 		} else {
-		    char *s;
-		    
 #ifdef OTP
+		    char *s;
 		    if ((s = otp_error(&otp_ctx)) != NULL)
 			lreply(530, "OTP: %s", s);
 #endif
@@ -1023,9 +1024,10 @@ retrieve(const char *cmd, char *name)
 			*tail = c;
 			if (p->rev_cmd != NULL) {
 			    char *ext;
+			    int ret;
 
-			    asprintf(&ext, "%s%s", name, p->ext);
-			    if (ext != NULL) { 
+			    ret = asprintf(&ext, "%s%s", name, p->ext);
+			    if (ret != -1) {
   			        if (access(ext, R_OK) == 0) {
 				    snprintf (line, sizeof(line),
 					      p->rev_cmd, ext);
@@ -1107,17 +1109,17 @@ done:
 int 
 filename_check(char *filename)
 {
-    unsigned char *p;
+    char *p;
 
-    p = (unsigned char *)strrchr(filename, '/');
+    p = strrchr(filename, '/');
     if(p)
 	filename = p + 1;
 
     p = filename;
 
-    if(isalnum(*p)){
+    if(isalnum((unsigned char)*p)){
 	p++;
-	while(*p && (isalnum(*p) || strchr(good_chars, *p)))
+	while(*p && (isalnum((unsigned char)*p) || strchr(good_chars, (unsigned char)*p)))
 	    p++;
 	if(*p == '\0')
 	    return 0;
@@ -1208,14 +1210,15 @@ done:
 }
 
 static FILE *
-getdatasock(const char *mode)
+getdatasock(const char *mode, int domain)
 {
 	int s, t, tries;
 
 	if (data >= 0)
 		return (fdopen(data, mode));
-	seteuid(0);
-	s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
+	s = socket(domain, SOCK_STREAM, 0);
 	if (s < 0)
 		goto bad;
 	socket_set_reuseaddr (s, 1);
@@ -1232,7 +1235,8 @@ getdatasock(const char *mode)
 			goto bad;
 		sleep(tries);
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 #ifdef IPTOS_THROUGHPUT
 	socket_set_tos (s, IPTOS_THROUGHPUT);
 #endif
@@ -1240,7 +1244,8 @@ getdatasock(const char *mode)
 bad:
 	/* Return the real value of errno (close may change it) */
 	t = errno;
-	seteuid((uid_t)pw->pw_uid);
+	if (seteuid((uid_t)pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	close(s);
 	errno = t;
 	return (NULL);
@@ -1271,7 +1276,7 @@ dataconn(const char *name, off_t size, const char *mode)
 {
 	char sizebuf[32];
 	FILE *file;
-	int retry = 0;
+	int domain, retry = 0;
 
 	file_size = size;
 	byte_count = 0;
@@ -1318,7 +1323,15 @@ dataconn(const char *name, off_t size, const char *mode)
 	if (usedefault)
 		data_dest = his_addr;
 	usedefault = 1;
-	file = getdatasock(mode);
+	/* 
+	 * Default to using the same socket type as the ctrl address,
+	 * unless we know the type of the data address.
+	 */
+	domain = data_dest->sa_family;
+	if (domain == PF_UNSPEC)
+	    domain = ctrl_addr->sa_family;
+
+	file = getdatasock(mode, domain);
 	if (file == NULL) {
 		char data_addr[256];
 
@@ -1625,7 +1638,7 @@ statcmd(void)
 	lreply(211, "%s FTP server (%s) status:", hostname, version);
 	printf("     %s\r\n", version);
 	printf("     Connected to %s", remotehost);
-	if (!isdigit(remotehost[0]))
+	if (!isdigit((unsigned char)remotehost[0]))
 		printf(" (%s)", inet_ntoa(his_addr.sin_addr));
 	printf("\r\n");
 	if (logged_in) {
@@ -1889,11 +1902,11 @@ dologout(int status)
     transflag = 0;
     urgflag = 0;
     if (logged_in) {
-	seteuid((uid_t)0);
-	ftpd_logwtmp(ttyline, "", "");
-#ifdef KRB4
+#if KRB4 || KRB5
 	cond_kdestroy();
 #endif
+	seteuid((uid_t)0); /* No need to check, we call exit() below */
+	ftpd_logwtmp(ttyline, "", "");
     }
     /* beware of flushing buffers after a SIGPIPE */
 #ifdef XXX
@@ -2006,12 +2019,15 @@ pasv(void)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid) < 0)
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
@@ -2050,12 +2066,15 @@ epsv(char *proto)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid))
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
index bb172ac..f5574e9 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: ftpd_locl.h,v 1.13.2.1 2004/08/20 15:17:07 lha Exp $ */
+/* $Id: ftpd_locl.h 14933 2005-04-24 19:58:14Z lha $ */
 
 #ifndef __ftpd_locl_h__
 #define __ftpd_locl_h__
@@ -166,7 +166,7 @@ extern int LIBPREFIX(fclose)      (FILE *);
 
 int fclose(FILE *stream);
 
-int yyparse();
+int yyparse(void);
 
 #ifndef LOG_FTP
 #define LOG_FTP LOG_DAEMON
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
index ce59df8..85b5f62 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
@@ -1,4 +1,4 @@
-.\"	$Id: ftpusers.5,v 1.5 2002/08/20 17:07:04 joda Exp $
+.\"	$Id: ftpusers.5 11176 2002-08-20 17:07:29Z joda $
 .\"
 .Dd May 7, 1997
 .Dt FTPUSERS 5
diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
index 11a2e75..6fa8f7e 100644
--- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
+++ b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
@@ -35,90 +35,121 @@
 #include <gssapi.h>
 #include <krb5.h>
 
-RCSID("$Id: gss_userok.c,v 1.10 2003/03/18 13:56:35 lha Exp $");
+RCSID("$Id: gss_userok.c 21222 2007-06-20 10:11:14Z lha $");
 
 /* XXX a bit too much of krb5 dependency here... 
    What is the correct way to do this? 
    */
 
-extern krb5_context gssapi_krb5_context;
+struct gss_krb5_data {
+    krb5_context context;
+};
 
 /* XXX sync with gssapi.c */
 struct gss_data {
     gss_ctx_id_t context_hdl;
     char *client_name;
     gss_cred_id_t delegated_cred_handle;
+    void *mech_data;
 };
 
 int gss_userok(void*, char*); /* to keep gcc happy */
+int gss_session(void*, char*); /* to keep gcc happy */
 
 int
 gss_userok(void *app_data, char *username)
 {
     struct gss_data *data = app_data;
-    if(gssapi_krb5_context) {
-	krb5_principal client;
-	krb5_error_code ret;
-        
-	ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
-	if(ret)
-	    return 1;
-	ret = krb5_kuserok(gssapi_krb5_context, client, username);
-        if (!ret) {
-           krb5_free_principal(gssapi_krb5_context, client);
-           return 1;
-        }
-        
-        ret = 0;
+    krb5_error_code ret;
+    krb5_principal client;
+    struct gss_krb5_data *kdata;
+
+    kdata = calloc(1, sizeof(struct gss_krb5_data));
+    if (kdata == NULL)
+	return 1;
+    data->mech_data = kdata;
+
+    ret = krb5_init_context(&(kdata->context));
+    if (ret) {
+	free(kdata);
+	return 1;
+    }
+
+    ret = krb5_parse_name(kdata->context, data->client_name, &client);
+    if(ret) {
+	krb5_free_context(kdata->context);
+	free(kdata);
+	return 1;
+    }
+    ret = krb5_kuserok(kdata->context, client, username);
+    if (!ret) {
+	krb5_free_principal(kdata->context, client);
+	krb5_free_context(kdata->context);
+	free(kdata);
+	return 1;
+    }
         
-        /* more of krb-depend stuff :-( */
-	/* gss_add_cred() ? */
-        if (data->delegated_cred_handle && 
-            data->delegated_cred_handle->ccache ) {
-            
-           krb5_ccache ccache = NULL; 
-           char* ticketfile;
-           struct passwd *pw;
-	   OM_uint32 minor_status;
-           
-           pw = getpwnam(username);
-           
-	   if (pw == NULL) {
-	       ret = 1;
-	       goto fail;
-	   }
+    ret = 0;
+    krb5_free_principal(kdata->context, client);
+    return ret;
+}
+
+int
+gss_session(void *app_data, char *username)
+{
+    struct gss_data *data = app_data;
+    krb5_error_code ret;
+    OM_uint32 minor_status;
+    struct gss_krb5_data *kdata;
+
+    ret = 0;
 
-           asprintf (&ticketfile, "%s%u", KRB5_DEFAULT_CCROOT,
-		     (unsigned)pw->pw_uid);
+    kdata = (struct gss_krb5_data *)(data->mech_data);
         
-           ret = krb5_cc_resolve(gssapi_krb5_context, ticketfile, &ccache);
-           if (ret)
-              goto fail;
+    /* more of krb-depend stuff :-( */
+    /* gss_add_cred() ? */
+    if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+	krb5_ccache ccache = NULL; 
+	const char* ticketfile;
+	struct passwd *kpw;
            
-           ret = gss_krb5_copy_ccache(&minor_status,
-				      data->delegated_cred_handle,
-				      ccache);
-           if (ret)
-              goto fail;
-           
-           chown (ticketfile+5, pw->pw_uid, pw->pw_gid);
+	ret = krb5_cc_gen_new(kdata->context, &krb5_fcc_ops, &ccache);
+	if (ret)
+	    goto fail;
+	   
+	ticketfile = krb5_cc_get_name(kdata->context, ccache);
+        
+	ret = gss_krb5_copy_ccache(&minor_status,
+				   data->delegated_cred_handle,
+				   ccache);
+	if (ret) {
+	    ret = 0;
+	    goto fail;
+	}
            
-           if (k_hasafs()) {
-	       krb5_afslog(gssapi_krb5_context, ccache, 0, 0);
-           }
-           esetenv ("KRB5CCNAME", ticketfile, 1);
+	do_destroy_tickets = 1;
+
+	kpw = getpwnam(username);
            
-fail:
-           if (ccache)
-              krb5_cc_close(gssapi_krb5_context, ccache); 
-           krb5_cc_destroy(gssapi_krb5_context, 
-                           data->delegated_cred_handle->ccache);
-           data->delegated_cred_handle->ccache = NULL;
-           free(ticketfile);
-        }
+	if (kpw == NULL) {
+	    unlink(ticketfile);
+	    ret = 1;
+	    goto fail;
+	}
+
+	chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
            
-	krb5_free_principal(gssapi_krb5_context, client);
-        return ret;
+	if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) {
+	    esetenv ("KRB5CCNAME", k5ccname, 1);
+	}
+	afslog(NULL, 1);
+    fail:
+	if (ccache)
+	    krb5_cc_close(kdata->context, ccache); 
     }
-    return 1;
+           
+    gss_release_cred(&minor_status, &data->delegated_cred_handle);
+    krb5_free_context(kdata->context);
+    free(kdata);
+    return ret;
 }
diff --git a/crypto/heimdal/appl/ftp/ftpd/gssapi.c b/crypto/heimdal/appl/ftp/ftpd/gssapi.c
new file mode 100644
index 0000000..9432feb
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/gssapi.c
@@ -0,0 +1,528 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <gssapi.h>
+#include <krb5_err.h>
+
+RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $");
+
+int ftp_do_gss_bindings = 0;
+int ftp_do_gss_delegate = 1;
+
+struct gss_data {
+    gss_ctx_id_t context_hdl;
+    char *client_name;
+    gss_cred_id_t delegated_cred_handle;
+    void *mech_data;
+};
+
+static int
+gss_init(void *app_data)
+{
+    struct gss_data *d = app_data;
+    d->context_hdl = GSS_C_NO_CONTEXT;
+    d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+#if defined(FTP_SERVER)
+    return 0;
+#else
+    /* XXX Check the gss mechanism; with  gss_indicate_mechs() ? */
+#ifdef KRB5
+    return !use_kerberos;
+#else
+    return 0;
+#endif /* KRB5 */
+#endif /* FTP_SERVER */
+}
+
+static int
+gss_check_prot(void *app_data, int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+static int
+gss_decode(void *app_data, void *buf, int len, int level)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    gss_qop_t qop_state;
+    int conf_state;
+    struct gss_data *d = app_data;
+    size_t ret_len;
+
+    input.length = len;
+    input.value = buf;
+    maj_stat = gss_unwrap (&min_stat,
+			   d->context_hdl,
+			   &input,
+			   &output,
+			   &conf_state,
+			   &qop_state);
+    if(GSS_ERROR(maj_stat))
+	return -1;
+    memmove(buf, output.value, output.length);
+    ret_len = output.length;
+    gss_release_buffer(&min_stat, &output);
+    return ret_len;
+}
+
+static int
+gss_overhead(void *app_data, int level, int len)
+{
+    return 100; /* dunno? */
+}
+
+
+static int
+gss_encode(void *app_data, void *from, int length, int level, void **to)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    int conf_state;
+    struct gss_data *d = app_data;
+
+    input.length = length;
+    input.value = from;
+    maj_stat = gss_wrap (&min_stat,
+			 d->context_hdl,
+			 level == prot_private,
+			 GSS_C_QOP_DEFAULT,
+			 &input,
+			 &conf_state,
+			 &output);
+    *to = output.value;
+    return output.length;
+}
+
+static void
+sockaddr_to_gss_address (struct sockaddr *sa,
+			 OM_uint32 *addr_type,
+			 gss_buffer_desc *gss_addr)
+{
+    switch (sa->sa_family) {
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+	gss_addr->length = 16;
+	gss_addr->value  = &sin6->sin6_addr;
+	*addr_type       = GSS_C_AF_INET6;
+	break;
+    }
+#endif
+    case AF_INET : {
+	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+
+	gss_addr->length = 4;
+	gss_addr->value  = &sin4->sin_addr;
+	*addr_type       = GSS_C_AF_INET;
+	break;
+    }
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	
+    }
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+static int
+gss_adat(void *app_data, void *buf, size_t len)
+{
+    char *p = NULL;
+    gss_buffer_desc input_token, output_token;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t client_name;
+    struct gss_data *d = app_data;
+    gss_channel_bindings_t bindings;
+
+    if (ftp_do_gss_bindings) {
+	bindings = malloc(sizeof(*bindings));
+	if (bindings == NULL)
+	    errx(1, "out of memory");
+
+	sockaddr_to_gss_address (his_addr,
+				 &bindings->initiator_addrtype,
+				 &bindings->initiator_address);
+	sockaddr_to_gss_address (ctrl_addr,
+				 &bindings->acceptor_addrtype,
+				 &bindings->acceptor_address);
+	
+	bindings->application_data.length = 0;
+	bindings->application_data.value = NULL;
+    } else
+	bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+    input_token.value = buf;
+    input_token.length = len;
+
+    maj_stat = gss_accept_sec_context (&min_stat,
+				       &d->context_hdl,
+				       GSS_C_NO_CREDENTIAL,
+				       &input_token,
+				       bindings,
+				       &client_name,
+				       NULL,
+				       &output_token,
+				       NULL,
+				       NULL,
+				       &d->delegated_cred_handle);
+
+    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+	free(bindings);
+
+    if(output_token.length) {
+	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
+	    reply(535, "Out of memory base64-encoding.");
+	    return -1;
+	}
+	gss_release_buffer(&min_stat, &output_token);
+    }
+    if(maj_stat == GSS_S_COMPLETE){
+	char *name;
+	gss_buffer_desc export_name;
+	gss_OID oid;
+
+	maj_stat = gss_display_name(&min_stat, client_name,
+				    &export_name, &oid);
+	if(maj_stat != 0) {
+	    reply(500, "Error displaying name");
+	    goto out;
+	}
+	/* XXX kerberos */
+	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
+	    reply(500, "OID not kerberos principal name");
+	    gss_release_buffer(&min_stat, &export_name);
+	    goto out;
+	}
+	name = malloc(export_name.length + 1);
+	if(name == NULL) {
+	    reply(500, "Out of memory");
+	    gss_release_buffer(&min_stat, &export_name);
+	    goto out;
+	}
+	memcpy(name, export_name.value, export_name.length);
+	name[export_name.length] = '\0';
+	gss_release_buffer(&min_stat, &export_name);
+	d->client_name = name;
+	if(p)
+	    reply(235, "ADAT=%s", p);
+	else
+	    reply(235, "ADAT Complete");
+	sec_complete = 1;
+
+    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
+	if(p)
+	    reply(335, "ADAT=%s", p);
+	else
+	    reply(335, "OK, need more data");
+    } else {
+	OM_uint32 new_stat;
+	OM_uint32 msg_ctx = 0;
+	gss_buffer_desc status_string;
+	gss_display_status(&new_stat,
+			   min_stat,
+			   GSS_C_MECH_CODE,
+			   GSS_C_NO_OID,
+			   &msg_ctx,
+			   &status_string);
+	syslog(LOG_ERR, "gss_accept_sec_context: %s", 
+	       (char*)status_string.value);
+	gss_release_buffer(&new_stat, &status_string);
+	reply(431, "Security resource unavailable");
+    }
+  out:
+    if (client_name)
+	gss_release_name(&min_stat, &client_name);
+    free(p);
+    return 0;
+}
+
+int gss_userok(void*, char*);
+int gss_session(void*, char*);
+
+struct sec_server_mech gss_server_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init, /* init */
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+    /* */
+    NULL,
+    gss_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    gss_userok,
+    gss_session
+};
+
+#else /* FTP_SERVER */
+
+extern struct sockaddr *hisctladdr, *myctladdr;
+
+static int
+import_name(const char *kname, const char *host, gss_name_t *target_name)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc name;
+    char *str;
+
+    name.length = asprintf(&str, "%s@%s", kname, host);
+    if (str == NULL) {
+	printf("Out of memory\n");
+	return AUTH_ERROR;
+    }
+    name.value = str;
+
+    maj_stat = gss_import_name(&min_stat,
+			       &name,
+			       GSS_C_NT_HOSTBASED_SERVICE,
+			       target_name);
+    if (GSS_ERROR(maj_stat)) {
+	OM_uint32 new_stat;
+	OM_uint32 msg_ctx = 0;
+	gss_buffer_desc status_string;
+	    
+	gss_display_status(&new_stat,
+			   min_stat,
+			   GSS_C_MECH_CODE,
+			   GSS_C_NO_OID,
+			   &msg_ctx,
+			   &status_string);
+	printf("Error importing name %s: %s\n", 
+	       (char *)name.value,
+	       (char *)status_string.value);
+	free(name.value);
+	gss_release_buffer(&new_stat, &status_string);
+	return AUTH_ERROR;
+    }
+    free(name.value);
+    return 0;
+}
+
+static int
+gss_auth(void *app_data, char *host)
+{
+    
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t target_name;
+    gss_buffer_desc input, output_token;
+    int context_established = 0;
+    char *p;
+    int n;
+    gss_channel_bindings_t bindings;
+    struct gss_data *d = app_data;
+    OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+
+    const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
+	    
+    
+    if(import_name(*kname++, host, &target_name))
+	return AUTH_ERROR;
+
+    input.length = 0;
+    input.value = NULL;
+
+    if (ftp_do_gss_bindings) {
+	bindings = malloc(sizeof(*bindings));
+	if (bindings == NULL)
+	    errx(1, "out of memory");
+	
+	sockaddr_to_gss_address (myctladdr,
+				 &bindings->initiator_addrtype,
+				 &bindings->initiator_address);
+	sockaddr_to_gss_address (hisctladdr,
+				 &bindings->acceptor_addrtype,
+				 &bindings->acceptor_address);
+	
+	bindings->application_data.length = 0;
+	bindings->application_data.value = NULL;
+    } else
+	bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+    if (ftp_do_gss_delegate)
+	mech_flags |= GSS_C_DELEG_FLAG;
+
+    while(!context_established) {
+	maj_stat = gss_init_sec_context(&min_stat,
+					GSS_C_NO_CREDENTIAL,
+					&d->context_hdl,
+					target_name,
+					GSS_C_NO_OID,
+                                        mech_flags,
+					0,
+					bindings,
+					&input,
+					NULL,
+					&output_token,
+					NULL,
+					NULL);
+	if (GSS_ERROR(maj_stat)) {
+	    OM_uint32 new_stat;
+	    OM_uint32 msg_ctx = 0;
+	    gss_buffer_desc status_string;
+
+	    d->context_hdl = GSS_C_NO_CONTEXT;
+
+	    gss_release_name(&min_stat, &target_name);
+
+	    if(*kname != NULL) {
+
+		if(import_name(*kname++, host, &target_name)) {
+		    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+			free(bindings);
+		    return AUTH_ERROR;
+		}
+		continue;
+	    }
+	    
+	    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+		free(bindings);
+
+	    gss_display_status(&new_stat,
+			       min_stat,
+			       GSS_C_MECH_CODE,
+			       GSS_C_NO_OID,
+			       &msg_ctx,
+			       &status_string);
+	    printf("Error initializing security context: %s\n", 
+		   (char*)status_string.value);
+	    gss_release_buffer(&new_stat, &status_string);
+	    return AUTH_CONTINUE;
+	}
+
+	if (input.value) {
+	    free(input.value);
+	    input.value = NULL;
+	    input.length = 0;
+	}
+	if (output_token.length != 0) {
+	    base64_encode(output_token.value, output_token.length, &p);
+	    gss_release_buffer(&min_stat, &output_token);
+	    n = command("ADAT %s", p);
+	    free(p);
+	}
+	if (GSS_ERROR(maj_stat)) {
+	    if (d->context_hdl != GSS_C_NO_CONTEXT)
+		gss_delete_sec_context (&min_stat,
+					&d->context_hdl,
+					GSS_C_NO_BUFFER);
+	    break;
+	}
+	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+	    p = strstr(reply_string, "ADAT=");
+	    if(p == NULL){
+		printf("Error: expected ADAT in reply. got: %s\n",
+		       reply_string);
+		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+		    free(bindings);
+		return AUTH_ERROR;
+	    } else {
+		p+=5;
+		input.value = malloc(strlen(p));
+		input.length = base64_decode(p, input.value);
+	    }
+	} else {
+	    if(code != 235) {
+		printf("Unrecognized response code: %d\n", code);
+		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+		    free(bindings);
+		return AUTH_ERROR;
+	    }
+	    context_established = 1;
+	}
+    }
+
+    gss_release_name(&min_stat, &target_name);
+
+    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+	free(bindings);
+    if (input.value)
+	free(input.value);
+
+    {
+	gss_name_t targ_name;
+
+	maj_stat = gss_inquire_context(&min_stat,
+				       d->context_hdl,
+				       NULL,
+				       &targ_name,
+				       NULL,
+				       NULL,
+				       NULL,
+				       NULL,
+				       NULL);
+	if (GSS_ERROR(maj_stat) == 0) {
+	    gss_buffer_desc name;
+	    maj_stat = gss_display_name (&min_stat,
+					 targ_name,
+					 &name,
+					 NULL);
+	    if (GSS_ERROR(maj_stat) == 0) {
+		printf("Authenticated to <%s>\n", (char *)name.value);
+		gss_release_buffer(&min_stat, &name);
+	    }
+	    gss_release_name(&min_stat, &targ_name);
+	} else
+	    printf("Failed to get gss name of peer.\n");
+    }	    
+
+
+    return AUTH_OK;
+}
+
+struct sec_client_mech gss_client_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init,
+    gss_auth,
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+};
+
+#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c
index dad4de5..0f34092 100644
--- a/crypto/heimdal/appl/ftp/ftpd/kauth.c
+++ b/crypto/heimdal/appl/ftp/ftpd/kauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,16 @@
 
 #include "ftpd_locl.h"
 
-RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $");
+
+#if defined(KRB4) || defined(KRB5)
+
+int do_destroy_tickets = 1;
+char *k5ccname;
+
+#endif
+
+#ifdef KRB4
 
 static KTEXT_ST cip;
 static unsigned int lifetime;
@@ -41,8 +50,6 @@ static time_t local_time;
 
 static krb_principal pr;
 
-static int do_destroy_tickets = 1;
-
 static int
 save_tkt(const char *user,
 	 const char *instance,
@@ -237,86 +244,41 @@ short_date(int32_t dp)
 }
 
 void
-klist(void)
+krbtkfile(const char *tkfile)
 {
-    int err;
+    do_destroy_tickets = 0;
+    krb_set_tkt_string(tkfile);
+    reply(200, "Using ticket file %s", tkfile);
+}
 
-    char *file = tkt_string();
+#endif /* KRB4 */
 
-    krb_principal pr;
-    
-    char buf1[128], buf2[128];
-    int header = 1;
-    CREDENTIALS c;
+#ifdef KRB5
 
+static void
+dest_cc(void)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_ccache id;
     
-
-    err = tf_init(file, R_TKT_FIL);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-    tf_close();
-
-    /* 
-     * We must find the realm of the ticket file here before calling
-     * tf_init because since the realm of the ticket file is not
-     * really stored in the principal section of the file, the
-     * routine we use must itself call tf_init and tf_close.
-     */
-    err = krb_get_tf_realm(file, pr.realm);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    err = tf_init(file, R_TKT_FIL);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    err = tf_get_pname(pr.name);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-    err = tf_get_pinst(pr.instance);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    /* 
-     * You may think that this is the obvious place to get the
-     * realm of the ticket file, but it can't be done here as the
-     * routine to do this must open the ticket file.  This is why 
-     * it was done before tf_init.
-     */
-       
-    lreply(200, "Ticket file: %s", tkt_string());
-
-    lreply(200, "Principal: %s", krb_unparse_name(&pr));
-    while ((err = tf_get_cred(&c)) == KSUCCESS) {
-	if (header) {
-	    lreply(200, "%-15s  %-15s  %s",
-		   "  Issued", "  Expires", "  Principal (kvno)");
-	    header = 0;
-	}
-	strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
-	c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
-	if (time(0) < (unsigned long) c.issue_date)
-	    strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
+    ret = krb5_init_context(&context);
+    if (ret == 0) {
+	if (k5ccname)
+	    ret = krb5_cc_resolve(context, k5ccname, &id);
 	else
-	    strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
-	lreply(200, "%s  %s  %s (%d)", buf1, buf2,
-	       krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); 
+	    ret = krb5_cc_default (context, &id);
+	if (ret)
+	    krb5_free_context(context);
     }
-    if (header && err == EOF) {
-	lreply(200, "No tickets in file.");
+    if (ret == 0) {
+	krb5_cc_destroy(context, id);
+	krb5_free_context (context);
     }
-    reply(200, " ");
 }
+#endif
+
+#if defined(KRB4) || defined(KRB5)
 
 /*
  * Only destroy if we created the tickets
@@ -325,35 +287,64 @@ klist(void)
 void
 cond_kdestroy(void)
 {
-    if (do_destroy_tickets)
+    if (do_destroy_tickets) {
+#if KRB4
 	dest_tkt();
+#endif
+#if KRB5
+	dest_cc();
+#endif
+	do_destroy_tickets = 0;
+    }
     afsunlog();
 }
 
 void
 kdestroy(void)
 {
+#if KRB4
     dest_tkt();
+#endif
+#if KRB5
+    dest_cc();
+#endif
     afsunlog();
     reply(200, "Tickets destroyed");
 }
 
-void
-krbtkfile(const char *tkfile)
-{
-    do_destroy_tickets = 0;
-    krb_set_tkt_string(tkfile);
-    reply(200, "Using ticket file %s", tkfile);
-}
 
 void
-afslog(const char *cell)
+afslog(const char *cell, int quiet)
 {
     if(k_hasafs()) {
+#ifdef KRB5
+	krb5_context context;
+	krb5_error_code ret;
+	krb5_ccache id;
+
+	ret = krb5_init_context(&context);
+	if (ret == 0) {
+	    if (k5ccname)
+		ret = krb5_cc_resolve(context, k5ccname, &id);
+	    else
+		ret = krb5_cc_default(context, &id);
+	    if (ret)
+		krb5_free_context(context);
+	}
+	if (ret == 0) {
+	    krb5_afslog(context, id, cell, 0);
+	    krb5_cc_close (context, id);
+	    krb5_free_context (context);
+	}
+#endif
+#ifdef KRB4
 	krb_afslog(cell, 0);
-	reply(200, "afslog done");
+#endif
+	if (!quiet)
+	    reply(200, "afslog done");
     } else {
-	reply(200, "no AFS present");
+	if (!quiet)
+	    reply(200, "no AFS present");
     }
 }
 
@@ -363,3 +354,7 @@ afsunlog(void)
     if(k_hasafs())
 	k_unlog();
 }
+
+#else
+int ftpd_afslog_placeholder;
+#endif /* KRB4 || KRB5 */
diff --git a/crypto/heimdal/appl/ftp/ftpd/klist.c b/crypto/heimdal/appl/ftp/ftpd/klist.c
new file mode 100644
index 0000000..4afa9b8
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/klist.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftpd_locl.h"
+
+#ifdef KRB5
+
+static int
+print_cred(krb5_context context, krb5_creds *cred)
+{
+    char t1[128], t2[128], *str;
+    krb5_error_code ret;
+    krb5_timestamp sec;
+
+    krb5_timeofday (context, &sec);
+
+    if(cred->times.starttime)
+	krb5_format_time(context, cred->times.starttime, t1, sizeof(t1), 1);
+    else
+	krb5_format_time(context, cred->times.authtime, t1, sizeof(t1), 1);
+    
+    if(cred->times.endtime > sec)
+	krb5_format_time(context, cred->times.endtime, t2, sizeof(t2), 1);
+    else
+	strlcpy(t2, ">>>Expired<<<", sizeof(t2));
+
+    ret = krb5_unparse_name (context, cred->server, &str);
+    if (ret) {
+	lreply(500, "krb5_unparse_name: %d", ret);
+	return 1;
+    }
+
+    lreply(200, "%-20s %-20s %s", t1, t2, str);
+    free(str);
+    return 0;
+}
+
+static int
+print_tickets (krb5_context context,
+	       krb5_ccache ccache,
+	       krb5_principal principal)
+{
+    krb5_error_code ret;
+    krb5_cc_cursor cursor;
+    krb5_creds cred;
+    char *str;
+
+    ret = krb5_unparse_name (context, principal, &str);
+    if (ret) {
+	lreply(500, "krb5_unparse_name: %d", ret);
+	return 500;
+    }
+
+    lreply(200, "%17s: %s:%s", 
+	   "Credentials cache",
+	   krb5_cc_get_type(context, ccache),
+	   krb5_cc_get_name(context, ccache));
+    lreply(200, "%17s: %s", "Principal", str);
+    free (str);
+
+    ret = krb5_cc_start_seq_get (context, ccache, &cursor);
+    if (ret) {
+	lreply(500, "krb5_cc_start_seq_get: %d", ret);
+	return 500;
+    }
+
+    lreply(200, "  Issued               Expires              Principal");
+
+    while ((ret = krb5_cc_next_cred (context,
+				     ccache,
+				     &cursor,
+				     &cred)) == 0) {
+	if (print_cred(context, &cred))
+	    return 500;		
+	krb5_free_cred_contents (context, &cred);
+    }
+    if (ret != KRB5_CC_END) {
+	lreply(500, "krb5_cc_get_next: %d", ret);
+	return 500;
+    }
+    ret = krb5_cc_end_seq_get (context, ccache, &cursor);
+    if (ret) {
+	lreply(500, "krb5_cc_end_seq_get: %d", ret);
+	return 500;
+    }
+
+    return 200;
+}
+
+static int
+klist5(void)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_ccache ccache;
+    krb5_principal principal;
+    int exit_status = 200;
+
+    ret = krb5_init_context (&context);
+    if (ret) {
+	lreply(500, "krb5_init_context failed: %d", ret);
+	return 500;
+    }
+
+    if (k5ccname)
+	ret = krb5_cc_resolve(context, k5ccname, &ccache);
+    else
+	ret = krb5_cc_default (context, &ccache);
+    if (ret) {
+	lreply(500, "krb5_cc_default: %d", ret);	    
+	return 500;
+    }
+
+    ret = krb5_cc_get_principal (context, ccache, &principal);
+    if (ret) {
+	if(ret == ENOENT)
+	    lreply(500, "No ticket file: %s",
+		   krb5_cc_get_name(context, ccache));
+	else
+	    lreply(500, "krb5_cc_get_principal: %d", ret);
+
+	return 500;
+    }
+    exit_status = print_tickets (context, ccache, principal);
+
+    ret = krb5_cc_close (context, ccache);
+    if (ret) {
+	lreply(500, "krb5_cc_close: %d", ret);	    
+	exit_status = 500;
+    }
+
+    krb5_free_principal (context, principal);
+    krb5_free_context (context);
+    return exit_status;
+}
+#endif
+
+void
+klist(void)
+{
+#if KRB5
+    int res = klist5();
+    reply(res, " ");
+#else
+    reply(500, "Command not implemented.");
+#endif
+}
+
diff --git a/crypto/heimdal/appl/ftp/ftpd/krb4.c b/crypto/heimdal/appl/ftp/ftpd/krb4.c
new file mode 100644
index 0000000..408b7fa
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/krb4.c
@@ -0,0 +1,340 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <krb.h>
+
+RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $");
+
+#ifdef FTP_SERVER
+#define LOCAL_ADDR ctrl_addr
+#define REMOTE_ADDR his_addr
+#else
+#define LOCAL_ADDR myctladdr
+#define REMOTE_ADDR hisctladdr
+#endif
+
+extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
+
+struct krb4_data {
+    des_cblock key;
+    des_key_schedule schedule;
+    char name[ANAME_SZ];
+    char instance[INST_SZ];
+    char realm[REALM_SZ];
+};
+
+static int
+krb4_check_prot(void *app_data, int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+static int
+krb4_decode(void *app_data, void *buf, int len, int level)
+{
+    MSG_DAT m;
+    int e;
+    struct krb4_data *d = app_data;
+    
+    if(level == prot_safe)
+	e = krb_rd_safe(buf, len, &d->key,
+			(struct sockaddr_in *)REMOTE_ADDR,
+			(struct sockaddr_in *)LOCAL_ADDR, &m);
+    else
+	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
+			(struct sockaddr_in *)REMOTE_ADDR,
+			(struct sockaddr_in *)LOCAL_ADDR, &m);
+    if(e){
+	syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
+	return -1;
+    }
+    memmove(buf, m.app_data, m.app_length);
+    return m.app_length;
+}
+
+static int
+krb4_overhead(void *app_data, int level, int len)
+{
+    return 31;
+}
+
+static int
+krb4_encode(void *app_data, void *from, int length, int level, void **to)
+{
+    struct krb4_data *d = app_data;
+    *to = malloc(length + 31);
+    if(level == prot_safe)
+	return krb_mk_safe(from, *to, length, &d->key, 
+			   (struct sockaddr_in *)LOCAL_ADDR,
+			   (struct sockaddr_in *)REMOTE_ADDR);
+    else if(level == prot_private)
+	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
+			   (struct sockaddr_in *)LOCAL_ADDR,
+			   (struct sockaddr_in *)REMOTE_ADDR);
+    else
+	return -1;
+}
+
+#ifdef FTP_SERVER
+
+static int
+krb4_adat(void *app_data, void *buf, size_t len)
+{
+    KTEXT_ST tkt;
+    AUTH_DAT auth_dat;
+    char *p;
+    int kerror;
+    uint32_t cs;
+    char msg[35]; /* size of encrypted block */
+    int tmp_len;
+    struct krb4_data *d = app_data;
+    char inst[INST_SZ];
+    struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
+
+    memcpy(tkt.dat, buf, len);
+    tkt.length = len;
+
+    k_getsockinst(0, inst, sizeof(inst));
+    kerror = krb_rd_req(&tkt, "ftp", inst, 
+			his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+    if(kerror == RD_AP_UNDEC){
+	k_getsockinst(0, inst, sizeof(inst));
+	kerror = krb_rd_req(&tkt, "rcmd", inst, 
+			    his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+    }
+
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	return -1;
+    }
+    
+    memcpy(d->key, auth_dat.session, sizeof(d->key));
+    des_set_key(&d->key, d->schedule);
+
+    strlcpy(d->name, auth_dat.pname, sizeof(d->name));
+    strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
+    strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
+
+    cs = auth_dat.checksum + 1;
+    {
+	unsigned char tmp[4];
+	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
+	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
+			      (struct sockaddr_in *)LOCAL_ADDR,
+			      (struct sockaddr_in *)REMOTE_ADDR);
+    }
+    if(tmp_len < 0){
+	reply(535, "Error creating reply: %s.", strerror(errno));
+	return -1;
+    }
+    len = tmp_len;
+    if(base64_encode(msg, len, &p) < 0) {
+	reply(535, "Out of memory base64-encoding.");
+	return -1;
+    }
+    reply(235, "ADAT=%s", p);
+    sec_complete = 1;
+    free(p);
+    return 0;
+}
+
+static int
+krb4_userok(void *app_data, char *user)
+{
+    struct krb4_data *d = app_data;
+    return krb_kuserok(d->name, d->instance, d->realm, user);
+}
+
+struct sec_server_mech krb4_server_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    NULL, /* init */
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode,
+    /* */
+    NULL,
+    krb4_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    krb4_userok
+};
+
+#else /* FTP_SERVER */
+
+static int
+krb4_init(void *app_data)
+{
+   return !use_kerberos;
+}
+
+static int
+mk_auth(struct krb4_data *d, KTEXT adat, 
+	char *service, char *host, int checksum)
+{
+    int ret;
+    CREDENTIALS cred;
+    char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+
+    strlcpy(sname, service, sizeof(sname));
+    strlcpy(inst, krb_get_phost(host), sizeof(inst));
+    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+    ret = krb_mk_req(adat, sname, inst, realm, checksum);
+    if(ret)
+	return ret;
+    strlcpy(sname, service, sizeof(sname));
+    strlcpy(inst, krb_get_phost(host), sizeof(inst));
+    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+    ret = krb_get_cred(sname, inst, realm, &cred);
+    memmove(&d->key, &cred.session, sizeof(des_cblock));
+    des_key_sched(&d->key, d->schedule);
+    memset(&cred, 0, sizeof(cred));
+    return ret;
+}
+
+static int
+krb4_auth(void *app_data, char *host)
+{
+    int ret;
+    char *p;
+    int len;
+    KTEXT_ST adat;
+    MSG_DAT msg_data;
+    int checksum;
+    uint32_t cs;
+    struct krb4_data *d = app_data;
+    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
+    struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
+
+    checksum = getpid();
+    ret = mk_auth(d, &adat, "ftp", host, checksum);
+    if(ret == KDC_PR_UNKNOWN)
+	ret = mk_auth(d, &adat, "rcmd", host, checksum);
+    if(ret){
+	printf("%s\n", krb_get_err_text(ret));
+	return AUTH_CONTINUE;
+    }
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+    if (krb_get_config_bool("nat_in_use")) {
+      struct in_addr natAddr;
+
+      if (krb_get_our_ip_for_realm(krb_realmofhost(host),
+				   &natAddr) != KSUCCESS
+	  && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
+	printf("Can't get address for realm %s\n",
+	       krb_realmofhost(host));
+      else {
+	if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
+	  printf("Using NAT IP address (%s) for kerberos 4\n",
+		 inet_ntoa(natAddr));
+	  localaddr->sin_addr = natAddr;
+	  
+	  /*
+	   * This not the best place to do this, but it
+	   * is here we know that (probably) NAT is in
+	   * use!
+	   */
+
+	  passivemode = 1;
+	  printf("Setting: Passive mode on.\n");
+	}
+      }
+    }
+#endif
+
+    printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
+    printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
+
+   if(base64_encode(adat.dat, adat.length, &p) < 0) {
+	printf("Out of memory base64-encoding.\n");
+	return AUTH_CONTINUE;
+    }
+    ret = command("ADAT %s", p);
+    free(p);
+
+    if(ret != COMPLETE){
+	printf("Server didn't accept auth data.\n");
+	return AUTH_ERROR;
+    }
+
+    p = strstr(reply_string, "ADAT=");
+    if(!p){
+	printf("Remote host didn't send adat reply.\n");
+	return AUTH_ERROR;
+    }
+    p += 5;
+    len = base64_decode(p, adat.dat);
+    if(len < 0){
+	printf("Failed to decode base64 from server.\n");
+	return AUTH_ERROR;
+    }
+    adat.length = len;
+    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
+		      (struct sockaddr_in *)hisctladdr, 
+		      (struct sockaddr_in *)myctladdr, &msg_data);
+    if(ret){
+	printf("Error reading reply from server: %s.\n", 
+	       krb_get_err_text(ret));
+	return AUTH_ERROR;
+    }
+    krb_get_int(msg_data.app_data, &cs, 4, 0);
+    if(cs - checksum != 1){
+	printf("Bad checksum returned from server.\n");
+	return AUTH_ERROR;
+    }
+    return AUTH_OK;
+}
+
+struct sec_client_mech krb4_client_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    krb4_init, /* init */
+    krb4_auth,
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode
+};
+
+#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
index 51139a8..ebf37e6 100644
--- a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
+++ b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: logwtmp.c,v 1.15 2000/09/19 13:17:05 assar Exp $");
+RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $");
 #endif
 
 #include <stdio.h>
diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c
index f8ec4ad..9dcd848 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ls.c
+++ b/crypto/heimdal/appl/ftp/ftpd/ls.c
@@ -33,7 +33,7 @@
 #ifndef TEST
 #include "ftpd_locl.h"
 
-RCSID("$Id: ls.c,v 1.26 2003/02/25 10:51:30 lha Exp $");
+RCSID("$Id: ls.c 16216 2005-10-22 13:15:43Z lha $");
 
 #else
 #include <stdio.h>
@@ -146,16 +146,16 @@ block_convert(size_t blocks)
 #endif
 }
 
-static void
+static int
 make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
 {
     char buf[128];
     int file_type = 0;
     struct stat *st = &file->st;
-
+    
     file->inode = st->st_ino;
     file->bsize = block_convert(st->st_blocks);
-
+    
     if(S_ISDIR(st->st_mode)) {
 	file->mode[0] = 'd';
 	file_type = '/';
@@ -218,31 +218,51 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
     {
 	struct passwd *pwd;
 	pwd = getpwuid(st->st_uid);
-	if(pwd == NULL)
-	    asprintf(&file->user, "%u", (unsigned)st->st_uid);
-	else
+	if(pwd == NULL) {
+	    if (asprintf(&file->user, "%u", (unsigned)st->st_uid) == -1)
+		file->user = NULL;
+	} else
 	    file->user = strdup(pwd->pw_name);
+	if (file->user == NULL) {
+	    syslog(LOG_ERR, "out of memory");
+	    return -1;
+	}
     }
     {
 	struct group *grp;
 	grp = getgrgid(st->st_gid);
-	if(grp == NULL)
-	    asprintf(&file->group, "%u", (unsigned)st->st_gid);
-	else
+	if(grp == NULL) {
+	    if (asprintf(&file->group, "%u", (unsigned)st->st_gid) == -1)
+		file->group = NULL;
+	} else
 	    file->group = strdup(grp->gr_name);
+	if (file->group == NULL) {
+	    syslog(LOG_ERR, "out of memory");
+	    return -1;
+	}
     }
     
     if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
 #if defined(major) && defined(minor)
-	asprintf(&file->major, "%u", (unsigned)major(st->st_rdev));
-	asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev));
+	if (asprintf(&file->major, "%u", (unsigned)major(st->st_rdev)) == -1)
+	    file->major = NULL;
+	if (asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev)) == -1)
+	    file->minor = NULL;
 #else
 	/* Don't want to use the DDI/DKI crap. */
-	asprintf(&file->major, "%u", (unsigned)st->st_rdev);
-	asprintf(&file->minor, "%u", 0);
+	if (asprintf(&file->major, "%u", (unsigned)st->st_rdev) == -1)
+	    file->major = NULL;
+	if (asprintf(&file->minor, "%u", 0) == -1)
+	    file->minor = NULL;
 #endif
-    } else
-	asprintf(&file->size, "%lu", (unsigned long)st->st_size);
+	if (file->major == NULL || file->minor == NULL) {
+	    syslog(LOG_ERR, "out of memory");
+	    return -1;
+	}
+    } else {
+	if (asprintf(&file->size, "%lu", (unsigned long)st->st_size) == -1)
+	    file->size = NULL;
+    }
 
     {
 	time_t t = time(NULL);
@@ -254,6 +274,10 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
 	else
 	    strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
 	file->date = strdup(buf);
+	if (file->date == NULL) {
+	    syslog(LOG_ERR, "out of memory");
+	    return -1;
+	}
     }
     {
 	const char *p = strrchr(filename, '/');
@@ -261,10 +285,15 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
 	    p++;
 	else
 	    p = filename;
-	if((flags & LS_TYPE) && file_type != 0)
-	    asprintf(&file->filename, "%s%c", p, file_type);
-	else
+	if((flags & LS_TYPE) && file_type != 0) {
+	    if (asprintf(&file->filename, "%s%c", p, file_type) == -1)
+		file->filename = NULL;
+	} else
 	    file->filename = strdup(p);
+	if (file->filename == NULL) {
+	    syslog(LOG_ERR, "out of memory");
+	    return -1;
+	}
     }
     if(S_ISLNK(st->st_mode)) {
 	int n;
@@ -272,9 +301,14 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
 	if(n >= 0) {
 	    buf[n] = '\0';
 	    file->link = strdup(buf);
+	    if (file->link == NULL) {
+		syslog(LOG_ERR, "out of memory");
+		return -1;
+	    }
 	} else
 	    sec_fprintf2(out, "readlink(%s): %s", filename, strerror(errno));
     }
+    return 0;
 }
 
 static void
@@ -356,7 +390,7 @@ compare_size(struct fileinfo *a, struct fileinfo *b)
 static int list_dir(FILE*, const char*, int);
 
 static int
-log10(int num)
+find_log10(int num)
 {
     int i = 1;
     while(num > 10) {
@@ -508,7 +542,9 @@ list_files(FILE *out, const char **files, int n_files, int flags)
 		    include_in_list = 0;
 	    }
 	    if(include_in_list) {
-		make_fileinfo(out, files[i], &fi[i], flags);
+		ret = make_fileinfo(out, files[i], &fi[i], flags);
+		if (ret)
+		    goto out;
 		n_print++;
 	    }
 	}
@@ -563,9 +599,9 @@ list_files(FILE *out, const char **files, int n_files, int flags)
 	    max_size = max_major + max_minor + 2;
 	else if(max_size - max_minor - 2 > max_major)
 	    max_major = max_size - max_minor - 2;
-	max_inode = log10(max_inode);
-	max_bsize = log10(max_bsize);
-	max_n_link = log10(max_n_link);
+	max_inode = find_log10(max_inode);
+	max_bsize = find_log10(max_bsize);
+	max_n_link = find_log10(max_n_link);
 	
 	if(n_print > 0)
 	    sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks);
@@ -611,8 +647,8 @@ list_files(FILE *out, const char **files, int n_files, int flags)
 	    }
 	    if(strlen(fi[i].filename) > max_len)
 		max_len = strlen(fi[i].filename);
-	    if(log10(fi[i].bsize) > size_len)
-		size_len = log10(fi[i].bsize);
+	    if(find_log10(fi[i].bsize) > size_len)
+		size_len = find_log10(fi[i].bsize);
 	}
 	if(num_files == 0)
 	    goto next;
@@ -729,6 +765,7 @@ list_dir(FILE *out, const char *directory, int flags)
     struct dirent *ent;
     char **files = NULL;
     int n_files = 0;
+    int ret;
 
     if(d == NULL) {
 	syslog(LOG_ERR, "%s: %m", directory);
@@ -747,8 +784,8 @@ list_dir(FILE *out, const char *directory, int flags)
 	    return -1;
 	}
 	files = tmp;
-	asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
-	if (files[n_files] == NULL) {
+	ret = asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
+	if (ret == -1) {
 	    syslog(LOG_ERR, "%s: out of memory", directory);
 	    free_files (files, n_files);
 	    closedir (d);
diff --git a/crypto/heimdal/appl/ftp/ftpd/pathnames.h b/crypto/heimdal/appl/ftp/ftpd/pathnames.h
index e4f5b44..8849029 100644
--- a/crypto/heimdal/appl/ftp/ftpd/pathnames.h
+++ b/crypto/heimdal/appl/ftp/ftpd/pathnames.h
@@ -57,5 +57,7 @@
 #define	_PATH_FTPWELCOME	SYSCONFDIR "/ftpwelcome"
 #define	_PATH_FTPLOGINMESG	SYSCONFDIR "/motd"
 
+#ifndef _PATH_ISSUE
 #define _PATH_ISSUE		SYSCONFDIR "/issue"
+#endif
 #define _PATH_ISSUE_NET		SYSCONFDIR "/issue.net"
diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c
index 708cae1..dc75fb4 100644
--- a/crypto/heimdal/appl/ftp/ftpd/popen.c
+++ b/crypto/heimdal/appl/ftp/ftpd/popen.c
@@ -37,7 +37,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: popen.c,v 1.26 2002/04/02 11:57:39 joda Exp $");
+RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $");
 #endif
 
 #include <sys/types.h>
diff --git a/crypto/heimdal/appl/ftp/ftpd/security.c b/crypto/heimdal/appl/ftp/ftpd/security.c
new file mode 100644
index 0000000..2a4803f
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/security.c
@@ -0,0 +1,883 @@
+/*
+ * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+
+RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $");
+
+static enum protection_level command_prot;
+static enum protection_level data_prot;
+static size_t buffer_size;
+
+struct buffer {
+    void *data;
+    size_t size;
+    size_t index;
+    int eof_flag;
+};
+
+static struct buffer in_buffer, out_buffer;
+int sec_complete;
+
+static struct {
+    enum protection_level level;
+    const char *name;
+} level_names[] = {
+    { prot_clear, "clear" },
+    { prot_safe, "safe" },
+    { prot_confidential, "confidential" },
+    { prot_private, "private" }
+};
+
+static const char *
+level_to_name(enum protection_level level)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(level_names[i].level == level)
+	    return level_names[i].name;
+    return "unknown";
+}
+
+#ifndef FTP_SERVER /* not used in server */
+static enum protection_level 
+name_to_level(const char *name)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(!strncasecmp(level_names[i].name, name, strlen(name)))
+	    return level_names[i].level;
+    return (enum protection_level)-1;
+}
+#endif
+
+#ifdef FTP_SERVER
+
+static struct sec_server_mech *mechs[] = {
+#ifdef KRB5
+    &gss_server_mech,
+#endif
+#ifdef KRB4
+    &krb4_server_mech,
+#endif
+    NULL
+};
+
+static struct sec_server_mech *mech;
+
+#else
+
+static struct sec_client_mech *mechs[] = {
+#ifdef KRB5
+    &gss_client_mech,
+#endif
+#ifdef KRB4
+    &krb4_client_mech,
+#endif
+    NULL
+};
+
+static struct sec_client_mech *mech;
+
+#endif
+
+static void *app_data;
+
+int
+sec_getc(FILE *F)
+{
+    if(sec_complete && data_prot) {
+	char c;
+	if(sec_read(fileno(F), &c, 1) <= 0)
+	    return EOF;
+	return c;
+    } else
+	return getc(F);
+}
+
+static int
+block_read(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = read(fd, p, len);
+	if (b == 0)
+	    return 0;
+	else if (b < 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+block_write(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = write(fd, p, len);
+	if(b < 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+sec_get_data(int fd, struct buffer *buf, int level)
+{
+    int len;
+    int b;
+    void *tmp;
+
+    b = block_read(fd, &len, sizeof(len));
+    if (b == 0)
+	return 0;
+    else if (b < 0)
+	return -1;
+    len = ntohl(len);
+    tmp = realloc(buf->data, len);
+    if (tmp == NULL)
+	return -1;
+    buf->data = tmp;
+    b = block_read(fd, buf->data, len);
+    if (b == 0)
+	return 0;
+    else if (b < 0)
+	return -1;
+    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
+    buf->index = 0;
+    return 0;
+}
+
+static size_t
+buffer_read(struct buffer *buf, void *dataptr, size_t len)
+{
+    len = min(len, buf->size - buf->index);
+    memcpy(dataptr, (char*)buf->data + buf->index, len);
+    buf->index += len;
+    return len;
+}
+
+static size_t
+buffer_write(struct buffer *buf, void *dataptr, size_t len)
+{
+    if(buf->index + len > buf->size) {
+	void *tmp;
+	if(buf->data == NULL)
+	    tmp = malloc(1024);
+	else
+	    tmp = realloc(buf->data, buf->index + len);
+	if(tmp == NULL)
+	    return -1;
+	buf->data = tmp;
+	buf->size = buf->index + len;
+    }
+    memcpy((char*)buf->data + buf->index, dataptr, len);
+    buf->index += len;
+    return len;
+}
+
+int
+sec_read(int fd, void *dataptr, int length)
+{
+    size_t len;
+    int rx = 0;
+
+    if(sec_complete == 0 || data_prot == 0)
+	return read(fd, dataptr, length);
+
+    if(in_buffer.eof_flag){
+	in_buffer.eof_flag = 0;
+	return 0;
+    }
+    
+    len = buffer_read(&in_buffer, dataptr, length);
+    length -= len;
+    rx += len;
+    dataptr = (char*)dataptr + len;
+    
+    while(length){
+	int ret;
+
+	ret = sec_get_data(fd, &in_buffer, data_prot);
+	if (ret < 0)
+	    return -1;
+	if(ret == 0 && in_buffer.size == 0) {
+	    if(rx)
+		in_buffer.eof_flag = 1;
+	    return rx;
+	}
+	len = buffer_read(&in_buffer, dataptr, length);
+	length -= len;
+	rx += len;
+	dataptr = (char*)dataptr + len;
+    }
+    return rx;
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+    int bytes;
+    void *buf;
+    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
+    bytes = htonl(bytes);
+    block_write(fd, &bytes, sizeof(bytes));
+    block_write(fd, buf, ntohl(bytes));
+    free(buf);
+    return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+    if(data_prot != prot_clear) {
+	if(out_buffer.index > 0){
+	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	    out_buffer.index = 0;
+	}
+	sec_send(fileno(F), NULL, 0);
+    }
+    fflush(F);
+    return 0;
+}
+
+int
+sec_write(int fd, char *dataptr, int length)
+{
+    int len = buffer_size;
+    int tx = 0;
+      
+    if(data_prot == prot_clear)
+	return write(fd, dataptr, length);
+
+    len -= (*mech->overhead)(app_data, data_prot, len);
+    while(length){
+	if(length < len)
+	    len = length;
+	sec_send(fd, dataptr, len);
+	length -= len;
+	dataptr += len;
+	tx += len;
+    }
+    return tx;
+}
+
+int
+sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
+{
+    char *buf;
+    int ret;
+    if(data_prot == prot_clear)
+	return vfprintf(f, fmt, ap);
+    else {
+	int len;
+	len = vasprintf(&buf, fmt, ap);
+	if (len == -1)
+	    return len;
+	ret = buffer_write(&out_buffer, buf, len);
+	free(buf);
+	return ret;
+    }
+}
+
+int
+sec_fprintf2(FILE *f, const char *fmt, ...)
+{
+    int ret;
+    va_list ap;
+    va_start(ap, fmt);
+    ret = sec_vfprintf2(f, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+int
+sec_putc(int c, FILE *F)
+{
+    char ch = c;
+    if(data_prot == prot_clear)
+	return putc(c, F);
+    
+    buffer_write(&out_buffer, &ch, 1);
+    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
+	sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	out_buffer.index = 0;
+    }
+    return c;
+}
+
+int
+sec_read_msg(char *s, int level)
+{
+    int len;
+    char *buf;
+    int return_code;
+    
+    buf = malloc(strlen(s));
+    len = base64_decode(s + 4, buf); /* XXX */
+    
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len < 0)
+	return -1;
+    
+    buf[len] = '\0';
+
+    if(buf[3] == '-')
+	return_code = 0;
+    else
+	sscanf(buf, "%d", &return_code);
+    if(buf[len-1] == '\n')
+	buf[len-1] = '\0';
+    strcpy(s, buf);
+    free(buf);
+    return return_code;
+}
+
+int
+sec_vfprintf(FILE *f, const char *fmt, va_list ap)
+{
+    char *buf;
+    void *enc;
+    int len;
+    if(!sec_complete)
+	return vfprintf(f, fmt, ap);
+    
+    if (vasprintf(&buf, fmt, ap) == -1) {
+	printf("Failed to allocate command.\n");
+	return -1;
+    }
+    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
+    free(buf);
+    if(len < 0) {
+	printf("Failed to encode command.\n");
+	return -1;
+    }
+    if(base64_encode(enc, len, &buf) < 0){
+	free(enc);
+	printf("Out of memory base64-encoding.\n");
+	return -1;
+    }
+    free(enc);
+#ifdef FTP_SERVER
+    if(command_prot == prot_safe)
+	fprintf(f, "631 %s\r\n", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "632 %s\r\n", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "633 %s\r\n", buf);
+#else
+    if(command_prot == prot_safe)
+	fprintf(f, "MIC %s", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "ENC %s", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "CONF %s", buf);
+#endif
+    free(buf);
+    return 0;
+}
+
+int
+sec_fprintf(FILE *f, const char *fmt, ...)
+{
+    va_list ap;
+    int ret;
+    va_start(ap, fmt);
+    ret = sec_vfprintf(f, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+int ccc_passed;
+
+void
+auth(char *auth_name)
+{
+    int i;
+    void *tmp;
+
+    for(i = 0; (mech = mechs[i]) != NULL; i++){
+	if(!strcasecmp(auth_name, mech->name)){
+	    tmp = realloc(app_data, mech->size);
+	    if (tmp == NULL) {
+		reply(431, "Unable to accept %s at this time", mech->name);
+		return;
+	    }
+	    app_data = tmp;
+
+	    if(mech->init && (*mech->init)(app_data) != 0) {
+		reply(431, "Unable to accept %s at this time", mech->name);
+		return;
+	    }
+	    if(mech->auth) {
+		(*mech->auth)(app_data);
+		return;
+	    }
+	    if(mech->adat)
+		reply(334, "Send authorization data.");
+	    else
+		reply(234, "Authorization complete.");
+	    return;
+	}
+    }
+    free (app_data);
+    app_data = NULL;
+    reply(504, "%s is unknown to me", auth_name);
+}
+
+void
+adat(char *auth_data)
+{
+    if(mech && !sec_complete) {
+	void *buf = malloc(strlen(auth_data));
+	size_t len;
+	len = base64_decode(auth_data, buf);
+	(*mech->adat)(app_data, buf, len);
+	free(buf);
+    } else
+	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
+}
+
+void pbsz(int size)
+{
+    size_t new = size;
+    if(!sec_complete)
+	reply(503, "Incomplete security data exchange.");
+    if(mech->pbsz)
+	new = (*mech->pbsz)(app_data, size);
+    if(buffer_size != new){
+	buffer_size = size;
+    }
+    if(new != size)
+	reply(200, "PBSZ=%lu", (unsigned long)new);
+    else
+	reply(200, "OK");
+}
+
+void
+prot(char *pl)
+{
+    int p = -1;
+
+    if(buffer_size == 0){
+	reply(503, "No protection buffer size negotiated.");
+	return;
+    }
+
+    if(!strcasecmp(pl, "C"))
+	p = prot_clear;
+    else if(!strcasecmp(pl, "S"))
+	p = prot_safe;
+    else if(!strcasecmp(pl, "E"))
+	p = prot_confidential;
+    else if(!strcasecmp(pl, "P"))
+	p = prot_private;
+    else {
+	reply(504, "Unrecognized protection level.");
+	return;
+    }
+    
+    if(sec_complete){
+	if((*mech->check_prot)(app_data, p)){
+	    reply(536, "%s does not support %s protection.", 
+		  mech->name, level_to_name(p));
+	}else{
+	    data_prot = (enum protection_level)p;
+	    reply(200, "Data protection is %s.", level_to_name(p));
+	}
+    }else{
+	reply(503, "Incomplete security data exchange.");
+    }
+}
+
+void ccc(void)
+{
+    if(sec_complete){
+	if(mech->ccc && (*mech->ccc)(app_data) == 0) {
+	    command_prot = data_prot = prot_clear;
+	    ccc_passed = 1;
+	} else
+	    reply(534, "You must be joking.");
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void mec(char *msg, enum protection_level level)
+{
+    void *buf;
+    size_t len, buf_size;
+    if(!sec_complete) {
+	reply(503, "Incomplete security data exchange.");
+	return;
+    }
+    buf_size = strlen(msg) + 2;
+    buf = malloc(buf_size);
+    len = base64_decode(msg, buf);
+    command_prot = level;
+    if(len == (size_t)-1) {
+	reply(501, "Failed to base64-decode command");
+	return;
+    }
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len == (size_t)-1) {
+	reply(535, "Failed to decode command");
+	return;
+    }
+    ((char*)buf)[len] = '\0';
+    if(strstr((char*)buf, "\r\n") == NULL)
+	strlcat((char*)buf, "\r\n", buf_size);
+    new_ftp_command(buf);
+}
+
+/* ------------------------------------------------------------ */
+
+int
+sec_userok(char *userstr)
+{
+    if(sec_complete)
+	return (*mech->userok)(app_data, userstr);
+    return 0;
+}
+
+int
+sec_session(char *user)
+{
+    if(sec_complete && mech->session)
+	return (*mech->session)(app_data, user);
+    return 0;
+}
+
+char *ftp_command;
+
+void
+new_ftp_command(char *command)
+{
+    ftp_command = command;
+}
+
+void
+delete_ftp_command(void)
+{
+    free(ftp_command);
+    ftp_command = NULL;
+}
+
+int
+secure_command(void)
+{
+    return ftp_command != NULL;
+}
+
+enum protection_level
+get_command_prot(void)
+{
+    return command_prot;
+}
+
+#else /* FTP_SERVER */
+
+void
+sec_status(void)
+{
+    if(sec_complete){
+	printf("Using %s for authentication.\n", mech->name);
+	printf("Using %s command channel.\n", level_to_name(command_prot));
+	printf("Using %s data channel.\n", level_to_name(data_prot));
+	if(buffer_size > 0)
+	    printf("Protection buffer size: %lu.\n", 
+		   (unsigned long)buffer_size);
+    }else{
+	printf("Not using any security mechanism.\n");
+    }
+}
+
+static int
+sec_prot_internal(int level)
+{
+    int ret;
+    char *p;
+    unsigned int s = 1048576;
+
+    int old_verbose = verbose;
+    verbose = 0;
+
+    if(!sec_complete){
+	printf("No security data exchange has taken place.\n");
+	return -1;
+    }
+
+    if(level){
+	ret = command("PBSZ %u", s);
+	if(ret != COMPLETE){
+	    printf("Failed to set protection buffer size.\n");
+	    return -1;
+	}
+	buffer_size = s;
+	p = strstr(reply_string, "PBSZ=");
+	if(p)
+	    sscanf(p, "PBSZ=%u", &s);
+	if(s < buffer_size)
+	    buffer_size = s;
+    }
+    verbose = old_verbose;
+    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+    if(ret != COMPLETE){
+	printf("Failed to set protection level.\n");
+	return -1;
+    }
+    
+    data_prot = (enum protection_level)level;
+    return 0;
+}
+
+enum protection_level
+set_command_prot(enum protection_level level)
+{
+    int ret;
+    enum protection_level old = command_prot;
+    if(level != command_prot && level == prot_clear) {
+	ret = command("CCC");
+	if(ret != COMPLETE) {
+	    printf("Failed to clear command channel.\n");
+	    return -1;
+	}
+    }
+    command_prot = level;
+    return old;
+}
+
+void
+sec_prot(int argc, char **argv)
+{
+    int level = -1;
+
+    if(argc > 3)
+	goto usage;
+
+    if(argc == 1) {
+	sec_status();
+	return;
+    }
+    if(!sec_complete) {
+	printf("No security data exchange has taken place.\n");
+	code = -1;
+	return;
+    }
+    level = name_to_level(argv[argc - 1]);
+    
+    if(level == -1)
+	goto usage;
+    
+    if((*mech->check_prot)(app_data, level)) {
+	printf("%s does not implement %s protection.\n", 
+	       mech->name, level_to_name(level));
+	code = -1;
+	return;
+    }
+    
+    if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
+	if(sec_prot_internal(level) < 0){
+	    code = -1;
+	    return;
+	}
+    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
+	if(set_command_prot(level) < 0) {
+	    code = -1;
+	    return;
+	}
+    } else
+	goto usage;
+    code = 0;
+    return;
+ usage:
+    printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
+	   argv[0]);
+    code = -1;
+}
+
+void
+sec_prot_command(int argc, char **argv)
+{
+    int level;
+
+    if(argc > 2)
+	goto usage;
+
+    if(!sec_complete) {
+	printf("No security data exchange has taken place.\n");
+	code = -1;
+	return;
+    }
+
+    if(argc == 1) {
+	sec_status();
+    } else {
+	level = name_to_level(argv[1]);
+	if(level == -1)
+	    goto usage;
+    
+	if((*mech->check_prot)(app_data, level)) {
+	    printf("%s does not implement %s protection.\n", 
+		   mech->name, level_to_name(level));
+	    code = -1;
+	    return;
+	}
+	if(set_command_prot(level) < 0) {
+	    code = -1;
+	    return;
+	}
+    }
+    code = 0;
+    return;
+ usage:
+    printf("usage: %s [clear|safe|confidential|private]\n",
+	   argv[0]);
+    code = -1;
+}
+
+static enum protection_level request_data_prot;
+
+void
+sec_set_protection_level(void)
+{
+    if(sec_complete && data_prot != request_data_prot)
+	sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+    int l = name_to_level(level);
+    if(l == -1)
+	return -1;
+    request_data_prot = (enum protection_level)l;
+    return 0;
+}
+
+int
+sec_login(char *host)
+{
+    int ret;
+    struct sec_client_mech **m;
+    int old_verbose = verbose;
+
+    verbose = -1; /* shut up all messages this will produce (they
+		     are usually not very user friendly) */
+    
+    for(m = mechs; *m && (*m)->name; m++) {
+	void *tmp;
+
+	tmp = realloc(app_data, (*m)->size);
+	if (tmp == NULL) {
+	    warnx ("realloc %lu failed", (unsigned long)(*m)->size);
+	    return -1;
+	}
+	app_data = tmp;
+	    
+	if((*m)->init && (*(*m)->init)(app_data) != 0) {
+	    printf("Skipping %s...\n", (*m)->name);
+	    continue;
+	}
+	printf("Trying %s...\n", (*m)->name);
+	ret = command("AUTH %s", (*m)->name);
+	if(ret != CONTINUE){
+	    if(code == 504){
+		printf("%s is not supported by the server.\n", (*m)->name);
+	    }else if(code == 534){
+		printf("%s rejected as security mechanism.\n", (*m)->name);
+	    }else if(ret == ERROR) {
+		printf("The server doesn't support the FTP "
+		       "security extensions.\n");
+		verbose = old_verbose;
+		return -1;
+	    }
+	    continue;
+	}
+
+	ret = (*(*m)->auth)(app_data, host);
+	
+	if(ret == AUTH_CONTINUE)
+	    continue;
+	else if(ret != AUTH_OK){
+	    /* mechanism is supposed to output error string */
+	    verbose = old_verbose;
+	    return -1;
+	}
+	mech = *m;
+	sec_complete = 1;
+	if(doencrypt) {
+	    command_prot = prot_private;
+	    request_data_prot = prot_private; 
+	} else {
+	    command_prot = prot_safe;
+	}
+	break;
+    }
+    
+    verbose = old_verbose;
+    return *m == NULL;
+}
+
+void
+sec_end(void)
+{
+    if (mech != NULL) {
+	if(mech->end)
+	    (*mech->end)(app_data);
+	if (app_data != NULL) {
+	    memset(app_data, 0, mech->size);
+	    free(app_data);
+	    app_data = NULL;
+	}
+    }
+    sec_complete = 0;
+    data_prot = (enum protection_level)0;
+}
+
+#endif /* FTP_SERVER */
+
diff --git a/crypto/heimdal/appl/gssmask/Makefile.am b/crypto/heimdal/appl/gssmask/Makefile.am
new file mode 100644
index 0000000..347a27e
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/Makefile.am
@@ -0,0 +1,12 @@
+# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_PROGRAMS = gssmask gssmaestro
+
+gssmask_SOURCES = gssmask.c common.c common.h protocol.h
+
+gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
+
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+
diff --git a/crypto/heimdal/appl/gssmask/Makefile.in b/crypto/heimdal/appl/gssmask/Makefile.in
new file mode 100644
index 0000000..a510922
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/Makefile.in
@@ -0,0 +1,760 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $
+
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
+
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(top_srcdir)/Makefile.am.common \
+	$(top_srcdir)/cf/Makefile.am.common
+noinst_PROGRAMS = gssmask$(EXEEXT) gssmaestro$(EXEEXT)
+subdir = appl/gssmask
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
+	$(top_srcdir)/cf/broken-glob.m4 \
+	$(top_srcdir)/cf/broken-realloc.m4 \
+	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+	$(top_srcdir)/cf/capabilities.m4 \
+	$(top_srcdir)/cf/check-compile-et.m4 \
+	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+	$(top_srcdir)/cf/check-man.m4 \
+	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+	$(top_srcdir)/cf/check-type-extra.m4 \
+	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+	$(top_srcdir)/cf/dlopen.m4 \
+	$(top_srcdir)/cf/find-func-no-libs.m4 \
+	$(top_srcdir)/cf/find-func-no-libs2.m4 \
+	$(top_srcdir)/cf/find-func.m4 \
+	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
+	$(top_srcdir)/cf/have-struct-field.m4 \
+	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+	$(top_srcdir)/cf/krb-bigendian.m4 \
+	$(top_srcdir)/cf/krb-func-getlogin.m4 \
+	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+	$(top_srcdir)/cf/krb-readline.m4 \
+	$(top_srcdir)/cf/krb-struct-spwd.m4 \
+	$(top_srcdir)/cf/krb-struct-winsize.m4 \
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_gssmaestro_OBJECTS = gssmaestro.$(OBJEXT) common.$(OBJEXT)
+gssmaestro_OBJECTS = $(am_gssmaestro_OBJECTS)
+gssmaestro_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+gssmaestro_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+	$(am__DEPENDENCIES_1)
+am_gssmask_OBJECTS = gssmask.$(OBJEXT) common.$(OBJEXT)
+gssmask_OBJECTS = $(am_gssmask_OBJECTS)
+gssmask_LDADD = $(LDADD)
+gssmask_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+	$(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
+DIST_SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+
+@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+gssmask_SOURCES = gssmask.c common.c common.h protocol.h
+gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/gssmask/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  --ignore-deps appl/gssmask/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstPROGRAMS:
+	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
+	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  echo " rm -f $$p $$f"; \
+	  rm -f $$p $$f ; \
+	done
+gssmaestro$(EXEEXT): $(gssmaestro_OBJECTS) $(gssmaestro_DEPENDENCIES) 
+	@rm -f gssmaestro$(EXEEXT)
+	$(LINK) $(gssmaestro_OBJECTS) $(gssmaestro_LDADD) $(LIBS)
+gssmask$(EXEEXT): $(gssmask_OBJECTS) $(gssmask_DEPENDENCIES) 
+	@rm -f gssmask$(EXEEXT)
+	$(LINK) $(gssmask_OBJECTS) $(gssmask_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+.c.o:
+	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) \
+	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
+	  dist-hook
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+	clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
+	dist-hook distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+
+check-local::
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
+	  foo='$(CHECK_LOCAL)'; else \
+	  foo='$(PROGRAMS)'; fi; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0 || exit 1; \
+	fi
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/gssmask/common.c b/crypto/heimdal/appl/gssmask/common.c
new file mode 100644
index 0000000..a57b803
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/common.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <common.h>
+RCSID("$Id: common.c 18900 2006-11-03 05:21:01Z lha $");
+
+krb5_error_code
+store_string(krb5_storage *sp, const char *str)
+{
+    size_t len = strlen(str) + 1;
+    krb5_error_code ret;
+
+    ret = krb5_store_int32(sp, len);
+    if (ret)
+	return ret;
+    ret = krb5_storage_write(sp, str, len);
+    if (ret != len)
+	return EINVAL;
+    return 0;
+}
+
+static void
+add_list(char ****list, size_t *listlen, char **str, size_t len)
+{
+    size_t i;
+    *list = erealloc(*list, sizeof(**list) * (*listlen + 1));
+
+    (*list)[*listlen] = ecalloc(len, sizeof(**list));
+    for (i = 0; i < len; i++)
+	(*list)[*listlen][i] = str[i];
+    (*listlen)++;
+}
+
+static void
+permute(char ****list, size_t *listlen, 
+	char **str, const int start, const int len) 
+{
+    int i, j;
+
+#define SWAP(s,i,j) { char *t = str[i]; str[i] = str[j]; str[j] = t; }
+
+    for (i = start; i < len - 1; i++) {
+	for (j = i+1; j < len; j++) {
+	    SWAP(str,i,j);
+	    permute(list, listlen, str, i+1, len);
+	    SWAP(str,i,j);
+	}
+    }
+    add_list(list, listlen, str, len);
+}
+
+char ***
+permutate_all(struct getarg_strings *strings, size_t *size)
+{
+    char **list, ***all = NULL;
+    int i;
+
+    *size = 0;
+
+    list = ecalloc(strings->num_strings, sizeof(*list));
+    for (i = 0; i < strings->num_strings; i++)
+	list[i] = strings->strings[i];
+
+    permute(&all, size, list, 0, strings->num_strings);
+    free(list);
+    return all;
+}
diff --git a/crypto/heimdal/appl/gssmask/common.h b/crypto/heimdal/appl/gssmask/common.h
new file mode 100644
index 0000000..a44339e
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/common.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: common.h 18250 2006-10-06 07:22:00Z lha $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/* 
+ * pthread support is disable because the pthread
+ * test have no "application pthread libflags" variable,
+ * when this is fixed pthread support can be enabled again.
+ */
+#undef ENABLE_PTHREAD_SUPPORT
+
+#include <sys/param.h>
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#include <assert.h>
+#include <krb5.h>
+#include <gssapi.h>
+#include <unistd.h>
+
+#include <roken.h>
+#include <getarg.h>
+
+#include "protocol.h"
+
+krb5_error_code store_string(krb5_storage *, const char *);
+
+
+#define ret16(_client, num)					\
+    do {							\
+        if (krb5_ret_int16((_client)->sock, &(num)) != 0)	\
+	    errx(1, "krb5_ret_int16 " #num);		\
+    } while(0)
+
+#define ret32(_client, num)					\
+    do {							\
+        if (krb5_ret_int32((_client)->sock, &(num)) != 0)	\
+	    errx(1, "krb5_ret_int32 " #num);		\
+    } while(0)
+
+#define retdata(_client, data)					\
+    do {							\
+        if (krb5_ret_data((_client)->sock, &(data)) != 0)	\
+	    errx(1, "krb5_ret_data " #data);		\
+    } while(0)
+
+#define retstring(_client, data)					\
+    do {							\
+        if (krb5_ret_string((_client)->sock, &(data)) != 0)	\
+	    errx(1, "krb5_ret_data " #data);		\
+    } while(0)
+
+
+#define put32(_client, num)					\
+    do {							\
+        if (krb5_store_int32((_client)->sock, num) != 0)	\
+	    errx(1, "krb5_store_int32 " #num);	\
+    } while(0)
+
+#define putdata(_client, data)					\
+    do {							\
+        if (krb5_store_data((_client)->sock, data) != 0)	\
+	    errx(1, "krb5_store_data " #data);	\
+    } while(0)
+
+#define putstring(_client, str)					\
+    do {							\
+        if (store_string((_client)->sock, str) != 0)		\
+	    errx(1, "krb5_store_str " #str);			\
+    } while(0)
+
+char *** permutate_all(struct getarg_strings *, size_t *);
diff --git a/crypto/heimdal/appl/gssmask/gssmaestro.c b/crypto/heimdal/appl/gssmask/gssmaestro.c
new file mode 100644
index 0000000..610c53f
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/gssmaestro.c
@@ -0,0 +1,851 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <common.h>
+RCSID("$Id: gssmaestro.c 21605 2007-07-17 06:51:57Z lha $");
+
+static FILE *logfile;
+
+/*
+ *
+ */
+
+struct client {
+    char *name;
+    struct sockaddr *sa;
+    socklen_t salen;
+    krb5_storage *sock;
+    int32_t capabilities;
+    char *target_name;
+    char *moniker;
+    krb5_storage *logsock;
+    int have_log;
+#ifdef ENABLE_PTHREAD_SUPPORT
+    pthread_t thr;
+#else
+    pid_t child;
+#endif
+};
+
+static struct client **clients;
+static int num_clients;
+
+static int
+init_sec_context(struct client *client, 
+		 int32_t *hContext, int32_t *hCred,
+		 int32_t flags, 
+		 const char *targetname,
+		 const krb5_data *itoken, krb5_data *otoken)
+{
+    int32_t val;
+    krb5_data_zero(otoken);
+    put32(client, eInitContext);
+    put32(client, *hContext);
+    put32(client, *hCred);
+    put32(client, flags);
+    putstring(client, targetname);
+    putdata(client, *itoken);
+    ret32(client, *hContext);
+    ret32(client, val);
+    retdata(client, *otoken);
+    return val;
+}
+
+static int
+accept_sec_context(struct client *client, 
+		   int32_t *hContext,
+		   int32_t flags,
+		   const krb5_data *itoken,
+		   krb5_data *otoken,
+		   int32_t *hDelegCred)
+{
+    int32_t val;
+    krb5_data_zero(otoken);
+    put32(client, eAcceptContext);
+    put32(client, *hContext);
+    put32(client, flags);
+    putdata(client, *itoken);
+    ret32(client, *hContext);
+    ret32(client, val);
+    retdata(client, *otoken);
+    ret32(client, *hDelegCred);
+    return val;
+}
+
+static int
+acquire_cred(struct client *client, 
+	     const char *username,
+	     const char *password,
+	     int32_t flags,
+	     int32_t *hCred)
+{
+    int32_t val;
+    put32(client, eAcquireCreds);
+    putstring(client, username);
+    putstring(client, password);
+    put32(client, flags);
+    ret32(client, val);
+    ret32(client, *hCred);
+    return val;
+}
+
+static int
+toast_resource(struct client *client, 
+	       int32_t hCred)
+{
+    int32_t val;
+    put32(client, eToastResource);
+    put32(client, hCred);
+    ret32(client, val);
+    return val;
+}
+
+static int
+goodbye(struct client *client)
+{
+    put32(client, eGoodBye);
+    return GSMERR_OK;
+}
+
+static int
+get_targetname(struct client *client, 
+	       char **target)
+{
+    put32(client, eGetTargetName);
+    retstring(client, *target);
+    return GSMERR_OK;
+}
+
+static int32_t
+encrypt_token(struct client *client, int32_t hContext, int32_t flags,
+	   krb5_data *in, krb5_data *out)
+{
+    int32_t val;
+    put32(client, eEncrypt);
+    put32(client, hContext);
+    put32(client, flags);
+    put32(client, 0);
+    putdata(client, *in);
+    ret32(client, val);
+    retdata(client, *out);
+    return val;
+}
+
+static int32_t
+decrypt_token(struct client *client, int32_t hContext, int flags, 
+	     krb5_data *in, krb5_data *out)
+{
+    int32_t val;
+    put32(client, eDecrypt);
+    put32(client, hContext);
+    put32(client, flags);
+    put32(client, 0);
+    putdata(client, *in);
+    ret32(client, val);
+    retdata(client, *out);
+    return val;
+}
+
+static int32_t
+get_mic(struct client *client, int32_t hContext,
+	krb5_data *in, krb5_data *mic)
+{
+    int32_t val;
+    put32(client, eSign);
+    put32(client, hContext);
+    put32(client, 0);
+    put32(client, 0);
+    putdata(client, *in);
+    ret32(client, val);
+    retdata(client, *mic);
+    return val;
+}
+
+static int32_t
+verify_mic(struct client *client, int32_t hContext, 
+	   krb5_data *in, krb5_data *mic)
+{
+    int32_t val;
+    put32(client, eVerify);
+    put32(client, hContext);
+    put32(client, 0);
+    put32(client, 0);
+    putdata(client, *in);
+    putdata(client, *mic);
+    ret32(client, val);
+    return val;
+}
+
+
+static int32_t
+get_version_capa(struct client *client, 
+		 int32_t *version, int32_t *capa,
+		 char **version_str)
+{
+    put32(client, eGetVersionAndCapabilities);
+    ret32(client, *version);
+    ret32(client, *capa);
+    retstring(client, *version_str);
+    return GSMERR_OK;
+}
+
+static int32_t
+get_moniker(struct client *client, 
+	    char **moniker)
+{
+    put32(client, eGetMoniker);
+    retstring(client, *moniker);
+    return GSMERR_OK;
+}
+
+static int
+wait_log(struct client *c)
+{
+    int32_t port;
+    struct sockaddr_storage sast;
+    socklen_t salen = sizeof(sast);
+    int fd, fd2, ret;
+
+    memset(&sast, 0, sizeof(sast));
+
+    assert(sizeof(sast) >= c->salen);
+
+    fd = socket(c->sa->sa_family, SOCK_STREAM, 0);
+    if (fd < 0)
+	err(1, "failed to build socket for %s's logging port", c->moniker);
+
+    ((struct sockaddr *)&sast)->sa_family = c->sa->sa_family;
+    ret = bind(fd, (struct sockaddr *)&sast, c->salen);
+    if (ret < 0)
+	err(1, "failed to bind %s's logging port", c->moniker);
+
+    if (listen(fd, SOMAXCONN) < 0)
+	err(1, "failed to listen %s's logging port", c->moniker);
+
+    salen = sizeof(sast);
+    ret = getsockname(fd, (struct sockaddr *)&sast, &salen);
+    if (ret < 0)
+	err(1, "failed to get address of local socket for %s", c->moniker);
+
+    port = socket_get_port((struct sockaddr *)&sast);
+
+    put32(c, eSetLoggingSocket);
+    put32(c, ntohs(port));
+
+    salen = sizeof(sast);
+    fd2 = accept(fd, (struct sockaddr *)&sast, &salen);
+    if (fd2 < 0)
+	err(1, "failed to accept local socket for %s", c->moniker);
+    close(fd);
+
+    return fd2;
+}
+
+
+
+
+static int
+build_context(struct client *ipeer, struct client *apeer,
+	      int32_t flags, int32_t hCred,
+	      int32_t *iContext, int32_t *aContext, int32_t *hDelegCred)
+{
+    int32_t val = GSMERR_ERROR, ic = 0, ac = 0, deleg = 0;
+    krb5_data itoken, otoken;
+    int iDone = 0, aDone = 0;
+    int step = 0;
+    int first_call = 0x80;
+
+    if (apeer->target_name == NULL)
+	errx(1, "apeer %s have no target name", apeer->name);
+
+    krb5_data_zero(&itoken);
+
+    while (!iDone || !aDone) {
+	
+	if (iDone) {
+	    warnx("iPeer already done, aPeer want extra rtt");
+	    val = GSMERR_ERROR;
+	    goto out;
+	}
+
+	val = init_sec_context(ipeer, &ic, &hCred, flags|first_call,
+			       apeer->target_name, &itoken, &otoken);
+	step++;
+	switch(val) {
+	case GSMERR_OK:
+	    iDone = 1;
+	    if (aDone)
+		continue;
+	    break;
+	case GSMERR_CONTINUE_NEEDED:
+	    break;
+	default:
+	    warnx("iPeer %s failed with %d (step %d)", 
+		  ipeer->name, (int)val, step);
+	    goto out;
+	}
+
+	if (aDone) {
+	    warnx("aPeer already done, iPeer want extra rtt");
+	    val = GSMERR_ERROR;
+	    goto out;
+	}
+
+	val = accept_sec_context(apeer, &ac, flags|first_call,
+				 &otoken, &itoken, &deleg);
+	step++;
+	switch(val) {
+	case GSMERR_OK:
+	    aDone = 1;
+	    if (iDone)
+		continue;
+	    break;
+	case GSMERR_CONTINUE_NEEDED:
+	    break;
+	default:
+	    warnx("aPeer %s failed with %d (step %d)",
+		 apeer->name, (int)val, step);
+	    val = GSMERR_ERROR;
+	    goto out;
+	}
+	first_call = 0;
+	val = GSMERR_OK;
+    }
+
+    if (iContext == NULL || val != GSMERR_OK) {
+	if (ic)
+	    toast_resource(ipeer, ic);
+	if (iContext)
+	    *iContext = 0;
+    } else
+	*iContext = ic;
+
+    if (aContext == NULL || val != GSMERR_OK) {
+	if (ac)
+	    toast_resource(apeer, ac);
+	if (aContext)
+	    *aContext = 0;
+    } else
+	*aContext = ac;
+
+    if (hDelegCred == NULL || val != GSMERR_OK) {
+	if (deleg)
+	    toast_resource(apeer, deleg);
+	if (hDelegCred)
+	    *hDelegCred = 0;
+    } else
+	*hDelegCred = deleg;
+
+out:
+    return val;
+}
+			 
+static void
+test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
+{
+    krb5_data msg, mic;
+    int32_t val;
+    
+    msg.data = "foo";
+    msg.length = 3;
+
+    krb5_data_zero(&mic);
+
+    val = get_mic(c1, hc1, &msg, &mic);
+    if (val)
+	errx(1, "get_mic failed to host: %s", c1->moniker);
+    val = verify_mic(c2, hc2, &msg, &mic);
+    if (val)
+	errx(1, "verify_mic failed to host: %s", c2->moniker);
+
+    krb5_data_free(&mic);
+}
+
+static int32_t
+test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, 
+	  int conf)
+{
+    krb5_data msg, wrapped, out;
+    int32_t val;
+    
+    msg.data = "foo";
+    msg.length = 3;
+
+    krb5_data_zero(&wrapped);
+    krb5_data_zero(&out);
+
+    val = encrypt_token(c1, hc1, conf, &msg, &wrapped);
+    if (val) {
+	warnx("encrypt_token failed to host: %s", c1->moniker);
+	return val;
+    }
+    val = decrypt_token(c2, hc2, conf, &wrapped, &out);
+    if (val) {
+	krb5_data_free(&wrapped);
+	warnx("decrypt_token failed to host: %s", c2->moniker);
+	return val;
+    }
+
+    if (msg.length != out.length) {
+	warnx("decrypted'ed token have wrong length (%lu != %lu)",
+	      (unsigned long)msg.length, (unsigned long)out.length);
+	val = GSMERR_ERROR;
+    } else if (memcmp(msg.data, out.data, msg.length) != 0) {
+	warnx("decryptd'ed token have wrong data");
+	val = GSMERR_ERROR;
+    }
+
+    krb5_data_free(&wrapped);
+    krb5_data_free(&out);
+    return val;
+}
+
+static int32_t
+test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
+{
+    int32_t val;
+    int i;
+
+    for (i = 0; i < 10; i++) {
+	test_mic(c1, hc1, c2, hc2);
+	test_mic(c2, hc2, c1, hc1);
+	val = test_wrap(c1, hc1, c2, hc2, 0);
+	if (val) return val;
+	val = test_wrap(c2, hc2, c1, hc1, 0);
+	if (val) return val;
+	val = test_wrap(c1, hc1, c2, hc2, 1);
+	if (val) return val;
+	val = test_wrap(c2, hc2, c1, hc1, 1);
+	if (val) return val;
+    }
+    return GSMERR_OK;
+}
+
+static int
+log_function(void *ptr)
+{
+    struct client *c = ptr;
+    int32_t cmd, line;
+    char *file, *string;
+
+    while (1) {
+        if (krb5_ret_int32(c->logsock, &cmd))
+	    goto out;
+
+	switch (cmd) {
+	case eLogSetMoniker:
+	    if (krb5_ret_string(c->logsock, &file))
+		goto out;
+	    free(file);
+	    break;
+	case eLogInfo:
+	case eLogFailure:
+	    if (krb5_ret_string(c->logsock, &file))
+		goto out;
+	    if (krb5_ret_int32(c->logsock, &line))
+		goto out;
+	    if (krb5_ret_string(c->logsock, &string))
+		goto out;
+	    printf("%s:%lu: %s\n", 
+		   file, (unsigned long)line, string);
+	    fprintf(logfile, "%s:%lu: %s\n", 
+		    file, (unsigned long)line, string);
+	    fflush(logfile);
+	    free(file);
+	    free(string);
+	    if (krb5_store_int32(c->logsock, 0))
+		goto out;
+	    break;
+	default:
+	    errx(1, "client send bad log command: %d", (int)cmd);
+	}
+    }
+out:
+
+    return 0;
+}
+
+static void
+connect_client(const char *slave)
+{
+    char *name, *port;
+    struct client *c = ecalloc(1, sizeof(*c));
+    struct addrinfo hints, *res0, *res;
+    int ret, fd;
+
+    name = estrdup(slave);
+    port = strchr(name, ':');
+    if (port == NULL)
+	errx(1, "port missing from %s", name);
+    *port++ = 0;
+
+    c->name = estrdup(slave);
+    
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+
+    ret = getaddrinfo(name, port, &hints, &res0);
+    if (ret)
+	errx(1, "error resolving %s", name);
+
+    for (res = res0, fd = -1; res; res = res->ai_next) {
+	fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+	if (fd < 0)
+	    continue;
+	if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
+	    close(fd);
+	    fd = -1;
+	    continue;
+	}
+	c->sa = ecalloc(1, res->ai_addrlen);
+	memcpy(c->sa, res->ai_addr, res->ai_addrlen);
+	c->salen = res->ai_addrlen;
+	break;  /* okay we got one */
+    }
+    if (fd < 0)
+	err(1, "connect to host: %s", name);
+    freeaddrinfo(res);
+
+    c->sock = krb5_storage_from_fd(fd);
+    close(fd);
+    if (c->sock == NULL)
+	errx(1, "krb5_storage_from_fd");
+
+    {
+	int32_t version;
+	char *str = NULL;
+	get_version_capa(c, &version, &c->capabilities, &str);
+	if (str) {
+	    free(str);
+	}
+	if (c->capabilities & HAS_MONIKER)
+	    get_moniker(c, &c->moniker);
+	else
+	    c->moniker = c->name;
+	if (c->capabilities & ISSERVER)
+	    get_targetname(c, &c->target_name);
+    }
+
+    if (logfile) {
+	int fd;
+
+	printf("starting log socket to client %s\n", c->moniker);
+
+	fd = wait_log(c);
+
+	c->logsock = krb5_storage_from_fd(fd);
+	close(fd);
+	if (c->logsock == NULL)
+	    errx(1, "failed to create log krb5_storage");
+#ifdef ENABLE_PTHREAD_SUPPORT
+	pthread_create(&c->thr, NULL, log_function, c);
+#else
+	c->child = fork();
+	if (c->child == -1)
+	    errx(1, "failed to fork");
+	else if (c->child == 0) {
+	    log_function(c);
+	    fclose(logfile);
+	    exit(0);
+	}
+#endif
+   }
+
+
+    clients = erealloc(clients, (num_clients + 1) * sizeof(*clients));
+    
+    clients[num_clients] = c;
+    num_clients++;
+
+    free(name);
+}
+
+static struct client *
+get_client(const char *slave)
+{
+    size_t i;
+    for (i = 0; i < num_clients; i++)
+	if (strcmp(slave, clients[i]->name) == 0)
+	    return clients[i];
+    errx(1, "failed to find client %s", slave);
+}
+
+/*
+ *
+ */
+
+static int version_flag;
+static int help_flag;
+static char *logfile_str;
+static getarg_strings principals;
+static getarg_strings slaves;
+
+struct getargs args[] = {
+    { "principals", 0,  arg_strings,	&principals,	"Test principal",
+      NULL },
+    { "slaves", 0,  arg_strings,	&slaves,	"Slaves",
+      NULL },
+    { "log-file", 0, arg_string,	&logfile_str,	"Logfile",
+      NULL },
+    { "version", 0,  arg_flag,		&version_flag,	"Print version",
+      NULL },
+    { "help",	 0,  arg_flag,		&help_flag,	NULL,
+      NULL }
+};
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optidx= 0;
+    char *user;
+    char *password;
+    char ***list, **p;
+    size_t num_list, i, j, k;
+    int failed = 0;
+
+    setprogname (argv[0]);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    if (optidx != argc)
+	usage (1);
+
+    if (principals.num_strings == 0)
+	errx(1, "no principals");
+
+    user = estrdup(principals.strings[0]);
+    password = strchr(user, ':');
+    if (password == NULL)
+	errx(1, "password missing from %s", user);
+    *password++ = 0;
+	
+    if (slaves.num_strings == 0)
+	errx(1, "no principals");
+
+    if (logfile_str) {
+	printf("open logfile %s\n", logfile_str);
+	logfile = fopen(logfile_str, "w+");
+	if (logfile == NULL)
+	    err(1, "failed to open: %s", logfile_str);
+    }
+
+    /*
+     *
+     */
+
+    list = permutate_all(&slaves, &num_list);
+
+    /*
+     * Set up connection to all clients
+     */
+
+    printf("Connecting to slaves\n");
+    for (i = 0; i < slaves.num_strings; i++)
+	connect_client(slaves.strings[i]);
+
+    /*
+     * Test acquire credentials
+     */
+
+    printf("Test acquire credentials\n");
+    for (i = 0; i < slaves.num_strings; i++) {
+	int32_t hCred, val;
+
+	val = acquire_cred(clients[i], user, password, 1, &hCred);
+	if (val != GSMERR_OK) {
+	    warnx("Failed to acquire_cred on host %s: %d", 
+		 clients[i]->moniker, (int)val);
+	    failed = 1;
+	} else
+	    toast_resource(clients[i], hCred);
+    }
+
+    if (failed)
+	goto out;
+
+    /* 
+     * First test if all slaves can build context to them-self.
+     */
+
+    printf("Self context tests\n");
+    for (i = 0; i < num_clients; i++) {
+	int32_t hCred, val, delegCred;
+	int32_t clientC, serverC;
+	struct client *c = clients[i];
+	
+	if (c->target_name == NULL)
+	    continue;
+
+	printf("%s connects to self using %s\n",
+	       c->moniker, c->target_name);
+
+	val = acquire_cred(c, user, password, 1, &hCred);
+	if (val != GSMERR_OK)
+	    errx(1, "failed to acquire_cred: %d", (int)val);
+    
+	val = build_context(c, c, 
+			    GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
+			    GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
+			    GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
+			    hCred, &clientC, &serverC, &delegCred);
+	if (val == GSMERR_OK) {
+	    test_token(c, clientC, c, serverC);
+	    toast_resource(c, clientC);
+	    toast_resource(c, serverC);
+	    if (delegCred)
+		toast_resource(c, delegCred);
+	} else {
+	    warnx("build_context failed: %d", (int)val);
+	}
+	/*
+	 *
+	 */
+
+	val = build_context(c, c,
+			    GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG,
+			    hCred, &clientC, &serverC, &delegCred);
+	if (val == GSMERR_OK) {
+	    test_token(c, clientC, c, serverC);
+	    toast_resource(c, clientC);
+	    toast_resource(c, serverC);
+	    if (delegCred)
+		toast_resource(c, delegCred);
+	} else {
+	    warnx("build_context failed: %d", (int)val);
+	}
+
+	toast_resource(c, hCred);
+    }
+    /*
+     * Build contexts though all entries in each lists, including the
+     * step from the last entry to the first, ie treat the list as a
+     * circle.
+     *
+     * Only follow the delegated credential, but test "all"
+     * flags. (XXX only do deleg|mutual right now.
+     */
+
+    printf("\"All\" permutation tests\n");
+
+    for (i = 0; i < num_list; i++) {
+	int32_t hCred, val, delegCred = 0;
+	int32_t clientC = 0, serverC = 0;
+	struct client *client, *server;
+	
+	p = list[i];
+	
+	client = get_client(p[0]);
+	
+	val = acquire_cred(client, user, password, 1, &hCred);
+	if (val != GSMERR_OK)
+	    errx(1, "failed to acquire_cred: %d", (int)val);
+
+	for (j = 1; j < num_clients + 1; j++) {
+	    server = get_client(p[j % num_clients]);
+	    
+	    if (server->target_name == NULL)
+		break;
+
+	    for (k = 1; k < j; k++)
+		printf("\t");
+	    printf("%s -> %s\n", client->moniker, server->moniker);
+
+	    val = build_context(client, server,
+				GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
+				GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
+				GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
+				hCred, &clientC, &serverC, &delegCred);
+	    if (val != GSMERR_OK) {
+		warnx("build_context failed: %d", (int)val);
+		break;
+	    }
+	    
+	    val = test_token(client, clientC, server, serverC);
+	    if (val)
+		break;
+	    
+	    toast_resource(client, clientC);
+	    toast_resource(server, serverC);
+	    if (!delegCred) {
+		warnx("no delegated cred on %s", server->moniker);
+		break;
+	    }
+	    toast_resource(client, hCred);
+	    hCred = delegCred;
+	    client = server;
+	}
+	if (hCred)
+	    toast_resource(client, hCred);
+    }
+    
+    /*
+     * Close all connections to clients
+     */
+    
+out:
+    printf("sending goodbye and waiting for log sockets\n");
+    for (i = 0; i < num_clients; i++) {
+	goodbye(clients[i]);
+	if (clients[i]->logsock) {
+#ifdef ENABLE_PTHREAD_SUPPORT
+	    pthread_join(&clients[i]->thr, NULL);
+#else
+	    waitpid(clients[i]->child, NULL, 0);
+#endif
+	}
+    }
+
+    printf("done\n");
+
+    return 0;
+}
diff --git a/crypto/heimdal/appl/gssmask/gssmask.c b/crypto/heimdal/appl/gssmask/gssmask.c
new file mode 100644
index 0000000..46b532b
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/gssmask.c
@@ -0,0 +1,1092 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "common.h"
+RCSID("$Id: gssmask.c 21229 2007-06-20 10:19:19Z lha $");
+
+/*
+ *
+ */
+
+enum handle_type { handle_context, handle_cred };
+
+struct handle {
+    int32_t idx;
+    enum handle_type type;
+    void *ptr;
+    struct handle *next;
+};
+
+struct client {
+    krb5_storage *sock;
+    krb5_storage *logging;
+    char *moniker;
+    int32_t nHandle;
+    struct handle *handles;
+    struct sockaddr_storage sa;
+    socklen_t salen;
+    char servername[MAXHOSTNAMELEN];
+};
+
+FILE *logfile;
+static char *targetname;
+krb5_context context;
+
+/*
+ *
+ */
+
+static void
+logmessage(struct client *c, const char *file, unsigned int lineno,
+	   int level, const char *fmt, ...)
+{
+    char *message;
+    va_list ap;
+    int32_t ackid;
+
+    va_start(ap, fmt);
+    vasprintf(&message, fmt, ap);
+    va_end(ap);
+
+    if (logfile)
+	fprintf(logfile, "%s:%u: %d %s\n", file, lineno, level, message);
+
+    if (c->logging) {
+	if (krb5_store_int32(c->logging, eLogInfo) != 0)
+	    errx(1, "krb5_store_int32: log level");
+	if (krb5_store_string(c->logging, file) != 0)
+	    errx(1, "krb5_store_string: filename");
+	if (krb5_store_int32(c->logging, lineno) != 0)
+	    errx(1, "krb5_store_string: filename");
+	if (krb5_store_string(c->logging, message) != 0)
+	    errx(1, "krb5_store_string: message");
+	if (krb5_ret_int32(c->logging, &ackid) != 0)
+	    errx(1, "krb5_ret_int32: ackid");
+    }
+    free(message);
+}
+
+/*
+ *
+ */
+
+static int32_t
+add_handle(struct client *c, enum handle_type type, void *data)
+{
+    struct handle *h;
+
+    h = ecalloc(1, sizeof(*h));
+
+    h->idx = ++c->nHandle;
+    h->type = type;
+    h->ptr = data;
+    h->next = c->handles;
+    c->handles = h;
+
+    return h->idx;
+}
+
+static void
+del_handle(struct handle **h, int32_t idx)
+{
+    OM_uint32 min_stat;
+
+    if (idx == 0)
+	return;
+
+    while (*h) {
+	if ((*h)->idx == idx) {
+	    struct handle *p = *h;
+	    *h = (*h)->next;
+	    switch(p->type) {
+	    case handle_context: {
+		gss_ctx_id_t c = p->ptr;
+		gss_delete_sec_context(&min_stat, &c, NULL);
+		break; }
+	    case handle_cred: {
+		gss_cred_id_t c = p->ptr;
+		gss_release_cred(&min_stat, &c);
+		break; }
+	    }
+	    free(p);
+	    return;
+	}
+	h = &((*h)->next);
+    }
+    errx(1, "tried to delete an unexisting handle");
+}
+
+static void *
+find_handle(struct handle *h, int32_t idx, enum handle_type type)
+{
+    if (idx == 0)
+	return NULL;
+    
+    while (h) {
+	if (h->idx == idx) {
+	    if (type == h->type)
+		return h->ptr;
+	    errx(1, "monger switched type on handle!");
+	}
+	h = h->next;
+    }
+    return NULL;    
+}
+
+
+static int32_t
+convert_gss_to_gsm(OM_uint32 maj_stat)
+{
+    switch(maj_stat) {
+    case 0:
+	return GSMERR_OK;
+    case GSS_S_CONTINUE_NEEDED:
+	return GSMERR_CONTINUE_NEEDED;
+    case GSS_S_DEFECTIVE_TOKEN:
+        return GSMERR_INVALID_TOKEN;
+    case GSS_S_BAD_MIC:
+	return GSMERR_AP_MODIFIED;
+    default:
+	return GSMERR_ERROR;
+    }
+}
+
+static int32_t
+convert_krb5_to_gsm(krb5_error_code ret)
+{
+    switch(ret) {
+    case 0:
+	return GSMERR_OK;
+    default:
+	return GSMERR_ERROR;
+    }
+}
+
+/*
+ *
+ */
+
+static int32_t
+acquire_cred(struct client *c,
+	     krb5_principal principal,
+	     krb5_get_init_creds_opt *opt,
+	     int32_t *handle)
+{
+    krb5_error_code ret;
+    krb5_creds cred;
+    krb5_ccache id;
+    gss_cred_id_t gcred;
+    OM_uint32 maj_stat, min_stat;
+
+    *handle = 0;
+
+    krb5_get_init_creds_opt_set_forwardable (opt, 1);
+    krb5_get_init_creds_opt_set_renew_life (opt, 3600 * 24 * 30);
+
+    memset(&cred, 0, sizeof(cred));
+
+    ret = krb5_get_init_creds_password (context,
+					&cred,
+					principal,
+					NULL,
+					NULL,
+					NULL,
+					0,
+					NULL,
+					opt);
+    if (ret) {
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "krb5_get_init_creds failed: %d", ret);
+	return convert_krb5_to_gsm(ret);
+    }
+	
+    ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
+    if (ret)
+	krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+    ret = krb5_cc_initialize (context, id, cred.client);
+    if (ret)
+	krb5_err (context, 1, ret, "krb5_cc_initialize");
+    
+    ret = krb5_cc_store_cred (context, id, &cred);
+    if (ret)
+	krb5_err (context, 1, ret, "krb5_cc_store_cred");
+
+    krb5_free_cred_contents (context, &cred);
+
+    maj_stat = gss_krb5_import_cred(&min_stat,
+				    id,
+				    NULL,
+				    NULL,
+				    &gcred);
+    krb5_cc_close(context, id);
+    if (maj_stat) {
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "krb5 import creds failed with: %d", maj_stat);
+	return convert_gss_to_gsm(maj_stat);
+    }
+
+    *handle = add_handle(c, handle_cred, gcred);
+
+    return 0;
+}
+
+
+/*
+ *
+ */
+
+#define HandleOP(h) \
+handle##h(enum gssMaggotOp op, struct client *c)
+
+/*
+ *
+ */
+
+static int
+HandleOP(GetVersionInfo)
+{
+    put32(c, GSSMAGGOTPROTOCOL);
+    errx(1, "GetVersionInfo");
+}
+
+static int
+HandleOP(GoodBye)
+{
+    struct handle *h = c->handles;
+    int i = 0;
+
+    while (h) {
+	h = h->next;
+	i++;
+    }
+
+    if (i != 0)
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "Did not toast all resources: %d", i);
+    return 1;
+}
+
+static int
+HandleOP(InitContext)
+{
+    OM_uint32 maj_stat, min_stat, ret_flags;
+    int32_t hContext, hCred, flags;
+    krb5_data target_name, in_token;
+    int32_t new_context_id = 0, gsm_error = 0;
+    krb5_data out_token = { 0 , NULL };
+
+    gss_ctx_id_t ctx;
+    gss_cred_id_t creds;
+    gss_name_t gss_target_name;
+    gss_buffer_desc input_token, output_token;
+    gss_OID oid = GSS_C_NO_OID;
+    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
+
+    ret32(c, hContext);
+    ret32(c, hCred);
+    ret32(c, flags);
+    retdata(c, target_name);
+    retdata(c, in_token);
+
+    logmessage(c, __FILE__, __LINE__, 0,
+	       "targetname: <%.*s>", (int)target_name.length,
+	       (char *)target_name.data);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	hContext = 0;
+    creds = find_handle(c->handles, hCred, handle_cred);
+    if (creds == NULL)
+	abort();
+
+    input_token.length = target_name.length;
+    input_token.value = target_name.data;
+
+    maj_stat = gss_import_name(&min_stat,
+			       &input_token,
+			       GSS_KRB5_NT_PRINCIPAL_NAME,
+			       &gss_target_name);
+    if (GSS_ERROR(maj_stat)) {
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "import name creds failed with: %d", maj_stat);
+	gsm_error = convert_gss_to_gsm(maj_stat);
+	goto out;
+    }
+
+    /* oid from flags */
+
+    if (in_token.length) {
+	input_token.length = in_token.length;
+	input_token.value = in_token.data;
+	input_token_ptr = &input_token;
+	if (ctx == NULL)
+	    krb5_errx(context, 1, "initcreds, context NULL, but not first req");
+    } else {
+	input_token.length = 0;
+	input_token.value = NULL;
+	if (ctx)
+	    krb5_errx(context, 1, "initcreds, context not NULL, but first req");
+    }
+	
+    if ((flags & GSS_C_DELEG_FLAG) != 0)
+	logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating");
+    if ((flags & GSS_C_DCE_STYLE) != 0)
+	logmessage(c, __FILE__, __LINE__, 0, "init_sec_context dce-style");
+
+    maj_stat = gss_init_sec_context(&min_stat,
+				    creds,
+				    &ctx,
+				    gss_target_name,
+				    oid,
+				    flags & 0x7f,
+				    0, 
+				    NULL,
+				    input_token_ptr,
+				    NULL,
+				    &output_token,
+				    &ret_flags,
+				    NULL);
+    if (GSS_ERROR(maj_stat)) {
+	if (hContext != 0)
+	    del_handle(&c->handles, hContext);
+	new_context_id = 0;
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "gss_init_sec_context returns code: %d/%d", 
+		   maj_stat, min_stat);
+    } else {
+	if (input_token.length == 0)
+	    new_context_id = add_handle(c, handle_context, ctx);
+	else
+	    new_context_id = hContext;
+    }
+
+    gsm_error = convert_gss_to_gsm(maj_stat);
+
+    if (output_token.length) {
+	out_token.data = output_token.value;
+	out_token.length = output_token.length;
+    }
+
+out:
+    logmessage(c, __FILE__, __LINE__, 0,
+	       "InitContext return code: %d", gsm_error);
+
+    put32(c, new_context_id);
+    put32(c, gsm_error);
+    putdata(c, out_token);
+
+    gss_release_name(&min_stat, &gss_target_name);
+    if (output_token.length)
+	gss_release_buffer(&min_stat, &output_token);
+    krb5_data_free(&in_token);
+    krb5_data_free(&target_name);
+
+    return 0;
+}
+
+static int
+HandleOP(AcceptContext)
+{
+    OM_uint32 maj_stat, min_stat, ret_flags;
+    int32_t hContext, deleg_hcred, flags;
+    krb5_data in_token;
+    int32_t new_context_id = 0, gsm_error = 0;
+    krb5_data out_token = { 0 , NULL };
+
+    gss_ctx_id_t ctx;
+    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
+    gss_buffer_desc input_token, output_token;
+    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
+
+    ret32(c, hContext);
+    ret32(c, flags);
+    retdata(c, in_token);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	hContext = 0;
+
+    if (in_token.length) {
+	input_token.length = in_token.length;
+	input_token.value = in_token.data;
+	input_token_ptr = &input_token;
+    } else {
+	input_token.length = 0;
+	input_token.value = NULL;
+    }
+
+    maj_stat = gss_accept_sec_context(&min_stat,
+				      &ctx,
+				      GSS_C_NO_CREDENTIAL,
+				      &input_token,
+				      GSS_C_NO_CHANNEL_BINDINGS,
+				      NULL,
+				      NULL,
+				      &output_token,
+				      &ret_flags,
+				      NULL,
+				      &deleg_cred);
+    if (GSS_ERROR(maj_stat)) {
+	if (hContext != 0)
+	    del_handle(&c->handles, hContext);
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "gss_accept_sec_context returns code: %d/%d", 
+		   maj_stat, min_stat);
+	new_context_id = 0;
+    } else {
+	if (hContext == 0)
+	    new_context_id = add_handle(c, handle_context, ctx);
+	else
+	    new_context_id = hContext;
+    }
+    if (output_token.length) {
+	out_token.data = output_token.value;
+	out_token.length = output_token.length;
+    }
+    if ((ret_flags & GSS_C_DCE_STYLE) != 0)
+	logmessage(c, __FILE__, __LINE__, 0, "accept_sec_context dce-style");
+    if ((ret_flags & GSS_C_DELEG_FLAG) != 0) {
+	deleg_hcred = add_handle(c, handle_cred, deleg_cred);
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "accept_context delegated handle: %d", deleg_hcred);
+    } else {
+	gss_release_cred(&min_stat, &deleg_cred);
+	deleg_hcred = 0;
+    }
+	 
+    
+    gsm_error = convert_gss_to_gsm(maj_stat);
+
+    put32(c, new_context_id);
+    put32(c, gsm_error);
+    putdata(c, out_token);
+    put32(c, deleg_hcred);
+
+    if (output_token.length)
+	gss_release_buffer(&min_stat, &output_token);
+    krb5_data_free(&in_token);
+
+    return 0;
+}
+
+static int
+HandleOP(ToastResource)
+{
+    int32_t handle;
+
+    ret32(c, handle);
+    logmessage(c, __FILE__, __LINE__, 0, "toasting %d", handle);
+    del_handle(&c->handles, handle);
+    put32(c, GSMERR_OK);
+
+    return 0;
+}
+
+static int
+HandleOP(AcquireCreds)
+{
+    char *name, *password;
+    int32_t gsm_error, flags, handle = 0;
+    krb5_principal principal = NULL;
+    krb5_get_init_creds_opt *opt = NULL;
+    krb5_error_code ret;
+
+    retstring(c, name);
+    retstring(c, password);
+    ret32(c, flags);
+
+    logmessage(c, __FILE__, __LINE__, 0,
+	       "username: %s password: %s", name, password);
+
+    ret = krb5_parse_name(context, name, &principal);
+    if (ret) {
+	gsm_error = convert_krb5_to_gsm(ret);
+	goto out;
+    }
+    
+    ret = krb5_get_init_creds_opt_alloc (context, &opt);
+    if (ret)
+	krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+    
+    krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL);
+
+    gsm_error = acquire_cred(c, principal, opt, &handle);
+
+out:
+    logmessage(c, __FILE__, __LINE__, 0,
+	       "AcquireCreds handle: %d return code: %d", handle, gsm_error);
+
+    if (opt)
+	krb5_get_init_creds_opt_free (context, opt);
+    if (principal)
+	krb5_free_principal(context, principal);
+    free(name);
+    free(password);
+
+    put32(c, gsm_error);
+    put32(c, handle);
+
+    return 0;
+}
+
+static int
+HandleOP(Sign)
+{
+    OM_uint32 maj_stat, min_stat;
+    int32_t hContext, flags, seqno;
+    krb5_data token;
+    gss_ctx_id_t ctx;
+    gss_buffer_desc input_token, output_token;
+
+    ret32(c, hContext);
+    ret32(c, flags);
+    ret32(c, seqno);
+    retdata(c, token);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	errx(1, "sign: reference to unknown context");
+
+    input_token.length = token.length;
+    input_token.value = token.data;
+    
+    maj_stat = gss_get_mic(&min_stat, ctx, 0, &input_token,
+			   &output_token);
+    if (maj_stat != GSS_S_COMPLETE)
+	errx(1, "gss_get_mic failed");
+    
+    krb5_data_free(&token);
+    
+    token.data = output_token.value;
+    token.length = output_token.length;
+    
+    put32(c, 0); /* XXX fix gsm_error */
+    putdata(c, token);
+    
+    gss_release_buffer(&min_stat, &output_token);
+    
+    return 0;
+}
+
+static int
+HandleOP(Verify)
+{
+    OM_uint32 maj_stat, min_stat;
+    int32_t hContext, flags, seqno;
+    krb5_data msg, mic;
+    gss_ctx_id_t ctx;
+    gss_buffer_desc msg_token, mic_token;
+    gss_qop_t qop;
+
+    ret32(c, hContext);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	errx(1, "verify: reference to unknown context");
+
+    ret32(c, flags);
+    ret32(c, seqno);
+    retdata(c, msg);
+
+    msg_token.length = msg.length;
+    msg_token.value = msg.data;
+    
+    retdata(c, mic);
+
+    mic_token.length = mic.length;
+    mic_token.value = mic.data;
+
+    maj_stat = gss_verify_mic(&min_stat, ctx, &msg_token,
+			      &mic_token, &qop);
+    if (maj_stat != GSS_S_COMPLETE)
+	errx(1, "gss_verify_mic failed");
+    
+    krb5_data_free(&mic);
+    krb5_data_free(&msg);
+    
+    put32(c, 0); /* XXX fix gsm_error */
+    
+    return 0;
+}
+
+static int
+HandleOP(GetVersionAndCapabilities)
+{
+    int32_t cap = HAS_MONIKER;
+    char name[256] = "unknown", *str;
+
+    if (targetname)
+	cap |= ISSERVER; /* is server */
+
+#ifdef HAVE_UNAME
+    {
+	struct utsname ut;
+	if (uname(&ut) == 0) {
+	    snprintf(name, sizeof(name), "%s-%s-%s", 
+		     ut.sysname, ut.version, ut.machine);
+	}
+    }
+#endif
+
+    asprintf(&str, "gssmask %s %s", PACKAGE_STRING, name);
+
+    put32(c, GSSMAGGOTPROTOCOL);
+    put32(c, cap);
+    putstring(c, str); 
+    free(str);
+
+    return 0;
+}
+
+static int
+HandleOP(GetTargetName)
+{
+    if (targetname)
+	putstring(c, targetname);
+    else
+	putstring(c, "");
+    return 0;
+}
+
+static int
+HandleOP(SetLoggingSocket)
+{
+    int32_t portnum;
+    int fd, ret;
+
+    ret32(c, portnum);
+
+    logmessage(c, __FILE__, __LINE__, 0,
+	       "logging port on peer is: %d", (int)portnum);
+
+    socket_set_port((struct sockaddr *)(&c->sa), htons(portnum));
+
+    fd = socket(((struct sockaddr *)&c->sa)->sa_family, SOCK_STREAM, 0);
+    if (fd < 0)
+	return 0;
+
+    ret = connect(fd, (struct sockaddr *)&c->sa, c->salen);
+    if (ret < 0) {
+	logmessage(c, __FILE__, __LINE__, 0, "failed connect to log port: %s",
+		   strerror(errno));
+	close(fd);
+	return 0;
+    }
+
+    if (c->logging)
+	krb5_storage_free(c->logging);
+    c->logging = krb5_storage_from_fd(fd);
+    close(fd);
+
+    krb5_store_int32(c->logging, eLogSetMoniker);
+    store_string(c->logging, c->moniker);
+    
+    logmessage(c, __FILE__, __LINE__, 0, "logging turned on");
+
+    return 0;
+}
+    
+
+static int
+HandleOP(ChangePassword)
+{
+    errx(1, "ChangePassword");
+}
+
+static int
+HandleOP(SetPasswordSelf)
+{
+    errx(1, "SetPasswordSelf");
+}
+
+static int
+HandleOP(Wrap)
+{
+    OM_uint32 maj_stat, min_stat;
+    int32_t hContext, flags, seqno;
+    krb5_data token;
+    gss_ctx_id_t ctx;
+    gss_buffer_desc input_token, output_token;
+    int conf_state;
+
+    ret32(c, hContext);
+    ret32(c, flags);
+    ret32(c, seqno);
+    retdata(c, token);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	errx(1, "wrap: reference to unknown context");
+
+    input_token.length = token.length;
+    input_token.value = token.data;
+    
+    maj_stat = gss_wrap(&min_stat, ctx, flags, 0, &input_token,
+			&conf_state, &output_token);
+    if (maj_stat != GSS_S_COMPLETE)
+	errx(1, "gss_wrap failed");
+    
+    krb5_data_free(&token);
+    
+    token.data = output_token.value;
+    token.length = output_token.length;
+    
+    put32(c, 0); /* XXX fix gsm_error */
+    putdata(c, token);
+    
+    gss_release_buffer(&min_stat, &output_token);
+    
+    return 0;
+}
+
+
+static int
+HandleOP(Unwrap)
+{
+    OM_uint32 maj_stat, min_stat;
+    int32_t hContext, flags, seqno;
+    krb5_data token;
+    gss_ctx_id_t ctx;
+    gss_buffer_desc input_token, output_token;
+    int conf_state;
+    gss_qop_t qop_state;
+
+    ret32(c, hContext);
+    ret32(c, flags);
+    ret32(c, seqno);
+    retdata(c, token);
+
+    ctx = find_handle(c->handles, hContext, handle_context);
+    if (ctx == NULL)
+	errx(1, "unwrap: reference to unknown context");
+
+    input_token.length = token.length;
+    input_token.value = token.data;
+    
+    maj_stat = gss_unwrap(&min_stat, ctx, &input_token,
+			  &output_token, &conf_state, &qop_state);
+    
+    if (maj_stat != GSS_S_COMPLETE)
+	errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
+	
+    krb5_data_free(&token);
+    if (maj_stat == GSS_S_COMPLETE) {
+	token.data = output_token.value;
+	token.length = output_token.length;
+    } else {
+	token.data = NULL;
+	token.length = 0;
+    }
+    put32(c, 0); /* XXX fix gsm_error */
+    putdata(c, token);
+
+    if (maj_stat == GSS_S_COMPLETE)
+	gss_release_buffer(&min_stat, &output_token);
+
+    return 0;
+}
+
+static int
+HandleOP(Encrypt)
+{
+    return handleWrap(op, c);
+}
+
+static int
+HandleOP(Decrypt)
+{
+    return handleUnwrap(op, c);
+}
+
+static int
+HandleOP(ConnectLoggingService2)
+{
+    errx(1, "ConnectLoggingService2");
+}
+
+static int
+HandleOP(GetMoniker)
+{
+    putstring(c, c->moniker);
+    return 0;
+}
+
+static int
+HandleOP(CallExtension)
+{
+    errx(1, "CallExtension");
+}
+
+static int
+HandleOP(AcquirePKInitCreds)
+{
+    int32_t flags;
+    krb5_data pfxdata;
+
+    ret32(c, flags);
+    retdata(c, pfxdata);
+
+    /* get credentials */
+
+    krb5_data_free(&pfxdata);
+
+    put32(c, -1); /* hResource */
+    put32(c, GSMERR_NOT_SUPPORTED);
+    return 0;
+}
+
+/*
+ *
+ */
+
+struct handler {
+    enum gssMaggotOp op;
+    const char *name;
+    int (*func)(enum gssMaggotOp, struct client *);
+};
+
+#define S(a) { e##a, #a, handle##a }
+
+struct handler handlers[] = {
+    S(GetVersionInfo),
+    S(GoodBye),
+    S(InitContext),
+    S(AcceptContext),
+    S(ToastResource),
+    S(AcquireCreds),
+    S(Encrypt),
+    S(Decrypt),
+    S(Sign),
+    S(Verify),
+    S(GetVersionAndCapabilities),
+    S(GetTargetName),
+    S(SetLoggingSocket),
+    S(ChangePassword),
+    S(SetPasswordSelf),
+    S(Wrap),
+    S(Unwrap),
+    S(ConnectLoggingService2),
+    S(GetMoniker),
+    S(CallExtension),
+    S(AcquirePKInitCreds)
+};
+
+#undef S
+
+/*
+ *
+ */
+
+static struct handler *
+find_op(int32_t op)
+{
+    int i;
+
+    for (i = 0; i < sizeof(handlers)/sizeof(handlers[0]); i++)
+	if (handlers[i].op == op)
+	    return &handlers[i];
+    return NULL;
+}
+
+static struct client *
+create_client(int fd, int port, const char *moniker)
+{
+    struct client *c;
+
+    c = ecalloc(1, sizeof(*c));
+
+    if (moniker) {
+	c->moniker = estrdup(moniker);
+    } else {
+	char hostname[MAXHOSTNAMELEN];
+	gethostname(hostname, sizeof(hostname));
+	asprintf(&c->moniker, "gssmask: %s:%d", hostname, port);
+    }
+
+    {
+	c->salen = sizeof(c->sa);
+	getpeername(fd, (struct sockaddr *)&c->sa, &c->salen);
+	
+	getnameinfo((struct sockaddr *)&c->sa, c->salen, 
+		    c->servername, sizeof(c->servername), 
+		    NULL, 0, NI_NUMERICHOST);
+    }
+
+    c->sock = krb5_storage_from_fd(fd);
+    if (c->sock == NULL)
+	errx(1, "krb5_storage_from_fd");
+    
+    close(fd);
+
+    return c;
+}
+
+static void
+free_client(struct client *c)
+{
+    while(c->handles)
+	del_handle(&c->handles, c->handles->idx);
+
+    free(c->moniker);
+    krb5_storage_free(c->sock);
+    if (c->logging)
+	krb5_storage_free(c->logging);
+    free(c);
+}
+
+
+static void *
+handleServer(void *ptr)
+{
+    struct handler *handler;
+    struct client *c;
+    int32_t op;
+
+    c = (struct client *)ptr;
+
+
+    while(1) {
+	ret32(c, op);
+
+	handler = find_op(op);
+	if (handler == NULL) {
+	    logmessage(c, __FILE__, __LINE__, 0,
+		       "op %d not supported", (int)op);
+	    exit(1);
+	}
+
+	logmessage(c, __FILE__, __LINE__, 0,
+		   "---> Got op %s from server %s", 
+		   handler->name, c->servername);
+
+	if ((handler->func)(handler->op, c))
+	    break;
+    }
+
+    return NULL;
+}
+
+
+static char *port_str;
+static int version_flag;
+static int help_flag;
+static char *logfile_str;
+static char *moniker_str;
+
+static int port = 4711;
+
+struct getargs args[] = {
+    { "spn",	0,   arg_string,	&targetname,	"This host's SPN",
+      "service/host@REALM" },
+    { "port",	'p', arg_string,	&port_str,	"Use this port",
+      "number-of-service" },
+    { "logfile", 0,  arg_string,	&logfile_str,	"logfile",
+      "number-of-service" },
+    { "moniker", 0,  arg_string,	&moniker_str,	"nickname",
+      "name" },
+    { "version", 0,  arg_flag,		&version_flag,	"Print version",
+      NULL },
+    { "help",	 0,  arg_flag,		&help_flag,	NULL,
+      NULL }
+};
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optidx	= 0;
+
+    setprogname (argv[0]);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    if (optidx != argc)
+	usage (1);
+
+    if (port_str) {
+	char *ptr;
+
+	port = strtol (port_str, &ptr, 10);
+	if (port == 0 && ptr == port_str)
+	    errx (1, "Bad port `%s'", port_str);
+    }
+
+    krb5_init_context(&context);
+
+    {
+	const char *lf = logfile_str;
+	if (lf == NULL)
+	    lf = "/dev/tty";
+
+	logfile = fopen(lf, "w");
+	if (logfile == NULL)
+	    err(1, "error opening %s", lf);
+    }
+
+    mini_inetd(htons(port));
+    fprintf(logfile, "connected\n");
+
+    {
+	struct client *c; 
+
+	c = create_client(0, port, moniker_str);
+	/* close(0); */
+
+	handleServer(c);
+
+	free_client(c);
+    }
+
+    krb5_free_context(context);
+
+    return 0;
+}
diff --git a/crypto/heimdal/appl/gssmask/protocol.h b/crypto/heimdal/appl/gssmask/protocol.h
new file mode 100644
index 0000000..3683fa6
--- /dev/null
+++ b/crypto/heimdal/appl/gssmask/protocol.h
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * $Id: protocol.h 18352 2006-10-08 13:53:28Z lha $
+ */
+
+/* missing from tests:
+ * - export context
+ * - import context
+ */
+
+/*
+ * wire encodings:
+ *   int16: number, 2 bytes, in network order
+ *   int32: number, 4 bytes, in network order
+ *   length-encoded: [int32 length, data of length bytes]
+ *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
+ */
+
+enum gssMaggotErrorCodes {
+    GSMERR_OK		= 0,
+    GSMERR_ERROR,
+    GSMERR_CONTINUE_NEEDED,
+    GSMERR_INVALID_TOKEN,
+    GSMERR_AP_MODIFIED,
+    GSMERR_TEST_ISSUE,
+    GSMERR_NOT_SUPPORTED
+};
+
+/*
+ * input:
+ *   int32: message OP (enum gssMaggotProtocol)
+ *   ...
+ *
+ * return:   -- on error 
+ *    int32: not support (GSMERR_NOT_SUPPORTED)
+ * 
+ * return:   -- on existing message OP
+ *    int32: support (GSMERR_OK) -- only sent for extensions
+ *    ...
+ */
+
+#define GSSMAGGOTPROTOCOL 14
+
+enum gssMaggotOp {
+    eGetVersionInfo	= 0,
+    /* 
+     * input:
+     *   none
+     * return:
+     *   int32: last version handled 
+     */
+    eGoodBye,
+    /* 
+     * input:
+     *   none
+     * return:
+     *   close socket
+     */
+    eInitContext,
+    /* 
+     * input:
+     *   int32: hContext
+     *   int32: hCred
+     *   int32: Flags
+     *      the lowest 0x7f flags maps directly to GSS-API flags
+     *      DELEGATE		0x001 
+     *      MUTUAL_AUTH		0x002 
+     *      REPLAY_DETECT	0x004
+     *      SEQUENCE_DETECT	0x008
+     *      CONFIDENTIALITY	0x010
+     *      INTEGRITY		0x020
+     *      ANONYMOUS		0x040
+     *
+     *      FIRST_CALL		0x080
+     *
+     *      NTLM		0x100
+     *      SPNEGO		0x200
+     *   length-encoded: targetname
+     *   length-encoded: token
+     * return:
+     *   int32: hNewContextId
+     *   int32: gssapi status val
+     *   length-encoded: output token
+     */
+    eAcceptContext,
+    /* 
+     * input:
+     *   int32: hContext
+     *   int32: Flags		-- unused ?
+     *      flags are same as flags for eInitContext
+     *   length-encoded: token
+     * return:
+     *   int32: hNewContextId
+     *   int32: gssapi status val
+     *   length-encoded: output token
+     *   int32: delegation cred id
+     */
+    eToastResource,
+    /*
+     * input:
+     *   int32: hResource
+     * return:
+     *   int32: gsm status val
+     */
+    eAcquireCreds,
+    /*
+     * input:
+     *   string: principal name
+     *   string: password
+     *   int32: flags
+     *      FORWARDABLE		0x001
+     *      DEFAULT_CREDS	0x002
+     *
+     *      NTLM		0x100
+     *      SPNEGO		0x200
+     * return:
+     *   int32: gsm status val
+     *   int32: hCred
+     */
+    eEncrypt,
+    /*
+     * input:
+     *   int32: hContext
+     *   int32: flags		-- unused
+     *   int32: seqno		-- unused
+     *   length-encode: plaintext
+     * return:
+     *   int32: gsm status val
+     *   length-encode: ciphertext
+     */
+    eDecrypt,
+    /*
+     * input:
+     *   int32: hContext
+     *   int32: flags		-- unused
+     *   int32: seqno		-- unused
+     *   length-encode: ciphertext
+     * return:
+     *   int32: gsm status val
+     *   length-encode: plaintext
+     */
+    eSign,
+    /* message same as eEncrypt */
+    eVerify,
+    /*
+     * input:
+     *   int32: hContext
+     *   int32: flags		-- unused
+     *   int32: seqno		-- unused
+     *   length-encode: message
+     *   length-encode: signature
+     * return:
+     *   int32: gsm status val
+     */
+    eGetVersionAndCapabilities,
+    /*
+     * return:
+     *   int32: protocol version
+     *   int32: capability flags */
+#define      ISSERVER		0x01
+#define      ISKDC		0x02
+#define      MS_KERBEROS	0x04
+#define      LOGSERVER		0x08
+#define      HAS_MONIKER	0x10
+    /*   string: version string
+     */
+    eGetTargetName,
+    /*
+     * return:
+     *   string: target principal name
+     */
+    eSetLoggingSocket,
+    /*
+     * input:
+     *   int32: hostPort
+     * return to the port on the host:
+     *   int32: opcode - for example eLogSetMoniker
+     */
+    eChangePassword,
+    /* here ended version 7 of the protocol */
+    /*
+     * input:
+     *   string: principal name
+     *   string: old password
+     *   string: new password
+     * return:
+     *   int32: gsm status val
+     */
+    eSetPasswordSelf,
+    /* same as eChangePassword */
+    eWrap,
+    /* message same as eEncrypt */
+    eUnwrap,
+    /* message same as eDecrypt */
+    eConnectLoggingService2,
+    /*
+     * return1:
+     *   int16: log port number
+     *   int32: master log prototocol version (0)
+     * 
+     * wait for master to connect on the master log socket
+     *
+     * return2:
+     *   int32: gsm connection status
+     *   int32: maggot log prototocol version (2)
+     */
+    eGetMoniker,
+    /*
+     * return:
+     *   string: moniker (Nickname the master can refer to maggot)
+     */
+    eCallExtension,
+    /*
+     * input:
+     *   string: extension name
+     *   int32: message id
+     * return:
+     *   int32: gsm status val
+     */
+    eAcquirePKInitCreds,
+    /*
+     * input:
+     *   int32: flags
+     *   length-encode: certificate (pkcs12 data)
+     * return:
+     *   int32: hResource
+     *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
+     */
+    /* here ended version 7 of the protocol */
+    eLastProtocolMessage
+};
+
+enum gssMaggotLogOp{
+  eLogInfo = 0,
+	/*
+	string: File
+	int32: Line
+	string: message
+     reply:
+  	int32: ackid
+	*/
+  eLogFailure,
+	/*
+	string: File
+	int32: Line
+	string: message
+     reply:
+  	int32: ackid
+	*/
+  eLogSetMoniker
+	/*
+	string: moniker
+	*/
+};
diff --git a/crypto/heimdal/appl/kf/Makefile.am b/crypto/heimdal/appl/kf/Makefile.am
index c145e07..10d4be6 100644
--- a/crypto/heimdal/appl/kf/Makefile.am
+++ b/crypto/heimdal/appl/kf/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.5 2000/11/15 22:51:08 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -13,6 +13,8 @@ kf_SOURCES = kf.c kf_locl.h
 kfd_SOURCES = kfd.c kf_locl.h
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in
index ac8c4e7..1dc0684 100644
--- a/crypto/heimdal/appl/kf/Makefile.in
+++ b/crypto/heimdal/appl/kf/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.5 2000/11/15 22:51:08 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -51,16 +46,14 @@ libexec_PROGRAMS = kfd$(EXEEXT)
 subdir = appl/kf
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -73,6 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -81,19 +75,24 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
@@ -110,17 +109,18 @@ kfd_LDADD = $(LDADD)
 kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
 	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
 DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
 man1dir = $(mandir)/man1
@@ -130,13 +130,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -146,8 +140,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -158,11 +150,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -170,42 +161,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -223,12 +199,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -238,15 +211,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -255,6 +227,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -266,15 +239,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -282,74 +250,79 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -366,19 +339,21 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 man_MANS = kf.1 kfd.8
 kf_SOURCES = kf.c kf_locl.h
 kfd_SOURCES = kfd.c kf_locl.h
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -410,7 +385,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -438,7 +413,7 @@ clean-binPROGRAMS:
 	done
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
 	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -466,10 +441,10 @@ clean-libexecPROGRAMS:
 	done
 kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES) 
 	@rm -f kf$(EXEEXT)
-	$(LINK) $(kf_LDFLAGS) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
+	$(LINK) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
 kfd$(EXEEXT): $(kfd_OBJECTS) $(kfd_DEPENDENCIES) 
 	@rm -f kfd$(EXEEXT)
-	$(LINK) $(kfd_LDFLAGS) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
+	$(LINK) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -491,13 +466,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -542,7 +513,7 @@ uninstall-man1:
 	done
 install-man8: $(man8_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
 	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -606,9 +577,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -633,23 +606,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -669,7 +640,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -690,7 +661,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -703,7 +674,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -719,14 +690,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1 install-man8
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -746,26 +725,33 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+	uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1 uninstall-man8
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool ctags distclean distclean-compile \
+	clean-libtool ctags dist-hook distclean distclean-compile \
 	distclean-generic distclean-libtool distclean-tags distdir dvi \
 	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
+	install-binPROGRAMS install-data install-data-am \
+	install-data-hook install-dvi install-dvi-am install-exec \
+	install-exec-am install-exec-hook install-html install-html-am \
+	install-info install-info-am install-libexecPROGRAMS \
+	install-man install-man1 install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-binPROGRAMS \
+	uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
+	uninstall-man1 uninstall-man8
 
 
 install-suid-programs:
@@ -780,8 +766,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -791,19 +777,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -819,7 +817,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -889,14 +887,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1
index 2426063..97e408d 100644
--- a/crypto/heimdal/appl/kf/kf.1
+++ b/crypto/heimdal/appl/kf/kf.1
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\" $Id: kf.1,v 1.6 2003/04/11 12:43:57 lha Exp $
+.\" $Id: kf.1 11986 2003-04-11 12:43:57Z lha $
 .\"
 .Dd July  2, 2000
 .Dt KF 1
diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c
index 190101b..6377965 100644
--- a/crypto/heimdal/appl/kf/kf.c
+++ b/crypto/heimdal/appl/kf/kf.c
@@ -32,7 +32,7 @@
  */
 
 #include "kf_locl.h"
-RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $");
+RCSID("$Id: kf.c 11400 2002-09-05 15:00:03Z joda $");
 
 krb5_context context;
 static int help_flag;
diff --git a/crypto/heimdal/appl/kf/kf_locl.h b/crypto/heimdal/appl/kf/kf_locl.h
index 0a6a28f..e4d9ee8 100644
--- a/crypto/heimdal/appl/kf/kf_locl.h
+++ b/crypto/heimdal/appl/kf/kf_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */
+/* $Id: kf_locl.h 11376 2002-09-04 20:29:04Z joda $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8
index 94d26cc..f676749 100644
--- a/crypto/heimdal/appl/kf/kfd.8
+++ b/crypto/heimdal/appl/kf/kfd.8
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\" $Id: kfd.8,v 1.4 2003/02/16 21:10:05 lha Exp $
+.\" $Id: kfd.8 11648 2003-02-16 21:10:32Z lha $
 .\"
 .Dd July  2, 2000
 .Dt KFD 8
diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c
index c358b54..9d8c84c 100644
--- a/crypto/heimdal/appl/kf/kfd.c
+++ b/crypto/heimdal/appl/kf/kfd.c
@@ -32,7 +32,7 @@
  */
 
 #include "kf_locl.h"
-RCSID("$Id: kfd.c,v 1.11 2003/04/16 15:40:24 lha Exp $");
+RCSID("$Id: kfd.c 15246 2005-05-27 13:47:20Z lha $");
 
 krb5_context context;
 char krb5_tkfile[MAXPATHLEN];
@@ -112,7 +112,7 @@ kfd_match_version(const void *arg, const char *version)
 	       version[0] == '0' &&
 	       version[1] == '.' &&
 	       (version[2] == '4' || version[2] == '3') &&
-	       islower(version[3])) {
+	       islower((unsigned char)version[3])) {
 	protocol_version = 0;
 	return TRUE;
     }
@@ -235,7 +235,8 @@ proto (int sock, const char *service)
     if (tk_file.length != 1)
 	snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
     else
-	snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u",pwd->pw_uid);
+	snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%lu",
+		  (unsigned long)pwd->pw_uid);
 
     status = krb5_cc_resolve (context, ccname, &ccache);
     if (status) {
diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog
index 3da3237..2400808 100644
--- a/crypto/heimdal/appl/login/ChangeLog
+++ b/crypto/heimdal/appl/login/ChangeLog
@@ -1,8 +1,79 @@
+2006-12-05  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* limits_conf.c: Clear errno before calling the strtol
+	functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn
+	Sandell.
+
+	* limits_conf.c: Report to syslog strings that start with NUL;
+	prevents negative index array access. Ray Lai of OpenBSD via Björn
+	Sandell.
+	
+2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* Makefile.am: Add man_MANS to EXTRA_DIST
+
+2006-09-22  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* read_string.c: try to not call signaction for signal 0 and use
+	NSIG if it exists to determin how many signals there exists, also,
+	only restore those signalhandlers that we got out.
+	
+2006-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* login_locl.h: Include "loginpaths.h"
+	
+	* loginpaths.h: Shared paths between login and rshd.
+	
+2006-01-09 Johan Danielsson <joda@blubb.pdc.kth.se>
+
+	* login.c: log successful logins
+	
+2005-08-08  Love Hörnquist Åstrand <lha@it.su.se>
+
+	* login.c (do_login): only do krb4_get_afs_tokens if we have done
+	v4 authentication or done a 5to4 conversion of tickets. This is to
+	avoid delays on a realm that only support Kerberos 5 and drop
+	Kerberos 4 requests.
+
+2005-05-10  Dave Love  <fx@gnu.org>
+
+	* login.c: Include <crypt.h>.
+
+2005-05-02  Dave Love  <fx@gnu.org>
+
+	* limits_conf.c: Check RLIMIT_MEMLOCK, not RLIMIT_LOCK.
+
+2005-04-28  Dave Love  <fx@gnu.org>
+
+	* limits_conf.c: Maybe include sys/resource.h.  Use various
+	RLIMIT_ macros conditionally.  For Solaris, Irix and Tru64.
+
+2005-04-22  Johan Danielsson  <joda@pdc.kth.se>
+
+	* login.1: document limits.conf
+	
+	* Makefile.am: limits_conf.c
+	
+	* login_locl.h: template for limits.conf
+	
+	* login.c: read limits.conf (from /etc/security by default,
+	overridable in login.conf)
+	
+	* limits_conf.c: implement a parser for limits.conf
+	
 2004-09-08  Johan Danielsson  <joda@pdc.kth.se>
 
-	* login.c: pull up 1.62->1.63: use krb5_appdefault_boolean instead
-	of krb5_config_get_bool
+	* login.c: use krb5_appdefault_boolean instead of
+	krb5_config_get_bool
+
+2003-09-03  Love Hörnquist Åstrand <lha@it.su.se>
 
+	* login.c (krb5_to4): set client princ of the mcred
+	
+2003-07-07  Love Hörnquist Åstrand <lha@it.su.se>
+
+	* login.c (krb5_to4): use krb5_cc_clear_mcred
+	
 2003-03-24  Johan Danielsson  <joda@pdc.kth.se>
 
 	* Makefile.am: install man pages
diff --git a/crypto/heimdal/appl/login/Makefile.am b/crypto/heimdal/appl/login/Makefile.am
index 860ce70..b7c9f93 100644
--- a/crypto/heimdal/appl/login/Makefile.am
+++ b/crypto/heimdal/appl/login/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+AM_CPPFLAGS += $(INCLUDE_krb4)
 
 man_MANS = login.1 login.access.5
 
@@ -15,6 +15,8 @@ login_SOURCES =					\
 		login_access.c			\
 		login_locl.h			\
 		login_protos.h			\
+		loginpaths.h			\
+		limits_conf.c			\
 		osfc2.c				\
 		read_string.c			\
 		shadow.c			\
@@ -27,7 +29,7 @@ LDADD = $(LIB_otp) \
 	$(LIB_kafs) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken) \
 	$(LIB_security) \
@@ -37,3 +39,5 @@ $(srcdir)/login_protos.h:
 	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
 
 $(login_OBJECTS): $(srcdir)/login_protos.h
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in
index 72648ab..faa632a 100644
--- a/crypto/heimdal/appl/login/Makefile.in
+++ b/crypto/heimdal/appl/login/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(login_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = login$(EXEEXT)
 subdir = appl/login
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,25 +74,30 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \
+	"$(DESTDIR)$(man5dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS)
 am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
-	login_access.$(OBJEXT) osfc2.$(OBJEXT) read_string.$(OBJEXT) \
-	shadow.$(OBJEXT) stty_default.$(OBJEXT) tty.$(OBJEXT) \
-	utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
+	login_access.$(OBJEXT) limits_conf.$(OBJEXT) osfc2.$(OBJEXT) \
+	read_string.$(OBJEXT) shadow.$(OBJEXT) stty_default.$(OBJEXT) \
+	tty.$(OBJEXT) utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
 login_OBJECTS = $(am_login_OBJECTS)
 login_LDADD = $(LDADD)
 am__DEPENDENCIES_1 =
@@ -109,17 +108,18 @@ login_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(login_SOURCES)
 DIST_SOURCES = $(login_SOURCES)
 man1dir = $(mandir)/man1
@@ -129,13 +129,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -145,8 +139,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -157,11 +149,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -169,42 +160,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -222,12 +198,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -237,15 +210,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -254,6 +226,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -265,15 +238,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -281,74 +249,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -365,6 +339,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 man_MANS = login.1 login.access.5
 login_SOURCES = \
@@ -374,6 +349,8 @@ login_SOURCES = \
 		login_access.c			\
 		login_locl.h			\
 		login_protos.h			\
+		loginpaths.h			\
+		limits_conf.c			\
 		osfc2.c				\
 		read_string.c			\
 		shadow.c			\
@@ -386,16 +363,17 @@ LDADD = $(LIB_otp) \
 	$(LIB_kafs) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken) \
 	$(LIB_security) \
 	$(DBLIB)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -427,7 +405,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -455,7 +433,7 @@ clean-binPROGRAMS:
 	done
 login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) 
 	@rm -f login$(EXEEXT)
-	$(LINK) $(login_LDFLAGS) $(login_OBJECTS) $(login_LDADD) $(LIBS)
+	$(LINK) $(login_OBJECTS) $(login_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,13 +455,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -528,7 +502,7 @@ uninstall-man1:
 	done
 install-man5: $(man5_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)"
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
 	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -592,9 +566,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -619,23 +595,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -655,7 +629,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -676,7 +650,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -688,7 +662,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -704,14 +678,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1 install-man5
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -731,23 +713,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1 uninstall-man5
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-man1 \
-	install-man5 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1 uninstall-man5
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-man5 install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-binPROGRAMS \
+	uninstall-hook uninstall-man uninstall-man1 uninstall-man5
 
 
 install-suid-programs:
@@ -762,8 +751,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -773,19 +762,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -801,7 +802,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -871,15 +872,40 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
 
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+
 $(srcdir)/login_protos.h:
 	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
 
diff --git a/crypto/heimdal/appl/login/conf.c b/crypto/heimdal/appl/login/conf.c
index 85cfc00..81a3c74 100644
--- a/crypto/heimdal/appl/login/conf.c
+++ b/crypto/heimdal/appl/login/conf.c
@@ -32,7 +32,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: conf.c,v 1.3 2000/05/29 16:52:24 assar Exp $");
+RCSID("$Id: conf.c 8302 2000-05-29 16:52:24Z assar $");
 
 static char *confbuf;
 
diff --git a/crypto/heimdal/appl/login/env.c b/crypto/heimdal/appl/login/env.c
index 57f68b1..e1b33ba 100644
--- a/crypto/heimdal/appl/login/env.c
+++ b/crypto/heimdal/appl/login/env.c
@@ -32,7 +32,7 @@
  */
 
 #include "login_locl.h"
-RCSID("$Id: env.c,v 1.1 2000/06/28 12:27:38 joda Exp $");
+RCSID("$Id: env.c 8476 2000-06-28 12:27:38Z joda $");
 
 /*
  * the environment we will send to execle and the shell.
diff --git a/crypto/heimdal/appl/login/limits_conf.c b/crypto/heimdal/appl/login/limits_conf.c
new file mode 100644
index 0000000..ac9837f
--- /dev/null
+++ b/crypto/heimdal/appl/login/limits_conf.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $");
+
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+struct limit {
+    const char *name;
+    int resource;
+    int scale;
+    int has_limit;
+    struct rlimit limit;
+} limits[] = {
+#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
+    LIM(CORE, 1024),
+    LIM(CPU, 60),
+    LIM(DATA, 1024),
+    LIM(FSIZE, 1024),
+#ifdef RLIMIT_MEMLOCK
+    LIM(MEMLOCK, 1024),
+#endif
+    LIM(NOFILE, 1),
+#ifdef RLIMIT_NPROC
+    LIM(NPROC, 1),
+#endif
+#ifdef RLIMIT_RSS
+    LIM(RSS, 1024),
+#endif
+    LIM(STACK, 1024),
+
+#ifdef RLIMIT_AS
+    LIM(AS, 1024),
+#endif
+#ifdef RLIMIT_LOCKS
+    LIM(LOCKS, 1),
+#endif
+    /*
+      maxlogins
+      priority
+    */
+    { NULL, 0 }
+};
+
+static struct limit *
+find_limit(const char *name)
+{
+    struct limit *l;
+    for(l = limits; l->name != NULL; l++)
+	if(strcasecmp(name, l->name) == 0)
+	    return l;
+    return NULL;
+}
+
+/* this function reads limits.conf files similar to pam_limits
+   unimplemented features include:
+   	% maxlogins
+	"-" no limits, 
+	priorities etc that are not set via setrlimit
+   XXX uses static storage, and clobbers getgr*
+*/
+
+int
+read_limits_conf(const char *file, const struct passwd *pwd)
+{
+    FILE *f;
+    char *args[4];
+    int lineno = 0;
+    char buf[1024];
+    struct limit *l;
+    rlim_t value;
+
+    f = fopen(file, "r");
+    if(f == NULL) {
+	if(errno != ENOENT && errno != ENOTDIR)
+	    syslog(LOG_ERR, "%s: %m", file);
+	return -1;
+    }
+
+    while(fgets(buf, sizeof(buf), f) != NULL) {
+	char *last = NULL;
+	char *end = NULL;
+	int level;
+
+	lineno++;
+
+	if(buf[0] == '\0') {
+	    syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
+	    continue;
+	}
+	if(buf[strlen(buf) - 1] != '\n') {
+	    /* file did not end with a newline, figure out if we're at
+               the EOF, or if our buffer was too small */
+	    int eof = 1;
+	    int c;
+	    while((c = fgetc(f)) != EOF) {
+		eof = 0;
+		if(c == '\n') 
+		    break;
+	    }
+	    if(!eof) {
+		syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
+		continue;
+	    }
+	}
+	buf[strcspn(buf, "#\r\n")] = '\0';
+	if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
+	   (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
+	   (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
+	   (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
+	    if(args[0] != NULL) /* this would include comment lines */
+		syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
+	    continue;
+	}
+
+	l = find_limit(args[2]);
+	if(l == NULL) {
+	    syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
+	    continue;
+	}
+	if(strcmp(args[3], "-") == 0) {
+	    value = RLIM_INFINITY;
+	} else {
+	    errno = 0;
+	    value = strtol(args[3], &end, 10);
+	    if(*end != '\0') {
+		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+		continue;
+	    }
+	    if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
+		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+		continue;
+	    }
+	    if(value * l->scale < value)
+		value = RLIM_INFINITY;
+	    else
+		value *= l->scale;
+	}
+	level = 0;
+	/* XXX unclear: if you set group hard and user soft limit,
+           should the hard limit still apply? this code doesn't. */
+	if(strcmp(args[0], pwd->pw_name) == 0)
+	    level = 3;
+	if(*args[0] == '@') {
+	    struct group *gr;
+	    gr = getgrnam(args[0] + 1);
+	    if(gr != NULL && gr->gr_gid == pwd->pw_gid)
+		level = 2;
+	}
+	if(strcmp(args[0], "*") == 0)
+	    level = 1;
+	if(level == 0 || level < l->has_limit) /* not for us */
+	    continue;
+	if(l->has_limit < level) {
+	    if(getrlimit(l->resource, &l->limit) < 0)
+		continue;
+	    l->has_limit = level;
+	}
+	
+	/* XXX unclear: if you soft to more than default hard, should
+           we set hard to soft? this code doesn't. */
+	if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
+	    l->limit.rlim_cur = value;
+	if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) 
+	    l->limit.rlim_max = value;
+    }
+    fclose(f);
+    for(l = limits; l->name != NULL; l++) {
+	if(l->has_limit) {
+	    if(l->limit.rlim_cur > l->limit.rlim_max)
+		l->limit.rlim_cur = l->limit.rlim_max;
+	    if(setrlimit(l->resource, &l->limit) != 0)
+		syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
+	}
+	l->has_limit = 0;
+    }
+    return 0;
+}
diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1
index b0c9a6c..1ae4f3e 100644
--- a/crypto/heimdal/appl/login/login.1
+++ b/crypto/heimdal/appl/login/login.1
@@ -1,6 +1,6 @@
-.\" $Id: login.1,v 1.1 2003/03/24 16:15:12 joda Exp $
+.\" $Id: login.1 14891 2005-04-22 15:49:25Z joda $
 .\" 
-.Dd March 24, 2003
+.Dd April 22, 2005
 .Dt LOGIN 1
 .Os HEIMDAL
 .Sh NAME
@@ -189,6 +189,10 @@ A comma separated list of text files that will be printed to the
 user's terminal before starting the shell. The string
 .Li welcome
 works similarly, but points to a single file.
+.It Li limits
+Points to a file containing ulimit settings for various users. Syntax
+is inspired by what pam_limits uses, and the default is
+.Pa /etc/security/limits.conf .
 .El
 .It Pa /etc/nologin
 If it exists, login is denied to all but root. The contents of this
@@ -213,8 +217,31 @@ A
 file could look like:
 .Bd -literal -offset indent
 default:\\
-	:motd=/etc/motd,/etc/motd.local:
+	:motd=/etc/motd,/etc/motd.local:\\
+	:limits=/etc/limits.conf:
 .Ed
+.Pp
+The
+.Pa limits.conf
+file consists of a table with four whitespace separated fields. First
+field is a username or a groupname (prefixed with
+.Sq @ ) , 
+or 
+.Sq * .
+Second field is
+.Sq soft ,
+.Sq hard ,
+or
+.Sq -
+(the last meaning both soft and hard).
+Third field is a limit name (such as
+.Sq cpu 
+or 
+.Sq core ) .
+Last field is the limit value (a number or
+.Sq - 
+for unlimited). In the case of data sizes, the value is in kilobytes,
+and cputime is in minutes.
 .Sh SEE ALSO
 .Xr su 1 ,
 .Xr login.access 5 ,
diff --git a/crypto/heimdal/appl/login/login.access.5 b/crypto/heimdal/appl/login/login.access.5
index be8828c..23290be 100644
--- a/crypto/heimdal/appl/login/login.access.5
+++ b/crypto/heimdal/appl/login/login.access.5
@@ -1,4 +1,4 @@
-.\" $Id: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $
+.\" $Id: login.access.5 11902 2003-03-24 15:49:30Z joda $
 .\" 
 .Dd March 21, 2003
 .Dt LOGIN.ACCESS 5
diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c
index 1531eec..cc41097 100644
--- a/crypto/heimdal/appl/login/login.c
+++ b/crypto/heimdal/appl/login/login.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -38,8 +38,11 @@
 #ifdef HAVE_SYS_CAPABILITY_H
 #include <sys/capability.h>
 #endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
 
-RCSID("$Id: login.c,v 1.59.2.1 2004/09/08 09:15:39 joda Exp $");
+RCSID("$Id: login.c 16498 2006-01-09 16:26:25Z joda $");
 
 static int login_timeout = 60;
 
@@ -118,7 +121,8 @@ exec_shell(const char *shell, int fallback)
 	p++;
     else
 	p = shell;
-    asprintf(&sh, "-%s", p);
+    if (asprintf(&sh, "-%s", p) == -1)
+	errx(1, "Out of memory");
     execle(shell, sh, NULL, env);
     if(fallback){
 	warnx("Can't exec %s, trying %s", 
@@ -131,6 +135,10 @@ exec_shell(const char *shell, int fallback)
 
 static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
 
+#ifdef KRB4
+static krb5_boolean get_v4_tgt = FALSE;
+#endif
+
 #ifdef OTP
 static OtpContext otp_ctx;
 
@@ -179,8 +187,6 @@ krb5_to4 (krb5_ccache id)
     krb5_error_code ret;
     krb5_principal princ;
 
-    int get_v4_tgt;
-
     ret = krb5_cc_get_principal(context, id, &princ);
     if(ret == 0) {
 	krb5_appdefault_boolean(context, "login", 
@@ -203,6 +209,8 @@ krb5_to4 (krb5_ccache id)
 	krb5_error_code ret;
 	krb5_principal princ;
 
+	krb5_cc_clear_mcred(&mcred);
+
 	ret = krb5_cc_get_principal (context, id, &princ);
 	if (ret)
 	    return ret;
@@ -212,9 +220,11 @@ krb5_to4 (krb5_ccache id)
 				  "krbtgt",
 				  princ->realm,
 				  NULL);
-	krb5_free_principal (context, princ);
-	if (ret)
+	if (ret) {
+	    krb5_free_principal(context, princ);
 	    return ret;
+	}
+	mcred.client = princ;
 
 	ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
 	if(ret == 0) {
@@ -226,9 +236,12 @@ krb5_to4 (krb5_ccache id)
 		tf_setup(&c, c.pname, c.pinst);
 	    }
 	    memset(&c, 0, sizeof(c));
-	    krb5_free_creds_contents(context, &cred);
+	    krb5_free_cred_contents(context, &cred);
 	}
+	if (ret != 0)
+	    get_v4_tgt = FALSE;
 	krb5_free_principal(context, mcred.server);
+	krb5_free_principal(context, mcred.client);
     }
     return 0;
 }
@@ -476,6 +489,14 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
 	    exit(1);
     }
 #endif
+    if(rootlogin == 0) {
+	const char *file = login_conf_get_string("limits");
+	if(file == NULL)
+	    file = _PATH_LIMITS_CONF;
+
+	read_limits_conf(file, pwd);
+    }
+	    
 #ifdef HAVE_SETPCRED
     if (setpcred (pwd->pw_name, NULL) == -1)
 	warn("setpcred(%s)", pwd->pw_name);
@@ -598,7 +619,8 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
 #endif /* KRB5 */
 
 #ifdef KRB4
-    krb4_get_afs_tokens (pwd);
+    if (auth == AUTH_KRB4 || get_v4_tgt)
+	krb4_get_afs_tokens (pwd);
 #endif /* KRB4 */
 
     add_env("PATH", _PATH_DEFPATH);
@@ -700,7 +722,7 @@ main(int argc, char **argv)
     int try;
 
     char username[32];
-    int optind = 0;
+    int optidx = 0;
 
     int ask = 1;
     struct sigaction sa;
@@ -717,13 +739,13 @@ main(int argc, char **argv)
     }
 #endif
 
-    openlog("login", LOG_ODELAY, LOG_AUTH);
+    openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH);
 
     if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
+		&optidx))
 	usage (1);
-    argc -= optind;
-    argv += optind;
+    argc -= optidx;
+    argv += optidx;
 
     if(help_flag)
 	usage(0);
@@ -850,6 +872,13 @@ main(int argc, char **argv)
 		syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
 		       pwd->pw_name, tty);
 	    exit (1);
+	} else {
+	    if (remote_host)
+		syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d",
+		       pwd->pw_name, remote_host, (int) getppid());
+	    else
+		syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d",
+		       pwd->pw_name, tty, (int) getppid());
 	}
         alarm(0);
 	do_login(pwd, tty, ttyn);
diff --git a/crypto/heimdal/appl/login/login_access.c b/crypto/heimdal/appl/login/login_access.c
index d6275fd..e1bfe42e 100644
--- a/crypto/heimdal/appl/login/login_access.c
+++ b/crypto/heimdal/appl/login/login_access.c
@@ -25,7 +25,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: login_access.c,v 1.2 2001/06/04 14:09:45 assar Exp $");
+RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $");
 
  /* Delimiters for fields and for lists of users, ttys or hosts. */
 
diff --git a/crypto/heimdal/appl/login/login_locl.h b/crypto/heimdal/appl/login/login_locl.h
index cc1d920..08b960c 100644
--- a/crypto/heimdal/appl/login/login_locl.h
+++ b/crypto/heimdal/appl/login/login_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: login_locl.h,v 1.24 2002/08/12 15:09:15 joda Exp $ */
+/* $Id: login_locl.h 17302 2006-04-27 09:17:01Z lha $ */
 
 #ifndef __LOGIN_LOCL_H__
 #define __LOGIN_LOCL_H__
@@ -111,9 +111,6 @@
 #ifndef _PATH_DEV
 #define _PATH_DEV "/dev/"
 #endif
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN "/etc/nologin"
-#endif
 #ifndef _PATH_WTMP
 #ifdef WTMP_FILE
 #define _PATH_WTMP WTMP_FILE
@@ -137,14 +134,12 @@
 #define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf"
 #endif /* _PATH_LOGIN_CONF */
 
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
-
 #ifndef _PATH_DEFPATH
 #define _PATH_DEFPATH "/usr/bin:/bin"
 #endif
 
+#include "loginpaths.h"
+
 struct spwd;
 
 extern char **env;
diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login_protos.h
index 48b8101..7fdbb35 100644
--- a/crypto/heimdal/appl/login/login_protos.h
+++ b/crypto/heimdal/appl/login/login_protos.h
@@ -4,6 +4,10 @@
 
 #include <stdarg.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void
 add_env (
 	const char */*var*/,
@@ -48,6 +52,11 @@ prepare_utmp (
 	const char */*hostname*/);
 
 int
+read_limits_conf (
+	const char */*file*/,
+	const struct passwd */*pwd*/);
+
+int
 read_string (
 	const char */*prompt*/,
 	char */*buf*/,
@@ -75,4 +84,8 @@ utmpx_login (
 	const char */*user*/,
 	const char */*host*/);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* __login_protos_h__ */
diff --git a/crypto/heimdal/appl/login/loginpaths.h b/crypto/heimdal/appl/login/loginpaths.h
new file mode 100644
index 0000000..141f81e
--- /dev/null
+++ b/crypto/heimdal/appl/login/loginpaths.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: loginpaths.h 17299 2006-04-27 09:14:20Z lha $ */
+
+#ifndef __LOGIN_PATH_H
+#define __LOGIN_PATH_H
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
+#endif
+
+#ifndef _PATH_LIMITS_CONF
+#define _PATH_LIMITS_CONF "/etc/security/limits.conf"
+#endif
+
+
+#endif /* __LOGIN_PATH_H */
diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c
index 056484c..e9c3679 100644
--- a/crypto/heimdal/appl/login/osfc2.c
+++ b/crypto/heimdal/appl/login/osfc2.c
@@ -32,7 +32,7 @@
  */
 
 #include "login_locl.h"
-RCSID("$Id: osfc2.c,v 1.4 2001/02/20 01:44:46 assar Exp $");
+RCSID("$Id: osfc2.c 9704 2001-02-20 01:44:56Z assar $");
 
 int
 do_osfc2_magic(uid_t uid)
diff --git a/crypto/heimdal/appl/login/read_string.c b/crypto/heimdal/appl/login/read_string.c
index f3cee14..925345e 100644
--- a/crypto/heimdal/appl/login/read_string.c
+++ b/crypto/heimdal/appl/login/read_string.c
@@ -33,7 +33,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: read_string.c,v 1.4 2000/06/21 02:09:36 assar Exp $");
+RCSID("$Id: read_string.c 18156 2006-09-22 15:42:39Z lha $");
 
 static sig_atomic_t intr_flag;
 
@@ -43,10 +43,15 @@ intr(int sig)
     intr_flag++;
 }
 
+#ifndef NSIG
+#define NSIG 47
+#endif
+
 int
 read_string(const char *prompt, char *buf, size_t len, int echo)
 {
-    struct sigaction sigs[47];
+    struct sigaction sigs[NSIG];
+    int oksigs[NSIG];
     struct sigaction sa;
     FILE *tty;
     int ret = 0;
@@ -57,12 +62,16 @@ read_string(const char *prompt, char *buf, size_t len, int echo)
 
     struct termios t_new, t_old;
 
+    memset(&oksigs, 0, sizeof(oksigs));
+
     memset(&sa, 0, sizeof(sa));
     sa.sa_handler = intr;
     sigemptyset(&sa.sa_mask);
     sa.sa_flags = 0;
-    for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (i != SIGALRM) sigaction(i, &sa, &sigs[i]);
+    for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
+	if (i != SIGALRM) 
+	    if (sigaction(i, &sa, &sigs[i]) == 0)
+		oksigs[i] = 1;
 
     if((tty = fopen("/dev/tty", "r")) == NULL)
 	tty = stdin;
@@ -103,8 +112,9 @@ read_string(const char *prompt, char *buf, size_t len, int echo)
     if(tty != stdin)
 	fclose(tty);
 
-    for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (i != SIGALRM) sigaction(i, &sigs[i], NULL);
+    for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
+	if (oksigs[i])
+	    sigaction(i, &sigs[i], NULL);
     
     if(ret)
 	return -3;
diff --git a/crypto/heimdal/appl/login/shadow.c b/crypto/heimdal/appl/login/shadow.c
index 0923831..081fe1c 100644
--- a/crypto/heimdal/appl/login/shadow.c
+++ b/crypto/heimdal/appl/login/shadow.c
@@ -33,7 +33,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: shadow.c,v 1.5 1999/12/02 17:04:56 joda Exp $");
+RCSID("$Id: shadow.c 7464 1999-12-02 17:05:13Z joda $");
 
 #ifdef HAVE_SHADOW_H
 
diff --git a/crypto/heimdal/appl/login/stty_default.c b/crypto/heimdal/appl/login/stty_default.c
index 5e38566..df49048 100644
--- a/crypto/heimdal/appl/login/stty_default.c
+++ b/crypto/heimdal/appl/login/stty_default.c
@@ -33,7 +33,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: stty_default.c,v 1.8 1999/12/02 17:04:56 joda Exp $");
+RCSID("$Id: stty_default.c 7464 1999-12-02 17:05:13Z joda $");
 
 #include <termios.h>
 
diff --git a/crypto/heimdal/appl/login/tty.c b/crypto/heimdal/appl/login/tty.c
index 0ffea72..8dd68ee 100644
--- a/crypto/heimdal/appl/login/tty.c
+++ b/crypto/heimdal/appl/login/tty.c
@@ -33,7 +33,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: tty.c,v 1.4 1999/12/02 17:04:56 joda Exp $");
+RCSID("$Id: tty.c 7464 1999-12-02 17:05:13Z joda $");
 
 /*
  * Clean the tty name.  Return a pointer to the cleaned version.
diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c
index 0be6cdb..5f6c79c 100644
--- a/crypto/heimdal/appl/login/utmp_login.c
+++ b/crypto/heimdal/appl/login/utmp_login.c
@@ -33,7 +33,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: utmp_login.c,v 1.18 2001/02/08 16:08:26 assar Exp $");
+RCSID("$Id: utmp_login.c 9661 2001-02-08 16:08:47Z assar $");
 
 /* try to put something useful from hostname into dst, dst_sz:
  * full name, first component or address */
diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c
index b6e5fcf..5e25c09 100644
--- a/crypto/heimdal/appl/login/utmpx_login.c
+++ b/crypto/heimdal/appl/login/utmpx_login.c
@@ -18,7 +18,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: utmpx_login.c,v 1.26 2001/06/04 14:10:19 assar Exp $");
+RCSID("$Id: utmpx_login.c 10020 2001-06-04 14:10:19Z assar $");
 
 /* utmpx_login - update utmp and wtmp after login */
 
diff --git a/crypto/heimdal/appl/push/ChangeLog b/crypto/heimdal/appl/push/ChangeLog
index e158181..d1ad46b 100644
--- a/crypto/heimdal/appl/push/ChangeLog
+++ b/crypto/heimdal/appl/push/ChangeLog
@@ -1,6 +1,10 @@
-2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
+2005-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* push.c: 1.48: alloc memory to handle very long lines
+	* push.c: catch when snprint needs a larger buffer
+
+2004-06-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* push.c: alloc memory to handle very long lines
 	
 2003-04-03  Assar Westerlund  <assar@kth.se>
 
diff --git a/crypto/heimdal/appl/push/Makefile.am b/crypto/heimdal/appl/push/Makefile.am
index 5999ec1..eb67943 100644
--- a/crypto/heimdal/appl/push/Makefile.am
+++ b/crypto/heimdal/appl/push/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.17 2000/11/15 22:51:09 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_hesiod)
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hesiod)
 
 bin_SCRIPTS		= pfrom
 
@@ -22,6 +22,6 @@ EXTRA_DIST = pfrom.in $(man_MANS)
 
 LDADD = $(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken) \
 	$(LIB_hesiod)
diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in
index 4dc3b92..9178f7b 100644
--- a/crypto/heimdal/appl/push/Makefile.in
+++ b/crypto/heimdal/appl/push/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,24 +14,18 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.17 2000/11/15 22:51:09 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
 
-SOURCES = $(push_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -43,6 +37,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -51,16 +46,14 @@ libexec_PROGRAMS = push$(EXEEXT)
 subdir = appl/push
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -73,6 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -81,43 +75,47 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" \
+	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
 libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(libexec_PROGRAMS)
 am_push_OBJECTS = push.$(OBJEXT)
 push_OBJECTS = $(am_push_OBJECTS)
 push_LDADD = $(LDADD)
-@KRB5_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-am__DEPENDENCIES_2 =
-push_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_2)
+am__DEPENDENCIES_1 =
+push_DEPENDENCIES = $(LIB_krb5) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
 binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
 SCRIPTS = $(bin_SCRIPTS)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(push_SOURCES)
 DIST_SOURCES = $(push_SOURCES)
 man1dir = $(mandir)/man1
@@ -127,13 +125,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -143,8 +135,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -155,11 +145,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -167,42 +156,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -220,12 +194,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -235,15 +206,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -252,6 +222,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -263,15 +234,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -279,74 +245,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_hesiod)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4) $(INCLUDE_hesiod)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -363,6 +335,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 bin_SCRIPTS = pfrom
 push_SOURCES = push.c push_locl.h
@@ -371,14 +344,14 @@ CLEANFILES = pfrom
 EXTRA_DIST = pfrom.in $(man_MANS)
 LDADD = $(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_roken) \
 	$(LIB_hesiod)
 
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -410,7 +383,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
 	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -438,10 +411,10 @@ clean-libexecPROGRAMS:
 	done
 push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES) 
 	@rm -f push$(EXEEXT)
-	$(LINK) $(push_LDFLAGS) $(push_OBJECTS) $(push_LDADD) $(LIBS)
+	$(LINK) $(push_OBJECTS) $(push_LDADD) $(LIBS)
 install-binSCRIPTS: $(bin_SCRIPTS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_SCRIPTS)'; for p in $$list; do \
 	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
 	  if test -f $$d$$p; then \
@@ -479,13 +452,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -530,7 +499,7 @@ uninstall-man1:
 	done
 install-man8: $(man8_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
 	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -594,9 +563,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -621,23 +592,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -657,7 +626,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -679,7 +648,7 @@ clean-generic:
 	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -692,7 +661,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -708,14 +677,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1 install-man8
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -735,25 +712,32 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binSCRIPTS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
+uninstall-am: uninstall-binSCRIPTS uninstall-libexecPROGRAMS \
+	uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1 uninstall-man8
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binSCRIPTS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-man1 install-man8 \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-binSCRIPTS uninstall-hook uninstall-libexecPROGRAMS \
+	uninstall-man uninstall-man1 uninstall-man8
 
 
 install-suid-programs:
@@ -768,8 +752,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -779,19 +763,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -807,7 +803,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -877,15 +873,40 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
 
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+
 pfrom: pfrom.in
 	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
 	chmod +x $@
diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1
index 2d7983c..e8f1561 100644
--- a/crypto/heimdal/appl/push/pfrom.1
+++ b/crypto/heimdal/appl/push/pfrom.1
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\" $Id: pfrom.1,v 1.5 2003/02/16 21:10:11 lha Exp $
+.\" $Id: pfrom.1 11648 2003-02-16 21:10:32Z lha $
 .\"
 .Dd March 4, 2000
 .Dt PFROM 1
diff --git a/crypto/heimdal/appl/push/pfrom.in b/crypto/heimdal/appl/push/pfrom.in
index 6adf4f0..8af97ef 100644
--- a/crypto/heimdal/appl/push/pfrom.in
+++ b/crypto/heimdal/appl/push/pfrom.in
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $Id: pfrom.in,v 1.2 1998/11/24 13:25:47 assar Exp $
+# $Id: pfrom.in 5248 1998-11-24 13:25:47Z assar $
 libexecdir=%libexecdir%
 PATH=$libexecdir:$PATH
 export PATH
diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8
index 14561a9..985545e 100644
--- a/crypto/heimdal/appl/push/push.8
+++ b/crypto/heimdal/appl/push/push.8
@@ -1,4 +1,4 @@
-.\" $Id: push.8,v 1.13 2002/08/20 17:07:07 joda Exp $
+.\" $Id: push.8 11176 2002-08-20 17:07:29Z joda $
 .\"
 .Dd May 31, 1998
 .Dt PUSH 8
diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c
index 2e6f8b8..87a0be2 100644
--- a/crypto/heimdal/appl/push/push.c
+++ b/crypto/heimdal/appl/push/push.c
@@ -32,7 +32,7 @@
  */
 
 #include "push_locl.h"
-RCSID("$Id: push.c,v 1.47.2.1 2004/06/21 10:54:46 lha Exp $");
+RCSID("$Id: push.c 14850 2005-04-19 18:00:17Z lha $");
 
 #ifdef KRB4
 static int use_v4 = -1;
@@ -268,11 +268,13 @@ doit(int s,
     now = time(NULL);
     from_line_length = snprintf (from_line, sizeof(from_line),
 				 "From %s %s", "push", ctime(&now));
+    if (from_line_length < 0 || from_line_length > sizeof(from_line))
+	errx (1, "snprintf failed");
 
     out_len = snprintf (out_buf, sizeof(out_buf),
 			"USER %s\r\nPASS hej\r\nSTAT\r\n",
 			user);
-    if (out_len < 0)
+    if (out_len < 0 || out_len > sizeof(out_buf))
 	errx (1, "snprintf failed");
     if (net_write (s, out_buf, out_len) != out_len)
 	err (1, "write");
@@ -490,7 +492,7 @@ doit(int s,
 	    else if(state == DELE)
 		out_len = snprintf (out_buf, sizeof(out_buf),
 				    "DELE %u\r\n", ++asked_deleted);
-	    if (out_len < 0)
+	    if (out_len < 0 || out_len > sizeof(out_buf))
 		errx (1, "snprintf failed");
 	    if (net_write (s, out_buf, out_len) != out_len)
 		err (1, "write");
diff --git a/crypto/heimdal/appl/push/push_locl.h b/crypto/heimdal/appl/push/push_locl.h
index 1e5ca78..0bcac64 100644
--- a/crypto/heimdal/appl/push/push_locl.h
+++ b/crypto/heimdal/appl/push/push_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: push_locl.h,v 1.6 1999/12/02 16:58:33 joda Exp $ */
+/* $Id: push_locl.h 7463 1999-12-02 16:58:55Z joda $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog
index 6c830d6..6ae6a1d 100644
--- a/crypto/heimdal/appl/rcp/ChangeLog
+++ b/crypto/heimdal/appl/rcp/ChangeLog
@@ -1,3 +1,56 @@
+2007-12-13  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: Add missing files, from Buchan Milne.
+
+2006-10-20  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* Makefile.am: more files
+	
+2006-08-08  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* util.c: Check return values from setuid, prompted by MIT
+	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
+
+	* rcp.c: Check return values from setuid, prompted by MIT
+	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
+
+	* rcp.c: Check return values from seteuid, prompted by MIT
+	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
+	
+2005-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rcp.c: Check return value from asprintf instead of string !=
+	NULL since it undefined behavior on Linux. From Björn Sandell
+	
+2005-08-30  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* util.c: Explicit typecast to avoid signess warning.
+	
+2005-05-29  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rcp_locl.h: undef _PATH_RSH to make sure our version is used
+	
+2005-05-11  David Love  <fx@gnu.org>
+
+	* rcp.c: MODEMASK is defined in sys/vnode.h on Solaris, so undef
+	it before we define our own.
+
+2005-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rcp_locl.h: use BINDIR instead of "/usr/bin/ with _PATH_RSH
+
+2005-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* util.c: use unsigned char * to make sure its not negative when
+	passing it to is* functions
+
+2004-05-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rcp.c: add -e (passed to rsh)
+	
 2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
 
 	* rcp.1: add a HISTORY section
diff --git a/crypto/heimdal/appl/rcp/Makefile.am b/crypto/heimdal/appl/rcp/Makefile.am
index 4ecf7a6..6b2295a 100644
--- a/crypto/heimdal/appl/rcp/Makefile.am
+++ b/crypto/heimdal/appl/rcp/Makefile.am
@@ -1,11 +1,15 @@
-# $Id: Makefile.am,v 1.2 2001/01/28 22:50:35 assar Exp $
+# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+AM_CPPFLAGS += $(INCLUDE_krb4)
 
 bin_PROGRAMS = rcp
 
-rcp_SOURCES  = rcp.c util.c
+rcp_SOURCES  = rcp.c util.c rcp_locl.h extern.h
+
+man_MANS = rcp.1
+
+EXTRA_DIST = $(man_MANS)
 
 LDADD = $(LIB_roken)
diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in
index 7c5a0c4..2ee0151 100644
--- a/crypto/heimdal/appl/rcp/Makefile.in
+++ b/crypto/heimdal/appl/rcp/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.2 2001/01/28 22:50:35 assar Exp $
+# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(rcp_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = rcp$(EXEEXT)
 subdir = appl/rcp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,19 +74,23 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS)
 am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT)
@@ -100,30 +98,27 @@ rcp_OBJECTS = $(am_rcp_OBJECTS)
 rcp_LDADD = $(LDADD)
 am__DEPENDENCIES_1 =
 rcp_DEPENDENCIES = $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(rcp_SOURCES)
 DIST_SOURCES = $(rcp_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -133,8 +128,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -145,11 +138,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -157,42 +149,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -210,12 +187,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -225,15 +199,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -242,6 +215,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -253,15 +227,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -269,74 +238,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -353,13 +328,16 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-rcp_SOURCES = rcp.c util.c
+rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h
+man_MANS = rcp.1
+EXTRA_DIST = $(man_MANS)
 LDADD = $(LIB_roken)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -391,7 +369,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -419,7 +397,7 @@ clean-binPROGRAMS:
 	done
 rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES) 
 	@rm -f rcp$(EXEEXT)
-	$(LINK) $(rcp_LDFLAGS) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
+	$(LINK) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -441,10 +419,51 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
+install-man1: $(man1_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
+uninstall-man1:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
 
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -466,9 +485,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -493,23 +514,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -526,10 +545,10 @@ distdir: $(DISTFILES)
 check-am: all-am
 	$(MAKE) $(AM_MAKEFLAGS) check-local
 check: check-am
-all-am: Makefile $(PROGRAMS) all-local
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
-	for dir in "$(DESTDIR)$(bindir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -550,7 +569,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -562,7 +581,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -574,17 +593,25 @@ info: info-am
 
 info-am:
 
-install-data-am:
+install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
-install-man:
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
 
 installcheck-am:
 
@@ -605,20 +632,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
 
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-info-am
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-binPROGRAMS uninstall-hook \
+	uninstall-man uninstall-man1
 
 
 install-suid-programs:
@@ -633,8 +670,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -644,19 +681,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -672,7 +721,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -742,14 +791,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/rcp/rcp.1 b/crypto/heimdal/appl/rcp/rcp.1
index 5ce9527..920a4f7 100644
--- a/crypto/heimdal/appl/rcp/rcp.1
+++ b/crypto/heimdal/appl/rcp/rcp.1
@@ -1,4 +1,4 @@
-.\" $Id: rcp.1,v 1.2 2003/04/16 12:20:43 joda Exp $
+.\" $Id: rcp.1 12025 2003-04-16 12:20:43Z joda $
 .\"
 .Dd April 16, 2003
 .Dt RCP 1
diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c
index c54409a..9a138c7 100644
--- a/crypto/heimdal/appl/rcp/rcp.c
+++ b/crypto/heimdal/appl/rcp/rcp.c
@@ -43,6 +43,7 @@ int     pflag, iamremote, iamrecursive, targetshouldbedirectory;
 int     doencrypt, noencrypt;
 int     usebroken, usekrb4, usekrb5, forwardtkt;
 char    *port;
+int     eflag = 0;
 
 #define	CMDNEEDS	64
 char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
@@ -71,6 +72,7 @@ struct getargs args[] = {
     { NULL,	'x', arg_flag,		&doencrypt,	"use encryption" },
     { NULL,	'z', arg_flag,		&noencrypt,	"don't encrypt" },
     { NULL,	'd', arg_flag,		&targetshouldbedirectory },
+    { NULL,	'e', arg_flag,		&eflag, 	"passed to rsh" },
     { NULL,	'f', arg_flag,		&fflag },
     { NULL,	't', arg_flag,		&tflag },
     { "version", 0,  arg_flag,		&version_flag },
@@ -117,13 +119,15 @@ main(int argc, char **argv)
 
 	if (fflag) {			/* Follow "protocol", send data. */
 		response();
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		source(argc, argv);
 		exit(errs);
 	}
 
 	if (tflag) {			/* Receive data. */
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		sink(argc, argv);
 		exit(errs);
 	}
@@ -177,6 +181,7 @@ toremote(char *targ, int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		src = colon(argv[i]);
 		if (src) {			/* remote to remote */
+			int ret;
 			*src++ = 0;
 			if (*src == 0)
 				src = ".";
@@ -188,26 +193,27 @@ toremote(char *targ, int argc, char **argv)
 					suser = pwd->pw_name;
 				else if (!okname(suser))
 					continue;
-				asprintf(&bp,
-				    "%s %s -l %s -n %s %s '%s%s%s:%s'",
-				    _PATH_RSH, host, suser, cmd, src,
+				ret = asprintf(&bp,
+				    "%s%s %s -l %s -n %s %s '%s%s%s:%s'",
+					 _PATH_RSH, eflag ? " -e" : "", 
+					 host, suser, cmd, src,
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
 			} else {
-				asprintf(&bp,
-				    "exec %s %s -n %s %s '%s%s%s:%s'",
-				    _PATH_RSH, argv[i], cmd, src,
-				    tuser ? tuser : "", tuser ? "@" : "",
-				    thost, targ);
+				ret = asprintf(&bp,
+					 "exec %s%s %s -n %s %s '%s%s%s:%s'",
+					 _PATH_RSH, eflag ? " -e" : "", 
+					 argv[i], cmd, src,
+					 tuser ? tuser : "", tuser ? "@" : "",
+					 thost, targ);
 			}
-			if (bp == NULL)
+			if (ret == -1)
 				err (1, "malloc");
 			susystem(bp, userid);
 			free(bp);
 		} else {			/* local to remote */
 			if (remin == -1) {
-				asprintf(&bp, "%s -t %s", cmd, targ);
-				if (bp == NULL)
+				if (asprintf(&bp, "%s -t %s", cmd, targ) == -1)
 					err (1, "malloc");
 				host = thost;
 
@@ -217,7 +223,8 @@ toremote(char *targ, int argc, char **argv)
 				if (response() < 0)
 					exit(1);
 				free(bp);
-				setuid(userid);
+				if (setuid(userid) < 0)
+					errx(1, "setuid failed");
 			}
 			source(1, argv+i);
 		}
@@ -231,11 +238,13 @@ tolocal(int argc, char **argv)
 	char *bp, *host, *src, *suser;
 
 	for (i = 0; i < argc - 1; i++) {
+		int ret;
+
 		if (!(src = colon(argv[i]))) {		/* Local to local. */
-			asprintf(&bp, "exec %s%s%s %s %s", _PATH_CP,
+			ret = asprintf(&bp, "exec %s%s%s %s %s", _PATH_CP,
 			    iamrecursive ? " -PR" : "", pflag ? " -p" : "",
 			    argv[i], argv[argc - 1]);
-			if (bp == NULL)
+			if (ret == -1)
 				err (1, "malloc");
 			if (susystem(bp, userid))
 				++errs;
@@ -256,8 +265,8 @@ tolocal(int argc, char **argv)
 			else if (!okname(suser))
 				continue;
 		}
-		asprintf(&bp, "%s -f %s", cmd, src);
-		if (bp == NULL)
+		ret = asprintf(&bp, "%s -f %s", cmd, src);
+		if (ret == -1)
 			err (1, "malloc");
 		if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
 			free(bp);
@@ -266,7 +275,8 @@ tolocal(int argc, char **argv)
 		}
 		free(bp);
 		sink(1, argv + argc - 1);
-		seteuid(0);
+		if (seteuid(0) < 0)
+			exit(1);
 		close(remin);
 		remin = remout = -1;
 	}
@@ -319,6 +329,7 @@ syserr:			run_err("%s: %s", name, strerror(errno));
 			if (response() < 0)
 				goto next;
 		}
+#undef MODEMASK
 #define	MODEMASK	(S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
 		snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
 			 stb.st_mode & MODEMASK,
@@ -768,6 +779,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
 			args[i++] = "-p";
 			args[i++] = port;
 		}
+		if (eflag)
+		    args[i++] = "-e";
 		if (remuser != NULL) {
 			args[i++] = "-l";
 			args[i++] = remuser;
diff --git a/crypto/heimdal/appl/rcp/rcp_locl.h b/crypto/heimdal/appl/rcp/rcp_locl.h
index 4397c9f..4dc6d5f 100644
--- a/crypto/heimdal/appl/rcp/rcp_locl.h
+++ b/crypto/heimdal/appl/rcp/rcp_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: rcp_locl.h,v 1.3 2001/01/29 05:59:24 assar Exp $ */
+/* $Id: rcp_locl.h 15285 2005-05-29 18:24:43Z lha $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -60,5 +60,8 @@
 
 #include "extern.h"
 
+#ifndef _PATH_CP
 #define	_PATH_CP	"/bin/cp"
-#define	_PATH_RSH	"/usr/bin/rsh"
+#endif
+#undef _PATH_RSH
+#define	_PATH_RSH	BINDIR "/rsh"
diff --git a/crypto/heimdal/appl/rcp/util.c b/crypto/heimdal/appl/rcp/util.c
index 3621d30..fe9e899 100644
--- a/crypto/heimdal/appl/rcp/util.c
+++ b/crypto/heimdal/appl/rcp/util.c
@@ -43,7 +43,7 @@ static const char rcsid[] =
 
 #include "rcp_locl.h"
 
-RCSID("$Id: util.c,v 1.6 2001/09/04 14:35:58 assar Exp $");
+RCSID("$Id: util.c 17878 2006-08-08 21:43:58Z lha $");
 
 char *
 colon(cp)
@@ -81,9 +81,9 @@ okname(cp0)
 	char *cp0;
 {
 	int c;
-	char *cp;
+	unsigned char *cp;
 
-	cp = cp0;
+	cp = (unsigned char *)cp0;
 	do {
 		c = *cp;
 		if (c & 0200)
@@ -112,7 +112,8 @@ susystem(s, userid)
 		return (127);
 
 	case 0:
-		(void)setuid(userid);
+		if (setuid(userid) < 0)
+			_exit(127);
 		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
 		_exit(127);
 	}
diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog
index 1f33245..e78ff25a8 100644
--- a/crypto/heimdal/appl/rsh/ChangeLog
+++ b/crypto/heimdal/appl/rsh/ChangeLog
@@ -1,3 +1,128 @@
+2007-07-12  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh.c: Fix pointer vs strict alias rules.
+
+	* rshd.c: Fix pointer vs strict alias rules.
+
+2007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* rshd.c: Declare iruserok if needed, based on bug report from
+	David Love.
+	
+2006-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* rsh_locl.h: Forward decl.
+	
+2006-10-14  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh_locl.h: Include "crypto-headers.h".
+	
+2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: Add man_MANS to EXTRA_DIST
+	
+2006-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: rshd_SOURCES += add limits_conf.c
+
+	* rsh_locl.h: Include "loginpaths.h"
+
+	* rshd.c: Read limits from limits.confon non-root login, patch
+	from Daniel Ahlin
+	
+2006-02-27 Johan Danielsson <joda@pdc.kth.se>
+
+	* rshd.8: grammar (from Thomas Klausner)
+	
+2006-01-31  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rshd.c (krb5_start_session): syslog failures to store cred cache
+	
+2005-12-21  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rshd.c (doit): move creation of users ticket file to later to
+	avoid seteuid/setuid dance. this breaks DCE, so remove support for
+	it completely.
+	
+2005-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rshd.c: Check return value from asprintf instead of string !=
+	NULL since it undefined behavior on Linux. From Björn Sandell
+
+	* rsh.c: Check return value from asprintf instead of string !=
+	NULL since it undefined behavior on Linux. From Björn Sandell
+
+2005-06-08  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rshd.c: init some important variables and check that they are
+	set checking authentication, all to please gcc
+
+2005-05-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rshd.c: case uid_t to unsigned long in printf format
+	
+2005-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh_locl.h: Use larger buffer for recving data to be compatible
+	with older versions of heimdal (0.4 branch specificly)
+
+	* rshd.c: Use larger buffer for recving data to be compatible with
+	older versions of heimdal (0.4 branch specificly)
+
+2005-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rshd.c: use snprintf to format tkfile
+	
+2005-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh.c: use strlcat
+
+	* rsh.c: use strlcpy
+
+	* rsh_locl.h: forward declaration for private structures
+
+2005-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh.c: cast size_t to unsigned long
+
+2004-09-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rshd.c: rename loop to rshd_loop
+	
+	* rshd.c: pass errsock status to init_ivecs
+	
+	* rsh.c: rename loop() to rsh_loop()
+	
+	* rsh.c (loop): pass errsock status to init_ivecs
+	
+	* common.c (init_ivecs): if we don't have an errsock the ivecs
+	should point to the same data
+	
+	* rshd.c: if we don't have an errsock, dup stdout to stderr (this
+	would normally be done by inetd, but not by mini_inetd).
+	
+	* rshd.c: move keepalive setting to after setting up sockets
+	
+2004-02-20  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rsh.1: reorder and document some options
+
+	* rsh_locl.h: include kafs.h if krb4 || krb5
+
+	* rsh.c: reorder some options
+
+2003-09-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rsh.1: document -d
+
+2003-08-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rshd.c: -P also with KRB5
+	
+2003-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* rsh.1: replace > with \*[Gt]
+	
 2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
 
 	* rsh.c: use krb5_appdefault to get defaults for forward and
diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am
index 2fbc8e0..6377e02 100644
--- a/crypto/heimdal/appl/rsh/Makefile.am
+++ b/crypto/heimdal/appl/rsh/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.17 2001/07/31 09:12:03 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4) -I$(srcdir)/../login
+AM_CPPFLAGS += $(INCLUDE_krb4) -I$(srcdir)/../login
 
 bin_PROGRAMS = rsh
 
@@ -12,14 +12,18 @@ libexec_PROGRAMS = rshd
 
 rsh_SOURCES  = rsh.c common.c rsh_locl.h
 
-rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
+rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
 
 login_access.c:
 	$(LN_S) $(srcdir)/../login/login_access.c .
 
+limits_conf.c:
+	$(LN_S) $(srcdir)/../login/limits_conf.c .
+
 LDADD = $(LIB_kafs) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_kdfs)
+	$(LIB_hcrypto) \
+	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in
index 04412b3..6c7651c 100644
--- a/crypto/heimdal/appl/rsh/Makefile.in
+++ b/crypto/heimdal/appl/rsh/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.17 2001/07/31 09:12:03 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -51,16 +46,14 @@ libexec_PROGRAMS = rshd$(EXEEXT)
 subdir = appl/rsh
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -73,6 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -81,19 +75,24 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
@@ -103,30 +102,28 @@ rsh_LDADD = $(LDADD)
 am__DEPENDENCIES_1 =
 am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
 	$(am__DEPENDENCIES_1)
-@KRB5_TRUE@am__DEPENDENCIES_3 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@DCE_TRUE@am__DEPENDENCIES_4 = $(top_builddir)/lib/kdfs/libkdfs.la
-rsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
+rsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4)
+	$(am__DEPENDENCIES_1)
 am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) \
-	login_access.$(OBJEXT)
+	login_access.$(OBJEXT) limits_conf.$(OBJEXT)
 rshd_OBJECTS = $(am_rshd_OBJECTS)
 rshd_LDADD = $(LDADD)
-rshd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
+rshd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+	$(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
 DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
 man1dir = $(mandir)/man1
@@ -136,13 +133,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -152,8 +143,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -164,11 +153,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -176,42 +164,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -229,12 +202,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -244,15 +214,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -261,6 +230,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -272,15 +242,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -288,74 +253,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) -I$(srcdir)/../login
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4) -I$(srcdir)/../login
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -372,21 +343,22 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 man_MANS = rsh.1 rshd.8
 rsh_SOURCES = rsh.c common.c rsh_locl.h
-rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
+rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
 LDADD = $(LIB_kafs) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_kdfs)
+	$(LIB_hcrypto) \
+	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -418,7 +390,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -446,7 +418,7 @@ clean-binPROGRAMS:
 	done
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
 	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -474,10 +446,10 @@ clean-libexecPROGRAMS:
 	done
 rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES) 
 	@rm -f rsh$(EXEEXT)
-	$(LINK) $(rsh_LDFLAGS) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
+	$(LINK) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
 rshd$(EXEEXT): $(rshd_OBJECTS) $(rshd_DEPENDENCIES) 
 	@rm -f rshd$(EXEEXT)
-	$(LINK) $(rshd_LDFLAGS) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
+	$(LINK) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -499,13 +471,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -550,7 +518,7 @@ uninstall-man1:
 	done
 install-man8: $(man8_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
 	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -614,9 +582,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -641,23 +611,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -677,7 +645,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -698,7 +666,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -711,7 +679,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -727,14 +695,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1 install-man8
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -754,26 +730,33 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+	uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1 uninstall-man8
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool ctags distclean distclean-compile \
+	clean-libtool ctags dist-hook distclean distclean-compile \
 	distclean-generic distclean-libtool distclean-tags distdir dvi \
 	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
+	install-binPROGRAMS install-data install-data-am \
+	install-data-hook install-dvi install-dvi-am install-exec \
+	install-exec-am install-exec-hook install-html install-html-am \
+	install-info install-info-am install-libexecPROGRAMS \
+	install-man install-man1 install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-binPROGRAMS \
+	uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
+	uninstall-man1 uninstall-man8
 
 
 install-suid-programs:
@@ -788,8 +771,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -799,19 +782,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -827,7 +822,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -897,17 +892,45 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
 
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+
 login_access.c:
 	$(LN_S) $(srcdir)/../login/login_access.c .
+
+limits_conf.c:
+	$(LN_S) $(srcdir)/../login/limits_conf.c .
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/rsh/common.c b/crypto/heimdal/appl/rsh/common.c
index 69b0c9b..84311b0 100644
--- a/crypto/heimdal/appl/rsh/common.c
+++ b/crypto/heimdal/appl/rsh/common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $");
+RCSID("$Id: common.c 17450 2006-05-05 11:11:43Z lha $");
 
 #if defined(KRB4) || defined(KRB5)
 
@@ -43,7 +43,7 @@ void *ivec_in[2];
 void *ivec_out[2];
 
 void
-init_ivecs(int client)
+init_ivecs(int client, int have_errsock)
 {
     size_t blocksize;
 
@@ -52,14 +52,20 @@ init_ivecs(int client)
     ivec_in[0] = malloc(blocksize);
     memset(ivec_in[0], client, blocksize);
 
-    ivec_in[1] = malloc(blocksize);
-    memset(ivec_in[1], 2 | client, blocksize);
+    if(have_errsock) {
+	ivec_in[1] = malloc(blocksize);
+	memset(ivec_in[1], 2 | client, blocksize);
+    } else
+	ivec_in[1] = ivec_in[0];
 
     ivec_out[0] = malloc(blocksize);
     memset(ivec_out[0], !client, blocksize);
 
-    ivec_out[1] = malloc(blocksize);
-    memset(ivec_out[1], 2 | !client, blocksize);
+    if(have_errsock) {
+	ivec_out[1] = malloc(blocksize);
+	memset(ivec_out[1], 2 | !client, blocksize);
+    } else
+	ivec_out[1] = ivec_out[0];
 }
 #endif
 
@@ -76,7 +82,7 @@ do_read (int fd, void *buf, size_t sz, void *ivec)
 #ifdef KRB5
         if(auth_method == AUTH_KRB5) {
 	    krb5_error_code ret;
-	    u_int32_t len, outer_len;
+	    uint32_t len, outer_len;
 	    int status;
 	    krb5_data data;
 	    void *edata;
diff --git a/crypto/heimdal/appl/rsh/limits_conf.c b/crypto/heimdal/appl/rsh/limits_conf.c
new file mode 100644
index 0000000..ac9837f
--- /dev/null
+++ b/crypto/heimdal/appl/rsh/limits_conf.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $");
+
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+struct limit {
+    const char *name;
+    int resource;
+    int scale;
+    int has_limit;
+    struct rlimit limit;
+} limits[] = {
+#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
+    LIM(CORE, 1024),
+    LIM(CPU, 60),
+    LIM(DATA, 1024),
+    LIM(FSIZE, 1024),
+#ifdef RLIMIT_MEMLOCK
+    LIM(MEMLOCK, 1024),
+#endif
+    LIM(NOFILE, 1),
+#ifdef RLIMIT_NPROC
+    LIM(NPROC, 1),
+#endif
+#ifdef RLIMIT_RSS
+    LIM(RSS, 1024),
+#endif
+    LIM(STACK, 1024),
+
+#ifdef RLIMIT_AS
+    LIM(AS, 1024),
+#endif
+#ifdef RLIMIT_LOCKS
+    LIM(LOCKS, 1),
+#endif
+    /*
+      maxlogins
+      priority
+    */
+    { NULL, 0 }
+};
+
+static struct limit *
+find_limit(const char *name)
+{
+    struct limit *l;
+    for(l = limits; l->name != NULL; l++)
+	if(strcasecmp(name, l->name) == 0)
+	    return l;
+    return NULL;
+}
+
+/* this function reads limits.conf files similar to pam_limits
+   unimplemented features include:
+   	% maxlogins
+	"-" no limits, 
+	priorities etc that are not set via setrlimit
+   XXX uses static storage, and clobbers getgr*
+*/
+
+int
+read_limits_conf(const char *file, const struct passwd *pwd)
+{
+    FILE *f;
+    char *args[4];
+    int lineno = 0;
+    char buf[1024];
+    struct limit *l;
+    rlim_t value;
+
+    f = fopen(file, "r");
+    if(f == NULL) {
+	if(errno != ENOENT && errno != ENOTDIR)
+	    syslog(LOG_ERR, "%s: %m", file);
+	return -1;
+    }
+
+    while(fgets(buf, sizeof(buf), f) != NULL) {
+	char *last = NULL;
+	char *end = NULL;
+	int level;
+
+	lineno++;
+
+	if(buf[0] == '\0') {
+	    syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
+	    continue;
+	}
+	if(buf[strlen(buf) - 1] != '\n') {
+	    /* file did not end with a newline, figure out if we're at
+               the EOF, or if our buffer was too small */
+	    int eof = 1;
+	    int c;
+	    while((c = fgetc(f)) != EOF) {
+		eof = 0;
+		if(c == '\n') 
+		    break;
+	    }
+	    if(!eof) {
+		syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
+		continue;
+	    }
+	}
+	buf[strcspn(buf, "#\r\n")] = '\0';
+	if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
+	   (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
+	   (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
+	   (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
+	    if(args[0] != NULL) /* this would include comment lines */
+		syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
+	    continue;
+	}
+
+	l = find_limit(args[2]);
+	if(l == NULL) {
+	    syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
+	    continue;
+	}
+	if(strcmp(args[3], "-") == 0) {
+	    value = RLIM_INFINITY;
+	} else {
+	    errno = 0;
+	    value = strtol(args[3], &end, 10);
+	    if(*end != '\0') {
+		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+		continue;
+	    }
+	    if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
+		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+		continue;
+	    }
+	    if(value * l->scale < value)
+		value = RLIM_INFINITY;
+	    else
+		value *= l->scale;
+	}
+	level = 0;
+	/* XXX unclear: if you set group hard and user soft limit,
+           should the hard limit still apply? this code doesn't. */
+	if(strcmp(args[0], pwd->pw_name) == 0)
+	    level = 3;
+	if(*args[0] == '@') {
+	    struct group *gr;
+	    gr = getgrnam(args[0] + 1);
+	    if(gr != NULL && gr->gr_gid == pwd->pw_gid)
+		level = 2;
+	}
+	if(strcmp(args[0], "*") == 0)
+	    level = 1;
+	if(level == 0 || level < l->has_limit) /* not for us */
+	    continue;
+	if(l->has_limit < level) {
+	    if(getrlimit(l->resource, &l->limit) < 0)
+		continue;
+	    l->has_limit = level;
+	}
+	
+	/* XXX unclear: if you soft to more than default hard, should
+           we set hard to soft? this code doesn't. */
+	if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
+	    l->limit.rlim_cur = value;
+	if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) 
+	    l->limit.rlim_max = value;
+    }
+    fclose(f);
+    for(l = limits; l->name != NULL; l++) {
+	if(l->has_limit) {
+	    if(l->limit.rlim_cur > l->limit.rlim_max)
+		l->limit.rlim_cur = l->limit.rlim_max;
+	    if(setrlimit(l->resource, &l->limit) != 0)
+		syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
+	}
+	l->has_limit = 0;
+    }
+    return 0;
+}
diff --git a/crypto/heimdal/appl/rsh/login_access.c b/crypto/heimdal/appl/rsh/login_access.c
new file mode 100644
index 0000000..e1bfe42e
--- /dev/null
+++ b/crypto/heimdal/appl/rsh/login_access.c
@@ -0,0 +1,277 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
+* files may be covered by other copyrights.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+ /*
+  * This module implements a simple but effective form of login access
+  * control based on login names and on host (or domain) names, internet
+  * addresses (or network numbers), or on terminal line names in case of
+  * non-networked logins. Diagnostics are reported through syslog(3).
+  *
+  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+  */
+
+#include "login_locl.h"
+
+RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $");
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":";			/* field separator */
+static char sep[] = ", \t";		/* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES             1
+#define NO              0
+
+ /*
+  * A structure to bundle up all login-related information to keep the
+  * functional interfaces as generic as possible.
+  */
+struct login_info {
+    struct passwd *user;
+    char   *from;
+};
+
+static int list_match(char *list, struct login_info *item,
+		      int (*match_fn)(char *, struct login_info *));
+static int user_match(char *tok, struct login_info *item);
+static int from_match(char *tok, struct login_info *item);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(struct passwd *user, char *from)
+{
+    struct login_info item;
+    FILE   *fp;
+    char    line[BUFSIZ];
+    char   *perm;			/* becomes permission field */
+    char   *users;			/* becomes list of login names */
+    char   *froms;			/* becomes list of terminals or hosts */
+    int     match = NO;
+    int     end;
+    int     lineno = 0;			/* for diagnostics */
+    char   *foo;
+
+    /*
+     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
+     */
+    item.user = user;
+    item.from = from;
+
+    /*
+     * Process the table one line at a time and stop at the first match.
+     * Blank lines and lines that begin with a '#' character are ignored.
+     * Non-comment lines are broken at the ':' character. All fields are
+     * mandatory. The first field should be a "+" or "-" character. A
+     * non-existing table means no access control.
+     */
+
+    if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+	while (!match && fgets(line, sizeof(line), fp)) {
+	    lineno++;
+	    if (line[end = strlen(line) - 1] != '\n') {
+		syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+		       _PATH_LOGACCESS, lineno);
+		continue;
+	    }
+	    if (line[0] == '#')
+		continue;			/* comment line */
+	    while (end > 0 && isspace((unsigned char)line[end - 1]))
+		end--;
+	    line[end] = 0;			/* strip trailing whitespace */
+	    if (line[0] == 0)			/* skip blank lines */
+		continue;
+	    foo = NULL;
+	    if (!(perm = strtok_r(line, fs, &foo))
+		|| !(users = strtok_r(NULL, fs, &foo))
+		|| !(froms = strtok_r(NULL, fs, &foo))
+		|| strtok_r(NULL, fs, &foo)) {
+		syslog(LOG_ERR, "%s: line %d: bad field count", 
+		       _PATH_LOGACCESS,
+		       lineno);
+		continue;
+	    }
+	    if (perm[0] != '+' && perm[0] != '-') {
+		syslog(LOG_ERR, "%s: line %d: bad first field", 
+		       _PATH_LOGACCESS,
+		       lineno);
+		continue;
+	    }
+	    match = (list_match(froms, &item, from_match)
+		     && list_match(users, &item, user_match));
+	}
+	fclose(fp);
+    } else if (errno != ENOENT) {
+	syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+    }
+    return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list,
+	   struct login_info *item,
+	   int (*match_fn)(char *, struct login_info *))
+{
+    char   *tok;
+    int     match = NO;
+    char   *foo = NULL;
+
+    /*
+     * Process tokens one at a time. We have exhausted all possible matches
+     * when we reach an "EXCEPT" token or the end of the list. If we do find
+     * a match, look for an "EXCEPT" list and recurse to determine whether
+     * the match is affected by any exceptions.
+     */
+
+    for (tok = strtok_r(list, sep, &foo);
+	 tok != NULL;
+	 tok = strtok_r(NULL, sep, &foo)) {
+	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
+	    break;
+	if ((match = (*match_fn) (tok, item)) != 0)	/* YES */
+	    break;
+    }
+    /* Process exceptions to matches. */
+
+    if (match != NO) {
+	while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+	     /* VOID */ ;
+	if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+	    return (match);
+    }
+    return (NO);
+}
+
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+    static char name[MAXHOSTNAMELEN + 1] = "";
+
+    if (name[0] == 0) {
+	gethostname(name, sizeof(name));
+	name[MAXHOSTNAMELEN] = 0;
+    }
+    return (name);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+    static char *mydomain = 0;
+
+    if (mydomain == 0)
+	yp_get_default_domain(&mydomain);
+    return (innetgr(group, machine, user, mydomain));
+#else
+    syslog(LOG_ERR, "NIS netgroup support not configured");
+    return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, struct login_info *item)
+{
+    char   *string = item->user->pw_name;
+    struct login_info fake_item;
+    struct group *group;
+    int     i;
+    char   *at;
+
+    /*
+     * If a token has the magic value "ALL" the match always succeeds.
+     * Otherwise, return YES if the token fully matches the username, if the
+     * token is a group that contains the username, or if the token is the
+     * name of the user's primary group.
+     */
+
+    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
+	*at = 0;
+	fake_item.from = myhostname();
+	return (user_match(tok, item) && from_match(at + 1, &fake_item));
+    } else if (tok[0] == '@') {			/* netgroup */
+	return (netgroup_match(tok + 1, (char *) 0, string));
+    } else if (string_match(tok, string)) {	/* ALL or exact match */
+	return (YES);
+    } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+	if (item->user->pw_gid == group->gr_gid)
+	    return (YES);
+	for (i = 0; group->gr_mem[i]; i++)
+	    if (strcasecmp(string, group->gr_mem[i]) == 0)
+		return (YES);
+    }
+    return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, struct login_info *item)
+{
+    char   *string = item->from;
+    int     tok_len;
+    int     str_len;
+
+    /*
+     * If a token has the magic value "ALL" the match always succeeds. Return
+     * YES if the token fully matches the string. If the token is a domain
+     * name, return YES if it matches the last fields of the string. If the
+     * token has the magic value "LOCAL", return YES if the string does not
+     * contain a "." character. If the token is a network number, return YES
+     * if it matches the head of the string.
+     */
+
+    if (tok[0] == '@') {			/* netgroup */
+	return (netgroup_match(tok + 1, string, (char *) 0));
+    } else if (string_match(tok, string)) {	/* ALL or exact match */
+	return (YES);
+    } else if (tok[0] == '.') {			/* domain: match last fields */
+	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+	    && strcasecmp(tok, string + str_len - tok_len) == 0)
+	    return (YES);
+    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
+	if (strchr(string, '.') == 0)
+	    return (YES);
+    } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
+	       && strncmp(tok, string, tok_len) == 0) {
+	return (YES);
+    }
+    return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+    /*
+     * If the token has the magic value "ALL" the match always succeeds.
+     * Otherwise, return YES if the token fully matches the string.
+     */
+
+    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
+	return (YES);
+    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
+	return (YES);
+    }
+    return (NO);
+}
diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1
index 82c1f6c..2999dc0 100644
--- a/crypto/heimdal/appl/rsh/rsh.1
+++ b/crypto/heimdal/appl/rsh/rsh.1
@@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\"	$Id: rsh.1,v 1.6 2003/04/16 19:57:25 lha Exp $
+.\"	$Id: rsh.1 13394 2004-02-20 12:21:42Z joda $
 .\"
-.Dd September 4, 2002
+.Dd February 20, 2004
 .Dt RSH 1
 .Os HEIMDAL
 .Sh NAME
@@ -85,9 +85,9 @@ option.
 .Xc
 The
 .Fl K
-option turns off all Kerberos authentication. The long name implies
-that this is more or less totally unsecure. The security in this mode
-relies on reserved ports, which is not very secure.
+option turns off all Kerberos authentication. The security in this
+mode relies on reserved ports. The long name is an indication of how
+good this is.
 .It Xo
 .Fl n ,
 .Fl -no-input
@@ -99,6 +99,10 @@ option directs the input from the
 device (see the
 .Sx BUGS
 section of this manual page).
+.It Fl d
+Enable
+.Xr setsockopt 2
+socket debugging.
 .It Xo
 .Fl e ,
 .Fl -no-stderr
@@ -120,45 +124,48 @@ section for limitations).
 .Xc
 The opposite of
 .Fl x .
-This is the default, but encryption can be enabled when using
-Kerberos 5, by setting the
-.Li libdefaults/encrypt
-option in
-.Xr krb5.conf 5 .
+This is the default, and is mainly useful if encryption has been
+enabled by default, for instance in the
+.Li appdefaults
+section of 
+.Pa /etc/krb5.conf
+when using Kerberos 5.
 .It Xo
 .Fl f ,
 .Fl -forward
 .Xc
-Forward Kerberos 5 credentials to the remote host. Also controlled by
-.Li libdefaults/forward
-in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl G
-.Xc
-The opposite of
-.Fl f .
+Forward Kerberos 5 credentials to the remote host.
+Also settable via
+.Li appdefaults
+(see
+.Xr krb5.conf ) .
 .It Xo
 .Fl F ,
 .Fl -forwardable
 .Xc
-Make the forwarded credentials re-forwardable. Also controlled by
-.Li libdefaults/forwardable
-in
-.Xr krb5.conf 5 .
+Make the forwarded credentials re-forwardable. 
+Also settable via
+.Li appdefaults
+(see
+.Xr krb5.conf ) .
 .It Xo
-.Fl u ,
-.Fl -unique
+.Fl l Ar string ,
+.Fl -user= Ns Ar string
 .Xc
-Make sure the remote credentials cache is unique, that is, don't reuse
-any existing cache. Mutually exclusive to
-.Fl U .
+By default the remote username is the same as the local. The
+.Fl l
+option or the
+.Pa username@host
+format allow the remote name to be specified.
 .It Xo
-.Fl U Pa string ,
-.Fl -tkfile= Ns Pa string
+.Fl n ,
+.Fl -no-input
 .Xc
-Name of the remote credentials cache. Mutually exclusive to
-.Fl u .
+Direct input from 
+.Pa /dev/null
+(see the
+.Sx BUGS
+section).
 .It Xo
 .Fl p Ar number-or-service ,
 .Fl -port= Ns Ar number-or-service
@@ -169,30 +176,52 @@ Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
 the contents of
 .Pa /etc/services ) .
 .It Xo
-.Fl l Ar string ,
-.Fl -user= Ns Ar string
-.Xc
-By default the remote username is the same as the local. The
-.Fl l
-option or the
-.Pa username@host
-format allow the remote name to be specified.
-.It Xo
 .Fl P Ar N|O|1|2 ,
 .Fl -protocol= Ns Ar N|O|1|2
 .Xc
-Specifies which protocol version to use with Kerberos 5.
+Specifies the protocol version to use with Kerberos 5.
 .Ar N
 and
 .Ar 2
-selects protocol version 2, while 
+select protocol version 2, while 
 .Ar O
 and
 .Ar 1
-selects version 1. Version 2 is believed to be more secure, and is the
+select version 1. Version 2 is believed to be more secure, and is the
 default. Unless asked for a specific version,
 .Nm
 will try both.  This behaviour may change in the future.
+.It Xo
+.Fl u ,
+.Fl -unique
+.Xc
+Make sure the remote credentials cache is unique, that is, don't reuse
+any existing cache. Mutually exclusive to
+.Fl U .
+.It Xo
+.Fl U Pa string ,
+.Fl -tkfile= Ns Pa string
+.Xc
+Name of the remote credentials cache. Mutually exclusive to
+.Fl u .
+.It Xo
+.Fl x ,
+.Fl -encrypt
+.Xc
+The
+.Fl x
+option enables encryption for all data exchange. This is only valid
+for Kerberos authenticated connections (see the
+.Sx BUGS
+section for limitations).
+.It Fl z
+The opposite of
+.Fl x .
+This is the default, but encryption can be enabled when using
+Kerberos 5, by setting the
+.Li libdefaults/encrypt
+option in
+.Xr krb5.conf 5 .
 .El
 .\".Pp
 .\"Without a
@@ -208,7 +237,7 @@ machine.
 .Pp
 The following command:
 .Pp
-.Dl rsh otherhost cat remotefile > localfile
+.Dl rsh otherhost cat remotefile \*[Gt] localfile
 .Pp
 will write the contents of the remote
 .Pa remotefile
@@ -216,7 +245,7 @@ to the local
 .Pa localfile ,
 but:
 .Pp
-.Dl rsh otherhost 'cat remotefile > remotefile2'
+.Dl rsh otherhost 'cat remotefile \*[Gt] remotefile2'
 .Pp
 will write it to the remote
 .Pa remotefile2 .
diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c
index 8af5096..2d64d21 100644
--- a/crypto/heimdal/appl/rsh/rsh.c
+++ b/crypto/heimdal/appl/rsh/rsh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rsh.c,v 1.71 2003/04/16 20:37:20 joda Exp $");
+RCSID("$Id: rsh.c 21516 2007-07-12 12:47:23Z lha $");
 
 enum auth_method auth_method;
 #if defined(KRB4) || defined(KRB5)
@@ -60,15 +60,21 @@ static int use_v4 = -1;
 #ifdef KRB5
 static int use_v5 = -1;
 #endif
+#if defined(KRB4) || defined(KRB5)
 static int use_only_broken = 0;
+#else
+static int use_only_broken = 1;
+#endif
 static int use_broken = 1;
 static char *port_str;
 static const char *user;
 static int do_version;
 static int do_help;
 static int do_errsock = 1;
+#ifdef KRB5
 static char *protocol_version_str;
 static int protocol_version = 2;
+#endif
 
 /*
  *
@@ -77,14 +83,14 @@ static int protocol_version = 2;
 static int input = 1;		/* Read from stdin */
 
 static int
-loop (int s, int errsock)
+rsh_loop (int s, int errsock)
 {
     fd_set real_readset;
     int count = 1;
 
 #ifdef KRB5
     if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(1);
+	init_ivecs(1, errsock != -1);
 #endif
 
     if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
@@ -294,6 +300,7 @@ send_krb5_auth(int s,
     krb5_auth_context auth_context = NULL;
     const char *protocol_string = NULL;
     krb5_flags ap_opts;
+    char *str;
 
     status = krb5_sname_to_principal(context,
 				     hostname,
@@ -313,12 +320,17 @@ send_krb5_auth(int s,
 				&do_encrypt);
     }
 
-    cksum_data.length = asprintf ((char **)&cksum_data.data,
+    cksum_data.length = asprintf (&str,
 				  "%u:%s%s%s",
 				  ntohs(socket_get_port(thataddr)),
 				  do_encrypt ? "-x " : "",
 				  cmd,
 				  remote_user);
+    if (str == NULL) {
+	warnx ("%s: failed to allocate command", hostname);
+	return 1;
+    }
+    cksum_data.data = str;
 
     ap_opts = 0;
 
@@ -614,7 +626,7 @@ proto (int s, int errsock,
 	    warn("setsockopt stderr");
     }
     
-    return loop (s, errsock2);
+    return rsh_loop (s, errsock2);
 }
 
 /*
@@ -633,15 +645,15 @@ construct_command (char **res, int argc, char **argv)
     len = max (1, len);
     tmp = malloc (len);
     if (tmp == NULL)
-	errx (1, "malloc %u failed", len);
+	errx (1, "malloc %lu failed", (unsigned long)len);
 
     *tmp = '\0';
     for (i = 0; i < argc - 1; ++i) {
-	strcat (tmp, argv[i]);
-	strcat (tmp, " ");
+	strlcat (tmp, argv[i], len);
+	strlcat (tmp, " ", len);
     }
     if (argc > 0)
-	strcat (tmp, argv[argc-1]);
+	strlcat (tmp, argv[argc-1], len);
     *res = tmp;
     return len;
 }
@@ -750,7 +762,6 @@ doit (const char *hostname,
       const char *local_user,
       const char *cmd,
       size_t cmd_len,
-      int do_errsock,
       int (*auth_func)(int s,
 		       struct sockaddr *this, struct sockaddr *that,
 		       const char *hostname, const char *remote_user,
@@ -829,31 +840,31 @@ struct getargs args[] = {
 #endif
 #ifdef KRB5
     { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5" },
-    { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials (krb5)"},
-    { NULL, 'G', arg_negative_flag,&do_forward,	"Don't forward credentials" },
+    { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials [krb5]"},
     { "forwardable", 'F', arg_flag,	&do_forwardable,
-      "Forward forwardable credentials" },
+      "Forward forwardable credentials [krb5]" },
+    { NULL, 'G', arg_negative_flag,&do_forward,	"Don't forward credentials" },
+    { "unique", 'u', arg_flag,	&do_unique_tkfile,
+      "Use unique remote credentials cache [krb5]" },
+    { "tkfile", 'U', arg_string,  &unique_tkfile,
+      "Specifies remote credentials cache [krb5]" },
+    { "protocol", 'P', arg_string,      &protocol_version_str, 
+      "Protocol version [krb5]", "protocol" },
 #endif
-#if defined(KRB4) || defined(KRB5)
     { "broken", 'K', arg_flag,		&use_only_broken, "Use only priv port" },
+#if defined(KRB4) || defined(KRB5)
     { "encrypt", 'x', arg_flag,		&do_encrypt,	"Encrypt connection" },
     { NULL, 	'z', arg_negative_flag,      &do_encrypt,
       "Don't encrypt connection", NULL },
 #endif
-#ifdef KRB5
-    { "unique", 'u', arg_flag,	&do_unique_tkfile,
-      "Use unique remote tkfile (krb5)" },
-    { "tkfile", 'U', arg_string,  &unique_tkfile,
-      "Use that remote tkfile (krb5)" },
-#endif
     { NULL,	'd', arg_flag,		&sock_debug, "Enable socket debugging" },
     { "input",	'n', arg_negative_flag,	&input,		"Close stdin" },
     { "port",	'p', arg_string,	&port_str,	"Use this port",
       "port" },
     { "user",	'l', arg_string,	&user,		"Run as this user", "login" },
     { "stderr", 'e', arg_negative_flag, &do_errsock,	"Don't open stderr"},
-    { "protocol", 'P', arg_string,      &protocol_version_str, 
-      "Protocol version", "protocol" },
+#ifdef KRB5
+#endif
     { "version", 0,  arg_flag,		&do_version,	NULL },
     { "help",	 0,  arg_flag,		&do_help,	NULL }
 };
@@ -918,6 +929,7 @@ main(int argc, char **argv)
 	return 0;
     }
 
+#ifdef KRB5
     if(protocol_version_str != NULL) {
 	if(strcasecmp(protocol_version_str, "N") == 0)
 	    protocol_version = 2;
@@ -935,7 +947,6 @@ main(int argc, char **argv)
 	}
     }
 
-#ifdef KRB5
     status = krb5_init_context (&context);
     if (status) {
 	if(use_v5 == 1)
@@ -985,7 +996,7 @@ main(int argc, char **argv)
 	errx (1, "Only one of -u and -U allowed.");
 
     if (do_unique_tkfile)
-	strcpy(tkfile,"-u ");
+	strlcpy(tkfile,"-u ", sizeof(tkfile));
     else if (unique_tkfile != NULL) {
 	if (strchr(unique_tkfile,' ') != NULL) {
 	    warnx("Space is not allowed in tkfilename");
@@ -1049,7 +1060,6 @@ main(int argc, char **argv)
 	auth_method = AUTH_KRB5;
       again:
 	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    do_errsock,
 		    send_krb5_auth);
 	if(ret != 0 && sendauth_version_error && 
 	   protocol_version == 2) {
@@ -1082,7 +1092,6 @@ main(int argc, char **argv)
 	    errx (1, "getaddrinfo: %s", gai_strerror(error));
 	auth_method = AUTH_KRB4;
 	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    do_errsock,
 		    send_krb4_auth);
 	freeaddrinfo(ai);
     }
diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h
index 151a888..0d65962 100644
--- a/crypto/heimdal/appl/rsh/rsh_locl.h
+++ b/crypto/heimdal/appl/rsh/rsh_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: rsh_locl.h,v 1.33 2003/04/16 20:05:39 lha Exp $ */
+/* $Id: rsh_locl.h 21553 2007-07-15 09:04:52Z lha $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -102,12 +102,17 @@
 #endif
 #ifdef KRB5
 #include <krb5.h>
+/* XXX */
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+struct _krb5_krb_auth_data;
+struct krb5_dh_moduli;
+#include "crypto-headers.h"
 #include <krb5-private.h> /* for _krb5_{get,put}_int */
 #endif
+#if defined(KRB4) || defined(KRB5)
 #include <kafs.h>
-
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN   "/etc/nologin"
 #endif
 
 #ifndef _PATH_BSHELL
@@ -118,9 +123,7 @@
 #define _PATH_DEFPATH	"/usr/bin:/bin"
 #endif
 
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
+#include "loginpaths.h"
 
 /*
  *
@@ -137,7 +140,7 @@ extern krb5_crypto crypto;
 extern int key_usage;
 extern void *ivec_in[2];
 extern void *ivec_out[2];
-void init_ivecs(int);
+void init_ivecs(int, int);
 #endif
 #ifdef KRB4
 extern des_key_schedule schedule;
@@ -153,6 +156,7 @@ extern des_cblock iv;
 #endif
 
 #define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
+#define RSHD_BUFSIZ (16 * 1024) /* Old maxize for Heimdal 0.4 rsh */
 
 #define PATH_RSH BINDIR "/rsh"
 
diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8
index 7c7a363..95737a5 100644
--- a/crypto/heimdal/appl/rsh/rshd.8
+++ b/crypto/heimdal/appl/rsh/rshd.8
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan
+.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan
 .\" (Royal Institute of Technology, Stockholm, Sweden). 
 .\" All rights reserved. 
 .\"
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
 .\" SUCH DAMAGE. 
 .\" 
-.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $
+.\" $Id: rshd.8 16764 2006-02-27 10:07:04Z joda $
 .\"
 .Dd November 22, 2002
 .Dt RSHD 8
@@ -83,7 +83,7 @@ will deny unencrypted connections. This option implies
 .\".Xc
 .\"When using old port-based authentication, the user's
 .\".Pa .rhosts
-.\"files are normally checked. This options disables this.
+.\"files are normally checked. This option disables this.
 .It Xo
 .Fl v ,
 .Fl -vacuous
diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
index 1464fe1..852327a 100644
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ b/crypto/heimdal/appl/rsh/rshd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,10 +32,17 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rshd.c,v 1.51.2.1 2003/08/19 11:36:17 joda Exp $");
+#include "login_locl.h"
+RCSID("$Id: rshd.c 21515 2007-07-12 12:47:07Z lha $");
 
 int
 login_access( struct passwd *user, char *from);
+int
+read_limits_conf(const char *file, const struct passwd *pwd);
+
+#ifdef NEED_IRUSEROK_PROTO
+int iruserok(uint32_t, int, const char *, const char *);
+#endif
 
 enum auth_method auth_method;
 
@@ -74,13 +81,6 @@ static int do_keepalive = 1;
 static int do_version;
 static int do_help = 0;
 
-#if defined(KRB5) && defined(DCE)
-int dfsk5ok = 0;
-int dfspag = 0;
-int dfsfwd = 0;
-krb5_ticket *user_ticket;
-#endif
-
 static void
 syslog_and_die (const char *m, ...)
     __attribute__ ((format (printf, 1, 2)));
@@ -263,15 +263,25 @@ static void
 krb5_start_session (void)
 {
     krb5_error_code ret;
+    char *estr;
 
     ret = krb5_cc_resolve (context, tkfile, &ccache2);
     if (ret) {
+	estr = krb5_get_error_string(context);
+	syslog(LOG_WARNING, "resolve cred cache %s: %s", 
+	       tkfile, 
+	       estr ? estr : krb5_get_err_text(context, ret));
+	free(estr);
 	krb5_cc_destroy(context, ccache);
 	return;
     }
 
     ret = krb5_cc_copy_cache (context, ccache, ccache2);
     if (ret) {
+	estr = krb5_get_error_string(context);
+	syslog(LOG_WARNING, "storing credentials: %s", 
+	       estr ? estr : krb5_get_err_text(context, ret));
+	free(estr);
 	krb5_cc_destroy(context, ccache);
 	return ;
     }
@@ -307,12 +317,13 @@ recv_krb5_auth (int s, u_char *buf,
 		char **server_username,
 		char **cmd)
 {
-    u_int32_t len;
+    uint32_t len;
     krb5_auth_context auth_context = NULL;
     krb5_ticket *ticket;
     krb5_error_code status;
     krb5_data cksum_data;
     krb5_principal server;
+    char *str;
 
     if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
 	return -1;
@@ -371,11 +382,14 @@ recv_krb5_auth (int s, u_char *buf,
 		       krb5_get_err_text(context, status));
 
     
-    cksum_data.length = asprintf ((char **)&cksum_data.data,
+    cksum_data.length = asprintf (&str,
 				  "%u:%s%s",
 				  ntohs(socket_get_port (thisaddr)),
 				  *cmd,
 				  *server_username);
+    if (str == NULL)
+	syslog_and_die ("asprintf: out of memory");
+    cksum_data.data = str;
 
     status = krb5_verify_authenticator_checksum(context, 
 						auth_context,
@@ -401,12 +415,16 @@ recv_krb5_auth (int s, u_char *buf,
 	if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
 	    temp_tkfile = tkfile;
 	} else {
-	    strcpy (tkfile, "FILE:");
+	    strlcpy (tkfile, "FILE:", sizeof(tkfile));
 	    temp_tkfile = tkfile + 5;
 	}
 	end = strchr(*client_username + 3,' ');
-	strncpy(temp_tkfile, *client_username + 3, end - *client_username - 3);
-	temp_tkfile[end - *client_username - 3] = '\0';
+	if (end == NULL)
+	    syslog_and_die("missing argument after -U");
+	snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
+		 "%.*s",
+		 (int)(end - *client_username - 3),
+		 *client_username + 3);
 	memmove (*client_username, end + 1, strlen(end+1)+1);
     }
 
@@ -448,29 +466,27 @@ recv_krb5_auth (int s, u_char *buf,
 	}
     }	   
 
-#if defined(DCE)
-    user_ticket = ticket;
-#endif
-
     return 0;
 }
 #endif /* KRB5 */
 
 static void
-loop (int from0, int to0,
-      int to1,   int from1,
-      int to2,   int from2)
+rshd_loop (int from0, int to0,
+	   int to1,   int from1,
+	   int to2,   int from2,
+	   int have_errsock)
 {
     fd_set real_readset;
     int max_fd;
     int count = 2;
+    char *buf;
 
     if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
 	errx (1, "fd too large");
 
 #ifdef KRB5
     if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(0);
+	init_ivecs(0, have_errsock);
 #endif
 
     FD_ZERO(&real_readset);
@@ -478,10 +494,14 @@ loop (int from0, int to0,
     FD_SET(from1, &real_readset);
     FD_SET(from2, &real_readset);
     max_fd = max(from0, max(from1, from2)) + 1;
+
+    buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
+    if (buf == NULL)
+	syslog_and_die("out of memory");
+
     for (;;) {
 	int ret;
 	fd_set readset = real_readset;
-	char buf[RSH_BUFSIZ];
 
 	ret = select (max_fd, &readset, NULL, NULL, NULL);
 	if (ret < 0) {
@@ -491,7 +511,7 @@ loop (int from0, int to0,
 		syslog_and_die ("select: %m");
 	}
 	if (FD_ISSET(from0, &readset)) {
-	    ret = do_read (from0, buf, sizeof(buf), ivec_in[0]);
+	    ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
 	    if (ret < 0)
 		syslog_and_die ("read: %m");
 	    else if (ret == 0) {
@@ -502,7 +522,7 @@ loop (int from0, int to0,
 		net_write (to0, buf, ret);
 	}
 	if (FD_ISSET(from1, &readset)) {
-	    ret = read (from1, buf, sizeof(buf));
+	    ret = read (from1, buf, RSH_BUFSIZ);
 	    if (ret < 0)
 		syslog_and_die ("read: %m");
 	    else if (ret == 0) {
@@ -515,7 +535,7 @@ loop (int from0, int to0,
 		do_write (to1, buf, ret, ivec_out[0]);
 	}
 	if (FD_ISSET(from2, &readset)) {
-	    ret = read (from2, buf, sizeof(buf));
+	    ret = read (from2, buf, RSH_BUFSIZ);
 	    if (ret < 0)
 		syslog_and_die ("read: %m");
 	    else if (ret == 0) {
@@ -551,7 +571,7 @@ pipe_a_like (int fd[2])
  * Start a child process and leave the parent copying data to and from it.  */
 
 static void
-setup_copier (void)
+setup_copier (int have_errsock)
 {
     int p0[2], p1[2], p2[2];
     pid_t pid;
@@ -580,9 +600,10 @@ setup_copier (void)
 	if (net_write (STDOUT_FILENO, "", 1) != 1)
 	    fatal (STDOUT_FILENO, "net_write", "Write failure.");
 
-	loop (STDIN_FILENO, p0[1],
+	rshd_loop (STDIN_FILENO, p0[1],
 	      STDOUT_FILENO, p1[0],
-	      STDERR_FILENO, p2[0]);
+	      STDERR_FILENO, p2[0],
+	      have_errsock);
     }
 }
 
@@ -621,20 +642,20 @@ setup_environment (char ***env, const struct passwd *pwd)
     e = *env;
     e = realloc(e, (i + 7) * sizeof(char *));
 
-    asprintf (&e[i++], "USER=%s",  pwd->pw_name);
-    asprintf (&e[i++], "HOME=%s",  pwd->pw_dir);
-    asprintf (&e[i++], "SHELL=%s", pwd->pw_shell);
+    if (asprintf (&e[i++], "USER=%s",  pwd->pw_name) == -1)
+	syslog_and_die ("asprintf: out of memory");
+    if (asprintf (&e[i++], "HOME=%s",  pwd->pw_dir) == -1)
+	syslog_and_die ("asprintf: out of memory");
+    if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
+	syslog_and_die ("asprintf: out of memory");
     if (! path) {
-	asprintf (&e[i++], "PATH=%s",  _PATH_DEFPATH);
+	if (asprintf (&e[i++], "PATH=%s",  _PATH_DEFPATH) == -1)
+	    syslog_and_die ("asprintf: out of memory");
     }
     asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
-#if defined(DCE)
-    if (getenv("KRB5CCNAME"))
-	asprintf (&e[i++], "KRB5CCNAME=%s",  getenv("KRB5CCNAME"));
-#else
     if (do_unique_tkfile)
-	asprintf (&e[i++], "KRB5CCNAME=%s", tkfile);
-#endif
+	if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
+	    syslog_and_die ("asprintf: out of memory");
     e[i++] = NULL;
     *env = e;
 }
@@ -653,7 +674,7 @@ doit (void)
     socklen_t thisaddr_len, thataddr_len;
     int port;
     int errsock = -1;
-    char *client_user, *server_user, *cmd;
+    char *client_user = NULL, *server_user = NULL, *cmd = NULL;
     struct passwd *pwd;
     int s = STDIN_FILENO;
     char **env;
@@ -760,9 +781,8 @@ doit (void)
 	    syslog_and_die("recv_bsd_auth failed");
     }
 
-#if defined(DCE) && defined(_AIX)
-    esetenv("AUTHSTATE", "DCE", 1);
-#endif
+    if (client_user == NULL || server_user == NULL || cmd == NULL)
+	syslog_and_die("mising client/server/cmd");
 
     pwd = getpwnam (server_user);
     if (pwd == NULL)
@@ -803,33 +823,6 @@ doit (void)
 #endif
     
 
-#ifdef KRB5
-    {
-	int fd;
- 
-	if (!do_unique_tkfile)
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%u",pwd->pw_uid);
-	else if (*tkfile=='\0') {
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
-	    fd = mkstemp(tkfile+5);
-	    close(fd);
-	    unlink(tkfile+5);
-	}
- 
-	if (kerberos_status)
-	    krb5_start_session();
-    }
-    chown(tkfile + 5, pwd->pw_uid, -1);
-
-#if defined(DCE)
-    if (kerberos_status) {
-	esetenv("KRB5CCNAME", tkfile, 1);
-	dfspag = krb5_dfs_pag(context, kerberos_status, user_ticket->client, server_user);
-    }
-#endif
-
-#endif
-
 #ifdef HAVE_SETLOGIN
     if (setlogin(pwd->pw_name) < 0)
 	syslog(LOG_ERR, "setlogin() failed: %m");
@@ -840,6 +833,12 @@ doit (void)
 	syslog(LOG_ERR, "setpcred() failure: %m");
 #endif /* HAVE_SETPCRED */
 
+    /* Apply limits if not root */
+    if(pwd->pw_uid != 0) {
+	 const char *file = _PATH_LIMITS_CONF;
+	 read_limits_conf(file, pwd);
+    }
+
     if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
 	fatal (s, "initgroups", "Login incorrect.");
 
@@ -856,12 +855,34 @@ doit (void)
 	if (dup2 (errsock, STDERR_FILENO) < 0)
 	    fatal (s, "dup2", "Cannot dup stderr.");
 	close (errsock);
+    } else {
+	if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
+	    fatal (s, "dup2", "Cannot dup stderr.");
     }
 
+#ifdef KRB5
+    {
+	int fd;
+ 
+	if (!do_unique_tkfile)
+	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
+		     (unsigned long)pwd->pw_uid);
+	else if (*tkfile=='\0') {
+	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
+	    fd = mkstemp(tkfile+5);
+	    close(fd);
+	    unlink(tkfile+5);
+	}
+ 
+	if (kerberos_status)
+	    krb5_start_session();
+    }
+#endif
+
     setup_environment (&env, pwd);
 
     if (do_encrypt) {
-	setup_copier ();
+	setup_copier (errsock >= 0);
     } else {
 	if (net_write (s, "", 1) != 1)
 	    fatal (s, "net_write", "write failed");
@@ -972,13 +993,6 @@ main(int argc, char **argv)
 	do_kerberos = DO_KRB4 | DO_KRB5;
 #endif
 
-    if (do_keepalive &&
-	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
-		   sizeof(on)) < 0)
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-
-    /* set SO_LINGER? */
-
 #ifdef KRB5
     if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
 	do_kerberos &= ~DO_KRB5;
@@ -1035,6 +1049,13 @@ main(int argc, char **argv)
 	freeaddrinfo(ai);
     }
 
+    if (do_keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+
+    /* set SO_LINGER? */
+
     signal (SIGPIPE, SIG_IGN);
 
     doit ();
diff --git a/crypto/heimdal/appl/su/ChangeLog b/crypto/heimdal/appl/su/ChangeLog
index 7420d85..591eada 100644
--- a/crypto/heimdal/appl/su/ChangeLog
+++ b/crypto/heimdal/appl/su/ChangeLog
@@ -1,9 +1,45 @@
+2007-10-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c: read environment from _PATH_ETC_ENVIRONMENT
+
+	* supaths.c: paths
+
+2007-08-02  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c: Check all local realms when su-ing, from Magnus Holmberg.
+
+2007-06-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c: If not root and not setuid, print warning.
+
+2006-01-17  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c (group_member_p): rename from group_member to avoid name
+	pollution from glibc headers. Fixed based on report from David Love.
+
+2006-01-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* su.c: fix reversed logic when deciding to print tty or not
+	
+2005-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c: Check return value from asprintf instead of string != NULL
+	since it undefined behavior on Linux. From Björn Sandell
+	
+2005-05-10  Dave Love  <fx@gnu.org>
+
+	* su.c: Include <crypt.h>.
+
+2003-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* su.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+	
 2003-05-06  Johan Danielsson  <joda@pdc.kth.se>
 
 	* su.c: remove accidentally committed code that prints the command
 	being executed
 
-2003-03-18  Love Hörnquist Åstrand <lha@it.su.se>
+2003-03-18  Love Hörnquist Åstrand  <lha@it.su.se>
 
 	* su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4
 	any more
diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in
index f6eb065..0159272 100644
--- a/crypto/heimdal/appl/su/Makefile.in
+++ b/crypto/heimdal/appl/su/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
+# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(su_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = su$(EXEEXT)
 subdir = appl/su
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,19 +74,23 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS)
 am_su_OBJECTS = su.$(OBJEXT)
@@ -105,30 +103,27 @@ su_DEPENDENCIES = $(am__DEPENDENCIES_2) \
 	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
 	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(su_SOURCES)
 DIST_SOURCES = $(su_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -138,8 +133,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -150,11 +143,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -162,42 +154,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -215,12 +192,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -230,15 +204,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -247,6 +220,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -258,15 +232,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -274,74 +243,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	$(INCLUDE_krb4) $(INCLUDE_hcrypto)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -358,20 +333,23 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 bin_SUIDS = su
-su_SOURCES = su.c
+su_SOURCES = su.c supaths.h
+man_MANS = su.1
 LDADD = $(LIB_kafs) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -403,7 +381,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -431,7 +409,7 @@ clean-binPROGRAMS:
 	done
 su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES) 
 	@rm -f su$(EXEEXT)
-	$(LINK) $(su_LDFLAGS) $(su_OBJECTS) $(su_LDADD) $(LIBS)
+	$(LINK) $(su_OBJECTS) $(su_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -453,10 +431,51 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
+install-man1: $(man1_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
+uninstall-man1:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
 
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -478,9 +497,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -505,23 +526,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -538,10 +557,10 @@ distdir: $(DISTFILES)
 check-am: all-am
 	$(MAKE) $(AM_MAKEFLAGS) check-local
 check: check-am
-all-am: Makefile $(PROGRAMS) all-local
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
-	for dir in "$(DESTDIR)$(bindir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -562,7 +581,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -574,7 +593,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -586,17 +605,25 @@ info: info-am
 
 info-am:
 
-install-data-am:
+install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
-install-man:
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
 
 installcheck-am:
 
@@ -617,20 +644,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
 
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-info-am
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-binPROGRAMS uninstall-hook \
+	uninstall-man uninstall-man1
 
 
 install-suid-programs:
@@ -645,8 +682,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -656,19 +693,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -684,7 +733,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -754,14 +803,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/su/su.1 b/crypto/heimdal/appl/su/su.1
new file mode 100644
index 0000000..76f4dc5
--- /dev/null
+++ b/crypto/heimdal/appl/su/su.1
@@ -0,0 +1,123 @@
+.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden). 
+.\" All rights reserved. 
+.\"
+.\" Redistribution and use in source and binary forms, with or without 
+.\" modification, are permitted provided that the following conditions 
+.\" are met: 
+.\"
+.\" 1. Redistributions of source code must retain the above copyright 
+.\"    notice, this list of conditions and the following disclaimer. 
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright 
+.\"    notice, this list of conditions and the following disclaimer in the 
+.\"    documentation and/or other materials provided with the distribution. 
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors 
+.\"    may be used to endorse or promote products derived from this software 
+.\"    without specific prior written permission. 
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+.\" SUCH DAMAGE. 
+.\" 
+.\" $Id: su.1 16528 2006-01-12 16:25:01Z joda $
+.\"
+.Dd January 12, 2006
+.Dt SU 1
+.Os HEIMDAL
+.Sh NAME
+.Nm su
+.Nd substitute user identity
+.Sh SYNOPSIS
+.Nm su
+.Op Fl K | Fl -no-kerberos
+.Op Fl f
+.Op Fl l | Fl -full
+.Op Fl m
+.Oo Fl i Ar instance \*(Ba Xo
+.Fl -instance= Ns Ar instance
+.Xc
+.Oc
+.Oo Fl c Ar command \*(Ba Xo
+.Fl -command= Ns Ar command
+.Xc
+.Oc
+.Op Ar login Op Ar "shell arguments"
+.Sh DESCRIPTION
+.Nm su
+will use Kerberos authentication provided that an instance for the
+user wanting to change effective UID is present in a file named
+.Pa .k5login
+in the target user id's home directory
+.Pp
+A special case exists where 
+.Ql root Ap s
+.Pa ~/.k5login
+needs to contain an entry for:
+.Ql user Ns / Ns Ao instance Ac Ns @ Ns REALM
+for
+.Nm su
+to succed (where 
+.Aq instance
+is
+.Ql root
+unless changed with 
+.Fl i ) .
+.Pp
+In the absence of either an entry for current user in said file or
+other problems like missing 
+.Ql host/hostname@REALM
+keys in the system's
+keytab, or user typing the wrong password, 
+.Nm su
+will fall back to traditional
+.Pa /etc/passwd
+authentication.
+.Pp
+When using
+.Pa /etc/passwd
+authentication,
+.Nm su 
+allows
+.Ql root
+access only to members of the group
+.Ql wheel ,
+or to any user (with knowledge of the
+.Ql root
+password) if that group
+does not exist, or has no members.
+.Pp
+The options are as follows:
+.Bl -item -width Ds
+.It
+.Fl K ,
+.Fl -no-kerberos
+don't use Kerberos.
+.It
+.Fl f
+don't read .cshrc.
+.It
+.Fl l ,
+.Fl -full
+simulate full login.
+.It
+.Fl m
+leave environment unmodified.
+.It
+.Fl i Ar instance ,
+.Fl -instance= Ns Ar instance
+root instance to use.
+.It
+.Fl c Ar command ,
+.Fl -command= Ns Ar command
+command to execute.
+.El
diff --git a/crypto/heimdal/appl/su/supaths.h b/crypto/heimdal/appl/su/supaths.h
new file mode 100644
index 0000000..c12a0c7
--- /dev/null
+++ b/crypto/heimdal/appl/su/supaths.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id$ */
+
+#ifndef __SU_PATH_H
+#define __SU_PATH_H
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/bin:/bin"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
+#endif
+
+#endif /* __SU_PATH_H */
diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog
index 6106557..473ab6b 100644
--- a/crypto/heimdal/appl/telnet/ChangeLog
+++ b/crypto/heimdal/appl/telnet/ChangeLog
@@ -1,21 +1,266 @@
-2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
+2007-12-31  Love Hörnquist Åstrand  <lha@it.su.se>
 
-	* telnet/network.c: 1.12: make network rings larger From: MAAAAA
-	MOOOR <huaraz@btinternet.com>
+	* telnetd/sys_term.c: Use strlcpy instead of strncpy, thanks to
+	Antoine Brodin.
 	
-	* telnetd/state.c: 1.14: make subbuffer larger XXX resize
-	dynamicly From: MAAAAA MOOOR <huaraz@btinternet.com>
+2007-07-31  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/telnetd.c (usage): use exit_code, add --version and
+	--help.
+
+	* telnetd/telnetd.c: Add --help, reported by David Love.
+
+2007-07-30  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/main.c: Catch --help, reported by David Love.
+	
+2007-07-12  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/sys_term.c: GLIBC made the choice that ut_tv should be
+	shared between 32 and 64 bit platforms so now we can no longer use
+	struct timeval functions to compare or set/get data that uses
+	pointer (gettimeofday for example) since ut_tv is now not a struct
+	timeval but rather a struct { int32_t tv_sec; int32_t tv_usec; };
+
+2006-10-21  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/telnet_locl.h: Include roken.h before the local
+	headerfiles.
+
+	* telnetd/telnetd.h: HP/UX defines SE in sys/uio.h, #undef it.
+
+	* telnetd/sys_term.c: Dont't include some streamspty headers here.
+
+	* telnetd/telnetd.c: Dont't include some streamspty headers here.
+
+	* telnetd/telnetd.h: includes some STREAMSPTY header here to avoid
+	ioctl vs socket_wrapper horror.
+	
+2006-10-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/Makefile.am: more files
+	
+	* telnetd/Makefile.am: more files
+	
+2006-09-19  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* telnetd/telnetd.8: Add documentation for -e, require encryption.
+
+	* telnetd/telnetd.h: Add require_encryption.
+
+	* telnetd/telnetd.c: Allow encryption to be required, wait to the
+	client to turn it on, if failes, refuse the connection.
+
+	* telnetd/state.c: If encryption is required, don't allow it to be
+	turned off.
+	
+2006-09-04  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* libtelnet/kerberos5.c (kerberos5_forward): use KDCOptions2int on
+	flags before passing them to krb5_get_forwarded_creds.
+	
+2006-05-05  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Rename u_intXX_t to uintXX_t
+
+2006-03-23  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* libtelnet/encrypt.c: Spelling.
+
+2005-12-01  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* telnetd/telnetd.c: Initialize the slc mapping table before its
+	used.  Based on bug report from Russell Sanford
+	<rrs@clyde.dcccd.edu>
+	
+2005-11-03  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* telnet/telnet.c: Spelling in comments, from Dave Love
+	<fx@gnu.org>
+	
+2005-10-31  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* libtelnet/kerberos5.c (Data): Use right variable. From Tomas
+	Olsson
+	
+2005-10-22  Love Hörnquist Åstrand <lha@it.su.se>
+
+	* telnet/commands.c: Check return value from asprintf instead of
+	string != NULL since it undefined behavior on Linux. From Björn
+	Sandell
+
+	* libtelnet/kerberos5.c: Check return value from asprintf instead
+	of string != NULL since it undefined behavior on Linux. From Björn
+	Sandell
+
+	* libtelnet/kerberos.c: Check return value from asprintf instead
+	of string != NULL since it undefined behavior on Linux. From Björn
+	Sandell
+	
+2005-08-08  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/telnetd.c: Fix printing of /etc/issue{,.net}.
+	
+	* telnetd/utility.c: make writenet take const void * and size_t,
+	abort if size it too large
+
+	* telnetd/state.c: Fix ansi c warning.
+
+	* telnetd/sys_term.c: no need to typecast argument to writenet
+
+	* telnetd/ext.h: make writenet take const void * and size_t
+
+2005-07-07  Assar Westerlund  <assar@kth.se>
+
+	* libtelnet/kerberos.c: Do not assume that des_key_schedule is an
+	array.
+
+2005-05-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* libtelnet/kerberos5.c: case uid_t to unsigned long in printf
+	format
+
+	* telnetd/sys_term.c (set_termbuf): use {} around if to make else
+	unambiguous
+
+2005-05-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/sys_term.c (start_login): put utmpx code into a new
+	scope to avoid pre c99 problems.
+
+2005-05-19  Dave Love  <fx@gnu.org>
+
+	* telnet/telnet.c,telnet_locl.h: Make solaris find tgetent
+
+2005-05-13  Johan Danielsson  <joda@pdc.kth.se>
+
+	* telnetd/sys_term.c (start_login): set encryption pointers to
+	NULL, so we don't try to do either
+	
+2005-05-11  Dave Love  <fx@gnu.org>
+
+	* telnet/telnet.c: undef ISASCII before we define our own (problem
+	on Irix)
+
+2005-04-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* telnetd/utility.c (putf): %t: the regular and streamspty case
+	are functionally equivalent, so merge them, this also makes it
+	work better on machines that puts their devices in a subdirectory
+	to /dev
+
+2005-04-27  Dave Love  <fx@gnu.org>
+
+	* telnetd/sys_term.c (getpty): Declare p.
+
+2005-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/telnetd.c: use strlcpy
+	
+2005-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/global.c, telnetd/state.c, telnetd/telnetd.c,
+	telentd/ext.h: remove another strcpy
+
+2005-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/sys_term.c: rewrite getpty to make use openpty when its
+	found, save the slave fd so that cleanopen can use it if its
+	available
+
+2005-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/sys_term.c: clean_ttyname might be unused, mark it so
+	with __attribute__
+	
+2005-04-06  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/sys_term.c: use NULL as last argument to execl, not 0
+
+	* telnet/commands.c: use NULL as last argument to execl, not 0
+	
+2005-03-29  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/telnet.c: From FreeBSD:
+	
+	Correct a pair of buffer overflows in the telnet(1) command:
+	
+	 (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
+	 functions.
 	
-	* libtelnet/kerberos5.c: 1.54: (Data): allocate the data needed to
-	be send
+	 (CAN-2005-0469) A global uninitialized data section buffer overflow in
+	 slc_add_reply() and related functions.
+	
+	As a result of these vulnerabilities, it may be possible for a
+	malicious telnet server or active network attacker to cause
+	telnet(1) to execute arbitrary code with the privileges of the
+	user running it.
+	
+	Security: CAN-2005-0468, CAN-2005-0469 Security:
+	FreeBSD-SA-05:01.telnet Security:
+	http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
+	Security:
+	http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
+	
+	These fixes are based in part on patches Submitted by: Solar
+	Designer <solar@openwall.com>
+
+2005-03-23  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnetd/telnetd.c: remove setting of DES_check_key, all code
+	uses DES_set_key_checked
+
+	* libtelnet/enc_des.c: use DES_set_key_checked
+	
+2005-01-09  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/telnet.c: cast argument to toupper to unsigned char
+
+	* telnet/commands.c: cast argument to is* to unsigned char
+
+2004-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/network.c: make network rings larger From: MAAAAA MOOOR
+	<huaraz@btinternet.com>
+	
+	* telnetd/state.c: make subbuffer larger XXX resize dynamicly
 	From: MAAAAA MOOOR <huaraz@btinternet.com>
 	
+	* libtelnet/kerberos5.c (Data): allocate the data needed to be
+	send From: MAAAAA MOOOR <huaraz@btinternet.com>
+	
+2004-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/main.c: make encrypt, forwardable, forward use appdefault
+	(that also searches libdefaults), prompted by Thomas Nystrom
+	<thn@saeab.se>
+	
 2004-03-22  Love Hörnquist Åstrand  <lha@it.su.se>
 
-        * telnetd/telnetd.c: call setprogname to make libvers happy
+	* telnetd/telnetd.c: call setprogname to make libvers happy
+
+	* telnet/main.c: call setprogname to make libvers happy
+
+2003-09-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* telnet/externs.h: export Scheduler and scheduler_lockout_tty
+	
+	* telnet/telnet.c (my_telnet): if telnet_spin returns failure,
+	complain that the server disconnected and exit
+	
+	* telnet/authenc.c (telnet_spin): if Scheduler() returns failure
+	(-1) propagate to higher level
+
+2003-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
 
-        * telnet/main.c: call setprogname to make libvers happy
+	* telnetd/telnetd.c: use new DES_ api
+	
+	* libtelnet/enc_des.c: use new DES_ api
+	
+2003-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 
+	* telnet/telnet.1: replace <,> with \*[Lt],\*[Gt]
+	
 2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
 
 	* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
diff --git a/crypto/heimdal/appl/telnet/Makefile.am b/crypto/heimdal/appl/telnet/Makefile.am
index eec013b..61f0e86a 100644
--- a/crypto/heimdal/appl/telnet/Makefile.am
+++ b/crypto/heimdal/appl/telnet/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
+# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
 
 include $(top_srcdir)/Makefile.am.common
 
diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in
index b7c6296..83dc374 100644
--- a/crypto/heimdal/appl/telnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,20 +14,16 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
+# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -39,6 +35,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -46,16 +43,14 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 subdir = appl/telnet
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -68,6 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -76,16 +72,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 depcomp =
@@ -94,22 +94,19 @@ SOURCES =
 DIST_SOURCES =
 RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
 	html-recursive info-recursive install-data-recursive \
-	install-exec-recursive install-info-recursive \
-	install-recursive installcheck-recursive installdirs-recursive \
-	pdf-recursive ps-recursive uninstall-info-recursive \
-	uninstall-recursive
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
 ETAGS = etags
 CTAGS = ctags
 DIST_SUBDIRS = $(SUBDIRS)
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -119,8 +116,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -131,11 +126,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -143,42 +137,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -196,12 +175,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -211,15 +187,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -228,6 +203,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -239,15 +215,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -255,74 +226,79 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -339,13 +315,14 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 SUBDIRS = libtelnet telnet telnetd
 EXTRA_DIST = README.ORIG telnet.state
 all: all-recursive
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -382,10 +359,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 # This directory's subdirectories are mostly independent; you can cd
 # into them and run `make' without going through this Makefile.
 # To change the values of `make' variables: instead of editing Makefiles,
@@ -393,7 +366,13 @@ uninstall-info-am:
 #     (which will cause the Makefiles to be regenerated when you run `make');
 # (2) otherwise, pass the desired values on the `make' command line.
 $(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -405,15 +384,20 @@ $(RECURSIVE_TARGETS):
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done; \
 	if test "$$dot_seen" = "no"; then \
 	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
 	fi; test -z "$$fail"
 
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	case "$@" in \
 	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
@@ -434,7 +418,7 @@ maintainer-clean-recursive:
 	    local_target="$$target"; \
 	  fi; \
 	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
+	  || eval $$failcom; \
 	done && test -z "$$fail"
 tags-recursive:
 	list='$(SUBDIRS)'; for subdir in $$list; do \
@@ -459,14 +443,16 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	tags=; \
 	here=`pwd`; \
-	if (etags --etags-include --version) >/dev/null 2>&1; then \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
 	  include_option=--etags-include; \
+	  empty_fix=.; \
 	else \
 	  include_option=--include; \
+	  empty_fix=; \
 	fi; \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && \
+	    test ! -f $$subdir/TAGS || \
 	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
 	  fi; \
 	done; \
@@ -476,9 +462,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -503,23 +491,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -530,15 +516,19 @@ distdir: $(DISTFILES)
 	    || exit 1; \
 	  fi; \
 	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
 	    test -d "$(distdir)/$$subdir" \
-	    || mkdir "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
 	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
 	    (cd $$subdir && \
 	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="../$(top_distdir)" \
-	        distdir="../$(distdir)/$$subdir" \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
 	        distdir) \
 	      || exit 1; \
 	  fi; \
@@ -571,7 +561,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -582,8 +572,7 @@ clean-am: clean-generic clean-libtool mostlyclean-am
 
 distclean: distclean-recursive
 	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
+distclean-am: clean-am distclean-generic distclean-tags
 
 dvi: dvi-recursive
 
@@ -599,14 +588,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-recursive
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-recursive
+
 install-info: install-info-recursive
 
 install-man:
 
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
@@ -625,22 +622,27 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am all-local check \
-	check-am check-local clean clean-generic clean-libtool \
-	clean-recursive ctags ctags-recursive distclean \
-	distclean-generic distclean-libtool distclean-recursive \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am all-local check check-am check-local clean \
+	clean-generic clean-libtool ctags ctags-recursive dist-hook \
+	distclean distclean-generic distclean-libtool distclean-tags \
+	distdir dvi dvi-am html html-am info info-am install \
+	install-am install-data install-data-am install-data-hook \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-exec-hook install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -655,8 +657,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -666,19 +668,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -694,7 +708,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -764,15 +778,40 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
 
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
+
 dist-hook:
 	$(mkinstalldirs) $(distdir)/arpa
 	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
index 2c30c2c..60786ba 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
+++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.9 2001/08/28 08:31:23 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 
 noinst_LIBRARIES = libtelnet.a
 
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
index e133fde..cb00e59 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.9 2001/08/28 08:31:23 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(libtelnet_a_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -49,16 +44,14 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 subdir = appl/telnet/libtelnet
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -71,6 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -79,50 +73,49 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
-ARFLAGS = cru
 LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
 libtelnet_a_AR = $(AR) $(ARFLAGS)
 libtelnet_a_LIBADD =
 am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \
 	encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \
 	kerberos5.$(OBJEXT) misc.$(OBJEXT)
 libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(libtelnet_a_SOURCES)
 DIST_SOURCES = $(libtelnet_a_SOURCES)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -132,8 +125,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -144,11 +135,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -156,42 +146,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -209,12 +184,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -224,15 +196,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -241,6 +212,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -252,15 +224,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -268,74 +235,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -352,6 +325,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 noinst_LIBRARIES = libtelnet.a
 libtelnet_a_SOURCES = \
@@ -373,7 +347,7 @@ EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -432,10 +406,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
@@ -456,9 +426,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -483,23 +455,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -537,7 +507,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -550,7 +520,7 @@ clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -566,14 +536,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man:
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -593,19 +571,26 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
 
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-info-am
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -620,8 +605,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -631,19 +616,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -659,7 +656,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -729,14 +726,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
index 89f1fbc..4f2e245 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
@@ -53,7 +53,7 @@
  * or implied warranty.
  */
 
-/* $Id: auth-proto.h,v 1.11 2002/08/28 20:56:14 joda Exp $ */
+/* $Id: auth-proto.h 11288 2002-08-28 20:56:14Z joda $ */
 
 #ifdef AUTHENTICATION
 Authenticator *findauthenticator (int, int);
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.c b/crypto/heimdal/appl/telnet/libtelnet/auth.c
index cbb7a78..1325303 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/auth.c
@@ -53,7 +53,7 @@
 
 #include <config.h>
 
-RCSID("$Id: auth.c,v 1.25 2002/01/18 12:58:48 joda Exp $");
+RCSID("$Id: auth.c 10809 2002-01-18 12:58:49Z joda $");
 
 #if	defined(AUTHENTICATION)
 #include <stdio.h>
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.h b/crypto/heimdal/appl/telnet/libtelnet/auth.h
index 83dd701..9248815 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/auth.h
@@ -53,7 +53,7 @@
  * or implied warranty.
  */
 
-/* $Id: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */
+/* $Id: auth.h 5027 1998-06-09 19:25:40Z joda $ */
 
 #ifndef	__AUTH__
 #define	__AUTH__
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
index 3078848..a40893b 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
@@ -55,7 +55,7 @@
  * or implied warranty.
  */
 
-/* $Id: enc-proto.h,v 1.11 2002/01/18 12:58:49 joda Exp $ */
+/* $Id: enc-proto.h 10809 2002-01-18 12:58:49Z joda $ */
 
 #if	defined(ENCRYPTION)
 Encryptions *findencryption (int);
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
index 537d22f..13dd9da 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $");
+RCSID("$Id: enc_des.c 14681 2005-03-23 16:19:31Z lha $");
 
 #if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
 #include <arpa/telnet.h>
@@ -66,19 +66,19 @@ extern int encrypt_debug_mode;
 
 
 struct stinfo {
-  des_cblock	str_output;
-  des_cblock	str_feed;
-  des_cblock	str_iv;
-  des_cblock	str_ikey;
-  des_key_schedule str_sched;
+  DES_cblock	str_output;
+  DES_cblock	str_feed;
+  DES_cblock	str_iv;
+  DES_cblock	str_ikey;
+  DES_key_schedule str_sched;
   int		str_index;
   int		str_flagshift;
 };
 
 struct fb {
-	des_cblock krbdes_key;
-	des_key_schedule krbdes_sched;
-	des_cblock temp_feed;
+	DES_cblock krbdes_key;
+	DES_key_schedule krbdes_sched;
+	DES_cblock temp_feed;
 	unsigned char fb_feed[64];
 	int need_start;
 	int state[2];
@@ -116,13 +116,13 @@ struct keyidlist {
 #define	FB64_IV_BAD	3
 
 
-void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_stream_iv (DES_cblock, struct stinfo *);
 void fb64_init (struct fb *);
 static int fb64_start (struct fb *, int, int);
 int fb64_is (unsigned char *, int, struct fb *);
 int fb64_reply (unsigned char *, int, struct fb *);
 static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (des_cblock, struct stinfo *);
+void fb64_stream_key (DES_cblock, struct stinfo *);
 int fb64_keyid (int, unsigned char *, int *, struct fb *);
 void fb64_printsub(unsigned char *, int ,
 		   unsigned char *, int , char *);
@@ -211,7 +211,7 @@ static int fb64_start(struct fb *fbp, int dir, int server)
 		 * Create a random feed and send it over.
 		 */
 #ifndef OLD_DES_RANDOM_KEY
-		des_new_random_key(&fbp->temp_feed);
+		DES_random_key(&fbp->temp_feed);
 #else
 		/*
 		 * From des_cryp.man "If the des_check_key flag is non-zero,
@@ -219,18 +219,18 @@ static int fb64_start(struct fb *fbp, int dir, int server)
 		 *  of odd parity and is not a week or semi-weak key."
 		 */
 		do {
-			des_random_key(fbp->temp_feed);
-			des_set_odd_parity(fbp->temp_feed);
-		} while (des_is_weak_key(fbp->temp_feed));
+			DES_random_key(fbp->temp_feed);
+			DES_set_odd_parity(fbp->temp_feed);
+		} while (DES_is_weak_key(fbp->temp_feed));
 #endif
-		des_ecb_encrypt(&fbp->temp_feed,
+		DES_ecb_encrypt(&fbp->temp_feed,
 				&fbp->temp_feed,
-				fbp->krbdes_sched, 1);
+				&fbp->krbdes_sched, 1);
 		p = fbp->fb_feed + 3;
 		*p++ = ENCRYPT_IS;
 		p++;
 		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(des_cblock); ++x) {
+		for (x = 0; x < sizeof(DES_cblock); ++x) {
 			if ((*p++ = fbp->temp_feed[x]) == IAC)
 				*p++ = IAC;
 		}
@@ -273,7 +273,7 @@ int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
 
 	switch (*data++) {
 	case FB64_IV:
-		if (cnt != sizeof(des_cblock)) {
+		if (cnt != sizeof(DES_cblock)) {
 			if (encrypt_debug_mode)
 				printf("CFB64: initial vector failed on size\r\n");
 			state = FAILED;
@@ -362,7 +362,7 @@ int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
 		break;
 
 	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(des_cblock));
+		memset(fbp->temp_feed, 0, sizeof(DES_cblock));
 		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
 		state = FAILED;
 		break;
@@ -400,18 +400,19 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
 				key ? key->type : -1, SK_DES);
 		return;
 	}
-	memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+	memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
 
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
 	if (fbp->once == 0) {
 #if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
-		des_init_random_number_generator(&fbp->krbdes_key);
+		DES_init_random_number_generator(&fbp->krbdes_key);
 #endif
 		fbp->once = 1;
 	}
-	des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+	DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
+			    &fbp->krbdes_sched);
 	/*
 	 * Now look to see if krbdes_start() was was waiting for
 	 * the key to show up.  If so, go ahead an call it now
@@ -508,25 +509,25 @@ void ofb64_printsub(unsigned char *data, int cnt,
 	fb64_printsub(data, cnt, buf, buflen, "OFB64");
 }
 
-void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
 {
 
-	memcpy(stp->str_iv, seed,sizeof(des_cblock));
-	memcpy(stp->str_output, seed, sizeof(des_cblock));
+	memcpy(stp->str_iv, seed,sizeof(DES_cblock));
+	memcpy(stp->str_output, seed, sizeof(DES_cblock));
 
-	des_key_sched(&stp->str_ikey, stp->str_sched);
+	DES_set_key_checked(&stp->str_ikey, &stp->str_sched);
 
-	stp->str_index = sizeof(des_cblock);
+	stp->str_index = sizeof(DES_cblock);
 }
 
-void fb64_stream_key(des_cblock key, struct stinfo *stp)
+void fb64_stream_key(DES_cblock key, struct stinfo *stp)
 {
-	memcpy(stp->str_ikey, key, sizeof(des_cblock));
-	des_key_sched((des_cblock*)key, stp->str_sched);
+	memcpy(stp->str_ikey, key, sizeof(DES_cblock));
+	DES_set_key_checked((DES_cblock*)key, &stp->str_sched);
 
-	memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+	memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
 
-	stp->str_index = sizeof(des_cblock);
+	stp->str_index = sizeof(DES_cblock);
 }
 
 /*
@@ -558,10 +559,10 @@ void cfb64_encrypt(unsigned char *s, int c)
 
 	index = stp->str_index;
 	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
+		if (index == sizeof(DES_cblock)) {
+			DES_cblock b;
+			DES_ecb_encrypt(&stp->str_output, &b,&stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(DES_cblock));
 			index = 0;
 		}
 
@@ -590,10 +591,10 @@ int cfb64_decrypt(int data)
 	}
 
 	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
+	if (index == sizeof(DES_cblock)) {
+		DES_cblock b;
+		DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(DES_cblock));
 		stp->str_index = 1;	/* Next time will be 1 */
 		index = 0;		/* But now use 0 */ 
 	}
@@ -630,10 +631,10 @@ void ofb64_encrypt(unsigned char *s, int c)
 
 	index = stp->str_index;
 	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
+		if (index == sizeof(DES_cblock)) {
+			DES_cblock b;
+			DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(DES_cblock));
 			index = 0;
 		}
 		*s++ ^= stp->str_feed[index];
@@ -659,10 +660,10 @@ int ofb64_decrypt(int data)
 	}
 
 	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
+	if (index == sizeof(DES_cblock)) {
+		DES_cblock b;
+		DES_ecb_encrypt(&stp->str_feed,&b,&stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(DES_cblock));
 		stp->str_index = 1;	/* Next time will be 1 */
 		index = 0;		/* But now use 0 */ 
 	}
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
index fca8a47..04dbe83 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
@@ -54,7 +54,7 @@
 
 #include <config.h>
 
-RCSID("$Id: encrypt.c,v 1.23 2002/01/18 12:58:49 joda Exp $");
+RCSID("$Id: encrypt.c 16802 2006-03-23 19:36:31Z lha $");
 
 #if	defined(ENCRYPTION)
 
@@ -636,7 +636,7 @@ encrypt_reply(unsigned char *data, int cnt)
 }
 
 /*
- * Called when a ENCRYPT START command is received.
+ * Called when ENCRYPT START is received.
  */
 void
 encrypt_start(unsigned char *data, int cnt)
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
index 3b04bd5..814491c 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
@@ -55,7 +55,7 @@
  * or implied warranty.
  */
 
-/* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */
+/* $Id: encrypt.h 11444 2002-09-10 20:03:49Z joda $ */
 
 #ifndef	__ENCRYPT__
 #define	__ENCRYPT__
diff --git a/crypto/heimdal/appl/telnet/libtelnet/genget.c b/crypto/heimdal/appl/telnet/libtelnet/genget.c
index 27d1d67..5785314 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/genget.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/genget.c
@@ -34,7 +34,7 @@
 #include <config.h>
 #include "misc-proto.h"
 
-RCSID("$Id: genget.c,v 1.7 2001/09/03 05:54:14 assar Exp $");
+RCSID("$Id: genget.c 10646 2001-09-03 05:54:18Z assar $");
 
 #include <ctype.h>
 
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
index 09d3073..1c86fe2 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
@@ -55,7 +55,7 @@
 #include <config.h>
 #endif
 
-RCSID("$Id: kerberos.c,v 1.54 2001/08/22 20:30:22 assar Exp $");
+RCSID("$Id: kerberos.c 22071 2007-11-14 20:04:50Z lha $");
 
 #ifdef	KRB4
 #ifdef HAVE_SYS_TYPES_H
@@ -347,14 +347,15 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
 	    Data(ap, KRB_ACCEPT, NULL, 0);
 	} else {
 	    char *msg;
+	    int ret;
 
-	    asprintf (&msg, "user `%s' is not authorized to "
-		      "login as `%s'", 
-		      krb_unparse_name_long(adat.pname, 
-					    adat.pinst, 
-					    adat.prealm), 
-		      UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (msg == NULL)
+	    ret = asprintf (&msg, "user `%s' is not authorized to "
+			    "login as `%s'", 
+			    krb_unparse_name_long(adat.pname, 
+						  adat.pinst, 
+						  adat.prealm), 
+			    UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (ret == -1)
 		Data(ap, KRB_REJECT, NULL, 0);
 	    else {
 		Data(ap, KRB_REJECT, (void *)msg, -1);
@@ -440,7 +441,7 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
 		}
 	    }
 	    memset(data, 0, cnt);
-	    memset(ks, 0, sizeof(ks));
+	    memset(&ks, 0, sizeof(ks));
 	    memset(&cred, 0, sizeof(cred));
 	}
 	
@@ -540,7 +541,7 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 {
     int i;
 
-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
     buflen -= 1;
 
     switch(data[3]) {
@@ -651,7 +652,7 @@ static int
 unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
 {
     char *p = (char*)buf;
-    u_int32_t tmp;
+    uint32_t tmp;
 
     strncpy (cred->service, p, ANAME_SZ);
     cred->service[ANAME_SZ - 1] = '\0';
@@ -675,7 +676,7 @@ unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
     p += cred->ticket_st.length;
     p += krb_get_int(p, &tmp, 4, 0);
     cred->ticket_st.mbz = 0;
-    p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, 0);
+    p += krb_get_int(p, (uint32_t *)&cred->issue_date, 4, 0);
 
     strncpy (cred->pname, p, ANAME_SZ);
     cred->pname[ANAME_SZ - 1] = '\0';
@@ -712,7 +713,7 @@ kerberos4_forward(Authenticator *ap, void *v)
     len = pack_cred(&cred, netcred);
     des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
 		     ks, key, DES_ENCRYPT);
-    memset(ks, 0, sizeof(ks));
+    memset(&ks, 0, sizeof(ks));
     Data(ap, KRB_FORWARD, netcred, len);
     memset(netcred, 0, sizeof(netcred));
     return 0;
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
index 9ea3759..cac80d0 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
@@ -53,7 +53,7 @@
 
 #include <config.h>
 
-RCSID("$Id: kerberos5.c,v 1.53.2.1 2004/06/21 08:21:07 lha Exp $");
+RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $");
 
 #ifdef	KRB5
 
@@ -115,18 +115,18 @@ static krb5_context context;
 static krb5_auth_context auth_context;
 
 static int
-Data(Authenticator *ap, int type, void *d, int c)
+Data(Authenticator *ap, int type, const void *d, int c)
 {
-    unsigned char *cd = (unsigned char *)d;
+    const unsigned char *cp, *cd = d;
     unsigned char *p0, *p;
     size_t len = sizeof(str_data) + 3 + 2;
     int ret;
 
     if (c == -1)
-	c = strlen((char*)cd);
+	c = strlen((const char*)cd);
 
-    for (p = cd; p - cd < c; p++, len++)
-	if (*p == IAC)
+    for (cp = cd; cp - cd < c; cp++, len++)
+	if (*cp == IAC)
 	    len++;
 
     p0 = malloc(len);
@@ -198,7 +198,7 @@ kerberos5_send(char *name, Authenticator *ap)
     krb5_ccache ccache;
     int ap_opts;
     krb5_data cksum_data;
-    char foo[2];
+    char ap_msg[2];
     
     if (!UserNameRequested) {
 	if (auth_debug_mode) {
@@ -246,11 +246,11 @@ kerberos5_send(char *name, Authenticator *ap)
 
     krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES);
 
-    foo[0] = ap->type;
-    foo[1] = ap->way;
+    ap_msg[0] = ap->type;
+    ap_msg[1] = ap->way;
 
-    cksum_data.length = sizeof(foo);
-    cksum_data.data   = foo;
+    cksum_data.length = sizeof(ap_msg);
+    cksum_data.data   = ap_msg;
 
 
     {
@@ -324,6 +324,21 @@ kerberos5_send_oneway(Authenticator *ap)
     return kerberos5_send("KERBEROS5", ap);
 }
 
+static void log_message(const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    if (auth_debug_mode) {
+	va_start(ap, fmt);
+	vfprintf(stdout, fmt, ap);
+	va_end(ap);
+	fprintf(stdout, "\r\n");
+    }
+    va_start(ap, fmt);
+    vsyslog(LOG_NOTICE, fmt, ap);
+    va_end(ap);
+}
+
 void
 kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 {
@@ -347,9 +362,8 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (ret) {
 	    Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
+	    log_message("Kerberos V5: krb5_auth_con_init failed (%s)",
+			krb5_get_err_text(context, ret));
 	    return;
 	}
 
@@ -359,10 +373,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (ret) {
 	    Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
+	    log_message("Kerberos V5: "
+			"krb5_auth_con_setaddrs_from_fd failed (%s)",
+			krb5_get_err_text(context, ret));
 	    return;
 	}
 
@@ -374,10 +387,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (ret) {
 	    Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_sock_to_principal failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
+	    log_message("Kerberos V5: "
+			"krb5_sock_to_principal failed (%s)",
+			krb5_get_err_text(context, ret));
 	    return;
 	}
 
@@ -391,37 +403,46 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 
 	krb5_free_principal (context, server);
 	if (ret) {
+	    const char *errbuf2 = "Read req failed";
 	    char *errbuf;
-
-	    asprintf(&errbuf,
-		     "Read req failed: %s",
-		     krb5_get_err_text(context, ret));
-	    Data(ap, KRB_REJECT, errbuf, -1);
-	    if (auth_debug_mode)
-		printf("%s\r\n", errbuf);
-	    free (errbuf);
+	    int ret2;
+
+	    ret2 = asprintf(&errbuf,
+			    "Read req failed: %s",
+			    krb5_get_err_text(context, ret));
+	    if (ret2 != -1)
+		errbuf2 = errbuf;
+	    Data(ap, KRB_REJECT, errbuf2, -1);
+	    log_message("%s", errbuf2);
+	    if (ret2 != -1)
+		free (errbuf);
 	    return;
 	}
 	
 	{
-	    char foo[2];
+	    char ap_msg[2];
 	    
-	    foo[0] = ap->type;
-	    foo[1] = ap->way;
+	    ap_msg[0] = ap->type;
+	    ap_msg[1] = ap->way;
 	    
 	    ret = krb5_verify_authenticator_checksum(context,
 						     auth_context,
-						     foo, 
-						     sizeof(foo));
+						     ap_msg, 
+						     sizeof(ap_msg));
 
 	    if (ret) {
+		const char *errbuf2 = "Bad checksum";
 		char *errbuf;
-		asprintf(&errbuf, "Bad checksum: %s", 
-			 krb5_get_err_text(context, ret));
-		Data(ap, KRB_REJECT, errbuf, -1);
-		if (auth_debug_mode)
-		    printf ("%s\r\n", errbuf);
-		free(errbuf);
+		int ret2;
+
+		ret2 = asprintf(&errbuf, "Bad checksum: %s", 
+				krb5_get_err_text(context, ret));
+		if (ret2 != -1)
+		    errbuf2 = errbuf;
+		Data(ap, KRB_REJECT, errbuf2, -1);
+		log_message("%s", errbuf2);
+		if (ret2 != -1)
+		    free(errbuf);
 		return;
 	    }
 	}
@@ -432,10 +453,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (ret) {
 	    Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getremotesubkey failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
+	    log_message("Kerberos V5: "
+			"krb5_auth_con_getremotesubkey failed (%s)",
+			krb5_get_err_text(context, ret));
 	    return;
 	}
 
@@ -447,18 +467,16 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (ret) {
 	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getkey failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
+	    log_message("Kerberos V5: "
+			"krb5_auth_con_getkey failed (%s)",
+			krb5_get_err_text(context, ret));
 	    return;
 	}
 	if (key_block == NULL) {
 	    Data(ap, KRB_REJECT, "no subkey received", -1);
 	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getremotesubkey returned NULL key\r\n");
+	    log_message("Kerberos V5: "
+			"krb5_auth_con_getremotesubkey returned NULL key");
 	    return;
 	}
 
@@ -468,10 +486,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 		Data(ap, KRB_REJECT,
 		     "krb5_mk_rep failed", -1);
 		auth_finished(ap, AUTH_REJECT);
-		if (auth_debug_mode)
-		    printf("Kerberos V5: "
-			   "krb5_mk_rep failed (%s)\r\n",
-			   krb5_get_err_text(context, ret));
+		log_message("Kerberos V5: "
+			    "krb5_mk_rep failed (%s)",
+			    krb5_get_err_text(context, ret));
 		return;
 	    }
 	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
@@ -483,10 +500,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 					     ticket->client,
 					     UserNameRequested)) {
 	    Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
-	    if (auth_debug_mode) {
-		printf("Kerberos5 identifies him as ``%s''\r\n",
-		       name ? name : "");
-	    }
+	    log_message("%s accepted as user %s from %s",
+			name ? name : "<unknown>", 
+			UserNameRequested ? UserNameRequested : "<unknown>",
+			RemoteHostName ? RemoteHostName : "<unknown>");
 
 	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
 	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
@@ -500,18 +517,18 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    }
 
 	} else {
+	    const char *msg2 = "user is not authorized to login";
 	    char *msg;
 
-	    asprintf (&msg, "user `%s' is not authorized to "
-		      "login as `%s'", 
-		      name ? name : "<unknown>",
-		      UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (msg == NULL)
-		Data(ap, KRB_REJECT, NULL, 0);
-	    else {
-		Data(ap, KRB_REJECT, (void *)msg, -1);
+	    ret = asprintf (&msg, "user `%s' is not authorized to "
+			    "login as `%s'", 
+			    name ? name : "<unknown>",
+			    UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (ret != -1)
+		msg2 = msg;
+	    Data(ap, KRB_REJECT, (void *)msg2, -1);
+	    if (ret != -1)
 		free(msg);
-	    }
 	    auth_finished (ap, AUTH_REJECT);
 	    krb5_free_keyblock_contents(context, key_block);
 	    break;
@@ -533,12 +550,11 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    break;
 
 	snprintf (ccname, sizeof(ccname),
-		  "FILE:/tmp/krb5cc_%u", pwd->pw_uid);
+		  "FILE:/tmp/krb5cc_%lu", (unsigned long)pwd->pw_uid);
 
 	ret = krb5_cc_resolve (context, ccname, &ccache);
 	if (ret) {
-	    if (auth_debug_mode)
-		printf ("Kerberos V5: could not get ccache: %s\r\n",
+	    log_message("Kerberos V5: could not get ccache: %s",
 			krb5_get_err_text(context, ret));
 	    break;
 	}
@@ -547,8 +563,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 				  ccache,
 				  ticket->client);
 	if (ret) {
-	    if (auth_debug_mode)
-		printf ("Kerberos V5: could not init ccache: %s\r\n",
+	    log_message("Kerberos V5: could not init ccache: %s",
 			krb5_get_err_text(context, ret));
 	    break;
 	}
@@ -561,19 +576,20 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 			     ccache,
 			     &inbuf);
 	if(ret) {
+	    const char *errbuf2 = "Read forwarded creds failed";
 	    char *errbuf;
-
-	    asprintf (&errbuf,
-		      "Read forwarded creds failed: %s",
-		      krb5_get_err_text (context, ret));
-	    if(errbuf == NULL)
-		Data(ap, KRB_FORWARD_REJECT, NULL, 0);
-	    else
-		Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
-	    if (auth_debug_mode)
-		printf("Could not read forwarded credentials: %s\r\n",
-		       errbuf);
-	    free (errbuf);
+	    int ret2;
+
+	    ret2 = asprintf (&errbuf,
+			     "Read forwarded creds failed: %s",
+			     krb5_get_err_text (context, ret));
+	    if (ret2 != -1)
+		errbuf2 = errbuf;
+	    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
+	    log_message("Could not read forwarded credentials: %s", errbuf);
+
+	    if (ret2 != -1)
+		free (errbuf);
 	} else {
 	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
 #if defined(DCE)
@@ -581,13 +597,11 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 #endif
 	}
 	chown (ccname + 5, pwd->pw_uid, -1);
-	if (auth_debug_mode)
-	    printf("Forwarded credentials obtained\r\n");
+	log_message("Forwarded credentials obtained");
 	break;
     }
     default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	log_message("Unknown Kerberos option %d", data[-1]);
 	Data(ap, KRB_REJECT, 0, 0);
 	break;
     }
@@ -712,7 +726,7 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 {
     int i;
 
-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
     buflen -= 1;
 
     switch(data[3]) {
@@ -773,7 +787,7 @@ kerberos5_forward(Authenticator *ap)
     krb5_error_code ret;
     krb5_ccache     ccache;
     krb5_creds      creds;
-    krb5_kdc_flags  flags;
+    KDCOptions	    flags;
     krb5_data       out_data;
     krb5_principal  principal;
 
@@ -814,15 +828,15 @@ kerberos5_forward(Authenticator *ap)
 
     creds.times.endtime = 0;
 
-    flags.i = 0;
-    flags.b.forwarded = 1;
+    memset(&flags, 0, sizeof(flags));
+    flags.forwarded = 1;
     if (forward_flags & OPTS_FORWARDABLE_CREDS)
-	flags.b.forwardable = 1;
+	flags.forwardable = 1;
 
     ret = krb5_get_forwarded_creds (context,
 				    auth_context,
 				    ccache,
-				    flags.i,
+				    KDCOptions2int(flags),
 				    RemoteHostName,
 				    &creds,
 				    &out_data);
diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
index 0a4ff86..f14bc7d 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: krb4encpwd.c,v 1.19 2001/02/15 04:20:52 assar Exp $");
+RCSID("$Id: krb4encpwd.c 22071 2007-11-14 20:04:50Z lha $");
 
 #ifdef	KRB4_ENCPWD
 /*
@@ -354,7 +354,7 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
 {
 	int i;
 
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;
 
 	switch(data[3]) {
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
index 7bbafa5..07a2509 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
@@ -53,7 +53,7 @@
  * or implied warranty.
  */
 
-/* $Id: misc-proto.h,v 1.9 2000/11/15 23:00:21 assar Exp $ */
+/* $Id: misc-proto.h 9187 2000-11-15 23:00:21Z assar $ */
 
 #ifndef	__MISC_PROTO__
 #define	__MISC_PROTO__
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.c b/crypto/heimdal/appl/telnet/libtelnet/misc.c
index b7af237..f74e304 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/misc.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/misc.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: misc.c,v 1.15 2000/01/25 23:24:58 assar Exp $");
+RCSID("$Id: misc.c 7822 2000-01-25 23:24:58Z assar $");
 
 #include <stdio.h>
 #include <stdlib.h>
diff --git a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
index 4c5e875..cff096c 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: rsaencpwd.c,v 1.19 2002/08/12 15:09:17 joda Exp $");
+RCSID("$Id: rsaencpwd.c 22071 2007-11-14 20:04:50Z lha $");
 
 #ifdef	RSA_ENCPWD
 /*
@@ -409,7 +409,7 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
 {
 	int i;
 
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;
 
 	switch(data[3]) {
diff --git a/crypto/heimdal/appl/telnet/libtelnet/spx.c b/crypto/heimdal/appl/telnet/libtelnet/spx.c
index 9155ef2..82fafdb 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/spx.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/spx.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $");
+RCSID("$Id: spx.c 22071 2007-11-14 20:04:50Z lha $");
 
 #ifdef	SPX
 /*
@@ -532,7 +532,7 @@ spx_printsub(data, cnt, buf, buflen)
 {
 	int i;
 
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;
 
 	switch(data[3]) {
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am
index cb516cb..a472ba9 100644
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.am
+++ b/crypto/heimdal/appl/telnet/telnet/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.16 2001/08/28 11:21:16 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 
 bin_PROGRAMS = telnet
 
@@ -17,7 +17,9 @@ man_MANS = telnet.1
 LDADD = ../libtelnet/libtelnet.a \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_tgetent) \
 	$(LIB_kdfs) \
 	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in
index db1f4a7..df9afb1 100644
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/telnet/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.16 2001/08/28 11:21:16 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(telnet_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ bin_PROGRAMS = telnet$(EXEEXT)
 subdir = appl/telnet/telnet
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,16 +74,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
@@ -101,25 +99,22 @@ am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) \
 	utilities.$(OBJEXT)
 telnet_OBJECTS = $(am_telnet_OBJECTS)
 telnet_LDADD = $(LDADD)
-@KRB5_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-am__DEPENDENCIES_2 =
-@DCE_TRUE@am__DEPENDENCIES_3 = $(top_builddir)/lib/kdfs/libkdfs.la
-telnet_DEPENDENCIES = ../libtelnet/libtelnet.a $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
-	$(am__DEPENDENCIES_2)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+am__DEPENDENCIES_1 =
+telnet_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(LIB_kdfs) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(telnet_SOURCES)
 DIST_SOURCES = $(telnet_SOURCES)
 man1dir = $(mandir)/man1
@@ -128,13 +123,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -144,8 +133,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -156,11 +143,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -168,42 +154,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -221,12 +192,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -236,15 +204,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -253,6 +220,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -264,15 +232,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -280,74 +243,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -364,6 +333,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 CHECK_LOCAL = 
 telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
@@ -374,15 +344,16 @@ man_MANS = telnet.1
 LDADD = ../libtelnet/libtelnet.a \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_tgetent) \
 	$(LIB_kdfs) \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -414,7 +385,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
 	@list='$(bin_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -442,7 +413,7 @@ clean-binPROGRAMS:
 	done
 telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES) 
 	@rm -f telnet$(EXEEXT)
-	$(LINK) $(telnet_LDFLAGS) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
+	$(LINK) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -464,13 +435,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man1: $(man1_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)"
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
 	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -534,9 +501,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -561,23 +530,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -597,7 +564,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -618,7 +585,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -630,7 +597,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -646,14 +613,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man1
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -673,23 +648,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man1
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-man1 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am uninstall-man \
-	uninstall-man1
+	install-data install-data-am install-data-hook install-dvi \
+	install-dvi-am install-exec install-exec-am install-exec-hook \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-binPROGRAMS uninstall-hook \
+	uninstall-man uninstall-man1
 
 
 install-suid-programs:
@@ -704,8 +686,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -715,19 +697,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -743,7 +737,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -813,14 +807,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnet/authenc.c b/crypto/heimdal/appl/telnet/telnet/authenc.c
index f1da735..35a3bf7 100644
--- a/crypto/heimdal/appl/telnet/telnet/authenc.c
+++ b/crypto/heimdal/appl/telnet/telnet/authenc.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: authenc.c,v 1.12 2001/12/20 20:39:51 joda Exp $");
+RCSID("$Id: authenc.c 12921 2003-09-25 15:45:51Z lha $");
 
 #if	defined(AUTHENTICATION) || defined(ENCRYPTION)
 int
@@ -62,13 +62,14 @@ net_encrypt(void)
 int
 telnet_spin(void)
 {
-    extern int scheduler_lockout_tty;
+    int ret = 0;
 
     scheduler_lockout_tty = 1;
-    Scheduler(0);
+    if (Scheduler(0) == -1)
+	ret = 1;
     scheduler_lockout_tty = 0;
     
-    return 0;
+    return ret;
 
 }
 
diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c
index 6c610a5..98031e8 100644
--- a/crypto/heimdal/appl/telnet/telnet/commands.c
+++ b/crypto/heimdal/appl/telnet/telnet/commands.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: commands.c,v 1.72 2002/08/28 21:04:59 joda Exp $");
+RCSID("$Id: commands.c 16224 2005-10-22 17:17:44Z lha $");
 
 #if	defined(IPPROTO_IP) && defined(IP_TOS)
 int tos = -1;
@@ -74,7 +74,7 @@ makeargv()
     }
     while ((c = *cp)) {
 	int inquote = 0;
-	while (isspace(c))
+	while (isspace((unsigned char)c))
 	    c = *++cp;
 	if (c == '\0')
 	    break;
@@ -96,7 +96,7 @@ makeargv()
 		} else if (c == '\'') {
 		    inquote = '\'';
 		    continue;
-		} else if (isspace(c))
+		} else if (isspace((unsigned char)c))
 		    break;
 	    }
 	    *cp2++ = c;
@@ -1318,9 +1318,9 @@ shell(int argc, char **argv)
 	    else
 		shellname++;
 	    if (argc > 1)
-		execl(shellp, shellname, "-c", &saveline[1], 0);
+		execl(shellp, shellname, "-c", &saveline[1], NULL);
 	    else
-		execl(shellp, shellname, 0);
+		execl(shellp, shellname, NULL);
 	    perror("Execl");
 	    _exit(1);
 	}
@@ -1582,6 +1582,7 @@ env_init(void)
 	    || strncmp((char *)ep->value, "unix:", 5) == 0)) {
 		char hbuf[256+1];
 		char *cp2 = strchr((char *)ep->value, ':');
+		int error;
 
 		/* XXX - should be k_gethostname? */
 		gethostname(hbuf, 256);
@@ -1590,7 +1591,6 @@ env_init(void)
 		/* If this is not the full name, try to get it via DNS */
 		if (strchr(hbuf, '.') == 0) {
 			struct addrinfo hints, *ai, *a;
-			int error;
 
 			memset (&hints, 0, sizeof(hints));
 			hints.ai_flags = AI_CANONNAME;
@@ -1608,9 +1608,11 @@ env_init(void)
 			}
 		}
 
-		asprintf (&cp, "%s%s", hbuf, cp2);
-		free (ep->value);
-		ep->value = (unsigned char *)cp;
+		error = asprintf (&cp, "%s%s", hbuf, cp2);
+		if (error != -1) {
+		    free (ep->value);
+		    ep->value = (unsigned char *)cp;
+		}
 	}
 	/*
 	 * If USER is not defined, but LOGNAME is, then add
@@ -2026,11 +2028,11 @@ cmdrc(char *m1, char *m2)
 	if (line[0] == '#')
 	    continue;
 	if (gotmachine) {
-	    if (!isspace(line[0]))
+	    if (!isspace((unsigned char)line[0]))
 		gotmachine = 0;
 	}
 	if (gotmachine == 0) {
-	    if (isspace(line[0]))
+	    if (isspace((unsigned char)line[0]))
 		continue;
 	    if (strncasecmp(line, m1, l1) == 0)
 		strncpy(line, &line[l1], sizeof(line) - l1);
diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h
index 09f058c..badfca5 100644
--- a/crypto/heimdal/appl/telnet/telnet/externs.h
+++ b/crypto/heimdal/appl/telnet/telnet/externs.h
@@ -33,7 +33,7 @@
  *	@(#)externs.h	8.3 (Berkeley) 5/30/95
  */
 
-/* $Id: externs.h,v 1.25 2002/08/28 20:58:23 joda Exp $ */
+/* $Id: externs.h 21734 2007-07-31 01:55:45Z lha $ */
 
 #ifndef	BSD
 # define BSD 43
@@ -181,6 +181,10 @@ extern jmp_buf
     peerdied,
     toplevel;		/* For error conditions. */
 
+int Scheduler(int);
+extern int scheduler_lockout_tty;
+
+
 /* authenc.c */
 
 #if	defined(AUTHENTICATION) || defined(ENCRYPTION)
@@ -236,7 +240,6 @@ void command(int top, char *tbuf, int cnt);
 /* main.c */
 
 void tninit(void);
-void usage(void);
 void set_forward_options(void);
 
 /* network.c */
diff --git a/crypto/heimdal/appl/telnet/telnet/main.c b/crypto/heimdal/appl/telnet/telnet/main.c
index 3da3001..bb358a8 100644
--- a/crypto/heimdal/appl/telnet/telnet/main.c
+++ b/crypto/heimdal/appl/telnet/telnet/main.c
@@ -38,7 +38,7 @@ static char *copyright[] = {
 };
 
 #include "telnet_locl.h"
-RCSID("$Id: main.c,v 1.38.6.1 2004/03/22 18:16:35 lha Exp $");
+RCSID("$Id: main.c 21731 2007-07-30 20:01:26Z lha $");
 
 #if KRB5
 #define FORWARD
@@ -59,8 +59,8 @@ tninit(void)
     init_sys();
 }
 
-void
-usage(void)
+static void
+usage(int exit_code)
 {
   fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
 #ifdef	AUTHENTICATION
@@ -77,7 +77,7 @@ usage(void)
 	  "[host-name [port]]"
 #endif
     );
-  exit(1);
+  exit(exit_code);
 }
 
 /*
@@ -112,7 +112,6 @@ set_forward_options(void)
 }
 
 #ifdef KRB5
-/* XXX ugly hack to setup dns-proxy stuff */
 #define Authenticator asn1_Authenticator
 #include <krb5.h>
 static void
@@ -120,24 +119,29 @@ krb5_init(void)
 {
     krb5_context context;
     krb5_error_code ret;
+    krb5_boolean ret_val;
 
     ret = krb5_init_context(&context);
     if (ret)
 	return;
 
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-    if (krb5_config_get_bool (context, NULL,
-         "libdefaults", "forward", NULL)) {
+#if defined(AUTHENTICATION) && defined(FORWARD)
+    krb5_appdefault_boolean(context, NULL,
+			    NULL, "forward",
+			    0, &ret_val);
+    if (ret_val)
 	    kerberos5_set_forward(1);
-    }
-    if (krb5_config_get_bool (context, NULL,
-         "libdefaults", "forwardable", NULL)) {
+    krb5_appdefault_boolean(context, NULL,
+			    NULL, "forwardable",
+			    0, &ret_val);
+    if (ret_val)
 	    kerberos5_set_forwardable(1);
-    }
 #endif
 #ifdef  ENCRYPTION
-    if (krb5_config_get_bool (context, NULL,
-        "libdefaults", "encrypt", NULL)) {
+    krb5_appdefault_boolean(context, NULL, 
+			    NULL, "encrypt",
+			    0, &ret_val);
+    if (ret_val) {
           encrypt_auto(1);
           decrypt_auto(1); 
 	  wantencryption = 1;
@@ -190,6 +194,9 @@ main(int argc, char **argv)
 	    print_version(NULL);
 	    exit(0);
 	}
+	if (argc == 2 && strcmp(argv[1], "--help") == 0)
+	    usage(0);
+
 
 	while((ch = getopt(argc, argv,
 			   "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
@@ -263,7 +270,7 @@ main(int argc, char **argv)
 			    fprintf(stderr,
 				    "%s: Only one of -f, -F and -G allowed.\n",
 				    prompt);
-			    usage();
+			    usage(1);
 			}
 			forward_option = ch;
 #else
@@ -312,7 +319,7 @@ main(int argc, char **argv)
 
 		case '?':
 		default:
-			usage();
+			usage(1);
 			/* NOTREACHED */
 		}
 	}
@@ -338,7 +345,7 @@ main(int argc, char **argv)
 		char *args[7], **argp = args;
 
 		if (argc > 2)
-			usage();
+			usage(1);
 		*argp++ = prompt;
 		if (user) {
 			*argp++ = "-l";
diff --git a/crypto/heimdal/appl/telnet/telnet/network.c b/crypto/heimdal/appl/telnet/telnet/network.c
index 1bce3a1..4a56588 100644
--- a/crypto/heimdal/appl/telnet/telnet/network.c
+++ b/crypto/heimdal/appl/telnet/telnet/network.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: network.c,v 1.11.12.1 2004/06/21 08:22:35 lha Exp $");
+RCSID("$Id: network.c 13941 2004-06-20 17:01:28Z lha $");
 
 Ring		netoring, netiring;
 size_t		netobufsize = 64*1024;
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.c b/crypto/heimdal/appl/telnet/telnet/ring.c
index 597c79a..fd93e94 100644
--- a/crypto/heimdal/appl/telnet/telnet/ring.c
+++ b/crypto/heimdal/appl/telnet/telnet/ring.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: ring.c,v 1.11 2000/02/06 05:15:21 assar Exp $");
+RCSID("$Id: ring.c 7853 2000-02-06 05:15:47Z assar $");
 
 /*
  * This defines a structure for a ring buffer.
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.h b/crypto/heimdal/appl/telnet/telnet/ring.h
index 1644a96..d0c2ad7 100644
--- a/crypto/heimdal/appl/telnet/telnet/ring.h
+++ b/crypto/heimdal/appl/telnet/telnet/ring.h
@@ -33,7 +33,7 @@
  *	@(#)ring.h	8.1 (Berkeley) 6/6/93
  */
 
-/* $Id: ring.h,v 1.4 2000/02/06 05:15:47 assar Exp $ */
+/* $Id: ring.h 7853 2000-02-06 05:15:47Z assar $ */
 
 /*
  * This defines a structure for a ring buffer.
diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
index 1144e8f..5bc2d12 100644
--- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
+++ b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: sys_bsd.c,v 1.30 2002/04/18 16:18:43 joda Exp $");
+RCSID("$Id: sys_bsd.c 10941 2002-04-18 16:18:43Z joda $");
 
 /*
  * The following routines try to encapsulate what is system dependent
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.1 b/crypto/heimdal/appl/telnet/telnet/telnet.1
index 82852a7..37f588a 100644
--- a/crypto/heimdal/appl/telnet/telnet/telnet.1
+++ b/crypto/heimdal/appl/telnet/telnet/telnet.1
@@ -65,7 +65,7 @@ is invoked without the
 .Ar host
 argument, it enters command mode,
 indicated by its prompt
-.Pq Nm telnet\&> .
+.Pq Nm telnet\*[Gt] .
 In this mode, it accepts and executes the commands listed below.
 If it is invoked with arguments, it performs an
 .Ic open
@@ -1181,11 +1181,11 @@ option on output.
 If this is
 .Dv TRUE ,
 then carriage returns will be sent as
-.Li <CR><LF> .
+.Li \*[Lt]CR\*[Gt]\*[Lt]LF\*[Gt] .
 If this is
 .Dv FALSE ,
 then carriage returns will be send as
-.Li <CR><NUL> .
+.Li \*[Lt]CR\*[Gt]\*[Lt]NUL\*[Gt] .
 The initial value for this toggle is
 .Dv FALSE .
 .It Ic crmod
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.c b/crypto/heimdal/appl/telnet/telnet/telnet.c
index bbc9999..a90f212 100644
--- a/crypto/heimdal/appl/telnet/telnet/telnet.c
+++ b/crypto/heimdal/appl/telnet/telnet/telnet.c
@@ -32,11 +32,8 @@
  */
 
 #include "telnet_locl.h"
-#ifdef HAVE_TERMCAP_H
-#include <termcap.h>
-#endif
 
-RCSID("$Id: telnet.c,v 1.34 2002/05/03 10:19:43 joda Exp $");
+RCSID("$Id: telnet.c 16285 2005-11-03 18:38:57Z lha $");
 
 #define	strip(x) (eight ? (x) : ((x) & 0x7f))
 
@@ -503,7 +500,7 @@ dontoption(int option)
 
 /*
  * Given a buffer returned by tgetent(), this routine will turn
- * the pipe seperated list of names in the buffer into an array
+ * the pipe separated list of names in the buffer into an array
  * of pointers to null terminated names.  We toss out any bad,
  * duplicate, or verbose names (names with spaces).
  */
@@ -579,11 +576,12 @@ mklist(char *buf, char *name)
 		 * Skip entries with spaces or non-ascii values.
 		 * Convert lower case letters to upper case.
 		 */
+#undef ISASCII
 #define ISASCII(c) (!((c)&0x80))
 		if ((c == ' ') || !ISASCII(c))
 			n = 1;
 		else if (islower((unsigned char)c))
-			*cp = toupper(c);
+			*cp = toupper((unsigned char)c);
 	}
 
 	/*
@@ -1294,6 +1292,7 @@ slc_check()
 
 
 unsigned char slc_reply[128];
+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
 unsigned char *slc_replyp;
 
 void
@@ -1309,6 +1308,14 @@ slc_start_reply()
 void
 slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
 {
+	/* A sequence of up to 6 bytes my be written for this member of the SLC
+	 * suboption list by this function.  The end of negotiation command,
+	 * which is written by slc_end_reply(), will require 2 additional
+	 * bytes.  Do not proceed unless there is sufficient space for these
+	 * items.
+	 */
+	if (&slc_replyp[6+2] > slc_reply_eom)
+		return;
 	if ((*slc_replyp++ = func) == IAC)
 		*slc_replyp++ = IAC;
 	if ((*slc_replyp++ = flags) == IAC)
@@ -1322,6 +1329,9 @@ slc_end_reply()
 {
     int len;
 
+    /* The end of negotiation command requires 2 bytes. */
+    if (&slc_replyp[2] > slc_reply_eom)
+            return;
     *slc_replyp++ = IAC;
     *slc_replyp++ = SE;
     len = slc_replyp - slc_reply;
@@ -1415,7 +1425,7 @@ env_opt(unsigned char *buf, int len)
 	}
 }
 
-#define	OPT_REPLY_SIZE	256
+#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
 unsigned char *opt_reply;
 unsigned char *opt_replyp;
 unsigned char *opt_replyend;
@@ -1475,9 +1485,9 @@ env_opt_add(unsigned char *ep)
 		return;
 	}
 	vp = env_getvalue(ep);
-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
-				strlen((char *)ep) + 6 > opt_replyend)
-	{
+        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
+                                2 * strlen((char *)ep) + 6 > opt_replyend)
+        {
 		int len;
 		void *tmp;
 		opt_replyend += OPT_REPLY_SIZE;
@@ -1503,6 +1513,8 @@ env_opt_add(unsigned char *ep)
 		*opt_replyp++ = ENV_USERVAR;
 	for (;;) {
 		while ((c = *ep++)) {
+			if (opt_replyp + (2 + 2) > opt_replyend)
+				return;
 			switch(c&0xff) {
 			case IAC:
 				*opt_replyp++ = IAC;
@@ -1517,6 +1529,8 @@ env_opt_add(unsigned char *ep)
 			*opt_replyp++ = c;
 		}
 		if ((ep = vp)) {
+			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
+				return;
 #ifdef	OLD_ENVIRON
 			if (telopt_environ == TELOPT_OLD_ENVIRON)
 				*opt_replyp++ = old_env_value;
@@ -1547,7 +1561,9 @@ env_opt_end(int emptyok)
 {
 	int len;
 
-	len = opt_replyp - opt_reply + 2;
+	if (opt_replyp + 2 > opt_replyend)
+		return;
+	len = opt_replyp + 2 - opt_reply;
 	if (emptyok || len > 6) {
 		*opt_replyp++ = IAC;
 		*opt_replyp++ = SE;
@@ -1759,12 +1775,12 @@ process_iac:
 		    /*
 		     * This is an error.  We only expect to get
 		     * "IAC IAC" or "IAC SE".  Several things may
-		     * have happend.  An IAC was not doubled, the
+		     * have happened.  An IAC was not doubled, the
 		     * IAC SE was left off, or another option got
 		     * inserted into the suboption are all possibilities.
 		     * If we assume that the IAC was not doubled,
 		     * and really the IAC SE was left off, we could
-		     * get into an infinate loop here.  So, instead,
+		     * get into an infinite loop here.  So, instead,
 		     * we terminate the suboption, and process the
 		     * partial suboption if we can.
 		     */
@@ -2011,6 +2027,8 @@ Scheduler(int block) /* should we block in the select ? */
     return returnValue;
 }
 
+extern int auth_has_failed; /* XXX should be somewhere else */
+
 /*
  * Select from tty and network...
  */
@@ -2064,7 +2082,6 @@ my_telnet(char *user)
      * forever. 
      */
     if (telnetport && wantencryption) {
-	extern int auth_has_failed;
 	time_t timeout = time(0) + 60;
 
 	send_do(TELOPT_ENCRYPT, 1);
@@ -2080,7 +2097,7 @@ my_telnet(char *user)
 		}
 	    }
 	    if (auth_has_failed) {
-		printf("\nAuthentication negotation has failed,\n");
+		printf("\nAuthentication negotiation has failed,\n");
 		printf("which is required for encryption.\n");
 		Exit(1);
 	    }
@@ -2109,7 +2126,11 @@ my_telnet(char *user)
 		    printf("\nUser interrupt.\n");
 		    Exit(1);
 	    }
-	    telnet_spin();
+	    if (telnet_spin()) {
+		    printf("\nServer disconnected.\n");
+		    Exit(1);
+	    }
+		
 	}
 	if (printed_encrypt) {
 		printf("Encryption negotiated.\n");
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
index 1183b67..503191d 100644
--- a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
+++ b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: telnet_locl.h,v 1.21 2001/12/20 20:39:52 joda Exp $ */
+/* $Id: telnet_locl.h 18776 2006-10-21 19:14:13Z lha $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -59,23 +59,27 @@
 #include <unistd.h>
 #endif
 
-/* termios.h *must* be included before curses.h */
-#ifdef HAVE_TERMIOS_H
+/* termios.h *must* be included before curses.h, but not on Solaris 9,
+   at least, where we end up with
+   "/usr/include/term.h", line 1060: incomplete struct/union/enum termio: Ottyb
+*/
+#if defined HAVE_TERMIOS_H && !defined __sun
 #include <termios.h>
 #endif
 
-#if defined(SOCKS) && defined(HAVE_CURSES_H)
+#if defined(HAVE_CURSES_H)
 #include <curses.h>
+#ifdef HAVE_TERM_H
+#include <term.h>
+#endif
+#elif defined(HAVE_TERMCAP_H)
+#include <termcap.h>
 #endif
 
 #if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
 #include <sys/termio.h>
 #endif
 
-#if defined(HAVE_TERMCAP_H)
-#include <termcap.h>
-#endif
-
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
@@ -153,10 +157,6 @@ struct ether_addr;
 #include <socks.h>
 #endif
 
-#include <err.h>
-#include <roken.h>
-/* krb.h? */
-
 #if	defined(AUTHENTICATION) || defined(ENCRYPTION)
 #include <libtelnet/auth.h>
 #include <libtelnet/encrypt.h>
@@ -169,6 +169,9 @@ struct ether_addr;
 #define KLUDGELINEMODE
 #endif
 
+#include <err.h>
+#include <roken.h>
+
 #include "ring.h"
 #include "externs.h"
 #include "defines.h"
diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c
index 44e1611..2fbd3dc 100644
--- a/crypto/heimdal/appl/telnet/telnet/terminal.c
+++ b/crypto/heimdal/appl/telnet/telnet/terminal.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: terminal.c,v 1.11 2001/03/06 20:10:14 assar Exp $");
+RCSID("$Id: terminal.c 9733 2001-03-06 20:10:14Z assar $");
 
 Ring		ttyoring, ttyiring;
 unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
diff --git a/crypto/heimdal/appl/telnet/telnet/utilities.c b/crypto/heimdal/appl/telnet/telnet/utilities.c
index c326d5a..d62d572 100644
--- a/crypto/heimdal/appl/telnet/telnet/utilities.c
+++ b/crypto/heimdal/appl/telnet/telnet/utilities.c
@@ -37,7 +37,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: utilities.c,v 1.25 2001/08/29 00:45:21 assar Exp $");
+RCSID("$Id: utilities.c 10587 2001-08-29 00:45:23Z assar $");
 
 FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
 int	prettydump;
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
index 19e10bc..df2b864 100644
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am
+++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.18 2001/08/28 11:21:17 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 
 libexec_PROGRAMS = telnetd
 
@@ -17,10 +17,12 @@ LDADD = \
 	../libtelnet/libtelnet.a \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_tgetent) \
 	$(LIB_logwtmp) \
 	$(LIB_logout) \
 	$(LIB_openpty) \
 	$(LIB_kdfs) \
 	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
index 1a14fc4..ba4cd35 100644
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in
+++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.18 2001/08/28 11:21:17 joda Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(telnetd_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -50,16 +45,14 @@ libexec_PROGRAMS = telnetd$(EXEEXT)
 subdir = appl/telnet/telnetd
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -72,6 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -80,16 +74,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
@@ -100,26 +98,24 @@ am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \
 	utility.$(OBJEXT) global.$(OBJEXT) authenc.$(OBJEXT)
 telnetd_OBJECTS = $(am_telnetd_OBJECTS)
 telnetd_LDADD = $(LDADD)
-@KRB5_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-am__DEPENDENCIES_2 =
-@DCE_TRUE@am__DEPENDENCIES_3 = $(top_builddir)/lib/kdfs/libkdfs.la
-telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_3) $(am__DEPENDENCIES_2)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+am__DEPENDENCIES_1 =
+telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(LIB_kdfs) \
+	$(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(telnetd_SOURCES)
 DIST_SOURCES = $(telnetd_SOURCES)
 man8dir = $(mandir)/man8
@@ -128,13 +124,7 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -144,8 +134,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -156,11 +144,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -168,42 +155,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -221,12 +193,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -236,15 +205,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -253,6 +221,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -264,15 +233,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -280,74 +244,80 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -364,6 +334,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 CHECK_LOCAL = 
 telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
@@ -374,7 +345,7 @@ LDADD = \
 	../libtelnet/libtelnet.a \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(LIB_tgetent) \
 	$(LIB_logwtmp) \
 	$(LIB_logout) \
@@ -382,10 +353,11 @@ LDADD = \
 	$(LIB_kdfs) \
 	$(LIB_roken)
 
+EXTRA_DIST = $(man_MANS)
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -417,7 +389,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
 	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
 	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
 	  if test -f $$p \
@@ -445,7 +417,7 @@ clean-libexecPROGRAMS:
 	done
 telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES) 
 	@rm -f telnetd$(EXEEXT)
-	$(LINK) $(telnetd_LDFLAGS) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
+	$(LINK) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -467,13 +439,9 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
 install-man8: $(man8_MANS) $(man_MANS)
 	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
 	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
 	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
 	for i in $$l2; do \
@@ -537,9 +505,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -564,23 +534,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../../.. $(distdir)/../../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -600,7 +568,7 @@ check: check-am
 all-am: Makefile $(PROGRAMS) $(MANS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
 install-exec: install-exec-am
@@ -621,7 +589,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -634,7 +602,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -650,14 +618,22 @@ install-data-am: install-man
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am: install-libexecPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man: install-man8
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -677,24 +653,30 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
 
 uninstall-man: uninstall-man8
 
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
+
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man8 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man8
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-hook \
+	uninstall-libexecPROGRAMS uninstall-man uninstall-man8
 
 
 install-suid-programs:
@@ -709,8 +691,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -720,19 +702,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -748,7 +742,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -818,14 +812,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnetd/authenc.c b/crypto/heimdal/appl/telnet/telnetd/authenc.c
index 14594ea2..1fac6c0 100644
--- a/crypto/heimdal/appl/telnet/telnetd/authenc.c
+++ b/crypto/heimdal/appl/telnet/telnetd/authenc.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: authenc.c,v 1.10 2000/11/15 23:20:43 assar Exp $");
+RCSID("$Id: authenc.c 9200 2000-11-15 23:20:43Z assar $");
 
 #ifdef AUTHENTICATION
 
diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h
index 8f99934..68b97bf 100644
--- a/crypto/heimdal/appl/telnet/telnetd/ext.h
+++ b/crypto/heimdal/appl/telnet/telnetd/ext.h
@@ -33,7 +33,7 @@
  *	@(#)ext.h	8.2 (Berkeley) 12/15/93
  */
 
-/* $Id: ext.h,v 1.23 2001/08/29 00:45:22 assar Exp $ */
+/* $Id: ext.h 15841 2005-08-08 13:34:26Z lha $ */
 
 #ifndef __EXT_H__
 #define __EXT_H__
@@ -57,7 +57,7 @@ extern const char *new_login;
 
 extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
 
-extern char	*terminaltype;
+extern char	terminaltype[41];
 
 /*
  * I/O data buffers, pointers, and counters.
@@ -115,7 +115,7 @@ int tty_iscrnl (void);
 void tty_tspeed (int val);
 void tty_rspeed (int val);
 void getptyslave (void);
-int cleanopen (char *line);
+int cleanopen (char *);
 void startslave (const char *host, const char *, int autologin, char *autoname);
 void init_env (void);
 void start_login (const char *host, int autologin, char *name);
@@ -138,7 +138,7 @@ void ptyflush (void);
 char *nextitem (char *current);
 void netclear (void);
 void netflush (void);
-void writenet (unsigned char *ptr, int len);
+void writenet (const void *, size_t);
 void fatal (int f, char *msg);
 void fatalperror (int f, const char *msg);
 void fatalperror_errno (int f, const char *msg, int error);
diff --git a/crypto/heimdal/appl/telnet/telnetd/global.c b/crypto/heimdal/appl/telnet/telnetd/global.c
index 54d1a77..8b3c405 100644
--- a/crypto/heimdal/appl/telnet/telnetd/global.c
+++ b/crypto/heimdal/appl/telnet/telnetd/global.c
@@ -36,7 +36,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $");
+RCSID("$Id: global.c 14939 2005-04-24 20:59:35Z lha $");
 
 /*
  * Telnet server variable declarations
@@ -54,7 +54,7 @@ int	require_otp;
 
 slcfun	slctab[NSLC + 1];	/* slc mapping table */
 
-char	*terminaltype;
+char	terminaltype[41];
 
 /*
  * I/O data buffers, pointers, and counters.
diff --git a/crypto/heimdal/appl/telnet/telnetd/slc.c b/crypto/heimdal/appl/telnet/telnetd/slc.c
index 799d2d8..b9ab121 100644
--- a/crypto/heimdal/appl/telnet/telnetd/slc.c
+++ b/crypto/heimdal/appl/telnet/telnetd/slc.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: slc.c,v 1.10 1997/05/11 06:30:00 assar Exp $");
+RCSID("$Id: slc.c 1695 1997-05-11 06:30:05Z assar $");
 
 /*
  * get_slc_defaults
diff --git a/crypto/heimdal/appl/telnet/telnetd/state.c b/crypto/heimdal/appl/telnet/telnetd/state.c
index 3bc7f63..32c3d0e 100644
--- a/crypto/heimdal/appl/telnet/telnetd/state.c
+++ b/crypto/heimdal/appl/telnet/telnetd/state.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: state.c,v 1.14.12.1 2004/06/21 08:21:58 lha Exp $");
+RCSID("$Id: state.c 18110 2006-09-19 08:25:20Z lha $");
 
 unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
 unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
@@ -427,14 +427,14 @@ send_do(int option, int init)
 extern void auth_request(void);
 #endif
 #ifdef	ENCRYPTION
-extern void encrypt_send_support();
+extern void encrypt_send_support(void);
 #endif
 
 void
 willoption(int option)
 {
     int changeok = 0;
-    void (*func)() = 0;
+    void (*func)(void) = NULL;
 
     /*
      * process input from peer.
@@ -939,7 +939,7 @@ suboption(void)
     }  /* end of case TELOPT_TSPEED */
 
     case TELOPT_TTYPE: {		/* Yaaaay! */
-	static char terminalname[41];
+	char *p;
 
 	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
 	    break;
@@ -949,9 +949,9 @@ suboption(void)
 	    return;		/* ??? XXX but, this is the most robust */
 	}
 
-	terminaltype = terminalname;
+	p = terminaltype;
 
-	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
+	while ((p < (terminaltype + sizeof terminaltype-1)) &&
 	       !SB_EOF()) {
 	    int c;
 
@@ -959,10 +959,9 @@ suboption(void)
 	    if (isupper(c)) {
 		c = tolower(c);
 	    }
-	    *terminaltype++ = c;    /* accumulate name */
+	    *p++ = c;    /* accumulate name */
 	}
-	*terminaltype = 0;
-	terminaltype = terminalname;
+	*p = 0;
 	break;
     }  /* end of case TELOPT_TTYPE */
 
@@ -1246,6 +1245,8 @@ suboption(void)
 	    encrypt_start(subpointer, SB_LEN());
 	    break;
 	case ENCRYPT_END:
+	    if (require_encryption)
+		fatal(net, "Output encryption is not possible to turn off");
 	    encrypt_end();
 	    break;
 	case ENCRYPT_REQSTART:
@@ -1258,6 +1259,8 @@ suboption(void)
 	     * if we have been able to get in the correct mode
 	     * anyhow.
 	     */
+	    if (require_encryption)
+		fatal(net, "Input encryption is not possible to turn off");
 	    encrypt_request_end();
 	    break;
 	case ENCRYPT_ENC_KEYID:
diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
index 23b2468..852611f 100644
--- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c
+++ b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: sys_term.c,v 1.104 2001/09/17 02:09:04 assar Exp $");
+RCSID("$Id: sys_term.c 22390 2007-12-31 10:12:48Z lha $");
 
 #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
 # define PARENT_DOES_UTMP
@@ -90,29 +90,6 @@ char	wtmpf[]	= "/etc/wtmp";
 #include <tmpdir.h>
 #endif	/* CRAY */
 
-#ifdef	STREAMSPTY
-
-#ifdef HAVE_SAC_H
-#include <sac.h>
-#endif
-
-#ifdef HAVE_SYS_STROPTS_H
-#include <sys/stropts.h>
-#endif
-
-#endif /* STREAMSPTY */
-
-#undef NOERROR
-
-#ifdef	HAVE_SYS_STREAM_H
-#ifdef  HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef __hpux
-#undef SE
-#endif
-#include <sys/stream.h>
-#endif
 #if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
 #include <sys/tty.h>
 #endif
@@ -215,13 +192,14 @@ set_termbuf(void)
     /*
      * Only make the necessary changes.
 	 */
-    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf)))
+    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf))) {
 # ifdef  STREAMSPTY
 	if (really_stream)
 	    tcsetattr(ttyfd, TCSANOW, &termbuf);
 	else
 # endif
 	    tcsetattr(ourpty, TCSANOW, &termbuf);
+    }
 }
 
 
@@ -358,6 +336,8 @@ getnpty()
  * Returns the file descriptor of the opened pty.
  */
 
+static int ptyslavefd = -1;
+
 static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
 char *line = Xline;
 
@@ -378,150 +358,151 @@ static char *ptsname(int fd)
 
 int getpty(int *ptynum)
 {
-#ifdef __osf__ /* XXX */
-    int master;
-    int slave;
-    if(openpty(&master, &slave, line, 0, 0) == 0){
-	close(slave);
-	return master;
+#if defined(HAVE_OPENPTY) || defined(__linux) || defined(__osf__) /* XXX */
+    {
+	int master;
+	int slave;
+	if(openpty(&master, &slave, line, 0, 0) == 0){
+	    ptyslavefd = slave;
+	    return master;
+	}
     }
-    return -1;
-#else
+#endif /* HAVE_OPENPTY .... */
 #ifdef HAVE__GETPTY
-    int master, slave;
-    char *p;
-    p = _getpty(&master, O_RDWR, 0600, 1);
-    if(p == NULL)
-	return -1;
-    strlcpy(line, p, sizeof(Xline));
-    return master;
-#else
-
-    int p;
-    char *cp, *p1, *p2;
-    int i;
-#if SunOS == 40
-    int dummy;
-#endif
-#if __linux
-    int master;
-    int slave;
-    if(openpty(&master, &slave, line, 0, 0) == 0){
-	close(slave);
+    {
+	int master;
+	char *p;
+	p = _getpty(&master, O_RDWR, 0600, 1);
+	if(p == NULL)
+	    return -1;
+	strlcpy(line, p, sizeof(Xline));
 	return master;
     }
-#else
+#endif
+    
 #ifdef	STREAMSPTY
-    char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
-		      "/dev/ptym/clone", 0 };
-
-    char **q;
-    for(q=clone; *q; q++){
-	p=open(*q, O_RDWR);
-	if(p >= 0){
+    {
+	char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
+			  "/dev/ptym/clone", 0 };
+	
+	char **q;
+	int p;
+	for(q=clone; *q; q++){
+	    p=open(*q, O_RDWR);
+	    if(p >= 0){
 #ifdef HAVE_GRANTPT
-	    grantpt(p);
+		grantpt(p);
 #endif
 #ifdef HAVE_UNLOCKPT
-	    unlockpt(p);
+		unlockpt(p);
 #endif
-	    strlcpy(line, ptsname(p), sizeof(Xline));
-	    really_stream = 1;
-	    return p;
+		strlcpy(line, ptsname(p), sizeof(Xline));
+		really_stream = 1;
+		return p;
+	    }
 	}
     }
 #endif /* STREAMSPTY */
 #ifndef _CRAY
-
+    {
+	int p;
+	char *cp, *p1, *p2;
+	int i;
+	
 #ifndef	__hpux
-    snprintf(line, sizeof(Xline), "/dev/ptyXX");
-    p1 = &line[8];
-    p2 = &line[9];
+	snprintf(line, sizeof(Xline), "/dev/ptyXX");
+	p1 = &line[8];
+	p2 = &line[9];
 #else
-    snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
-    p1 = &line[13];
-    p2 = &line[14];
+	snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
+	p1 = &line[13];
+	p2 = &line[14];
 #endif
-
 	
-    for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
-	struct stat stb;
-
-	*p1 = *cp;
-	*p2 = '0';
-	/*
-	 * This stat() check is just to keep us from
-	 * looping through all 256 combinations if there
-	 * aren't that many ptys available.
-	 */
-	if (stat(line, &stb) < 0)
-	    break;
-	for (i = 0; i < 16; i++) {
-	    *p2 = "0123456789abcdef"[i];
-	    p = open(line, O_RDWR);
-	    if (p > 0) {
+	
+	for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
+	    struct stat stb;
+	    
+	    *p1 = *cp;
+	    *p2 = '0';
+	    /*
+	     * This stat() check is just to keep us from
+	     * looping through all 256 combinations if there
+	     * aren't that many ptys available.
+	     */
+	    if (stat(line, &stb) < 0)
+		break;
+	    for (i = 0; i < 16; i++) {
+		*p2 = "0123456789abcdef"[i];
+		p = open(line, O_RDWR);
+		if (p > 0) {
+#if SunOS == 40
+		    int dummy;
+#endif
+		    
 #ifndef	__hpux
-		line[5] = 't';
+		    line[5] = 't';
 #else
-		for (p1 = &line[8]; *p1; p1++)
-		    *p1 = *(p1+1);
-		line[9] = 't';
+		    for (p1 = &line[8]; *p1; p1++)
+			*p1 = *(p1+1);
+		    line[9] = 't';
 #endif
-		chown(line, 0, 0);
-		chmod(line, 0600);
+		    chown(line, 0, 0);
+		    chmod(line, 0600);
 #if SunOS == 40
-		if (ioctl(p, TIOCGPGRP, &dummy) == 0
-		    || errno != EIO) {
-		    chmod(line, 0666);
-		    close(p);
-		    line[5] = 'p';
-		} else
+		    if (ioctl(p, TIOCGPGRP, &dummy) == 0
+			|| errno != EIO) {
+			chmod(line, 0666);
+			close(p);
+			line[5] = 'p';
+		    } else
 #endif /* SunOS == 40 */
-		    return(p);
+			return(p);
+		}
 	    }
 	}
     }
 #else	/* CRAY */
-    extern lowpty, highpty;
-    struct stat sb;
-
-    for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
-	snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
-	p = open(myline, 2);
-	if (p < 0)
-	    continue;
-	snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
-	/*
-	 * Here are some shenanigans to make sure that there
-	 * are no listeners lurking on the line.
-	 */
-	if(stat(line, &sb) < 0) {
-	    close(p);
-	    continue;
-	}
-	if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
-	    chown(line, 0, 0);
-	    chmod(line, 0600);
-	    close(p);
+    {
+	extern lowpty, highpty;
+	struct stat sb;
+	int p;
+	
+	for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
+	    snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
 	    p = open(myline, 2);
 	    if (p < 0)
 		continue;
-	}
-	/*
-	 * Now it should be safe...check for accessability.
-	 */
-	if (access(line, 6) == 0)
-	    return(p);
-	else {
-	    /* no tty side to pty so skip it */
-	    close(p);
+	    snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
+	    /*
+	     * Here are some shenanigans to make sure that there
+	     * are no listeners lurking on the line.
+	     */
+	    if(stat(line, &sb) < 0) {
+		close(p);
+		continue;
+	    }
+	    if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+		chown(line, 0, 0);
+		chmod(line, 0600);
+		close(p);
+		p = open(myline, 2);
+		if (p < 0)
+		    continue;
+	    }
+	    /*
+	     * Now it should be safe...check for accessability.
+	     */
+	    if (access(line, 6) == 0)
+		return(p);
+	    else {
+		/* no tty side to pty so skip it */
+		close(p);
+	    }
 	}
     }
 #endif	/* CRAY */
-#endif	/* STREAMSPTY */
-#endif /* OPENPTY */
     return(-1);
-#endif
 }
 
 
@@ -966,6 +947,9 @@ int cleanopen(char *line)
 {
     int t;
 
+    if (ptyslavefd != -1)
+	return ptyslavefd;
+
 #ifdef STREAMSPTY
     if (!really_stream)
 #endif
@@ -1072,6 +1056,8 @@ int login_tty(int t)
  * Clean the tty name.  Return a pointer to the cleaned version.
  */
 
+static char * clean_ttyname (char *) __attribute__((unused));
+
 static char *
 clean_ttyname (char *tty)
 {
@@ -1135,7 +1121,7 @@ startslave(const char *host, const char *utmp_host,
 #ifdef ENCRYPTION
 	if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
 #endif
-	    writenet((unsigned char*)tbuf, strlen(tbuf));
+	    writenet(tbuf, strlen(tbuf));
     }
 # ifdef	PARENT_DOES_UTMP
     utmp_sig_init();
@@ -1262,7 +1248,7 @@ scrub_env(void)
 struct arg_val {
     int size;
     int argc;
-    const char **argv;
+    char **argv;
 };
 
 static void addarg(struct arg_val*, const char*);
@@ -1281,29 +1267,40 @@ start_login(const char *host, int autologin, char *name)
     char *user;
     int save_errno;
 
+#ifdef ENCRYPTION
+    encrypt_output = NULL;
+    decrypt_input = NULL;
+#endif
+    
 #ifdef HAVE_UTMPX_H
-    int pid = getpid();
-    struct utmpx utmpx;
-    char *clean_tty;
-
-    /*
-     * Create utmp entry for child
-     */
-
-    clean_tty = clean_ttyname(line);
-    memset(&utmpx, 0, sizeof(utmpx));
-    strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
-    strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
+    {
+	int pid = getpid();
+	struct utmpx utmpx;
+	struct timeval tv;
+	char *clean_tty;
+	
+	/*
+	 * Create utmp entry for child
+	 */
+	
+	clean_tty = clean_ttyname(line);
+	memset(&utmpx, 0, sizeof(utmpx));
+	strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
+	strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
 #ifdef HAVE_STRUCT_UTMP_UT_ID
-    strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
+	strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
 #endif
-    utmpx.ut_pid = pid;
+	utmpx.ut_pid = pid;
 	
-    utmpx.ut_type = LOGIN_PROCESS;
+	utmpx.ut_type = LOGIN_PROCESS;
+	
+	gettimeofday (&tv, NULL);
+	utmpx.ut_tv.tv_sec = tv.tv_sec;
+	utmpx.ut_tv.tv_usec = tv.tv_usec;
 
-    gettimeofday (&utmpx.ut_tv, NULL);
-    if (pututxline(&utmpx) == NULL)
-	fatal(net, "pututxline failed");
+	if (pututxline(&utmpx) == NULL)
+	    fatal(net, "pututxline failed");
+    }
 #endif
 
     scrub_env();
@@ -1376,7 +1373,7 @@ start_login(const char *host, int autologin, char *name)
 
     execv(new_login, argv.argv);
     save_errno = errno;
-    syslog(LOG_ERR, "%s: %m\n", new_login);
+    syslog(LOG_ERR, "%s: %m", new_login);
     fatalperror_errno(net, new_login, save_errno);
     /*NOTREACHED*/
 }
@@ -1390,7 +1387,8 @@ addarg(struct arg_val *argv, const char *val)
 	    fatal (net, "realloc: out of memory");
 	argv->size+=10;
     }
-    argv->argv[argv->argc++] = val;
+    if((argv->argv[argv->argc++] = strdup(val)) == NULL)
+	fatal (net, "strdup: out of memory");
     argv->argv[argv->argc]   = NULL;
 }
 
@@ -1420,6 +1418,7 @@ rmut(void)
     non_save_utxp = getutxline(&utmpx);
     if (non_save_utxp) {
 	struct utmpx *utxp;
+	struct timeval tv;
 	char user0;
 
 	utxp = malloc(sizeof(struct utmpx));
@@ -1439,7 +1438,10 @@ rmut(void)
 	utxp->ut_exit.e_exit = 0;
 #endif
 #endif
-	gettimeofday(&utxp->ut_tv, NULL);
+	gettimeofday (&tv, NULL);
+	utxp->ut_tv.tv_sec = tv.tv_sec;
+	utxp->ut_tv.tv_usec = tv.tv_usec;
+
 	pututxline(utxp);
 #ifdef WTMPX_FILE
 	utxp->ut_user[0] = user0;
@@ -1838,10 +1840,8 @@ jobend(jid, path, user)
     }
 
     if (path) {
-	strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
-	strncpy(saved_user, user, sizeof(wtmp.ut_user));
-	saved_path[sizeof(saved_path)] = '\0';
-	saved_user[sizeof(saved_user)] = '\0';
+	strlcpy(saved_path, path, sizeof(saved_path));
+	strlcpy(saved_user, user, sizeof(saved_user));
     }
     if (saved_jid == 0) {
 	saved_jid = jid;
@@ -1883,7 +1883,7 @@ cleantmpdir(jid, tpath, user)
 	       tpath);
 	break;
     case 0:
-	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
+	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, NULL);
 	syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
 	       tpath, CLEANTMPCMD);
 	exit(1);
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.8
index fd7d0bd..a7dd670 100644
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.8
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.8
@@ -31,7 +31,7 @@
 .\"
 .\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
 .\"
-.Dd June 1, 1994
+.Dd September 19, 2006
 .Dt TELNETD 8
 .Os BSD 4.2
 .Sh NAME
@@ -41,7 +41,7 @@
 protocol server
 .Sh SYNOPSIS
 .Nm telnetd
-.Op Fl BUhkln
+.Op Fl BeUhkln
 .Op Fl D Ar debugmode
 .Op Fl S Ar tos
 .Op Fl X Ar authtype
@@ -173,6 +173,10 @@ Displays data written to the pty.
 .It Cm exercise
 Has not been implemented yet.
 .El
+.It Fl e
+require encryption to be turned on (in both direction) by the client
+and disconnects if the client tries to turn the encryption off (in
+either direction).
 .It Fl h
 Disables the printing of host-specific information before
 login has been completed.
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
index e57eed7..033a0bf 100644
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: telnetd.c,v 1.69.6.1 2004/03/22 18:17:25 lha Exp $");
+RCSID("$Id: telnetd.c 21748 2007-07-31 18:57:20Z lha $");
 
 #ifdef _SC_CRAY_SECURE_SYS
 #include <sys/sysv.h>
@@ -51,21 +51,20 @@ struct	socksec ss;
 int	auth_level = 0;
 #endif
 
+#ifdef KRB5
+#define Authenticator k5_Authenticator
+#include <krb5.h>
+#undef Authenticator
+#endif
+
 extern	int utmp_len;
 int	registerd_host_only = 0;
-
-#undef NOERROR
-
-#ifdef	STREAMSPTY
-# include <stropts.h>
-# include <termios.h>
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif /* HAVE_SYS_UIO_H */
-#ifdef HAVE_SYS_STREAM_H
-#include <sys/stream.h>
+#ifdef ENCRYPTION
+int	require_encryption = 0;
 #endif
 
+#ifdef STREAMSPTY
+
 #ifdef _AIX
 #include <sys/termio.h>
 #endif
@@ -120,7 +119,7 @@ int debug = 0;
 int keepalive = 1;
 char *progname;
 
-static void usage (void);
+static void usage (int error_code);
 
 /*
  * The string to pass to getopt().  We do it this way so
@@ -131,6 +130,9 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
 #ifdef AUTHENTICATION
 		    "a:X:z"
 #endif
+#ifdef ENCRYPTION
+                     "e"
+#endif
 #ifdef DIAGNOSTICS
 		    "D:"
 #endif
@@ -141,10 +143,6 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
 
 static void doit(struct sockaddr*, int);
 
-#ifdef ENCRYPTION
-extern int des_check_key;
-#endif
-
 int
 main(int argc, char **argv)
 {
@@ -156,9 +154,6 @@ main(int argc, char **argv)
 #if	defined(IPPROTO_IP) && defined(IP_TOS)
     int tos = -1;
 #endif
-#ifdef ENCRYPTION
-    des_check_key = 1;	/* Kludge for Mac NCSA telnet 2.6 /bg */
-#endif
     pfrontp = pbackp = ptyobuf;
     netip = netibuf;
     nfrontp = nbackp = netobuf;
@@ -182,6 +177,8 @@ main(int argc, char **argv)
 	print_version(NULL);
 	exit(0);
     }
+    if (argc == 2 && strcmp(argv[1], "--help") == 0)
+	usage(0);
 
     while ((ch = getopt(argc, argv, valid_opts)) != -1) {
 	switch(ch) {
@@ -223,7 +220,7 @@ main(int argc, char **argv)
 		debug++;
 		break;
 	    }
-	    usage();
+	    usage(1);
 	    /* NOTREACHED */
 	    break;
 
@@ -243,12 +240,17 @@ main(int argc, char **argv)
 	    } else if (!strcmp(optarg, "options")) {
 		diagnostic |= TD_OPTIONS;
 	    } else {
-		usage();
+		usage(1);
 		/* NOT REACHED */
 	    }
 	    break;
 #endif /* DIAGNOSTICS */
 
+#ifdef ENCRYPTION
+	case 'e':
+	    require_encryption = 1;
+	    break;
+#endif
 
 	case 'h':
 	    hostinfo = 0;
@@ -283,7 +285,7 @@ main(int argc, char **argv)
 		    lowpty = atoi(optarg);
 		if ((lowpty > highpty) || (lowpty < 0) ||
 		    (highpty > 32767)) {
-		    usage();
+		    usage(1);
 		    /* NOT REACHED */
 		}
 		break;
@@ -341,7 +343,7 @@ main(int argc, char **argv)
 	    fprintf(stderr, "telnetd: %c: unknown option\n", ch);
 	    /* FALLTHROUGH */
 	case '?':
-	    usage();
+	    usage(0);
 	    /* NOTREACHED */
 	}
     }
@@ -354,7 +356,7 @@ main(int argc, char **argv)
 	struct servent *sp;
 
 	if (argc > 1) {
-	    usage ();
+	    usage (1);
 	} else if (argc == 1) {
 	    sp = roken_getservbyname (*argv, "tcp");
 	    if (sp)
@@ -370,7 +372,7 @@ main(int argc, char **argv)
 	}
 	mini_inetd (port);
     } else if (argc > 0) {
-	usage();
+	usage(1);
 	/* NOT REACHED */
     }
 
@@ -463,9 +465,11 @@ main(int argc, char **argv)
 }  /* end of main */
 
 static void
-usage(void)
+usage(int exit_code)
 {
     fprintf(stderr, "Usage: telnetd");
+    fprintf(stderr, " [--help]");
+    fprintf(stderr, " [--version]");
 #ifdef	AUTHENTICATION
     fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
 #endif
@@ -491,7 +495,7 @@ usage(void)
 #endif
     fprintf(stderr, " [-u utmp_hostname_length] [-U]");
     fprintf(stderr, " [port]\n");
-    exit(1);
+    exit(exit_code);
 }
 
 /*
@@ -550,6 +554,15 @@ getterminaltype(char *name, size_t name_sz)
     if (his_state_is_will(TELOPT_ENCRYPT)) {
 	encrypt_wait();
     }
+    if (require_encryption) {
+
+	while (encrypt_delay())
+	    if (telnet_spin())
+		fatal(net, "Failed while waiting for encryption");
+
+	if (!encrypt_is_encrypting())
+	    fatal(net, "Encryption required but not turned on by client");
+    }
 #endif
     if (his_state_is_will(TELOPT_TSPEED)) {
 	static unsigned char sb[] =
@@ -636,7 +649,7 @@ getterminaltype(char *name, size_t name_sz)
 		     */
 		    _gettermname();
 		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			strcpy(terminaltype, first);
+			strlcpy(terminaltype, first, sizeof(terminaltype));
 		    break;
 		}
 	    }
@@ -747,12 +760,21 @@ Please contact your net administrator");
 #endif
 
     init_env();
+
+    /* begin server processing */
+
+    /*
+     * Initialize the slc mapping table.
+     */
+
+    get_slc_defaults();
+
     /*
      * get terminal type.
      */
     *user_name = 0;
     level = getterminaltype(user_name, sizeof(user_name));
-    esetenv("TERM", terminaltype ? terminaltype : "network", 1);
+    esetenv("TERM", terminaltype[0] ? terminaltype : "network", 1);
 
 #ifdef _SC_CRAY_SECURE_SYS
     if (secflag) {
@@ -763,7 +785,6 @@ Please contact your net administrator");
     }
 #endif	/* _SC_CRAY_SECURE_SYS */
 
-    /* begin server processing */
     my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
 	      level, user_name);
     /*NOTREACHED*/
@@ -779,9 +800,17 @@ show_issue(void)
     if(f == NULL)
 	f = fopen(SYSCONFDIR "/issue", "r");
     if(f){
-	while(fgets(buf, sizeof(buf)-2, f)){
-	    strcpy(buf + strcspn(buf, "\r\n"), "\r\n");
-	    writenet((unsigned char*)buf, strlen(buf));
+	while(fgets(buf, sizeof(buf), f) != NULL) {
+	    size_t len = strcspn(buf, "\r\n");
+	    if(len == strlen(buf)) {
+		/* there's no newline */
+		writenet(buf, len);
+	    } else {
+		/* replace newline with \r\n */
+		buf[len] = '\0';
+		writenet(buf, len);
+		writenet("\r\n", 2);
+	    }
 	}
 	fclose(f);
     }
@@ -803,11 +832,6 @@ my_telnet(int f, int p, const char *host, const char *utmp_host,
     time_t timeout;
 
     /*
-     * Initialize the slc mapping table.
-     */
-    get_slc_defaults();
-
-    /*
      * Do some tests where it is desireable to wait for a response.
      * Rather than doing them slowly, one at a time, do them all
      * at once.
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
index 6504607..51a5725 100644
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
@@ -122,6 +122,30 @@
 #include <pty.h>
 #endif
 
+#ifdef	STREAMSPTY
+#ifdef HAVE_SAC_H
+#include <sac.h>
+#endif
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+# include <stropts.h>
+
+#ifdef  HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#ifdef __hpux
+#undef SE
+#endif
+#endif
+#ifdef	HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+
+#endif /* STREAMSPTY */
+
+#undef NOERROR
+
 #include "defs.h"
 
 #ifndef _POSIX_VDISABLE
@@ -221,3 +245,7 @@ int output_data (const char *format, ...)
 __attribute__ ((format (printf, 1, 2)))
 #endif
 ;
+
+#ifdef ENCRYPTION
+extern int require_encryption;
+#endif
diff --git a/crypto/heimdal/appl/telnet/telnetd/termstat.c b/crypto/heimdal/appl/telnet/telnetd/termstat.c
index a223269..696a234 100644
--- a/crypto/heimdal/appl/telnet/telnetd/termstat.c
+++ b/crypto/heimdal/appl/telnet/telnetd/termstat.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: termstat.c,v 1.12 2001/08/29 00:45:23 assar Exp $");
+RCSID("$Id: termstat.c 10587 2001-08-29 00:45:23Z assar $");
 
 /*
  * local variables
diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c
index a98b3fc..f55914f 100644
--- a/crypto/heimdal/appl/telnet/telnetd/utility.c
+++ b/crypto/heimdal/appl/telnet/telnetd/utility.c
@@ -34,7 +34,7 @@
 #define PRINTOPTIONS
 #include "telnetd.h"
 
-RCSID("$Id: utility.c,v 1.27 2001/09/03 05:54:17 assar Exp $");
+RCSID("$Id: utility.c 15844 2005-08-08 13:36:16Z lha $");
 
 /*
  * utility functions performing io related tasks
@@ -323,13 +323,15 @@ netflush(void)
  *    len - How many bytes to write
  */
 void
-writenet(unsigned char *ptr, int len)
+writenet(const void *ptr, size_t len)
 {
     /* flush buffer if no room for new data) */
     while ((&netobuf[BUFSIZ] - nfrontp) < len) {
 	/* if this fails, don't worry, buffer is a little big */
 	netflush();
     }
+    if ((&netobuf[BUFSIZ] - nfrontp) < len)
+	abort();
 
     memmove(nfrontp, ptr, len);
     nfrontp += len;
@@ -431,11 +433,7 @@ putchr(int cc)
     *putlocation++ = cc;
 }
 
-/*
- * This is split on two lines so that SCCS will not see the M
- * between two % signs and expand it...
- */
-static char fmtstr[] = { "%l:%M" "%P on %A, %d %B %Y" };
+static char fmtstr[] = { "%l:%M%P on %A, %d %B %Y" };
 
 void putf(char *cp, char *where)
 {
@@ -470,12 +468,7 @@ void putf(char *cp, char *where)
 	switch (*++cp) {
 
 	case 't':
-#ifdef	STREAMSPTY
-	    /* names are like /dev/pts/2 -- we want pts/2 */
 	    slash = strchr(line+1, '/');
-#else
-	    slash = strrchr(line, '/');
-#endif
 	    if (slash == (char *) 0)
 		putstr(line);
 	    else
diff --git a/crypto/heimdal/appl/test/Makefile.am b/crypto/heimdal/appl/test/Makefile.am
index 154b407..21f2013 100644
--- a/crypto/heimdal/appl/test/Makefile.am
+++ b/crypto/heimdal/appl/test/Makefile.am
@@ -1,9 +1,9 @@
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
 include $(top_srcdir)/Makefile.am.common
 
 noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
-	uu_server uu_client nt_gss_server nt_gss_client
+	uu_server uu_client nt_gss_server nt_gss_client http_client
 
 tcp_client_SOURCES = tcp_client.c common.c test_locl.h
 
@@ -15,6 +15,9 @@ gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
 gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
 	gss_common.h test_locl.h
 
+http_client_SOURCES = http_client.c gss_common.c common.c \
+	gss_common.h test_locl.h
+
 uu_server_SOURCES = uu_server.c common.c test_locl.h
 
 uu_client_SOURCES = uu_client.c common.c test_locl.h
@@ -23,15 +26,17 @@ gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
 
 gssapi_client_LDADD = $(gssapi_server_LDADD)
 
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c common.c
+http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+
+nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
 
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c
+nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
 
 nt_gss_client_LDADD = $(gssapi_server_LDADD)
 
 nt_gss_server_LDADD = $(nt_gss_client_LDADD)
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in
index 63ff46d..fb9e3688 100644
--- a/crypto/heimdal/appl/test/Makefile.in
+++ b/crypto/heimdal/appl/test/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.8.3 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -14,23 +14,17 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
 
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
+# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
 
-# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $
+# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
 
-SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) $(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) $(tcp_client_SOURCES) $(tcp_server_SOURCES) $(uu_client_SOURCES) $(uu_server_SOURCES)
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
 install_sh_SCRIPT = $(install_sh) -c
@@ -42,6 +36,7 @@ POST_INSTALL = :
 NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
+build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(top_srcdir)/Makefile.am.common \
@@ -49,20 +44,18 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \
 	gssapi_server$(EXEEXT) gssapi_client$(EXEEXT) \
 	uu_server$(EXEEXT) uu_client$(EXEEXT) nt_gss_server$(EXEEXT) \
-	nt_gss_client$(EXEEXT)
+	nt_gss_client$(EXEEXT) http_client$(EXEEXT)
 subdir = appl/test
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 \
+	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
 	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-getnameinfo.m4 \
 	$(top_srcdir)/cf/broken-glob.m4 \
 	$(top_srcdir)/cf/broken-realloc.m4 \
 	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
 	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
 	$(top_srcdir)/cf/capabilities.m4 \
 	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-declaration.m4 \
 	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
 	$(top_srcdir)/cf/check-man.m4 \
 	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
@@ -75,6 +68,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/find-func-no-libs2.m4 \
 	$(top_srcdir)/cf/find-func.m4 \
 	$(top_srcdir)/cf/find-if-not-broken.m4 \
+	$(top_srcdir)/cf/framework-security.m4 \
 	$(top_srcdir)/cf/have-struct-field.m4 \
 	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
 	$(top_srcdir)/cf/krb-bigendian.m4 \
@@ -83,16 +77,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
 	$(top_srcdir)/cf/krb-readline.m4 \
 	$(top_srcdir)/cf/krb-struct-spwd.m4 \
 	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \
-	$(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \
-	$(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \
-	$(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \
-	$(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in
+	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+	$(top_srcdir)/cf/roken-frag.m4 \
+	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES =
 PROGRAMS = $(noinst_PROGRAMS)
@@ -111,6 +109,11 @@ am_gssapi_server_OBJECTS = gssapi_server.$(OBJEXT) \
 gssapi_server_OBJECTS = $(am_gssapi_server_OBJECTS)
 gssapi_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
 	$(am__DEPENDENCIES_2)
+am_http_client_OBJECTS = http_client.$(OBJEXT) gss_common.$(OBJEXT) \
+	common.$(OBJEXT)
+http_client_OBJECTS = $(am_http_client_OBJECTS)
+http_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+	$(am__DEPENDENCIES_2)
 am_nt_gss_client_OBJECTS = nt_gss_client.$(OBJEXT) \
 	nt_gss_common.$(OBJEXT) common.$(OBJEXT)
 nt_gss_client_OBJECTS = $(am_nt_gss_client_OBJECTS)
@@ -144,36 +147,33 @@ uu_server_LDADD = $(LDADD)
 uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
 	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
 depcomp =
 am__depfiles_maybe =
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) \
-	$(tcp_client_SOURCES) $(tcp_server_SOURCES) \
-	$(uu_client_SOURCES) $(uu_server_SOURCES)
+	$(http_client_SOURCES) $(nt_gss_client_SOURCES) \
+	$(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
+	$(tcp_server_SOURCES) $(uu_client_SOURCES) \
+	$(uu_server_SOURCES)
 DIST_SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) \
-	$(tcp_client_SOURCES) $(tcp_server_SOURCES) \
-	$(uu_client_SOURCES) $(uu_server_SOURCES)
+	$(http_client_SOURCES) $(nt_gss_client_SOURCES) \
+	$(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
+	$(tcp_server_SOURCES) $(uu_client_SOURCES) \
+	$(uu_server_SOURCES)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-AIX4_FALSE = @AIX4_FALSE@
-AIX4_TRUE = @AIX4_TRUE@
-AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@
-AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@
 AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AIX_FALSE = @AIX_FALSE@
-AIX_TRUE = @AIX_TRUE@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
@@ -183,8 +183,6 @@ AWK = @AWK@
 CANONICAL_HOST = @CANONICAL_HOST@
 CATMAN = @CATMAN@
 CATMANEXT = @CATMANEXT@
-CATMAN_FALSE = @CATMAN_FALSE@
-CATMAN_TRUE = @CATMAN_TRUE@
 CC = @CC@
 CFLAGS = @CFLAGS@
 COMPILE_ET = @COMPILE_ET@
@@ -195,11 +193,10 @@ CXXCPP = @CXXCPP@
 CXXFLAGS = @CXXFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DBLIB = @DBLIB@
-DCE_FALSE = @DCE_FALSE@
-DCE_TRUE = @DCE_TRUE@
 DEFS = @DEFS@
 DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
 DIR_roken = @DIR_roken@
 ECHO = @ECHO@
 ECHO_C = @ECHO_C@
@@ -207,42 +204,27 @@ ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
 F77 = @F77@
 FFLAGS = @FFLAGS@
+GREP = @GREP@
 GROFF = @GROFF@
-HAVE_DB1_FALSE = @HAVE_DB1_FALSE@
-HAVE_DB1_TRUE = @HAVE_DB1_TRUE@
-HAVE_DB3_FALSE = @HAVE_DB3_FALSE@
-HAVE_DB3_TRUE = @HAVE_DB3_TRUE@
-HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@
-HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@
-HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@
-HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@
-HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@
-HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@
-HAVE_X_FALSE = @HAVE_X_FALSE@
-HAVE_X_TRUE = @HAVE_X_TRUE@
 INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_des = @INCLUDE_des@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
 INCLUDE_hesiod = @INCLUDE_hesiod@
 INCLUDE_krb4 = @INCLUDE_krb4@
 INCLUDE_openldap = @INCLUDE_openldap@
 INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IRIX_FALSE = @IRIX_FALSE@
-IRIX_TRUE = @IRIX_TRUE@
-KRB4_FALSE = @KRB4_FALSE@
-KRB4_TRUE = @KRB4_TRUE@
-KRB5_FALSE = @KRB5_FALSE@
-KRB5_TRUE = @KRB5_TRUE@
 LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -260,12 +242,9 @@ LIB_crypt = @LIB_crypt@
 LIB_db_create = @LIB_db_create@
 LIB_dbm_firstkey = @LIB_dbm_firstkey@
 LIB_dbopen = @LIB_dbopen@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
 LIB_dlopen = @LIB_dlopen@
 LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
 LIB_el_init = @LIB_el_init@
 LIB_freeaddrinfo = @LIB_freeaddrinfo@
 LIB_gai_strerror = @LIB_gai_strerror@
@@ -275,15 +254,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@
 LIB_getnameinfo = @LIB_getnameinfo@
 LIB_getpwnam_r = @LIB_getpwnam_r@
 LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
 LIB_hesiod = @LIB_hesiod@
 LIB_hstrerror = @LIB_hstrerror@
 LIB_kdb = @LIB_kdb@
 LIB_krb4 = @LIB_krb4@
-LIB_krb_disable_debug = @LIB_krb_disable_debug@
-LIB_krb_enable_debug = @LIB_krb_enable_debug@
-LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@
-LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@
-LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@
 LIB_loadquery = @LIB_loadquery@
 LIB_logout = @LIB_logout@
 LIB_logwtmp = @LIB_logwtmp@
@@ -292,6 +270,7 @@ LIB_openpty = @LIB_openpty@
 LIB_otp = @LIB_otp@
 LIB_pidfile = @LIB_pidfile@
 LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
 LIB_res_nsearch = @LIB_res_nsearch@
 LIB_res_search = @LIB_res_search@
 LIB_roken = @LIB_roken@
@@ -303,15 +282,10 @@ LIB_tgetent = @LIB_tgetent@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
 MAKEINFO = @MAKEINFO@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+MKDIR_P = @MKDIR_P@
 NROFF = @NROFF@
 OBJEXT = @OBJEXT@
-OTP_FALSE = @OTP_FALSE@
-OTP_TRUE = @OTP_TRUE@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
@@ -319,74 +293,79 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
 VERSION = @VERSION@
+VERSIONING = @VERSIONING@
 VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
 WFLAGS = @WFLAGS@
 WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
 WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
 X_CFLAGS = @X_CFLAGS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_LIBS = @X_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 YACC = @YACC@
-ac_ct_AR = @ac_ct_AR@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_CXX = @ac_ct_CXX@
 ac_ct_F77 = @ac_ct_F77@
-ac_ct_RANLIB = @ac_ct_RANLIB@
-ac_ct_STRIP = @ac_ct_STRIP@
 am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
 build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
+builddir = @builddir@
 datadir = @datadir@
-do_roken_rename_FALSE = @do_roken_rename_FALSE@
-do_roken_rename_TRUE = @do_roken_rename_TRUE@
+datarootdir = @datarootdir@
+docdir = @docdir@
 dpagaix_cflags = @dpagaix_cflags@
 dpagaix_ldadd = @dpagaix_ldadd@
 dpagaix_ldflags = @dpagaix_ldflags@
-el_compat_FALSE = @el_compat_FALSE@
-el_compat_TRUE = @el_compat_TRUE@
+dvidir = @dvidir@
 exec_prefix = @exec_prefix@
-have_err_h_FALSE = @have_err_h_FALSE@
-have_err_h_TRUE = @have_err_h_TRUE@
-have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@
-have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@
-have_glob_h_FALSE = @have_glob_h_FALSE@
-have_glob_h_TRUE = @have_glob_h_TRUE@
-have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@
-have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@
-have_vis_h_FALSE = @have_vis_h_FALSE@
-have_vis_h_TRUE = @have_vis_h_TRUE@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
+htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 libdir = @libdir@
 libexecdir = @libexecdir@
+localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
+psdir = @psdir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
 AM_CFLAGS = $(WFLAGS)
 CP = cp
@@ -403,6 +382,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 
 @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
 @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
 tcp_client_SOURCES = tcp_client.c common.c test_locl.h
 tcp_server_SOURCES = tcp_server.c common.c test_locl.h
@@ -412,23 +392,27 @@ gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
 gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
 	gss_common.h test_locl.h
 
+http_client_SOURCES = http_client.c gss_common.c common.c \
+	gss_common.h test_locl.h
+
 uu_server_SOURCES = uu_server.c common.c test_locl.h
 uu_client_SOURCES = uu_client.c common.c test_locl.h
 gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
 gssapi_client_LDADD = $(gssapi_server_LDADD)
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c common.c
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c
+http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
+nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
 nt_gss_client_LDADD = $(gssapi_server_LDADD)
 nt_gss_server_LDADD = $(nt_gss_client_LDADD)
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
+	$(LIB_hcrypto) \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 
 all: all-am
 
 .SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
@@ -467,28 +451,31 @@ clean-noinstPROGRAMS:
 	done
 gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES) 
 	@rm -f gssapi_client$(EXEEXT)
-	$(LINK) $(gssapi_client_LDFLAGS) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
+	$(LINK) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
 gssapi_server$(EXEEXT): $(gssapi_server_OBJECTS) $(gssapi_server_DEPENDENCIES) 
 	@rm -f gssapi_server$(EXEEXT)
-	$(LINK) $(gssapi_server_LDFLAGS) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
+	$(LINK) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
+http_client$(EXEEXT): $(http_client_OBJECTS) $(http_client_DEPENDENCIES) 
+	@rm -f http_client$(EXEEXT)
+	$(LINK) $(http_client_OBJECTS) $(http_client_LDADD) $(LIBS)
 nt_gss_client$(EXEEXT): $(nt_gss_client_OBJECTS) $(nt_gss_client_DEPENDENCIES) 
 	@rm -f nt_gss_client$(EXEEXT)
-	$(LINK) $(nt_gss_client_LDFLAGS) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
+	$(LINK) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
 nt_gss_server$(EXEEXT): $(nt_gss_server_OBJECTS) $(nt_gss_server_DEPENDENCIES) 
 	@rm -f nt_gss_server$(EXEEXT)
-	$(LINK) $(nt_gss_server_LDFLAGS) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
+	$(LINK) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
 tcp_client$(EXEEXT): $(tcp_client_OBJECTS) $(tcp_client_DEPENDENCIES) 
 	@rm -f tcp_client$(EXEEXT)
-	$(LINK) $(tcp_client_LDFLAGS) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
+	$(LINK) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
 tcp_server$(EXEEXT): $(tcp_server_OBJECTS) $(tcp_server_DEPENDENCIES) 
 	@rm -f tcp_server$(EXEEXT)
-	$(LINK) $(tcp_server_LDFLAGS) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
+	$(LINK) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
 uu_client$(EXEEXT): $(uu_client_OBJECTS) $(uu_client_DEPENDENCIES) 
 	@rm -f uu_client$(EXEEXT)
-	$(LINK) $(uu_client_LDFLAGS) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
+	$(LINK) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
 uu_server$(EXEEXT): $(uu_server_OBJECTS) $(uu_server_DEPENDENCIES) 
 	@rm -f uu_server$(EXEEXT)
-	$(LINK) $(uu_server_LDFLAGS) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
+	$(LINK) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -511,10 +498,6 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
@@ -535,9 +518,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  done | \
 	  $(AWK) '    { files[$$0] = 1; } \
 	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
 ctags: CTAGS
 CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
@@ -562,23 +547,21 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
 distdir: $(DISTFILES)
-	$(mkdir_p) $(distdir)/../.. $(distdir)/../../cf
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
-	list='$(DISTFILES)'; for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
-	  esac; \
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkdir_p) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
 	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
 	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
 	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
 	    fi; \
@@ -616,7 +599,7 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -629,7 +612,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
 distclean: distclean-am
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
+	distclean-tags
 
 dvi: dvi-am
 
@@ -645,14 +628,22 @@ install-data-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 
+install-dvi: install-dvi-am
+
 install-exec-am:
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
 
+install-html: install-html-am
+
 install-info: install-info-am
 
 install-man:
 
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
@@ -672,19 +663,26 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-info-am
+uninstall-am:
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+	uninstall-am
 
 .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
 	clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
-	distclean distclean-compile distclean-generic \
+	dist-hook distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-info-am
+	install-data-am install-data-hook install-dvi install-dvi-am \
+	install-exec install-exec-am install-exec-hook install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
 
 
 install-suid-programs:
@@ -699,8 +697,8 @@ install-suid-programs:
 
 install-exec-hook: install-suid-programs
 
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
 	for f in $$foo; do \
 		f=`basename $$f`; \
 		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -710,19 +708,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
 			echo " $(CP) $$file $(buildinclude)/$$f"; \
 			$(CP) $$file $(buildinclude)/$$f; \
 		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
 	done
 
 all-local: install-build-headers
 
 check-local::
-	@if test '$(CHECK_LOCAL)'; then \
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
 	  foo='$(CHECK_LOCAL)'; else \
 	  foo='$(PROGRAMS)'; fi; \
 	  if test "$$foo"; then \
 	  failed=0; all=0; \
 	  for i in $$foo; do \
 	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
 	      echo "PASS: $$i"; \
 	    else \
 	      echo "FAIL: $$i"; \
@@ -738,7 +748,7 @@ check-local::
 	  echo "$$dashes"; \
 	  echo "$$banner"; \
 	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
+	  test "$$failed" -eq 0 || exit 1; \
 	fi
 
 .x.c:
@@ -808,14 +818,39 @@ dist-cat8-mans:
 dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
 
 install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
 
 install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
 
 .et.h:
 	$(COMPILE_ET) $<
 .et.c:
 	$(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/test/common.c b/crypto/heimdal/appl/test/common.c
index 58b9fdf..595c828 100644
--- a/crypto/heimdal/appl/test/common.c
+++ b/crypto/heimdal/appl/test/common.c
@@ -33,7 +33,7 @@
 
 #include "test_locl.h"
 
-RCSID("$Id: common.c,v 1.11 2000/08/27 04:29:34 assar Exp $");
+RCSID("$Id: common.c 12796 2003-09-09 03:38:04Z lha $");
 
 static int help_flag;
 static int version_flag;
@@ -41,12 +41,14 @@ static char *port_str;
 static char *keytab_str;
 krb5_keytab keytab;
 char *service = SERVICE;
+char *mech = "krb5";
 int fork_flag;
 
 static struct getargs args[] = {
     { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
     { "service", 's', arg_string, &service, "service to use", "service" },
     { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" },
+    { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
     { "fork", 'f', arg_flag, &fork_flag, "do fork" },
     { "help", 'h', arg_flag, &help_flag },
     { "version", 0, arg_flag, &version_flag }
diff --git a/crypto/heimdal/appl/test/gss_common.c b/crypto/heimdal/appl/test/gss_common.c
index 4b5319a..4c80e54 100644
--- a/crypto/heimdal/appl/test/gss_common.c
+++ b/crypto/heimdal/appl/test/gss_common.c
@@ -34,12 +34,12 @@
 #include "test_locl.h"
 #include <gssapi.h>
 #include "gss_common.h"
-RCSID("$Id: gss_common.c,v 1.9 2000/11/15 23:05:27 assar Exp $");
+RCSID("$Id: gss_common.c 19937 2007-01-16 21:56:01Z lha $");
 
 void
 write_token (int sock, gss_buffer_t buf)
 {
-    u_int32_t len, net_len;
+    uint32_t len, net_len;
     OM_uint32 min_stat;
 
     len = buf->length;
@@ -69,7 +69,7 @@ enet_read(int fd, void *buf, size_t len)
 void
 read_token (int sock, gss_buffer_t buf)
 {
-    u_int32_t len, net_len;
+    uint32_t len, net_len;
 
     enet_read (sock, &net_len, 4);
     len = ntohl(net_len);
@@ -93,7 +93,8 @@ gss_print_errors (int min_stat)
 				  GSS_C_NO_OID,
 				  &msg_ctx,
 				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
+	fprintf (stderr, "%.*s\n", (int)status_string.length, 
+		 (char *)status_string.value);
 	gss_release_buffer (&new_stat, &status_string);
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
 }
@@ -116,3 +117,36 @@ gss_err(int exitval, int status, const char *fmt, ...)
     va_end(args);
 }
 
+gss_OID
+select_mech(const char *mech)
+{
+    if (strcasecmp(mech, "krb5") == 0)
+	return GSS_KRB5_MECHANISM;
+    else if (strcasecmp(mech, "spnego") == 0)
+	return GSS_SPNEGO_MECHANISM;
+    else if (strcasecmp(mech, "no-oid") == 0)
+	return GSS_C_NO_OID;
+    else
+	errx (1, "Unknown mechanism '%s' (spnego, krb5, no-oid)", mech);
+}
+
+void
+print_gss_name(const char *prefix, gss_name_t name)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc name_token;
+
+    maj_stat = gss_display_name (&min_stat,
+				 name,
+				 &name_token,
+				 NULL);
+    if (GSS_ERROR(maj_stat))
+	gss_err (1, min_stat, "gss_display_name");
+
+    fprintf (stderr, "%s `%.*s'\n", prefix,
+	     (int)name_token.length,
+	     (char *)name_token.value);
+
+    gss_release_buffer (&min_stat, &name_token);
+
+}
diff --git a/crypto/heimdal/appl/test/gss_common.h b/crypto/heimdal/appl/test/gss_common.h
index 775126b..598ac8c 100644
--- a/crypto/heimdal/appl/test/gss_common.h
+++ b/crypto/heimdal/appl/test/gss_common.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: gss_common.h,v 1.5 1999/12/02 17:04:56 joda Exp $ */
+/* $Id: gss_common.h 14661 2005-03-19 03:13:14Z lha $ */
 
 void write_token (int sock, gss_buffer_t buf);
 void read_token (int sock, gss_buffer_t buf);
@@ -43,3 +43,7 @@ void gss_verr(int exitval, int status, const char *fmt, va_list ap)
 
 void gss_err(int exitval, int status, const char *fmt, ...)
     __attribute__ ((format (printf, 3, 4)));
+
+gss_OID select_mech(const char *);
+
+void print_gss_name(const char *, gss_name_t);
diff --git a/crypto/heimdal/appl/test/gssapi_client.c b/crypto/heimdal/appl/test/gssapi_client.c
index 126ce91..d10fc57 100644
--- a/crypto/heimdal/appl/test/gssapi_client.c
+++ b/crypto/heimdal/appl/test/gssapi_client.c
@@ -34,7 +34,7 @@
 #include "test_locl.h"
 #include <gssapi.h>
 #include "gss_common.h"
-RCSID("$Id: gssapi_client.c,v 1.16 2000/08/09 20:53:06 assar Exp $");
+RCSID("$Id: gssapi_client.c 21521 2007-07-12 13:13:40Z lha $");
 
 static int
 do_trans (int sock, gss_ctx_id_t context_hdl)
@@ -65,6 +65,17 @@ do_trans (int sock, gss_ctx_id_t context_hdl)
     input_token->length = 7;
     input_token->value  = "hemligt";
 
+    maj_stat = gss_wrap (&min_stat,
+			 context_hdl,
+			 0,
+			 GSS_C_QOP_DEFAULT,
+			 input_token,
+			 NULL,
+			 output_token);
+    if (GSS_ERROR(maj_stat))
+	gss_err (1, min_stat, "gss_wrap");
+
+    write_token (sock, output_token);
 
     maj_stat = gss_wrap (&min_stat,
 			 context_hdl,
@@ -98,10 +109,17 @@ proto (int sock, const char *hostname, const char *service)
     struct gss_channel_bindings_struct input_chan_bindings;
     u_char init_buf[4];
     u_char acct_buf[4];
+    gss_OID mech_oid;
+    char *str;
 
-    name_token.length = asprintf ((char **)&name_token.value,
-				  "%s@%s", service, hostname);
+    mech_oid = select_mech(mech);
 
+    name_token.length = asprintf (&str,
+				  "%s@%s", service, hostname);
+    if (str == NULL)
+	errx(1, "malloc - out of memory");
+    name_token.value = str;
+	
     maj_stat = gss_import_name (&min_stat,
 				&name_token,
 				GSS_C_NT_HOSTBASED_SERVICE,
@@ -155,7 +173,7 @@ proto (int sock, const char *hostname, const char *service)
 				 GSS_C_NO_CREDENTIAL,
 				 &context_hdl,
 				 server,
-				 GSS_C_NO_OID,
+				 mech_oid,
 				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
 				 | GSS_C_DELEG_FLAG,
 				 0,
diff --git a/crypto/heimdal/appl/test/gssapi_server.c b/crypto/heimdal/appl/test/gssapi_server.c
index 3d4affd..e63a2bc 100644
--- a/crypto/heimdal/appl/test/gssapi_server.c
+++ b/crypto/heimdal/appl/test/gssapi_server.c
@@ -34,7 +34,7 @@
 #include "test_locl.h"
 #include <gssapi.h>
 #include "gss_common.h"
-RCSID("$Id: gssapi_server.c,v 1.15 2000/08/09 20:53:07 assar Exp $");
+RCSID("$Id: gssapi_server.c 14762 2005-04-10 14:47:41Z lha $");
 
 static int
 process_it(int sock,
@@ -43,22 +43,31 @@ process_it(int sock,
 	   )
 {
     OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name_token;
     gss_buffer_desc real_input_token, real_output_token;
     gss_buffer_t input_token = &real_input_token,
 	output_token = &real_output_token;
-
-    maj_stat = gss_display_name (&min_stat,
-				 client_name,
-				 &name_token,
-				 NULL);
+    gss_name_t server_name;
+    int conf_flag;
+
+    print_gss_name("User is", client_name);
+
+    maj_stat = gss_inquire_context(&min_stat,
+				   context_hdl,
+				   NULL,
+				   &server_name,
+				   NULL,
+				   NULL,
+				   NULL,
+				   NULL,
+				   NULL);
     if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_display_name");
+	gss_err (1, min_stat, "gss_inquire_context");
 
-    fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
-	    (char *)name_token.value);
+    print_gss_name("Server is", server_name);
 
-    gss_release_buffer (&min_stat, &name_token);
+    maj_stat = gss_release_name(&min_stat, &server_name);
+    if (GSS_ERROR(maj_stat))
+	gss_err (1, min_stat, "gss_release_name");
 
     /* gss_verify_mic */
 
@@ -87,13 +96,32 @@ process_it(int sock,
 			   context_hdl,
 			   input_token,
 			   output_token,
-			   NULL,
+			   &conf_flag,
+			   NULL);
+    if(GSS_ERROR(maj_stat))
+	gss_err (1, min_stat, "gss_unwrap");
+
+    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+	    (char *)output_token->value,
+	     conf_flag ? "CONF" : "INT");
+
+    gss_release_buffer (&min_stat, input_token);
+    gss_release_buffer (&min_stat, output_token);
+
+    read_token (sock, input_token);
+
+    maj_stat = gss_unwrap (&min_stat,
+			   context_hdl,
+			   input_token,
+			   output_token,
+			   &conf_flag,
 			   NULL);
     if(GSS_ERROR(maj_stat))
 	gss_err (1, min_stat, "gss_unwrap");
 
-    fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
-	    (char *)output_token->value);
+    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+	     (char *)output_token->value,
+	     conf_flag ? "CONF" : "INT");
 
     gss_release_buffer (&min_stat, input_token);
     gss_release_buffer (&min_stat, output_token);
@@ -117,6 +145,8 @@ proto (int sock, const char *service)
     krb5_ccache ccache;
     u_char init_buf[4];
     u_char acct_buf[4];
+    gss_OID mech_oid;
+    char *mech, *p;
 
     addrlen = sizeof(local);
     if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@@ -156,8 +186,7 @@ proto (int sock, const char *service)
     input_chan_bindings.application_data.value = NULL;
 #endif
     
-    delegated_cred_handle = emalloc(sizeof(*delegated_cred_handle));
-    memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle));
+    delegated_cred_handle = GSS_C_NO_CREDENTIAL;
     
     do {
 	read_token (sock, input_token);
@@ -168,11 +197,11 @@ proto (int sock, const char *service)
 				    input_token,
 				    &input_chan_bindings,
 				    &client_name,
-				    NULL,
+				    &mech_oid,
 				    output_token,
 				    NULL,
 				    NULL,
-				    /*&delegated_cred_handle*/ NULL);
+				    &delegated_cred_handle);
 	if(GSS_ERROR(maj_stat))
 	    gss_err (1, min_stat, "gss_accept_sec_context");
 	if (output_token->length != 0)
@@ -186,15 +215,43 @@ proto (int sock, const char *service)
 	}
     } while(maj_stat & GSS_S_CONTINUE_NEEDED);
     
-    if (delegated_cred_handle->ccache) {
+    p = (char *)mech_oid->elements;
+    if (mech_oid->length == GSS_KRB5_MECHANISM->length
+	&& memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)
+	mech = "Kerberos 5";
+    else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length
+	&& memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)
+	mech = "SPNEGO"; /* XXX Silly, wont show up */
+    else
+	mech = "Unknown";
+
+    printf("Using mech: %s\n", mech);
+
+    if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
        krb5_context context;
 
+       printf("Delegated cred found\n");
+
        maj_stat = krb5_init_context(&context);
        maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
-       maj_stat = krb5_cc_copy_cache(context,
-                                      delegated_cred_handle->ccache, ccache);
+       maj_stat = gss_krb5_copy_ccache(&min_stat,
+				       delegated_cred_handle,
+				       ccache);
+       if (maj_stat == 0) {
+	   krb5_principal p;
+	   maj_stat = krb5_cc_get_principal(context, ccache, &p);
+	   if (maj_stat == 0) {
+	       char *name;
+	       maj_stat = krb5_unparse_name(context, p, &name);
+	       if (maj_stat == 0) {
+		   printf("Delegated user is: `%s'\n", name);
+		   free(name);
+	       }
+	       krb5_free_principal(context, p);
+	   }
+       }
        krb5_cc_close(context, ccache);
-       krb5_cc_destroy(context, delegated_cred_handle->ccache);
+       gss_release_cred(&min_stat, &delegated_cred_handle);
     }
 
     if (fork_flag) {
diff --git a/crypto/heimdal/appl/test/http_client.c b/crypto/heimdal/appl/test/http_client.c
new file mode 100644
index 0000000..074ba37
--- /dev/null
+++ b/crypto/heimdal/appl/test/http_client.c
@@ -0,0 +1,504 @@
+/*
+ * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "gss_common.h"
+#include <base64.h>
+
+RCSID("$Id: http_client.c 14861 2005-04-20 10:38:37Z lha $");
+
+/*
+ * A simplistic client implementing draft-brezak-spnego-http-04.txt
+ */
+
+static int
+do_connect (const char *hostname, const char *port)
+{
+    struct addrinfo *ai, *a;
+    struct addrinfo hints;
+    int error;
+    int s = -1;
+
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = 0;
+
+    error = getaddrinfo (hostname, port, &hints, &ai);
+    if (error)
+	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
+
+    for (a = ai; a != NULL; a = a->ai_next) {
+	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+	if (s < 0)
+	    continue;
+	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+	    warn ("connect(%s)", hostname);
+ 	    close (s);
+ 	    continue;
+	}
+	break;
+    }
+    freeaddrinfo (ai);
+    if (a == NULL)
+	errx (1, "failed to contact %s", hostname);
+
+    return s;
+}
+
+static void
+fdprintf(int s, const char *fmt, ...)
+{
+    size_t len;
+    ssize_t ret;
+    va_list ap;
+    char *str, *buf;
+    
+    va_start(ap, fmt);
+    vasprintf(&str, fmt, ap);
+    va_end(ap);
+
+    if (str == NULL)
+	errx(1, "vasprintf");
+
+    buf = str;
+    len = strlen(buf);
+    while (len) {
+	ret = write(s, buf, len);
+	if (ret == 0)
+	    err(1, "connection closed");
+	else if (ret < 0)
+	    err(1, "error");
+	len -= ret;
+	buf += ret;
+    }
+    free(str);
+}
+
+static int help_flag;
+static int version_flag;
+static int verbose_flag;
+static int mutual_flag = 1;
+static int delegate_flag;
+static char *port_str = "http";
+static char *gss_service = "HTTP";
+
+static struct getargs http_args[] = {
+    { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", },
+    { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
+    { "delegate", 0, arg_flag, &delegate_flag, "gssapi delegate credential" },
+    { "gss-service", 's', arg_string, &gss_service, "gssapi service to use",
+      "service" },
+    { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
+    { "mutual", 0, arg_negative_flag, &mutual_flag, "no gssapi mutual auth" },
+    { "help", 'h', arg_flag, &help_flag },
+    { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_http_args = sizeof(http_args) / sizeof(http_args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(http_args, num_http_args, NULL, "host [page]");
+    exit(code);
+}
+
+/*
+ *
+ */
+
+struct http_req {
+    char *response;
+    char **headers;
+    int num_headers;
+    void *body;
+    size_t body_size;
+};
+
+
+static void
+http_req_zero(struct http_req *req)
+{
+    req->response = NULL;
+    req->headers = NULL;
+    req->num_headers = 0;
+    req->body = NULL;
+    req->body_size = 0;
+}
+
+static void
+http_req_free(struct http_req *req)
+{
+    int i;
+
+    free(req->response);
+    for (i = 0; i < req->num_headers; i++)
+	free(req->headers[i]);
+    free(req->headers);
+    free(req->body);
+    http_req_zero(req);
+}
+
+static const char *
+http_find_header(struct http_req *req, const char *header)
+{
+    int i, len = strlen(header);
+
+    for (i = 0; i < req->num_headers; i++) {
+	if (strncasecmp(header, req->headers[i], len) == 0) {
+	    return req->headers[i] + len + 1;
+	}
+    }
+    return NULL;
+}
+
+
+static int
+http_query(const char *host, const char *page, 
+	   char **headers, int num_headers, struct http_req *req)
+{
+    enum { RESPONSE, HEADER, BODY } state;
+    ssize_t ret;
+    char in_buf[1024], *in_ptr = in_buf;
+    size_t in_len = 0;
+    int s, i;
+
+    http_req_zero(req);
+
+    s = do_connect(host, port_str);
+    if (s < 0)
+	errx(1, "connection failed");
+
+    fdprintf(s, "GET %s HTTP/1.0\r\n", page);
+    for (i = 0; i < num_headers; i++)
+	fdprintf(s, "%s\r\n", headers[i]);
+    fdprintf(s, "Host: %s\r\n\r\n", host);
+
+    state = RESPONSE;
+
+    while (1) {
+	ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
+	if (ret == 0)
+	    break;
+	else if (ret < 0)
+	    err (1, "read: %lu", (unsigned long)ret);
+	
+	in_buf[ret + in_len] = '\0';
+
+	if (state == HEADER || state == RESPONSE) {
+	    char *p;
+
+	    in_len += ret;
+	    in_ptr += ret;
+
+	    while (1) {
+		p = strstr(in_buf, "\r\n");
+
+		if (p == NULL) {
+		    break;
+		} else if (p == in_buf) {
+		    memmove(in_buf, in_buf + 2, sizeof(in_buf) - 2);
+		    state = BODY;
+		    in_len -= 2;
+		    in_ptr -= 2;
+		    break;
+		} else if (state == RESPONSE) {
+		    req->response = strndup(in_buf, p - in_buf);
+		    state = HEADER;
+		} else {
+		    req->headers = realloc(req->headers,
+					   (req->num_headers + 1) * sizeof(req->headers[0]));
+		    req->headers[req->num_headers] = strndup(in_buf, p - in_buf);
+		    if (req->headers[req->num_headers] == NULL)
+			errx(1, "strdup");
+		    req->num_headers++;
+		}
+		memmove(in_buf, p + 2, sizeof(in_buf) - (p - in_buf) - 2);
+		in_len -= (p - in_buf) + 2;
+		in_ptr -= (p - in_buf) + 2;
+	    }
+	}
+
+	if (state == BODY) {
+
+	    req->body = erealloc(req->body, req->body_size + ret + 1);
+
+	    memcpy((char *)req->body + req->body_size, in_buf, ret);
+	    req->body_size += ret;
+	    ((char *)req->body)[req->body_size] = '\0';
+
+	    in_ptr = in_buf;
+	    in_len = 0;
+	} else
+	    abort();
+    }
+
+    if (verbose_flag) {
+	int i;
+	printf("response: %s\n", req->response);
+	for (i = 0; i < req->num_headers; i++)
+	    printf("header[%d] %s\n", i, req->headers[i]);
+	printf("body: %.*s\n", (int)req->body_size, (char *)req->body);
+    }
+
+    close(s);
+    return 0;
+}
+
+
+int
+main(int argc, char **argv)
+{
+    struct http_req req;
+    const char *host, *page;
+    int i, done, print_body, gssapi_done, gssapi_started;
+    char *headers[10]; /* XXX */
+    int num_headers;
+    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+    gss_name_t server = GSS_C_NO_NAME;
+    int optind = 0;
+    gss_OID mech_oid;
+    OM_uint32 flags;
+
+    setprogname(argv[0]);
+
+    if(getarg(http_args, num_http_args, argc, argv, &optind))
+	usage(1);
+
+    if (help_flag)
+	usage (0);
+
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    mech_oid = select_mech(mech);
+
+    if (argc != 1 && argc != 2)
+	errx(1, "usage: %s host [page]", getprogname());
+    host = argv[0];
+    if (argc == 2)
+	page = argv[1];
+    else
+	page = "/";
+
+    flags = 0;
+    if (delegate_flag)
+	flags |= GSS_C_DELEG_FLAG;
+    if (mutual_flag)
+	flags |= GSS_C_MUTUAL_FLAG;
+
+    done = 0;
+    num_headers = 0;
+    gssapi_done = 1;
+    gssapi_started = 0;
+    do {
+	print_body = 0;
+
+	http_query(host, page, headers, num_headers, &req);
+	for (i = 0 ; i < num_headers; i++) 
+	    free(headers[i]);
+	num_headers = 0;
+
+	if (strstr(req.response, " 200 ") != NULL) {
+	    print_body = 1;
+	    done = 1;
+	} else if (strstr(req.response, " 401 ") != NULL) {
+	    if (http_find_header(&req, "WWW-Authenticate:") == NULL)
+		errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
+	    gssapi_done = 0;
+	}
+
+	if (!gssapi_done) {
+	    const char *h = http_find_header(&req, "WWW-Authenticate:");
+	    if (h == NULL)
+		errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
+
+	    if (strncasecmp(h, "Negotiate", 9) == 0) {
+		OM_uint32 maj_stat, min_stat;
+		gss_buffer_desc input_token, output_token;
+
+		if (verbose_flag)
+		    printf("Negotiate found\n");
+		
+		if (server == GSS_C_NO_NAME) {
+		    char *name;
+		    asprintf(&name, "%s@%s", gss_service, host);
+		    input_token.length = strlen(name);
+		    input_token.value = name;
+
+		    maj_stat = gss_import_name(&min_stat,
+					       &input_token,
+					       GSS_C_NT_HOSTBASED_SERVICE,
+					       &server);
+		    if (GSS_ERROR(maj_stat))
+			gss_err (1, min_stat, "gss_inport_name");
+		    free(name);
+		    input_token.length = 0;
+		    input_token.value = NULL;
+		}
+
+		i = 9;
+		while(h[i] && isspace((unsigned char)h[i]))
+		    i++;
+		if (h[i] != '\0') {
+		    int len = strlen(&h[i]);
+		    if (len == 0)
+			errx(1, "invalid Negotiate token");
+		    input_token.value = emalloc(len);
+		    len = base64_decode(&h[i], input_token.value);
+		    if (len < 0)
+			errx(1, "invalid base64 Negotiate token %s", &h[i]);
+		    input_token.length = len;
+		} else {
+		    if (gssapi_started)
+			errx(1, "Negotiate already started");
+		    gssapi_started = 1;
+
+		    input_token.length = 0;
+		    input_token.value = NULL;
+		}
+
+		maj_stat =
+		    gss_init_sec_context(&min_stat,
+					 GSS_C_NO_CREDENTIAL,
+					 &context_hdl,
+					 server,
+					 mech_oid,
+					 flags,
+					 0,
+					 GSS_C_NO_CHANNEL_BINDINGS,
+					 &input_token,
+					 NULL,
+					 &output_token,
+					 NULL,
+					 NULL);
+		if (GSS_ERROR(maj_stat))
+		    gss_err (1, min_stat, "gss_init_sec_context");
+		else if (maj_stat & GSS_S_CONTINUE_NEEDED)
+		    gssapi_done = 0;
+		else {
+		    gss_name_t targ_name, src_name;
+		    gss_buffer_desc name_buffer;
+		    gss_OID mech_type;
+
+		    gssapi_done = 1;
+
+		    printf("Negotiate done: %s\n", mech);
+
+		    maj_stat = gss_inquire_context(&min_stat,
+						   context_hdl,
+						   &src_name,
+						   &targ_name,
+						   NULL,
+						   &mech_type,
+						   NULL,
+						   NULL,
+						   NULL);
+		    if (GSS_ERROR(maj_stat))
+			gss_err (1, min_stat, "gss_inquire_context");
+
+		    maj_stat = gss_display_name(&min_stat,
+						src_name,
+						&name_buffer,
+						NULL);
+		    if (GSS_ERROR(maj_stat))
+			gss_err (1, min_stat, "gss_display_name");
+
+		    printf("Source: %.*s\n",
+			   (int)name_buffer.length,
+			   (char *)name_buffer.value);
+
+		    gss_release_buffer(&min_stat, &name_buffer);
+
+		    maj_stat = gss_display_name(&min_stat,
+						targ_name,
+						&name_buffer,
+						NULL);
+		    if (GSS_ERROR(maj_stat))
+			gss_err (1, min_stat, "gss_display_name");
+
+		    printf("Target: %.*s\n",
+			   (int)name_buffer.length,
+			   (char *)name_buffer.value);
+
+		    gss_release_name(&min_stat, &targ_name);
+		    gss_release_buffer(&min_stat, &name_buffer);
+		}
+
+		if (output_token.length) {
+		    char *neg_token;
+
+		    base64_encode(output_token.value,
+				  output_token.length,
+				  &neg_token);
+		    
+		    asprintf(&headers[0], "Authorization: Negotiate %s",
+			     neg_token);
+
+		    num_headers = 1;
+		    free(neg_token);
+		    gss_release_buffer(&min_stat, &output_token);
+		}
+		if (input_token.length)
+		    free(input_token.value);
+
+	    } else
+		done = 1;
+	} else
+	    done = 1;
+
+	if (verbose_flag) {
+	    printf("%s\n\n", req.response);
+
+	    for (i = 0; i < req.num_headers; i++)
+		printf("%s\n", req.headers[i]);
+	    printf("\n");
+	}
+	if (print_body || verbose_flag)
+	    printf("%.*s\n", (int)req.body_size, (char *)req.body);
+
+	http_req_free(&req);
+    } while (!done);
+
+    if (gssapi_done == 0)
+	errx(1, "gssapi not done but http dance done");
+
+    return 0;
+}
diff --git a/crypto/heimdal/appl/test/nt_gss_client.c b/crypto/heimdal/appl/test/nt_gss_client.c
index 4fabd66..3527799 100644
--- a/crypto/heimdal/appl/test/nt_gss_client.c
+++ b/crypto/heimdal/appl/test/nt_gss_client.c
@@ -35,7 +35,7 @@
 #include <gssapi.h>
 #include "nt_gss_common.h"
 
-RCSID("$Id: nt_gss_client.c,v 1.4 2000/08/09 20:53:07 assar Exp $");
+RCSID("$Id: nt_gss_client.c 21522 2007-07-12 13:15:04Z lha $");
 
 /*
  * This program tries to act as a client for the sample in `Sample
@@ -55,9 +55,13 @@ proto (int sock, const char *hostname, const char *service)
     OM_uint32 maj_stat, min_stat;
     gss_name_t server;
     gss_buffer_desc name_token;
+    char *str;
 
-    name_token.length = asprintf ((char **)&name_token.value,
+    name_token.length = asprintf (&str,
 				  "%s@%s", service, hostname);
+    if (str == NULL)
+	errx(1, "out of memory");
+    name_token.value = str;
 
     maj_stat = gss_import_name (&min_stat,
 				&name_token,
diff --git a/crypto/heimdal/appl/test/nt_gss_common.c b/crypto/heimdal/appl/test/nt_gss_common.c
index ab10355..ca07917 100644
--- a/crypto/heimdal/appl/test/nt_gss_common.c
+++ b/crypto/heimdal/appl/test/nt_gss_common.c
@@ -35,7 +35,7 @@
 #include <gssapi.h>
 #include "nt_gss_common.h"
 
-RCSID("$Id: nt_gss_common.c,v 1.3 1999/12/02 17:04:57 joda Exp $");
+RCSID("$Id: nt_gss_common.c 17450 2006-05-05 11:11:43Z lha $");
 
 /*
  * These are functions that are needed to interoperate with the
@@ -51,7 +51,7 @@ void
 nt_write_token (int sock, gss_buffer_t buf)
 {
     unsigned char net_len[4];
-    u_int32_t len;
+    uint32_t len;
     OM_uint32 min_stat;
 
     len = buf->length;
@@ -77,7 +77,7 @@ void
 nt_read_token (int sock, gss_buffer_t buf)
 {
     unsigned char net_len[4];
-    u_int32_t len;
+    uint32_t len;
 
     if (read(sock, net_len, 4) != 4)
 	err (1, "read");
diff --git a/crypto/heimdal/appl/test/nt_gss_common.h b/crypto/heimdal/appl/test/nt_gss_common.h
index 07428dd..50b5c83 100644
--- a/crypto/heimdal/appl/test/nt_gss_common.h
+++ b/crypto/heimdal/appl/test/nt_gss_common.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: nt_gss_common.h,v 1.2 1999/12/02 17:04:57 joda Exp $ */
+/* $Id: nt_gss_common.h 7464 1999-12-02 17:05:13Z joda $ */
 
 void nt_write_token (int sock, gss_buffer_t buf);
 void nt_read_token (int sock, gss_buffer_t buf);
diff --git a/crypto/heimdal/appl/test/nt_gss_server.c b/crypto/heimdal/appl/test/nt_gss_server.c
index 05b6bcb..df4a32e 100644
--- a/crypto/heimdal/appl/test/nt_gss_server.c
+++ b/crypto/heimdal/appl/test/nt_gss_server.c
@@ -36,7 +36,7 @@
 #include <krb5.h>
 #include "nt_gss_common.h"
 
-RCSID("$Id: nt_gss_server.c,v 1.5 2000/08/09 20:53:07 assar Exp $");
+RCSID("$Id: nt_gss_server.c 12323 2003-05-21 15:15:34Z lha $");
 
 /*
  * This program tries to act as a server for the sample in `Sample
@@ -116,13 +116,18 @@ proto (int sock, const char *service)
 
     if (auth_file != NULL) {
 	int fd = open (auth_file, O_WRONLY | O_CREAT, 0666);
-	krb5_ticket *ticket = context_hdl->ticket;
-	krb5_data *data = &ticket->ticket.authorization_data->val[0].ad_data;
+#if 0
+	krb5_ticket *ticket;
+	krb5_data *data;
+
+	ticket = context_hdl->ticket;
+	data = &ticket->ticket.authorization_data->val[0].ad_data;
 
 	if(fd < 0)
 	    err (1, "open %s", auth_file);
 	if (write (fd, data->data, data->length) != data->length)
 	    errx (1, "write to %s failed", auth_file);
+#endif
 	if (close (fd))
 	    err (1, "close %s", auth_file);
     }
diff --git a/crypto/heimdal/appl/test/tcp_client.c b/crypto/heimdal/appl/test/tcp_client.c
index 7affc43..f1a4cb2 100644
--- a/crypto/heimdal/appl/test/tcp_client.c
+++ b/crypto/heimdal/appl/test/tcp_client.c
@@ -32,7 +32,7 @@
  */
 
 #include "test_locl.h"
-RCSID("$Id: tcp_client.c,v 1.15 1999/12/16 10:30:17 assar Exp $");
+RCSID("$Id: tcp_client.c 17450 2006-05-05 11:11:43Z lha $");
 
 krb5_context context;
 
@@ -44,7 +44,7 @@ proto (int sock, const char *hostname, const char *service)
     krb5_principal server;
     krb5_data data;
     krb5_data packet;
-    u_int32_t len, net_len;
+    uint32_t len, net_len;
 
     status = krb5_auth_con_init (context, &auth_context);
     if (status)
diff --git a/crypto/heimdal/appl/test/tcp_server.c b/crypto/heimdal/appl/test/tcp_server.c
index 4469c58..97a9b11 100644
--- a/crypto/heimdal/appl/test/tcp_server.c
+++ b/crypto/heimdal/appl/test/tcp_server.c
@@ -32,7 +32,7 @@
  */
 
 #include "test_locl.h"
-RCSID("$Id: tcp_server.c,v 1.16 1999/12/16 10:31:08 assar Exp $");
+RCSID("$Id: tcp_server.c 17954 2006-09-01 09:01:03Z lha $");
 
 krb5_context context;
 
@@ -47,7 +47,7 @@ proto (int sock, const char *service)
     char hostname[MAXHOSTNAMELEN];
     krb5_data packet;
     krb5_data data;
-    u_int32_t len, net_len;
+    uint32_t len, net_len;
     ssize_t n;
 
     status = krb5_auth_con_init (context, &auth_context);
@@ -78,7 +78,7 @@ proto (int sock, const char *service)
 			    VERSION,
 			    server,
 			    0,
-			    NULL,
+			    keytab,
 			    &ticket);
     if (status)
 	krb5_err (context, 1, status, "krb5_recvauth");
diff --git a/crypto/heimdal/appl/test/test_locl.h b/crypto/heimdal/appl/test/test_locl.h
index 56f8745..b203787 100644
--- a/crypto/heimdal/appl/test/test_locl.h
+++ b/crypto/heimdal/appl/test/test_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: test_locl.h,v 1.9 2000/08/27 04:29:54 assar Exp $ */
+/* $Id: test_locl.h 12797 2003-09-09 03:38:51Z lha $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -79,6 +79,7 @@
 #define PORT "test"
 
 extern char *service;
+extern char *mech;
 extern krb5_keytab keytab;
 extern int fork_flag;
 int server_setup(krb5_context*, int, char**);
diff --git a/crypto/heimdal/appl/test/uu_client.c b/crypto/heimdal/appl/test/uu_client.c
index fae5bcb..6113b8b 100644
--- a/crypto/heimdal/appl/test/uu_client.c
+++ b/crypto/heimdal/appl/test/uu_client.c
@@ -32,7 +32,7 @@
  */
 
 #include "test_locl.h"
-RCSID("$Id: uu_client.c,v 1.7 2000/12/31 07:41:39 assar Exp $");
+RCSID("$Id: uu_client.c 14719 2005-04-03 19:53:32Z lha $");
 
 krb5_context context;
 
@@ -50,6 +50,7 @@ proto (int sock, const char *hostname, const char *service)
     krb5_data data;
     krb5_data packet;
     krb5_creds mcred, cred;
+    krb5_ticket *ticket;
 
     addrlen = sizeof(local);
     if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@@ -88,6 +89,8 @@ proto (int sock, const char *hostname, const char *service)
     if (status)
 	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
 
+    krb5_cc_clear_mcred(&mcred);
+
     status = krb5_cc_get_principal(context, ccache, &client);
     if(status)
 	krb5_err(context, 1, status, "krb5_cc_get_principal");
@@ -98,6 +101,7 @@ proto (int sock, const char *hostname, const char *service)
 				 NULL);
     if(status)
 	krb5_err(context, 1, status, "krb5_make_principal");
+    mcred.client = client;
     
     status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
     if(status)
@@ -126,11 +130,25 @@ proto (int sock, const char *hostname, const char *service)
 	krb5_err(context, 1, status, "krb5_auth_con_setuserkey");
     
     status = krb5_recvauth(context, &auth_context, &sock, 
-			   VERSION, client, 0, NULL, NULL);
+			   VERSION, client, 0, NULL, &ticket);
 
     if (status)
 	krb5_err(context, 1, status, "krb5_recvauth");
     
+    if (ticket->ticket.authorization_data) {
+	AuthorizationData *authz;
+	int i;
+
+	printf("Authorization data:\n");
+
+	authz = ticket->ticket.authorization_data;
+	for (i = 0; i < authz->len; i++) {
+	    printf("\ttype %d, length %lu\n",
+		   authz->val[i].ad_type,
+		   (unsigned long)authz->val[i].ad_data.length);
+	}
+    }
+
     data.data   = "hej";
     data.length = 3;
 
diff --git a/crypto/heimdal/appl/test/uu_server.c b/crypto/heimdal/appl/test/uu_server.c
index 34a0927..6462363 100644
--- a/crypto/heimdal/appl/test/uu_server.c
+++ b/crypto/heimdal/appl/test/uu_server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000, 2007 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "test_locl.h"
-RCSID("$Id: uu_server.c,v 1.7 2000/08/09 20:53:08 assar Exp $");
+RCSID("$Id: uu_server.c 20880 2007-06-04 16:55:00Z lha $");
 
 krb5_context context;
 
@@ -121,8 +121,15 @@ proto (int sock, const char *service)
     if (status)
 	krb5_err(context, 1, status, "krb5_sendauth");
     
-    fprintf (stderr, "User is `%.*s'\n", (int)client_name.length,
-	    (char *)client_name.data);
+    {
+	char *str;
+	krb5_unparse_name(context, in_creds.server, &str);
+	printf ("User is `%s'\n", str);
+	free(str);
+	krb5_unparse_name(context, in_creds.client, &str);
+	printf ("Server is `%s'\n", str);
+	free(str);
+    }
 
     krb5_data_zero (&data);
     krb5_data_zero (&packet);
@@ -140,7 +147,7 @@ proto (int sock, const char *service)
 	errx (1, "krb5_rd_safe: %s",
 	      krb5_get_err_text(context, status));
 
-    fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
+    printf ("safe packet: %.*s\n", (int)data.length,
 	    (char *)data.data);
 
     status = krb5_read_message(context, &sock, &packet);
@@ -156,7 +163,7 @@ proto (int sock, const char *service)
 	errx (1, "krb5_rd_priv: %s",
 	      krb5_get_err_text(context, status));
 
-    fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
+    printf ("priv packet: %.*s\n", (int)data.length,
 	    (char *)data.data);
 
     return 0;