- Flatten the vendor heimdal tree.

author: stas <stas@FreeBSD.org> 2011-09-29 05:23:57 +0000
committer: stas <stas@FreeBSD.org> 2011-09-29 05:23:57 +0000
commit: f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c (patch)
tree: cf5b65423910d126fddaaf04b885d0de3507d692 /crypto/heimdal/lib
parent: 51b6601db456e699ea5d4843cbc7239ee92d9c13 (diff)
download: FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.zip
FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.tar.gz
945 files changed, 0 insertions, 253324 deletions
diff --git a/crypto/heimdal/lib/45/45_locl.h b/crypto/heimdal/lib/45/45_locl.h
deleted file mode 100644
index 8104179..0000000
--- a/crypto/heimdal/lib/45/45_locl.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __45_LOCL_H__
-#define __45_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#include <krb5.h>
-#include <krb.h>
-#include <prot.h>
-
-#endif /* __45_LOCL_H__ */
diff --git a/crypto/heimdal/lib/45/Makefile.am b/crypto/heimdal/lib/45/Makefile.am
deleted file mode 100644
index 7ffa8c3..0000000
--- a/crypto/heimdal/lib/45/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-lib_LIBRARIES = @EXTRA_LIB45@
-
-EXTRA_LIBRARIES = lib45.a
-
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in
deleted file mode 100644
index fc6ff54..0000000
--- a/crypto/heimdal/lib/45/Makefile.in
+++ /dev/null
@@ -1,787 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/45
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)"
-libLIBRARIES_INSTALL = $(INSTALL_DATA)
-LIBRARIES = $(lib_LIBRARIES)
-ARFLAGS = cru
-lib45_a_AR = $(AR) $(ARFLAGS)
-lib45_a_LIBADD =
-am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT)
-lib45_a_OBJECTS = $(am_lib45_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(lib45_a_SOURCES)
-DIST_SOURCES = $(lib45_a_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LIBRARIES = @EXTRA_LIB45@
-EXTRA_LIBRARIES = lib45.a
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/45/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/45/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLIBRARIES: $(lib_LIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(libLIBRARIES_INSTALL) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(libLIBRARIES_INSTALL) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-	@$(POST_INSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    p=$(am__strip_dir) \
-	    echo " $(RANLIB) '$(DESTDIR)$(libdir)/$$p'"; \
-	    $(RANLIB) "$(DESTDIR)$(libdir)/$$p"; \
-	  else :; fi; \
-	done
-
-uninstall-libLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLIBRARIES:
-	-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
-lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES) 
-	-rm -f lib45.a
-	$(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD)
-	$(RANLIB) lib45.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLIBRARIES clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-libLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/45/get_ad_tkt.c b/crypto/heimdal/lib/45/get_ad_tkt.c
deleted file mode 100644
index 0d14235..0000000
--- a/crypto/heimdal/lib/45/get_ad_tkt.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "45_locl.h"
-
-RCSID("$Id: get_ad_tkt.c 10113 2001-06-18 13:11:33Z assar $");
-
-/* get an additional version 4 ticket via the 524 protocol */
-
-#ifndef NEVERDATE
-#define NEVERDATE ((unsigned long)0x7fffffffL)
-#endif
-
-int
-get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
-{
-    krb5_error_code ret;
-    int code;
-    krb5_context context;
-    krb5_ccache id;
-    krb5_creds in_creds, *out_creds;
-    CREDENTIALS cred;
-    time_t now;
-    char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-    
-    ret = krb5_init_context(&context);
-    if(ret)
-	return KFAILURE;
-    ret = krb5_cc_default(context, &id);
-    if(ret){
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    memset(&in_creds, 0, sizeof(in_creds));
-    now = time(NULL);
-    in_creds.times.endtime = krb_life_to_time(time(NULL), lifetime);
-    if(in_creds.times.endtime == NEVERDATE)
-	in_creds.times.endtime = 0;
-    ret = krb5_cc_get_principal(context, id, &in_creds.client);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_524_conv_principal(context, in_creds.client, 
-				  pname, pinst, prealm);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_425_conv_principal(context, service, sinstance, realm, 
-				  &in_creds.server);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_get_credentials(context, 
-			       0, 
-			       id,
-			       &in_creds,
-			       &out_creds);
-    krb5_free_principal(context, in_creds.client);
-    krb5_free_principal(context, in_creds.server);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb524_convert_creds_kdc_ccache(context, id, out_creds, &cred);
-    krb5_cc_close(context, id);
-    krb5_free_context(context);
-    krb5_free_creds(context, out_creds);
-    if(ret)
-	return KFAILURE;
-    code = save_credentials(cred.service, cred.instance, cred.realm, 
-			    cred.session, cred.lifetime, cred.kvno, 
-			    &cred.ticket_st, now);
-    if(code == NO_TKT_FIL)
-	code = tf_setup(&cred, pname, pinst);
-    memset(&cred.session, 0, sizeof(cred.session));
-    return code;
-}
diff --git a/crypto/heimdal/lib/45/mk_req.c b/crypto/heimdal/lib/45/mk_req.c
deleted file mode 100644
index af63f0b..0000000
--- a/crypto/heimdal/lib/45/mk_req.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* implementation of krb_mk_req that uses 524 protocol */
-
-#include "45_locl.h"
-
-RCSID("$Id: mk_req.c 17445 2006-05-05 10:37:46Z lha $");
-
-static int lifetime = 255;
-
-static void
-build_request(KTEXT req,
-	      const char *name, const char *inst, const char *realm, 
-	      uint32_t checksum)
-{
-    struct timeval tv;
-    krb5_storage *sp;
-    krb5_data data;
-    sp = krb5_storage_emem();
-    krb5_store_stringz(sp, name);
-    krb5_store_stringz(sp, inst);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int32(sp, checksum);
-    gettimeofday(&tv, NULL);
-    krb5_store_int8(sp, tv.tv_usec  / 5000);
-    krb5_store_int32(sp, tv.tv_sec);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    memcpy(req->dat, data.data, data.length);
-    req->length = (data.length + 7) & ~7;
-    krb5_data_free(&data);
-}
-
-#ifdef KRB_MK_REQ_CONST
-int
-krb_mk_req(KTEXT authent,
-	   const char *service, const char *instance, const char *realm, 
-	   int32_t checksum)
-#else
-int
-krb_mk_req(KTEXT authent,
-	   char *service, char *instance, char *realm, 
-	   int32_t checksum)
-
-#endif
-{
-    CREDENTIALS cr;
-    KTEXT_ST req;
-    krb5_storage *sp;
-    int code;
-    /* XXX get user realm */
-    const char *myrealm = realm;
-    krb5_data a;
-
-    code = krb_get_cred(service, instance, realm, &cr);
-    if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
-	code = get_ad_tkt((char *)service,
-			  (char *)instance, (char *)realm, lifetime);
-	if(code == KSUCCESS)
-	    code = krb_get_cred(service, instance, realm, &cr);
-    }
-
-    if(code)
-	return code;
-
-    sp = krb5_storage_emem();
-
-    krb5_store_int8(sp, KRB_PROT_VERSION);
-    krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
-    
-    krb5_store_int8(sp, cr.kvno);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int8(sp, cr.ticket_st.length);
-
-    build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
-    encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
-
-    krb5_store_int8(sp, req.length);
-
-    krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
-    krb5_storage_write(sp, req.dat, req.length);
-    krb5_storage_to_data(sp, &a);
-    krb5_storage_free(sp);
-    memcpy(authent->dat, a.data, a.length);
-    authent->length = a.length;
-    krb5_data_free(&a);
-
-    memset(&cr, 0, sizeof(cr));
-    memset(&req, 0, sizeof(req));
-
-    return KSUCCESS;
-}
-
-/* 
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- * 
- * It returns the previous value of the default lifetime.
- */
-
-int
-krb_set_lifetime(int newval)
-{
-    int olife = lifetime;
-
-    lifetime = newval;
-    return(olife);
-}
diff --git a/crypto/heimdal/lib/Makefile.am b/crypto/heimdal/lib/Makefile.am
deleted file mode 100644
index f1e26e1..0000000
--- a/crypto/heimdal/lib/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if KRB4
-dir_45 = 45
-endif
-if OTP
-dir_otp = otp
-endif
-if DCE
-dir_dce = kdfs
-endif
-if COM_ERR
-dir_com_err = com_err
-endif
-if !HAVE_OPENSSL
-dir_hcrypto = hcrypto
-endif
-
-SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
-	krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in
deleted file mode 100644
index 6884c24..0000000
--- a/crypto/heimdal/lib/Makefile.in
+++ /dev/null
@@ -1,823 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = roken vers editline com_err sl asn1 hcrypto hx509 krb5 \
-	ntlm kafs gssapi hdb kadm5 auth 45 otp kdfs
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_TRUE@dir_45 = 45
-@OTP_TRUE@dir_otp = otp
-@DCE_TRUE@dir_dce = kdfs
-@COM_ERR_TRUE@dir_com_err = com_err
-@HAVE_OPENSSL_FALSE@dir_hcrypto = hcrypto
-SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
-	krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
-
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/CMS.asn1 b/crypto/heimdal/lib/asn1/CMS.asn1
deleted file mode 100644
index 685f0b1..0000000
--- a/crypto/heimdal/lib/asn1/CMS.asn1
+++ /dev/null
@@ -1,157 +0,0 @@
--- From RFC 3369 --
--- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ --
-
-CMS DEFINITIONS ::= BEGIN
-
-IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
-	Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
-id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }
-
-id-pkcs7-data OBJECT IDENTIFIER ::= 			{ id-pkcs7 1 }
-id-pkcs7-signedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 2 }
-id-pkcs7-envelopedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 3 }
-id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= 	{ id-pkcs7 4 }
-id-pkcs7-digestedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 5 }
-id-pkcs7-encryptedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 6 }
-
-CMSVersion ::= INTEGER {
-	   CMSVersion_v0(0), 
-	   CMSVersion_v1(1), 
-	   CMSVersion_v2(2),
-	   CMSVersion_v3(3),
-	   CMSVersion_v4(4)
-}
-
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
-SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
-
-ContentType ::= OBJECT IDENTIFIER
-MessageDigest ::= OCTET STRING
-
-ContentInfo ::= SEQUENCE {
-	contentType ContentType,
-	content [0] EXPLICIT heim_any OPTIONAL --  DEFINED BY contentType 
-}
-
-EncapsulatedContentInfo ::= SEQUENCE {
-	eContentType ContentType,
-	eContent [0] EXPLICIT OCTET STRING OPTIONAL
-}
-
-CertificateSet ::= SET OF heim_any
-
-CertificateList ::= Certificate
-
-CertificateRevocationLists ::= SET OF CertificateList
-
-IssuerAndSerialNumber ::= SEQUENCE {
-	issuer Name,
-	serialNumber CertificateSerialNumber
-}
-
--- RecipientIdentifier is same as SignerIdentifier, 
--- lets glue them togheter and save some bytes and share code for them
-
-CMSIdentifier ::= CHOICE {
-	issuerAndSerialNumber IssuerAndSerialNumber,
-	subjectKeyIdentifier [0] SubjectKeyIdentifier
-}
-
-SignerIdentifier ::= CMSIdentifier
-RecipientIdentifier ::= CMSIdentifier
-
---- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
---- to store space and share code
-
-CMSAttributes ::= SET OF Attribute		-- SIZE (1..MAX) 
-
-SignatureValue ::= OCTET STRING
-
-SignerInfo ::= SEQUENCE {
-	version CMSVersion,
-	sid SignerIdentifier,
-	digestAlgorithm DigestAlgorithmIdentifier,
-	signedAttrs [0] IMPLICIT -- CMSAttributes --
-		SET OF Attribute OPTIONAL,
-	signatureAlgorithm SignatureAlgorithmIdentifier,
-	signature SignatureValue,
-	unsignedAttrs [1] IMPLICIT -- CMSAttributes -- 
-		SET OF Attribute OPTIONAL
-}
-
-SignerInfos ::= SET OF SignerInfo
-
-SignedData ::= SEQUENCE {
-	version CMSVersion,
-	digestAlgorithms DigestAlgorithmIdentifiers,
-	encapContentInfo EncapsulatedContentInfo,
-	certificates [0] IMPLICIT -- CertificateSet --
-		SET OF heim_any OPTIONAL,
-	crls [1] IMPLICIT -- CertificateRevocationLists --
-		heim_any OPTIONAL,
-	signerInfos SignerInfos
-}
-
-OriginatorInfo ::= SEQUENCE {
-	certs [0] IMPLICIT -- CertificateSet --
-		SET OF heim_any OPTIONAL,
-	crls [1] IMPLICIT --CertificateRevocationLists --
-		heim_any OPTIONAL
-}
-
-KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-EncryptedKey ::= OCTET STRING
-
-KeyTransRecipientInfo ::= SEQUENCE {
-	version CMSVersion,  -- always set to 0 or 2
-	rid RecipientIdentifier,
-	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-	encryptedKey EncryptedKey
-}
-
-RecipientInfo ::= KeyTransRecipientInfo
-
-RecipientInfos ::= SET OF RecipientInfo
-
-EncryptedContent ::= OCTET STRING
-
-EncryptedContentInfo ::= SEQUENCE {
-	contentType ContentType,
-	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-	encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
-}
-
-UnprotectedAttributes ::= SET OF Attribute	-- SIZE (1..MAX)
-
-CMSEncryptedData ::= SEQUENCE {
-	version CMSVersion,
-	encryptedContentInfo EncryptedContentInfo,
-        unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
-		heim_any OPTIONAL
-}
-
-EnvelopedData ::= SEQUENCE {
-	version CMSVersion,
-	originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL,
-	recipientInfos RecipientInfos,
-	encryptedContentInfo EncryptedContentInfo,
-	unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
-		heim_any OPTIONAL
-}
-
--- Data ::= OCTET STRING
-
-CMSRC2CBCParameter ::= SEQUENCE {
-	rc2ParameterVersion	INTEGER (0..4294967295),
-	iv			OCTET STRING -- exactly 8 octets
-}
-
-CMSCBCParameter ::= OCTET STRING
-
-END
diff --git a/crypto/heimdal/lib/asn1/ChangeLog b/crypto/heimdal/lib/asn1/ChangeLog
deleted file mode 100644
index 9039e25..0000000
--- a/crypto/heimdal/lib/asn1/ChangeLog
+++ /dev/null
@@ -1,1649 +0,0 @@
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1-common.h gen.c der.c gen_encode.c: add and use der_{malloc,free}
-
-2007-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libasn1.h: remove, not used.
-
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add DigestTypes, add --seq to antoher type.
-
-	* digest.asn1: Add supportedMechs request.
-	
-2007-10-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Some "old" windows enctypes. From Andy Polyakov.
-	
-2007-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Fold in pk-init-alg-agilty.
-
-	* pkinit.asn1: Fold in pk-init-alg-agilty.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Passe object id is its part of the module defintion
-	statement.
-
-2007-07-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: test SEQ OF SIZE (...)
-
-	* Makefile.am: Include more sizeof tests.
-
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* try to avoid aliasing of pointers enum {} vs int
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test.asn1: Test SIZE attribute for SEQ and OCTET STRING
-
-	* parse.y (OctetStringType): add SIZE to OCTET STRING.
-
-	* Makefile.am: New library version.
-
-2007-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Re-add size limits. 
-	
-	* k5.asn1: Add size limits from RFC 4120.
-
-	* gen_decode.c: Check range on SEQ OF and OCTET STRING.
-
-	* asn1_err.et (min|max|exact) constraints.
-
-	* parse.y: Parse size limitations to SEQ OF.
-
-2007-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add AuthorityInfoAccessSyntax.
-
-	* rfc2459.asn1: Add AuthorityInfoAccessSyntax.
-
-	* rfc2459.asn1: Add authorityInfoAccess, rename proxyCertInfo.
-	
-	* Makefile.am: Add authorityInfoAccess, rename proxyCertInfo.
-
-2007-06-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c (der_get_time): avoid using wrapping of octet_string
-	and realloc.
-
-	* der_get.c: No need to undef timetm, we don't use it any more.
-
-	* timegm.c: Fix spelling caused by too much query-replace.
-
-	* gen.c: Include <limits.h> for UINT_MAX.
-
-	* gen_decode.c: Check for multipication overrun.
-
-	* gen_encode.c: Paranoia check in buffer overun in output
-	function.
-
-	* check-der.c: Test boolean.
-
-	* check-der.c: test universal strings.
-
-	* check-der.c: Test failure cases for der_get_tag.
-
-	* check-der.c: test dates from last century.
-
-	* check-der.c: Move zero length integercheck to a better place.
-
-	* check-der.c: Test zero length integer.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Init data to something.
-
-2007-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Add KRB5-AUTHDATA-INITIAL-VERIFIED-CAS.
-
-2007-06-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: Make the pkinit nonce signed (like the kerberos
-	nonce).
-
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Free more memory.
-
-	* der_format.c: Don't accect zero length hex numbers.
-
-	* check-der.c: Also free right memory.
-
-	* main.c: Close asn1 file when done.
-
-	* check-der.c: more check for der_parse_hex_heim_integer
-
-	* der_format.c (der_parse_hex_heim_integer): check length before
-	reading data.
-	
-	* check-gen.c (test_authenticator): free memory
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add MS-UPN-SAN
-
-	* pkinit.asn1: add MS-UPN-SAN
-
-	* rfc2459.asn1: Do evil things to handle IMPLICIT encoded
-	structures.  Add id-ms-client-authentication.
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add asn1_id_ms_cert_enroll_domaincontroller.x
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gen.c: Add struct units; as a forward declaration. Pointed out
-	by Marcus Watts.
-
-	* rfc2459.asn1: Netscape extentions
-
-	* Makefile.am: add U.S. Federal PKI Common Policy Framework
-
-	* rfc2459.asn1: add U.S. Federal PKI Common Policy Framework
-	
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_seq.c: Handle the case of resize to 0 and realloc that
-	returns NULL.
-
-	* check-gen.c (check_seq): free seq.
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c (test_heim_oid_format_same): avoid leaking memory in
-	the non failure case too
-	
-2007-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove extra ^Q
-	
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_get.c: Allow trailing NULs. We allow this since MIT Kerberos
-	sends an strings in the NEED_PREAUTH case that includes a trailing
-	NUL.
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	
-	* Makefile.am: Add PA-ClientCanonicalized and friends.
-
-	* k5.asn1: Add PA-ClientCanonicalized and friends.
-	
-2007-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Drop one over INT_MAX test-case.
-	
-2007-02-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* pkinit.asn1: add id-pkinit-ms-eku
-	
-	* pkinit.asn1: fill in more bits of id-pkinit-ms-san
-	
-2007-02-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* digest.asn1: rename hash-a1 to session key
-	
-2007-02-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* digest.asn1: Add elements to send in requestResponse to KDC and
-	get status of the request.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: seq rules for CRLDistributionPoints
-	
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add CRLDistributionPoints and friends
-	
-2007-01-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* check-der.c: check BMPstring oddlength more
-
-	* check-der.c: Test for NUL char in string in GENERAL STRING.
-
-	* der_get.c: Check for NUL characters in string and return
-	ASN1_BAD_CHARACTER error-code if we find them.
-
-	* asn1_err.et: Add BAD_CHARACTER error.
-	
-2007-01-16  Love H�rnquist �strand <lha@it.su.se>
-	
-	* Makefile.am: Add id-at-streetAddress.
-
-	* rfc2459.asn1: Add id-at-streetAddress.
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rfc2459.asn1: Add PKIXXmppAddr and id-pkix-on-xmppAddr.
-	
-2006-12-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add id-pkix-kp oids.
-
-	* rfc2459.asn1: Add id-pkix-kp oids.
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: Named bit strings have this horrible, disgusting,
-	compress bits until they are no longer really there but stuff in
-	an initial octet anyway encoding scheme. Try to get it right and
-	calculate the initial octet runtime instead of compiletime.
-
-	* check-gen.c: Check all other silly bitstring combinations.
-
-	* Makefile.am: Add --sequence=Extensions to rfc2459.
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kx509.asn1: Add kx509.
-
-	* Makefile.am: Add kx509.
-
-	* Add VisibleString parsing
-
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add ntlm files.
-
-	* digest.asn1: Add bits for handling NTLM.
-	
-2006-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkix proxy cert policy lang oids
-
-	* rfc2459.asn1: add pkix proxy cert policy lang oids
-	
-2006-12-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rfc2459.asn1: unbreak id-pe-proxyCertInfo
-
-	* rfc2459.asn1: Add id-pkix-on-dnsSRV and related oids
-
-2006-11-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add explicit depenency to LIB_roken for libasn1.la,
-	make AIX happy.
-	
-2006-11-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_format.c (der_print_heim_oid): oid with zero length is
-	invalid, fail to print.
-	
-2006-11-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_format.c (der_print_heim_oid): use delim when printing.
-	
-2006-11-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* k5.asn1: Make KRB5-PADATA-S4U2SELF pa type 129.
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_err.et: add EXTRA_DATA
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: avoid leaking memory
-
-	* check-der.c: avoid leaking memory
-
-	* der_format.c (der_parse_heim_oid): avoid leaking memory
-
-	* check-common.c: Print size_t as (unsigned long) and cast.
-
-	* check-common.c: Try to align data, IA64's gets upset if its
-	unaligned.
-
-	* lex.l: add missing */
-	
-	* lex.c: need %e for hpux lex
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove dups from gen_files_test, add check-timegm.
-	
-	* Makefile.am: include more test.asn1 built files
-
-	* Makefile.am: More files, now for make check.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add missing files
-
-	* Makefile.am (asn1_compile_SOURCES): add gen_locl.h
-
-	* check-timegm.c: Add check for _der_timegm.
-
-	* der_get.c (generalizedtime2time): always use _der_timegm.
-
-	* timegm.c: make more strict
-
-	* der_locl.h: Rename timegm to _der_timegm.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* timegm.c: vJust fail if tm_mon is out of range for now XXXX this
-	is wrong.
-	
-2006-10-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: extra depencies on der-protos.h
-	
-2006-10-14 Love H�rnquist �strand <lha@it.su.se>
-
-	* check-der.c: Prefix primitive types with der_.
-
-	* timegm.c: rename the buildin timegm to _der_timegm
-
-	* heim_asn1.h: move prototype away from here.
-
-	* der_format.c: Add der_parse_heim_oid
-	
-	* gen_free.c: prefix primitive types with der_
-
-	* der_copy.c: prefix primitive types with der_
-
-	* gen_length.c: prefix primitive types with der_
-
-	* der_length.c: prefix primitive types with der_
-
-	* der_cmp.c: prefix primitive types with der_
-
-	* gen_free.c: prefix primitive types with der_
-
-	* der_free.c: prefix primitive types with der_
-
-	* gen_copy.c: prefix primitive types with der_
-
-	* der_copy.c: rename copy_ to der_copy_
-
-	* Makefile.am: Add der-protos.h to nodist_include_HEADERS.
-	
-	* der.h: use newly built <der-protos.h>
-
-	* Makefile.am: Generate der prototypes.
-
-	* gen.c: move any definitions here.
-
-	* asn1-common.h: move any definitions here.
-
-	* der.h: remove der_parse_oid prototype, it was never implemented.
-
-	* der.h: New der_print_heim_oid signature.  Test
-	der_parse_heim_oid
-
-	* check-der.c: New der_print_heim_oid signature.  Test
-	der_parse_heim_oid
-	
-2006-10-07  Love H�rnquist �strand <lha@it.su.se>
-	
-	* lex.l: Grow an even larger output table size.
-
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_seq.c: In generation of remove_TYPE: if you just removed the
-	last element, you must not memmove memory beyond the array.  From
-	Andrew Bartlett
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lex.l: Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald
-	Barth.
-	
-2006-09-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): drop unused variable realtype.
-	
-2006-09-11  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Add KRB5SignedPath and friends.
-
-	* k5.asn1: Add KRB5SignedPath and friends.
-
-	* Makefile.am: Add new sequence generation for GeneralNames.
-
-2006-09-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* CMS.asn1 (CMSVersion): rename versions from v0 to CMSVersion_v0,
-	...
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add TESTSeqOf for testing sequence generation code.
-
-	* check-gen.c: Add sequence tests.
-
-	* test.asn1: Add TESTSeqOf for testing sequence generation code.
-
-	* gen_seq.c: fix warning.
-
-	* gen_seq.c: make generated data work
-
-	* setchgpw2.asn1: enctype is part of the krb5 module now, use that
-	instead of locally defining it.
-
-	* Makefile.am: asn1_compile += gen_seq.c
-
-	* gen_locl.h: add new prototypes, remove unused ones.
-
-	* gen.c: Generate sequence function.
-
-	* main.c: add --sequence
-
-	* gen_seq.c: Add generated add_ and remove_ for "SEQUENCE OF
-	TType". I'm tried of writing realloc(foo->data,
-	sizeof(foo->data[0]) + (foo->len + 1)); Only generated for those
-	type that is enabled by the command flag --sequence.
-	
-2006-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1 (DigestRequest): add authid
-
-	* digest.asn1: Comment describing on how to communicate the sasl
-	int/conf mode.
-	
-2006-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1: Add some missing fields needed for digest.
-	
-2006-08-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1: Tweak to make consisten and more easier to use.
-	
-2006-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove CMS symmetric encryption support.  Add
-	DigestProtocol.
-
-	* digest.asn1: DigestProtocol
-
-	* k5.asn1: Remove CMS symmetric encryption support.
-	
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* check-der.c (check_fail_heim_integer): disable test
-
-	* der_get.c (der_get_heim_integer): revert part of previous
-
-	* der_get.c (der_get_heim_integer): Add more checks
-
-	* asn1_print.c: Add printing of bignums and use der_print_heim_oid
-
-	* check-der.c (test_heim_oid_format_same): add printing on failure
-
-	* check-der.c: Add one check for heim_int, add checking for oid
-	printing
-	
-2006-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Impersonation support bits (and sort)
-
-	* k5.asn1: Impersonation support bits.
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_format.c (der_parse_hex_heim_integer): avoid shadowing.
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add ExternalPrincipalIdentifiers, shared between
-	several elements.
-
-	* pkinit.asn1: Add ExternalPrincipalIdentifiers, shared between
-	several elements.
-	
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Add missing ;'s, found by bison on a SuSE 8.2 machine.
-	
-2006-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add definitions from RFC 3820, Proxy Certificate
-	Profile.
-
-	* rfc2459.asn1: Add definitions from RFC 3820, Proxy Certificate
-	Profile.
-	
-2006-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Add id-Userid
-
-	* Makefile.am: Add UID and email
-
-	* pkcs9.asn1: Add id-pkcs9-emailAddress
-	
-	* Makefile.am: Add attribute type oids from X520 and RFC 2247 DC
-	oid
-
-	* rfc2459.asn1: Add attribute type oids from X520 and RFC 2247 DC
-	oid
-	
-2006-04-21  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: add sha-1 and sha-2
-
-	* rfc2459.asn1: add sha-1 and sha-2
-	
-2006-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add id-pkcs1-sha256WithRSAEncryption and friends
-
-	* rfc2459.asn1: Add id-pkcs1-sha256WithRSAEncryption and friends
-
-	* CMS.asn1: Turn CMSRC2CBCParameter.rc2ParameterVersion into a
-	constrained integer
-	
-2006-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hash.c (hashtabnew): check for NULL before setting structure.
-	Coverity, NetBSD CID#4
-	
-2006-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: gen_files_rfc2459 += asn1_ExtKeyUsage.x
-	
-	* rfc2459.asn1: Add ExtKeyUsage.
-
-	* gen.c (generate_header_of_codefile): remove unused variable.
-	
-2006-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: Put all the IMPORTed headers into the headerfile to avoid
-	hidden depencies.
-	
-2006-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add id-pkinit-ms-san.
-
-	* pkinit.asn1: Add id-pkinit-ms-san.
-
-	* k5.asn1 (PADATA-TYPE): Add KRB5-PADATA-PA-PK-OCSP-RESPONSE
-	
-2006-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add pkinit-san.
-
-	* pkinit.asn1: Rename id-pksan to id-pkinit-san
-	
-2006-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c (init_generate): Nothing in the generated files needs
-	timegm(), so no need to provide a prototype for it.
-	
-2006-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: paChecksum is now OPTIONAL so it can be upgraded to
-	something better then SHA1
-	
-2006-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* extra.c: Stub-generator now generates alloc statements for
-	tagless ANY OPTIONAL, remove workaround.
-
-	* check-gen.c: check for "tagless ANY OPTIONAL"
-
-	* test.asn1: check for "tagless ANY OPTIONAL"
-	
-2006-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der.h: UniversalString and BMPString are both implemented.
-
-	* der.h: Remove , after the last element of enum.
-
-	* asn1_gen.c: Spelling.
-	
-2006-01-20  Love H�rnquist �strand <lha@it.su.se>
-	
-	* der_length.c (length_heim_integer): Try handle negative length
-	of integers better.
-
-	* der_get.c (der_get_heim_integer): handle negative integers.
-	
-	* check-der.c: check heim_integer.
-	
-2006-01-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Its cRLReason, not cRLReasons
-
-	* canthandle.asn1: "Allocation is done on CONTEXT tags" works just
-	fine.
-
-	* rfc2459.asn1: Add CRL structures and OIDs.
-
-	* Makefile.am: Add CRL and TESTAlloc structures and OIDs.
-
-	* check-gen.c: Check OPTIONAL context-tagless elements.
-
-	* test.asn1: Check OPTIONAL context-tagless elements.
-
-	* der_cmp.c (heim_integer_cmp): make it work with negative
-	numbers.
-	
-2006-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: check that der_parse_hex_heim_integer() handles odd
-	length numbers.
-
-	* der_format.c (der_parse_hex_heim_integer): make more resiliant
-	to errors, handle odd length numbers.
-
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add RSAPrivateKey
-	
-	* rfc2459.asn1: Add RSAPrivateKey.
-	
-2006-01-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_copy.c (copy_heim_integer): copy the negative flag
-	
-2005-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Drop ExceptionSpec for now, its not used.
-	
-2005-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test.asn1: Add test string for constraints.
-
-	* symbol.h: Add support for part of the Constraint-s
-
-	* gen.c: Set new constraints pointer in Type to NULL for inline
-	constructed types.
-
-	* parse.y: Add support for parsing part of the Constraint-s
-	
-2005-10-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add some X9.57 (DSA) oids, sort lines
-
-	* rfc2459.asn1: Add some X9.57 (DSA) oids.
-	
-2005-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove pk-init-19 support.
-	
-	* pkinit.asn1: Fix comment
-	
-	* check-der.c: Add tests for parse and print functions for
-	heim_integer.
-
-	* Makefile.am: Add parse and print functions for heim_integer.
-	
-	* der_format.c: Add parse and print functions for heim_integer.
-
-	* der.h: Add parse and print functions for heim_integer.
-	
-2005-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (gen_files_rfc2459) += asn1_DHPublicKey.x
-	
-	* rfc2459.asn1: Add DHPublicKey, and INTEGER to for storing the DH
-	public key in the SubjectPublicKeyInfo.subjectPublicKey BIT
-	STRING.
-	
-2005-09-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c: TSequenceOf/TSetOf: Increase the length of the
-	array after successful decoding the next element, so that the
-	array don't contain heap-data.
-	
-2005-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Avoid empty array initiators.
-	
-	* pkcs8.asn1 (PKCS8PrivateKeyInfo): Inline SET OF to avoid
-	compiler "feature"
-	
-	* check-common.c: Avoid signedness warnings.
-	
-	* check-common.h: Makes bytes native platform signed to avoid
-	casting everywhere
-	
-	* check-der.c: Don't depend on malloc(very-very-larger-value) will
-	fail.  Cast to unsigned long before printing size_t.
-	
-	* check-gen.c: Don't depend on malloc(very-very-larger-value) will
-	fail.
-	
-	* check-gen.c: Fix signedness warnings.
-	
-	* lex.l: unput() have to hanppen in actions for flex 2.5.31, can
-	do them in user code sesction, so move up handle_comment and
-	handle_string into action, not much sharing was done anyway.
-	
-2005-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c (test_one_int): len and len_len is size_t
-
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-
-	* gen_length.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-
-	* gen_decode.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-	
-	* parse.y: Const poision yyerror.
-
-	* gen.c: Const poision.
-	
-2005-08-22 Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Add KRB5-PADATA-PK-AS-09-BINDING, client send
-	this (with an empty pa-data.padata-value) to tell the KDC that the
-	client support the binding the PA-REP to the AS-REQ packet. This
-	is to fix the problem lack of binding the AS-REQ to the PK-AS-REP
-	in pre PK-INIT-27. The nonce is replaced with a asCheckSum.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: Allocation is done on CONTEXT tags.
-
-	* asn1_gen.c: rename optind to optidx to avoid shadow warnings
-
-2005-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: add id-rsadsi-rc2-cbc
-
-	* Makefile.am: add another oid for rc2
-
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Make variable initiation constant by moving them to
-	global context
-
-	* check-gen.c: change to c89 comment
-
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: remove duplicate asn1_CMSAttributes.x
-
-2005-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: rename optind to optidx
-
-	* Makefile.am: Update to pkinit-27
-
-	* pkinit.asn1: Update to pkinit-27
-	
-2005-07-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: make it work for non c99 compilers too
-	
-	* check-der.c: start testing BIT STRING
-
-	* der_cmp.c (heim_bit_string_cmp): try handle corner cases better
-	
-	* gen_free.c (free_type): free bignum integers
-
-2005-07-23   Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add PKCS12-OctetString
-
-	* pkcs12.asn1: add PKCS12-OctetString
-
-	* Makefile.am: add new files
-
-	* rfc2459.asn1: include SET OF in Attribute to make the type more
-	useful
-
-	* CMS.asn1: handle IMPLICIT and share some common structures
-
-2005-07-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Include enough workarounds that this even might
-	work.
-
-	* check-gen.c: Two implicit tests, one with all structures inlined
-	
-	* test.asn1: fix workaround for IMPLICIT CONS case
-	
-	* canthandle.asn1: fix workaround for IMPLICIT CONS case
-	
-	* asn1_print.c: hint that there are IMPLICIT content when we find
-	it
-
-	* check-gen.c: Added #ifdef out test for IMPLICIT tagging.
-
-	* Makefile.am: test several IMPLICIT tag level deep
-	
-	* test.asn1: test several IMPLICIT tag level deep
-
-	* test.asn1: tests for IMPLICIT
-
-	* Makefile.am: tests for IMPLICIT
-
-	* canthandle.asn1: Expand on what is wrong with the IMPLICIT
-	tagging
-
-	* rfc2459.asn1: some of the structure are in the IMPLICIT TAGS
-	module
-
-2005-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: print size_t by casting to unsigned long and use
-	right printf format tags are unsigned integers
-
-	* gen.c (generate_constant): oid elements are unsigned
-
-	* gen_decode.c (decode_type): tagdatalen should be an size_t.
-
-	* extra.c (decode_heim_any): tag is unsigned int.
-
-	* der_get.c (der_match_tag): tag is unsigned int.
-
-	* gen_length.c (length_type): cast size_t argument to unsigned
-	long and use appropriate printf format
-
-	* check-der.c (check_fail_bitstring): check for length overflow
-
-	* der_get.c: rewrite integer overflow tests w/o SIZE_T_MAX
-
-	* check-common.c (generic_decode_fail): only copy in if checklen
-	its less then 0xffffff and larger than 0.
-
-	* gen_decode.c (find_tag): find external references, we can't
-	handle those, so tell user that instead of crashing
-
-2005-07-18  Dave Love  <fx@gnu.org>
-
-	* extra.c (free_heim_any_set): Fix return.
-
-	* gen_decode.c (find_tag): Fix return in TType case.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c (TChoice): add () to make sure variable expression
-	is evaluated correctly
-
-	* gen_length.c (TChoice): add () to make sure variable expression
-	is evaluated correctly
-
-	* k5.asn1: reapply 1.43 that got lost in the merge: rename pvno to
-	krb5-pvno
-
-2005-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TChoice: set the label
-
-	* check-gen.c (cmp_Name): do at least some checking
-
-	* gen_locl.h: rename function filename() to get_filename() to
-	avoid shadowing
-
-	* lex.l: rename function filename() to get_filename() to avoid
-	shadowing
-
-	* gen.c: rename function filename() to get_filename() to avoid
-	shadowing
-
-	* check-der.c: add failure checks for large oid elements
-
-	* check-gen.c: add failure checks for tag (and large tags)
-
-	* der_get.c: Check for integer overflows in tags and oid elements.
-
-2005-07-10  Assar Westerlund  <assar@kth.se>
-
-	* gen_decode.c: Fix decoding of choices to select which branch to
-	try based on the tag and return an error if that branch fails.
-
-	* check-gen.c: Fix short choice test cases.
-
-2005-07-09  Assar Westerlund  <assar@kth.se>
-
-	* symbol.c:
-	* parse.y:
-	* main.c:
-	* lex.l:
-	* gen_length.c:
-	* gen_free.c:
-	* gen_encode.c:
-	* gen_decode.c:
-	* gen_copy.c:
-	* gen.c:
-	* extra.c:
-	* check-gen.c:
-	* check-der.c:
-	* check-common.c:
-	* asn1_print.c:
-	* asn1_gen.c:
-	Use emalloc, ecalloc, and estrdup.
-	Check return value from asprintf.
-	Make sure that malloc(0) returning NULL is not treated as an
-	error.
-
-2005-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: test cases for CHOICE, its too liberal right now,
-	it don't fail hard on failure on after it successfully decoded the
-	first tag in a choice branch
-
-	* asn1_gen.c: calculate the basename for the output file,
-	pretty-print tag number
-
-	* test.gen: sample for asn1_gen
-
-	* check-gen.c: check errors in SEQUENCE
-
-	* Makefile.am: build asn1_gen, TESTSeq and new, and class/type/tag
-	string<->num converter.
-
-	* test.asn1: TESTSeq, for testing SEQUENCE
-
-	* asn1_gen.c: generator for asn1 data
-
-	* asn1_print.c: use class/type/tag string<->num converter.
-
-	* der.c: Add class/type/tag string<->num converter.
-
-	* der.h: Add class/type/tag string<->num converter.
-	Prototypes/structures for new time bits.
-
-2005-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c (der_get_unsigned) check for length overflow
-	(der_get_integer) ditto
-	(der_get_general_string) ditto
-
-	* der_get.c: check for overruns using SIZE_T_MAX
-
-	* check-der.c: check BIT STRING and OBJECT IDENTIFIER error cases
-
-	* check-common.c (generic_decode_fail): allocate 4K for the over
-	sized memory test
-
-	* der_get.c (der_get_oid): check for integer overruns and
-	unterminated oid correctly
-
-	* check-common.h (map_alloc, generic_decode_fail): prototypes
-
-	* check-common.c (map_alloc): make input buffer const
-	(generic_decode_fail): verify decoding failures
-
-2005-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: split up the printf for SET OF, also use the
-	generate name for the symbol in the SET OF, if not, the name might
-	contain non valid variable name characters (like -)
-
-2005-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: move pkcs12 defines into their own namespace
-
-	* pkcs12.asn1: move pkcs12 defines into their own namespace
-
-	* pkcs9.asn1: add PKCS9-friendlyName with workaround for SET OF
-	bug
-
-	* heim_asn1.h: reuse heim_octet_string for heim_any types
-
-	* main.c: use optidx, handle the case where name is missing and
-	use base of filename then
-
-	* asn1-common.h: include ASN1_MALLOC_ENCODE
-
-	* gen_decode.c: use less context so lower indentention level, add
-	missing {} where needed
-
-2005-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_copy.c: Use a global variable to keep track of if the 'goto
-	fail' was used, and use that to only generate the label if needed.
-
-	* asn1_print.c: do indefinite form loop detection and stop after
-	10000 recursive indefinite forms, stops crashing due to running
-	out of stack
-
-	* asn1_print.c: catch badly formated indefinite length data
-	(missing EndOfContent tag) add (negative) indent flag to speed up
-	testing
-
-2005-07-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: Can't handle primitives in CHOICE
-
-	* gen_decode.c: Check if malloc failes
-
-	* gen_copy.c: Make sure to free memory on failure
-
-	* gen_decode.c: Check if malloc failes, rename "reallen" to
-	tagdatalen since that is what it is.
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* prefix Der_class with ASN1_C_ to avoid problems with system
-	headerfiles that pollute the name space
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkcs12.asn1: add PKCS12CertBag
-
-	* pkcs9.asn1: add pkcs9 certtype x509 certificate
-
-	* Makefile.am: add pkcs12 certbag and pkcs9 certtype x509
-	certificate
-
-	* pkcs12.asn1: split off PKCS12Attributes from SafeBag so it can
-	be reused
-
-	* Makefile.am: add PKCS12Attributes
-
-2005-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: fix tags in example
-
-2005-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: Let the Windows nonce be an int32 (signed), if not
-	it will fail when using Windows PK-INIT.
-
-2005-05-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkcs12-PBEParams
-
-	* pkcs12.asn1: add pkcs12-PBEParams
-
-	* parse.y: objid_element: exit when the condition fails
-
-2005-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_glue.c: 1.8: switch the units variable to a
-	function. gcc-4.1 needs the size of the structure if its defined
-	as extern struct units foo_units[] an we don't want to include
-	<parse_units.h> in the generate headerfile
-
-2005-03-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add the des-ede3-cbc oid that ansi x9.52 uses
-
-	* rfc2459.asn1: add the des-ede3-cbc oid that ansi x9.52 uses
-
-	* Makefile.am: add oids for x509
-
-	* rfc2459.asn1: add oids now when the compiler can handle them
-
-2005-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkcs9 files
-
-	* pkcs9.asn1: add small number of oids from pkcs9
-
-2005-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
-
-	* rfc2459.asn1: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
-
-2005-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: merge pa-numbers
-
-2005-03-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add oid's
-
-	* rfc2459.asn1: add encryption oids
-
-	* CMS.asn1: add signedAndEnvelopedData oid
-
-	* pkcs12.asn1: add pkcs12 oids
-
-	* CMS.asn1: add pkcs7 oids
-
-2005-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c (generate_header_of_codefile): break out the header
-	section generation
-	(generate_constant): generate a function that return the oid
-	inside a heim_oid
-
-	* parse.y: fix the ordering of the oid's
-
-	* parse.y: handle OBJECT IDENTIFIER as value construct
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Preserve content of CHOICE element that is unknown if ellipsis
-	was used when defining the structure
-
-2005-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: use ANS1_TAILQ macros
-
-	* *.[ch]: use ASN1_TAILQ macros
-
-	* asn1_queue.h: inline bsd sys/queue.h and rename TAILQ to
-	ASN1_TAILQ to avoid problems with name polluting headerfiles
-
-2005-01-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: pull in <krb5-types.h>
-
-2005-01-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Add BMPString and UniversalString
-
-	* k5.asn1 (EtypeList): make INTEGER constrained (use krb5int32)
-
-2005-01-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: add GeneralNames
-
-2004-11-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: use unsigned integer for len of SequenceOf/SetOf and
-	bitstring names
-
-2004-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: switch to krb5int32 and krb5uint32
-
-	* Unify that three integer types TInteger TUInteger and TBigInteger.
-	Start to use constrained integers where appropriate.
-
-2004-10-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* CMS.asn1: remove no longer used commented out elements
-
-	* gen_glue.c: make units structures const
-
-2004-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lex.l: handle hex number with [a-fA-F] in them
-
-2004-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_free.c: free _save for CHOICE too
-
-	* rfc2459.asn1: use Name and not heim_any
-
-	* gen_decode.c: if malloc for _save failes, goto fail so we free
-	the structure
-
-	* gen_copy.c: copy _save for CHOICE too
-
-	* gen.c: add _save for CHOICE too
-
-	* CMS.asn1: RecipientIdentifier and SignerIdentifier is the same
-	name is CMSIdentifier and add glue for that so we can share code
-	use Name and not heim_any
-
-2004-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: drop AlgorithmIdentifierNonOpt add
-	{RC2CBC,}CBCParameter here where they belong
-
-	* CMS.asn1: add {RC2CBC,}CBCParameter here where they belong
-
-	* rfc2459.asn1: drop AlgorithmIdentifierNonOpt
-
-	* rfc2459.asn1: stop using AlgorithmIdentifierNonOpt hint that we
-	really want to use Name and some MS stuff
-
-2004-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: handle end of content, this is part BER support,
-	however, OCTET STRING need some tweeking too.
-
-	* der.h: add UT_EndOfContent
-
-	* test.asn1: test asn1 spec file
-
-	* check-gen.c: check larget tags
-
-	* Makefile.am: add test asn1 spec file that we can use for testing
-	constructs that doesn't exists in already existing spec (like
-	large tags)
-
-	* der_put.c (der_put_tag): make sure there are space for the head
-	tag when we are dealing with large tags (>30)
-
-	* check-gen.c: add test for tag length
-
-	* check-common.c: export the map_ functions for OVERRUN/UNDERRUN
-	detection restore the SIGSEGV handler when test is done
-
-	* check-common.h: export the map_ functions for OVERRUN/UNDERRUN
-	detection
-
-	* gen_decode.c: check that the tag-length is not longer the length
-	use forwstr on some more places
-
-	* parse.y: revert part of 1.14.2.21, multiple IMPORT isn't allowed
-
-	* pkinit.asn1: correct usage of IMPORT
-
-	* CMS.asn1: correct usage of IMPORT
-
-	* pkcs8.asn1: pkcs8, encrypting private key
-
-	* pkcs12.asn1: pkcs12, key/crl/certificate file transport PDU
-
-	* Makefile.am: add pkcs8 and pkcs12
-
-	* der_free.c: reset length when freing primitives
-
-	* CMS.asn1: add EncryptedData
-
-2004-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): if the entry is already optional
-	when parsing a tag and we allocate the structure, not pass down
-	optional since that will case the subtype's decode_type also to
-	allocate an entry. and we'll leak an entry. Bug from Luke Howard
-	<lukeh@padl.com>. While here, use calloc.
-
-2004-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: shift the last added etypes one step so rc2 doesn't
-	stomp on cram-md5
-
-2004-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: add ETYPE_AESNNN_CBC_NONE
-
-	* CMS.asn1: add CMS symmetrical parameters moved to k5.asn1
-
-	* k5.asn1: add CMS symmetrical parameters here, more nametypes
-	enctype rc2-cbc
-
-2004-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c: free data on decode failure
-
-2004-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add CBCParameter and RC2CBCParameter
-
-	* CMS.asn1: add CBCParameter and RC2CBCParameter
-
-2004-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: add simple test for oid's, used to trigger malloc
-	bugs in you have picky malloc (like valgrind/purify/third)
-
-	* der_get.c (der_get_oid): handle all oid components being smaller
-	then 127 and allocate one extra element since first byte is split
-	to to elements.
-
-2004-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: one thing handled
-
-	* gen_decode.c: handle OPTIONAL CONS-tag-less elements
-
-	* der_length.c (length_len): since length is no longer the same as
-	an unsigned, do the length counting here. ("unsigned" is zero
-	padded when most significate bit is set, length is not)
-
-2004-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: document by example what the encoder can't
-	handle right now
-
-	* Makefile.am: add more stuff needed whem implementing x509
-	preserve TBSCertificate
-
-	* rfc2459.asn1: add more stuff needed whem implementing x509
-
-	* CMS.asn1: move some type to rfc2459.asn1 where they belong (and
-	import them)
-
-	* gen.c: preserve the raw data when asked too
-
-	* gen_decode.c: preserve the raw data when asked too
-
-	* gen_copy.c: preserve the raw data when asked too
-
-	* gen_free.c: preserve the raw data when asked too
-
-	* gen_locl.h: add preserve_type
-
-	* heim_asn1.h: add heim_any_cmp
-
-	* main.c: add flag --preserve-binary=Symbol1,Symbol2,... that make
-	the compiler generate stubs to save the raw data, its not used
-	right now when generating the stat
-
-	* k5.asn1: Windows uses PADATA 15 for the request too
-
-	* extra.c: add heim_any_cmp
-
-	* der_put.c: implement UTCtime correctly
-
-	* der_locl.h: remove #ifdef HAVE_TIMEGM\ntimegm\n#endif here from
-	der.h so one day der.h can get installed
-
-	* der_length.c: implement UTCtime correctly
-
-	* der_get.c: implement UTCtime correctly, prefix dce_fix with
-	_heim_fix
-
-	* der_copy.c: make copy_bit_string work again
-
-	* der_cmp.c: add octet_string, integer, bit_string cmp functions
-
-	* der.h: hide away more symbols, add more _cmp functions
-
-2004-03-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add more pkix types make k5 use rfc150 bitstrings,
-	everything else use der bitstrings
-
-	* main.c: as a compile time option, handle no rfc1510 bitstrings
-
-	* gen_locl.h: rfc1510 bitstrings flag
-
-	* gen_length.c: as a compile time option, handle no rfc1510
-	bitstrings
-
-	* gen_encode.c: as a compile time option, handle no rfc1510
-	bitstrings
-
-	* gen_decode.c: handle no rfc1510 bitstrings
-
-	* check-gen.c: test for bitstrings
-
-	* rfc2459.asn1: add Certificates and KeyUsage
-
-2004-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: use Name from PKIX
-
-	* rfc2459.asn1: add more silly string types to DirectoryString
-
-	* gen_encode.c: add checks for data overflow when encoding
-	TBitString with members encode SET OF correctly by bytewise
-	sorting the members
-
-	* gen_decode.c: add checks for data overrun when encoding
-	TBitString with members
-
-	* der_put.c: add _heim_der_set_sort
-
-	* der_cmp.c: rename oid_cmp to heim_oid_cmp
-
-	* der.h: rename oid_cmp to heim_oid_cmp, add _heim_der_set_sort
-
-	* check-gen.c: add check for Name and (commented out) heim_integer
-
-	* check-der.c: test for "der_length.c: Fix len_unsigned for
-	certain negative integers, it got the length wrong" , from
-	Panasas, Inc.
-
-	* der_length.c: Fix len_unsigned for certain negative integers, it
-	got the length wrong, fix from Panasas, Inc.
-
-	rename len_int and len_unsigned to _heim_\&
-
-	* gen_length.c: 1.14: (length_type): TSequenceOf: add up the size
-	of all the elements, don't use just the size of the last element.
-
-2004-02-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: include defintion of Name
-
-	* pkinit.asn1: no need for ContentType, its cms internal
-
-	* CMS.asn1: move ContentInfo to CMS
-
-	* pkinit.asn1: update to pk-init-18, move ContentInfo to CMS
-
-	* Makefile.am: align with pk-init-18, move contentinfo to cms
-
-2004-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c: rewrite previous commit
-
-	* der_get.c (der_get_heim_integer): handle positive integer
-	starting with 0
-
-	* der_length.c (der_put_heim_integer): try handle negative
-	integers better (?)
-
-	* der_put.c (der_put_heim_integer): try handle negative integers
-	better
-
-	* der_get.c (der_get_heim_integer): dont abort on negative integer just
-	return ASN1_OVERRUN for now
-
-	* parse.y: add ia5string, and printablestring
-
-	* gen_length.c: add ia5string, and printablestring
-
-	* gen_free.c: add ia5string, and printablestring
-
-	* gen_decode.c: add ia5string, and printablestring
-
-	* gen_copy.c: add ia5string, and printablestring
-
-	* gen.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_put.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_length.c: add ia5string, printablestring, and utf8string
-	change implemetation of heim_integer and store the data as
-	bigendian byte array with a external flag for signedness
-
-	* der_get.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_free.c: add ia5string, printablestring, and utf8string
-
-	* der_copy.c: add ia5string, printablestring, and utf8string
-
-	* der.h: add ia5string, printablestring, and utf8string
-
-	* asn1-common.h: add signedness flag to heim_integer, add
-	ia5string and printablestring
-
-2004-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: use BIGINTEGER where appropriate
-
-	* setchgpw2.asn1: spelling and add op-req again
-
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: clean up better
-
-2004-02-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TTag, don't overshare the reallen
-	variable
-
-	* Makefile.am: adapt to log file name change
-
-	* gen.c: genereate log file name based on base name
-
-2003-11-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: += asn1_AlgorithmIdentifierNonOpt.x
-
-	* rfc2459.asn1: add AlgorithmIdentifierNonOpt and use it where
-	it's needed, make DomainParameters.validationParms heim_any as a
-	hack. Both are workarounds for the problem with heimdal's asn1
-	compiler have with decoing context tagless OPTIONALs.
-
-	* pkinit.asn1: don't import AlgorithmIdentifier
-
-2003-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_put.c (der_put_bit_string): make it work somewhat better
-	(should really prune off all trailing zeros)
-
-	* gen_encode.c (encode_type): bit string is not a constructed type
-
-	* der_length.c (length_bit_string): calculate right length for
-	bitstrings
-
-2003-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_cmp.c (oid_cmp): compare the whole array, not just
-	length/sizeof(component)
-
-	* check-common.c: mmap the scratch areas, mprotect before and
-	after, align data to the edge of the mprotect()ed area to provoke
-	bugs
-
-	* Makefile.am: add DomainParameters, ValidationParms
-
-	* rfc2459.asn1: add DomainParameters, ValidationParms
-
-	* check-der.c: add free function
-
-	* check-common.h: add free function
-
-	* check-common.c: add free function
-
-	* check-gen.c: check KRB-ERROR
-
-	* asn1_print.c: check end of tag_names loop into APPL class tags
-
-2003-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_put.c (der_put_generalized_time): check size, not *size
-
-2003-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type/TBitString): skip over
-	skipped-bits-in-last-octet octet
-
-	* gen_glue.c (generate_units): generate units in reverse order to
-	keep unparse_units happy
-
-2003-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: generate all silly pkinit files
-
-	* pkinit.asn1: make it work again, add strange ms structures
-
-	* k5.asn1: PROV-SRV-LOCATION, PacketCable provisioning server
-	location, PKT-SP-SEC-I09-030728
-
-	* asn1-common.h: add bit string
-
-	* der_put.c: add bit string and utctime
-
-	* gen.c: add bit string and utctime
-
-	* gen_copy.c: add bit string and utctime
-
-	* der_copy.c: add bit string
-
-	* gen_decode.c: add utctime and bitstring
-
-	* gen_encode.c: add utctime and bitstring
-
-	* gen_free.c: add utctime and bitstring
-
-	* gen_glue.c: don't generate glue for member-less bit strings
-
-	* der_cmp.c: compare function for oids
-
-	* gen_length.c: add utc time, make bit string work for bits
-	strings w/o any members
-
-	* der_cmp.c: compare function for oids
-
-	* der.h: update boolean prototypes add utctime and bit_string
-
-	* der_free.c: add free_bit_string
-
-	* der_get.c: add bit string and utctime
-
-	* der_length.c: add bit string and utctime, fix memory leak in
-	length_generalized_time
-
-	* CMS.asn1: make EncryptedContentInfo.encryptedContent a OCTET
-	STRING to make the generator do the right thing with IMPLICIT
-	mumble OPTIONAL, make CertificateSet a heim_any_set
-
-	* extra.c, heim_asn1.h: add any_set, instead of just consuming one
-	der object, its consumes the rest of the data avaible
-
-	* extra.c, heim_asn1.h: extern implementation of ANY, decoder
-	needs to have hack removed when generator handles tagless optional
-	data
-
-	* pkinit.asn1: add KdcDHKeyInfo-Win2k
-
-2003-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_copy.c (copy_oid): copy all components
-
-	* parse.y: parse UTCTime, allow multiple IMPORT
-
-	* symbol.h: add TUTCTime
-
-	* rfc2459.asn1: update
-
-	* x509.asn1: update
-
-	* pkinit.asn1: update
-
-	* CMS.asn1: new file
-
-	* asn1_print.c: print some more lengths, check length before
-	steping out in the void, parse SET, only go down CONTEXT of type
-	CONS (not PRIM)
-
-2003-09-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c (TChoice, TSequence): code element in reverse
-	order...
-
-2003-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: store NULL's as int's for now
-
-	* parse.y: remove dup of type def of UsefulType
-
-2003-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): if malloc failes, return ENOMEM
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: kw_UTF8String is a token put tag around the OID
-
-	* asn1_print.c (UT_Integer): when the integer is larger then int
-	can handle, just print BIG INT and its size
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TTag, try to generate prettier code
-	in the non optional case, also remember to update length
-
-2003-01-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* gen_decode.c: add flag to decode broken DCE BER encoding
-
-	* gen_locl.h: add flag to decode broken DCE BER encoding
-
-	* main.c: add flag to decode broken DCE BER encoding
-
diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am
deleted file mode 100644
index af300f0..0000000
--- a/crypto/heimdal/lib/asn1/Makefile.am
+++ /dev/null
@@ -1,610 +0,0 @@
-# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d -t
-
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 8:0:0
-
-libasn1_la_LIBADD = \
-	@LIB_com_err@ \
-	$(LIBADD_roken)
-
-BUILT_SOURCES =				\
-	$(gen_files_rfc2459:.x=.c)	\
-	$(gen_files_cms:.x=.c)		\
-	$(gen_files_k5:.x=.c)		\
-	$(gen_files_pkinit:.x=.c)	\
-	$(gen_files_pkcs8:.x=.c)	\
-	$(gen_files_pkcs9:.x=.c)	\
-	$(gen_files_pkcs12:.x=.c)	\
-	$(gen_files_digest:.x=.c)	\
-	$(gen_files_kx509:.x=.c)	\
-	asn1_err.h			\
-	asn1_err.c
-
-gen_files_k5 =						\
-	asn1_AD_AND_OR.x				\
-	asn1_AD_IF_RELEVANT.x				\
-	asn1_AD_KDCIssued.x				\
-	asn1_AD_MANDATORY_FOR_KDC.x			\
-	asn1_AD_LoginAlias.x				\
-	asn1_APOptions.x				\
-	asn1_AP_REP.x					\
-	asn1_AP_REQ.x					\
-	asn1_AS_REP.x					\
-	asn1_AS_REQ.x					\
-	asn1_AUTHDATA_TYPE.x				\
-	asn1_Authenticator.x				\
-	asn1_AuthorizationData.x			\
-	asn1_AuthorizationDataElement.x			\
-	asn1_CKSUMTYPE.x				\
-	asn1_ChangePasswdDataMS.x			\
-	asn1_Checksum.x					\
-	asn1_ENCTYPE.x					\
-	asn1_ETYPE_INFO.x				\
-	asn1_ETYPE_INFO2.x				\
-	asn1_ETYPE_INFO2_ENTRY.x			\
-	asn1_ETYPE_INFO_ENTRY.x				\
-	asn1_EncAPRepPart.x				\
-	asn1_EncASRepPart.x				\
-	asn1_EncKDCRepPart.x				\
-	asn1_EncKrbCredPart.x				\
-	asn1_EncKrbPrivPart.x				\
-	asn1_EncTGSRepPart.x				\
-	asn1_EncTicketPart.x				\
-	asn1_EncryptedData.x				\
-	asn1_EncryptionKey.x				\
-	asn1_EtypeList.x				\
-	asn1_HostAddress.x				\
-	asn1_HostAddresses.x				\
-	asn1_KDCOptions.x				\
-	asn1_KDC_REP.x					\
-	asn1_KDC_REQ.x					\
-	asn1_KDC_REQ_BODY.x				\
-	asn1_KRB_CRED.x					\
-	asn1_KRB_ERROR.x				\
-	asn1_KRB_PRIV.x					\
-	asn1_KRB_SAFE.x					\
-	asn1_KRB_SAFE_BODY.x				\
-	asn1_KerberosString.x				\
-	asn1_KerberosTime.x				\
-	asn1_KrbCredInfo.x				\
-	asn1_LR_TYPE.x					\
-	asn1_LastReq.x					\
-	asn1_MESSAGE_TYPE.x				\
-	asn1_METHOD_DATA.x				\
-	asn1_NAME_TYPE.x				\
-	asn1_PADATA_TYPE.x				\
-	asn1_PA_DATA.x					\
-	asn1_PA_ENC_SAM_RESPONSE_ENC.x         		\
-	asn1_PA_ENC_TS_ENC.x				\
-	asn1_PA_PAC_REQUEST.x				\
-	asn1_PA_S4U2Self.x				\
-	asn1_PA_SAM_CHALLENGE_2.x               	\
-	asn1_PA_SAM_CHALLENGE_2_BODY.x 			\
-	asn1_PA_SAM_REDIRECT.x				\
-	asn1_PA_SAM_RESPONSE_2.x			\
-	asn1_PA_SAM_TYPE.x				\
-	asn1_PA_ClientCanonicalized.x			\
-	asn1_PA_ClientCanonicalizedNames.x		\
-	asn1_PA_SvrReferralData.x			\
-	asn1_PROV_SRV_LOCATION.x			\
-	asn1_Principal.x				\
-	asn1_PrincipalName.x				\
-	asn1_Realm.x					\
-	asn1_SAMFlags.x					\
-	asn1_TGS_REP.x					\
-	asn1_TGS_REQ.x					\
-	asn1_TYPED_DATA.x				\
-	asn1_Ticket.x					\
-	asn1_TicketFlags.x				\
-	asn1_TransitedEncoding.x			\
-	asn1_TypedData.x				\
-	asn1_krb5int32.x				\
-	asn1_krb5uint32.x				\
-	asn1_KRB5SignedPathData.x			\
-	asn1_KRB5SignedPathPrincipals.x			\
-	asn1_KRB5SignedPath.x
-
-gen_files_cms =						\
-	asn1_CMSAttributes.x				\
-	asn1_CMSCBCParameter.x				\
-	asn1_CMSEncryptedData.x				\
-	asn1_CMSIdentifier.x				\
-	asn1_CMSRC2CBCParameter.x			\
-	asn1_CMSVersion.x				\
-	asn1_CertificateList.x				\
-	asn1_CertificateRevocationLists.x		\
-	asn1_CertificateSet.x				\
-	asn1_ContentEncryptionAlgorithmIdentifier.x	\
-	asn1_ContentInfo.x				\
-	asn1_ContentType.x				\
-	asn1_DigestAlgorithmIdentifier.x		\
-	asn1_DigestAlgorithmIdentifiers.x		\
-	asn1_EncapsulatedContentInfo.x			\
-	asn1_EncryptedContent.x				\
-	asn1_EncryptedContentInfo.x			\
-	asn1_EncryptedKey.x				\
-	asn1_EnvelopedData.x				\
-	asn1_IssuerAndSerialNumber.x			\
-	asn1_KeyEncryptionAlgorithmIdentifier.x		\
-	asn1_KeyTransRecipientInfo.x			\
-	asn1_MessageDigest.x				\
-	asn1_OriginatorInfo.x				\
-	asn1_RecipientIdentifier.x			\
-	asn1_RecipientInfo.x				\
-	asn1_RecipientInfos.x				\
-	asn1_SignatureAlgorithmIdentifier.x		\
-	asn1_SignatureValue.x				\
-	asn1_SignedData.x				\
-	asn1_SignerIdentifier.x				\
-	asn1_SignerInfo.x				\
-	asn1_SignerInfos.x				\
-	asn1_id_pkcs7.x					\
-	asn1_id_pkcs7_data.x				\
-	asn1_id_pkcs7_digestedData.x			\
-	asn1_id_pkcs7_encryptedData.x			\
-	asn1_id_pkcs7_envelopedData.x			\
-	asn1_id_pkcs7_signedAndEnvelopedData.x		\
-	asn1_id_pkcs7_signedData.x			\
-	asn1_UnprotectedAttributes.x
-
-gen_files_rfc2459 =					\
-	asn1_Version.x					\
-	asn1_id_pkcs_1.x				\
-	asn1_id_pkcs1_rsaEncryption.x			\
-	asn1_id_pkcs1_md2WithRSAEncryption.x		\
-	asn1_id_pkcs1_md5WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha1WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha256WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha384WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha512WithRSAEncryption.x		\
-	asn1_id_heim_rsa_pkcs1_x509.x			\
-	asn1_id_pkcs_2.x				\
-	asn1_id_pkcs2_md2.x				\
-	asn1_id_pkcs2_md4.x				\
-	asn1_id_pkcs2_md5.x				\
-	asn1_id_rsa_digestAlgorithm.x			\
-	asn1_id_rsa_digest_md2.x			\
-	asn1_id_rsa_digest_md4.x			\
-	asn1_id_rsa_digest_md5.x			\
-	asn1_id_pkcs_3.x				\
-	asn1_id_pkcs3_rc2_cbc.x				\
-	asn1_id_pkcs3_rc4.x				\
-	asn1_id_pkcs3_des_ede3_cbc.x			\
-	asn1_id_rsadsi_encalg.x				\
-	asn1_id_rsadsi_rc2_cbc.x			\
-	asn1_id_rsadsi_des_ede3_cbc.x			\
-	asn1_id_secsig_sha_1.x				\
-	asn1_id_nistAlgorithm.x				\
-	asn1_id_nist_aes_algs.x				\
-	asn1_id_aes_128_cbc.x				\
-	asn1_id_aes_192_cbc.x				\
-	asn1_id_aes_256_cbc.x				\
-	asn1_id_nist_sha_algs.x				\
-	asn1_id_sha256.x				\
-	asn1_id_sha224.x				\
-	asn1_id_sha384.x				\
-	asn1_id_sha512.x				\
-	asn1_id_dhpublicnumber.x			\
-	asn1_id_x9_57.x					\
-	asn1_id_dsa.x					\
-	asn1_id_dsa_with_sha1.x				\
-	asn1_id_x520_at.x				\
-	asn1_id_at_commonName.x				\
-	asn1_id_at_surname.x				\
-	asn1_id_at_serialNumber.x			\
-	asn1_id_at_countryName.x			\
-	asn1_id_at_localityName.x			\
-	asn1_id_at_streetAddress.x			\
-	asn1_id_at_stateOrProvinceName.x		\
-	asn1_id_at_organizationName.x			\
-	asn1_id_at_organizationalUnitName.x		\
-	asn1_id_at_name.x				\
-	asn1_id_at_givenName.x				\
-	asn1_id_at_initials.x				\
-	asn1_id_at_generationQualifier.x		\
-	asn1_id_at_pseudonym.x				\
-	asn1_id_Userid.x				\
-	asn1_id_domainComponent.x			\
-	asn1_id_x509_ce.x				\
-	asn1_id_uspkicommon_card_id.x			\
-	asn1_id_uspkicommon_piv_interim.x		\
-	asn1_id_netscape.x				\
-	asn1_id_netscape_cert_comment.x			\
-	asn1_id_ms_cert_enroll_domaincontroller.x	\
-	asn1_id_ms_client_authentication.x		\
-	asn1_AlgorithmIdentifier.x			\
-	asn1_AttributeType.x				\
-	asn1_AttributeValue.x				\
-	asn1_TeletexStringx.x				\
-	asn1_DirectoryString.x				\
-	asn1_Attribute.x				\
-	asn1_AttributeTypeAndValue.x			\
-	asn1_AuthorityInfoAccessSyntax.x		\
-	asn1_AccessDescription.x			\
-	asn1_RelativeDistinguishedName.x		\
-	asn1_RDNSequence.x				\
-	asn1_Name.x					\
-	asn1_CertificateSerialNumber.x			\
-	asn1_Time.x					\
-	asn1_Validity.x					\
-	asn1_UniqueIdentifier.x				\
-	asn1_SubjectPublicKeyInfo.x			\
-	asn1_Extension.x				\
-	asn1_Extensions.x				\
-	asn1_TBSCertificate.x				\
-	asn1_Certificate.x				\
-	asn1_Certificates.x				\
-	asn1_ValidationParms.x				\
-	asn1_DomainParameters.x				\
-	asn1_DHPublicKey.x				\
-	asn1_OtherName.x				\
-	asn1_GeneralName.x				\
-	asn1_GeneralNames.x				\
-	asn1_id_x509_ce_keyUsage.x			\
-	asn1_KeyUsage.x					\
-	asn1_id_x509_ce_authorityKeyIdentifier.x	\
-	asn1_KeyIdentifier.x				\
-	asn1_AuthorityKeyIdentifier.x			\
-	asn1_id_x509_ce_subjectKeyIdentifier.x		\
-	asn1_SubjectKeyIdentifier.x			\
-	asn1_id_x509_ce_basicConstraints.x		\
-	asn1_BasicConstraints.x				\
-	asn1_id_x509_ce_nameConstraints.x		\
-	asn1_BaseDistance.x				\
-	asn1_GeneralSubtree.x				\
-	asn1_GeneralSubtrees.x				\
-	asn1_NameConstraints.x				\
-	asn1_id_x509_ce_privateKeyUsagePeriod.x		\
-	asn1_id_x509_ce_certificatePolicies.x		\
-	asn1_id_x509_ce_policyMappings.x		\
-	asn1_id_x509_ce_subjectAltName.x		\
-	asn1_id_x509_ce_issuerAltName.x			\
-	asn1_id_x509_ce_subjectDirectoryAttributes.x	\
-	asn1_id_x509_ce_policyConstraints.x		\
-	asn1_id_x509_ce_extKeyUsage.x			\
-	asn1_ExtKeyUsage.x				\
-	asn1_id_x509_ce_cRLDistributionPoints.x		\
-	asn1_id_x509_ce_deltaCRLIndicator.x		\
-	asn1_id_x509_ce_issuingDistributionPoint.x	\
-	asn1_id_x509_ce_holdInstructionCode.x		\
-	asn1_id_x509_ce_invalidityDate.x		\
-	asn1_id_x509_ce_certificateIssuer.x		\
-	asn1_id_x509_ce_inhibitAnyPolicy.x		\
-	asn1_DistributionPointReasonFlags.x		\
-	asn1_DistributionPointName.x			\
-	asn1_DistributionPoint.x			\
-	asn1_CRLDistributionPoints.x			\
-	asn1_DSASigValue.x				\
-	asn1_DSAPublicKey.x				\
-	asn1_DSAParams.x				\
-	asn1_RSAPublicKey.x				\
-	asn1_RSAPrivateKey.x				\
-	asn1_DigestInfo.x				\
-	asn1_TBSCRLCertList.x				\
-	asn1_CRLCertificateList.x			\
-	asn1_id_x509_ce_cRLNumber.x			\
-	asn1_id_x509_ce_freshestCRL.x			\
-	asn1_id_x509_ce_cRLReason.x			\
-	asn1_CRLReason.x				\
-	asn1_PKIXXmppAddr.x				\
-	asn1_id_pkix.x					\
-	asn1_id_pkix_on.x				\
-	asn1_id_pkix_on_dnsSRV.x			\
-	asn1_id_pkix_on_xmppAddr.x			\
-	asn1_id_pkix_kp.x				\
-	asn1_id_pkix_kp_serverAuth.x			\
-	asn1_id_pkix_kp_clientAuth.x			\
-	asn1_id_pkix_kp_emailProtection.x		\
-	asn1_id_pkix_kp_timeStamping.x			\
-	asn1_id_pkix_kp_OCSPSigning.x			\
-	asn1_id_pkix_pe.x				\
-	asn1_id_pkix_pe_authorityInfoAccess.x		\
-	asn1_id_pkix_pe_proxyCertInfo.x			\
-	asn1_id_pkix_ppl.x				\
-	asn1_id_pkix_ppl_anyLanguage.x			\
-	asn1_id_pkix_ppl_inheritAll.x			\
-	asn1_id_pkix_ppl_independent.x			\
-	asn1_ProxyPolicy.x				\
-	asn1_ProxyCertInfo.x 
-
-gen_files_pkinit =					\
-	asn1_id_pkinit.x				\
-	asn1_id_pkauthdata.x				\
-	asn1_id_pkdhkeydata.x				\
-	asn1_id_pkrkeydata.x				\
-	asn1_id_pkekuoid.x				\
-	asn1_id_pkkdcekuoid.x				\
-	asn1_id_pkinit_san.x				\
-	asn1_id_pkinit_ms_eku.x				\
-	asn1_id_pkinit_ms_san.x				\
-	asn1_MS_UPN_SAN.x				\
-	asn1_DHNonce.x					\
-	asn1_KDFAlgorithmId.x				\
-	asn1_TrustedCA.x				\
-	asn1_ExternalPrincipalIdentifier.x		\
-	asn1_ExternalPrincipalIdentifiers.x		\
-	asn1_PA_PK_AS_REQ.x				\
-	asn1_PKAuthenticator.x				\
-	asn1_AuthPack.x					\
-	asn1_TD_TRUSTED_CERTIFIERS.x			\
-	asn1_TD_INVALID_CERTIFICATES.x			\
-	asn1_KRB5PrincipalName.x			\
-	asn1_AD_INITIAL_VERIFIED_CAS.x			\
-	asn1_DHRepInfo.x				\
-	asn1_PA_PK_AS_REP.x				\
-	asn1_KDCDHKeyInfo.x				\
-	asn1_ReplyKeyPack.x				\
-	asn1_TD_DH_PARAMETERS.x				\
-	asn1_PKAuthenticator_Win2k.x			\
-	asn1_AuthPack_Win2k.x				\
-	asn1_TrustedCA_Win2k.x				\
-	asn1_PA_PK_AS_REQ_Win2k.x			\
-	asn1_PA_PK_AS_REP_Win2k.x			\
-	asn1_KDCDHKeyInfo_Win2k.x			\
-	asn1_ReplyKeyPack_Win2k.x			\
-	asn1_PkinitSuppPubInfo.x 
-
-gen_files_pkcs12 =					\
-	asn1_id_pkcs_12.x				\
-	asn1_id_pkcs_12PbeIds.x				\
-	asn1_id_pbeWithSHAAnd128BitRC4.x		\
-	asn1_id_pbeWithSHAAnd40BitRC4.x			\
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.x		\
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.x		\
-	asn1_id_pkcs12_bagtypes.x			\
-	asn1_id_pkcs12_keyBag.x				\
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.x		\
-	asn1_id_pkcs12_certBag.x			\
-	asn1_id_pkcs12_crlBag.x				\
-	asn1_id_pkcs12_secretBag.x			\
-	asn1_id_pkcs12_safeContentsBag.x		\
-	asn1_PKCS12_MacData.x				\
-	asn1_PKCS12_PFX.x				\
-	asn1_PKCS12_AuthenticatedSafe.x			\
-	asn1_PKCS12_CertBag.x				\
-	asn1_PKCS12_Attribute.x				\
-	asn1_PKCS12_Attributes.x			\
-	asn1_PKCS12_SafeBag.x				\
-	asn1_PKCS12_SafeContents.x			\
-	asn1_PKCS12_OctetString.x			\
-	asn1_PKCS12_PBEParams.x
-
-gen_files_pkcs8 =					\
-	asn1_PKCS8PrivateKeyAlgorithmIdentifier.x	\
-	asn1_PKCS8PrivateKey.x				\
-	asn1_PKCS8PrivateKeyInfo.x			\
-	asn1_PKCS8Attributes.x				\
-	asn1_PKCS8EncryptedPrivateKeyInfo.x		\
-	asn1_PKCS8EncryptedData.x
-
-gen_files_pkcs9 =					\
-	asn1_id_pkcs_9.x				\
-	asn1_id_pkcs9_contentType.x			\
-	asn1_id_pkcs9_emailAddress.x			\
-	asn1_id_pkcs9_messageDigest.x			\
-	asn1_id_pkcs9_signingTime.x			\
-	asn1_id_pkcs9_countersignature.x		\
-	asn1_id_pkcs_9_at_friendlyName.x		\
-	asn1_id_pkcs_9_at_localKeyId.x			\
-	asn1_id_pkcs_9_at_certTypes.x			\
-	asn1_id_pkcs_9_at_certTypes_x509.x		\
-	asn1_PKCS9_BMPString.x				\
-	asn1_PKCS9_friendlyName.x
-
-gen_files_test =					\
-	asn1_TESTAlloc.x				\
-	asn1_TESTAllocInner.x				\
-	asn1_TESTCONTAINING.x				\
-	asn1_TESTCONTAININGENCODEDBY.x			\
-	asn1_TESTCONTAININGENCODEDBY2.x			\
-	asn1_TESTChoice1.x				\
-	asn1_TESTChoice2.x				\
-	asn1_TESTDer.x					\
-	asn1_TESTENCODEDBY.x				\
-	asn1_TESTImplicit.x				\
-	asn1_TESTImplicit2.x				\
-	asn1_TESTInteger.x				\
-	asn1_TESTInteger2.x				\
-	asn1_TESTInteger3.x				\
-	asn1_TESTLargeTag.x				\
-	asn1_TESTSeq.x					\
-	asn1_TESTUSERCONSTRAINED.x			\
-	asn1_TESTSeqOf.x				\
-	asn1_TESTOSSize1.x				\
-	asn1_TESTSeqSizeOf1.x				\
-	asn1_TESTSeqSizeOf2.x				\
-	asn1_TESTSeqSizeOf3.x				\
-	asn1_TESTSeqSizeOf4.x
-
-gen_files_digest =					\
-	asn1_DigestError.x				\
-	asn1_DigestInit.x				\
-	asn1_DigestInitReply.x				\
-	asn1_DigestREP.x				\
-	asn1_DigestREQ.x				\
-	asn1_DigestRepInner.x				\
-	asn1_DigestReqInner.x				\
-	asn1_DigestRequest.x				\
-	asn1_DigestResponse.x				\
-	asn1_DigestTypes.x				\
-	asn1_NTLMInit.x					\
-	asn1_NTLMInitReply.x				\
-	asn1_NTLMRequest.x				\
-	asn1_NTLMResponse.x
-
-gen_files_kx509 =					\
-	asn1_Kx509Response.x				\
-	asn1_Kx509Request.x
-
-noinst_PROGRAMS = asn1_compile asn1_print asn1_gen
-
-TESTS = check-der check-gen check-timegm
-check_PROGRAMS = $(TESTS)
-
-asn1_gen_SOURCES = asn1_gen.c
-asn1_print_SOURCES = asn1_print.c
-check_der_SOURCES = check-der.c check-common.c check-common.h
-
-dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
-nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
-
-asn1_compile_SOURCES = 				\
-	asn1-common.h				\
-	asn1_queue.h				\
-	der.h					\
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	gen_locl.h				\
-	gen_seq.c				\
-	hash.c					\
-	hash.h					\
-	lex.l					\
-	lex.h					\
-	main.c					\
-	parse.y					\
-	symbol.c				\
-	symbol.h
-
-dist_libasn1_la_SOURCES =			\
-	der-protos.h 				\
-	der_locl.h 				\
-	der.c					\
-	der.h					\
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	der_cmp.c				\
-	der_format.c				\
-	heim_asn1.h				\
-	extra.c					\
-	timegm.c
-
-nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
-
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-asn1_gen_LDADD = $(check_der_LDADD)
-check_timegm_LDADD = $(check_der_LDADD)
-
-CLEANFILES = \
-	$(BUILT_SOURCES) \
-	$(gen_files_rfc2459) \
-	$(gen_files_cms) \
-	$(gen_files_k5) \
-	$(gen_files_pkinit) \
-	$(gen_files_pkcs8) \
-	$(gen_files_pkcs9) \
-	$(gen_files_pkcs12) \
-	$(gen_files_digest) \
-	$(gen_files_kx509) \
-	$(gen_files_test) $(nodist_check_gen_SOURCES) \
-	rfc2459_asn1_files rfc2459_asn1.h \
-	cms_asn1_files cms_asn1.h \
-	krb5_asn1_files krb5_asn1.h \
-	pkinit_asn1_files pkinit_asn1.h \
-	pkcs8_asn1_files pkcs8_asn1.h \
-	pkcs9_asn1_files pkcs9_asn1.h \
-	pkcs12_asn1_files pkcs12_asn1.h \
-	digest_asn1_files digest_asn1.h \
-	kx509_asn1_files kx509_asn1.h \
-	test_asn1_files test_asn1.h
-
-dist_include_HEADERS = der.h heim_asn1.h der-protos.h
-
-nodist_include_HEADERS = asn1_err.h
-nodist_include_HEADERS += krb5_asn1.h
-nodist_include_HEADERS += pkinit_asn1.h
-nodist_include_HEADERS += cms_asn1.h
-nodist_include_HEADERS += rfc2459_asn1.h
-nodist_include_HEADERS += pkcs8_asn1.h
-nodist_include_HEADERS += pkcs9_asn1.h
-nodist_include_HEADERS += pkcs12_asn1.h
-nodist_include_HEADERS += digest_asn1.h
-nodist_include_HEADERS += kx509_asn1.h
-
-$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
-$(check_gen_OBJECTS): test_asn1.h
-$(asn1_print_OBJECTS): krb5_asn1.h
-
-parse.h: parse.c
-
-$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
-$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
-$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
-$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
-$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
-$(gen_files_digest) digest_asn1.h: digest_asn1_files
-$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
-$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
-$(gen_files_cms) cms_asn1.h: cms_asn1_files
-$(gen_files_test) test_asn1.h: test_asn1_files
-
-rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
-	./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
-
-cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
-
-krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
-
-pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
-
-pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
-
-pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
-
-pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
-
-digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
-
-kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
-
-test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
-	./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
-
-EXTRA_DIST =		\
-	asn1_err.et	\
-	canthandle.asn1	\
-	CMS.asn1	\
-	digest.asn1	\
-	k5.asn1		\
-	kx509.asn1	\
-	test.asn1	\
-	setchgpw2.asn1	\
-	pkcs12.asn1	\
-	pkcs8.asn1	\
-	pkcs9.asn1	\
-	pkinit.asn1	\
-	rfc2459.asn1	\
-	test.gen
-
-$(srcdir)/der-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in
deleted file mode 100644
index 0a3783a..0000000
--- a/crypto/heimdal/lib/asn1/Makefile.in
+++ /dev/null
@@ -1,1801 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h
-noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) \
-	asn1_gen$(EXEEXT)
-TESTS = check-der$(EXEEXT) check-gen$(EXEEXT) check-timegm$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1)
-subdir = lib/asn1
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libasn1_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
-dist_libasn1_la_OBJECTS = der.lo der_get.lo der_put.lo der_free.lo \
-	der_length.lo der_copy.lo der_cmp.lo der_format.lo extra.lo \
-	timegm.lo
-am__objects_1 = asn1_Version.lo asn1_id_pkcs_1.lo \
-	asn1_id_pkcs1_rsaEncryption.lo \
-	asn1_id_pkcs1_md2WithRSAEncryption.lo \
-	asn1_id_pkcs1_md5WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha1WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha256WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha384WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha512WithRSAEncryption.lo \
-	asn1_id_heim_rsa_pkcs1_x509.lo asn1_id_pkcs_2.lo \
-	asn1_id_pkcs2_md2.lo asn1_id_pkcs2_md4.lo asn1_id_pkcs2_md5.lo \
-	asn1_id_rsa_digestAlgorithm.lo asn1_id_rsa_digest_md2.lo \
-	asn1_id_rsa_digest_md4.lo asn1_id_rsa_digest_md5.lo \
-	asn1_id_pkcs_3.lo asn1_id_pkcs3_rc2_cbc.lo \
-	asn1_id_pkcs3_rc4.lo asn1_id_pkcs3_des_ede3_cbc.lo \
-	asn1_id_rsadsi_encalg.lo asn1_id_rsadsi_rc2_cbc.lo \
-	asn1_id_rsadsi_des_ede3_cbc.lo asn1_id_secsig_sha_1.lo \
-	asn1_id_nistAlgorithm.lo asn1_id_nist_aes_algs.lo \
-	asn1_id_aes_128_cbc.lo asn1_id_aes_192_cbc.lo \
-	asn1_id_aes_256_cbc.lo asn1_id_nist_sha_algs.lo \
-	asn1_id_sha256.lo asn1_id_sha224.lo asn1_id_sha384.lo \
-	asn1_id_sha512.lo asn1_id_dhpublicnumber.lo asn1_id_x9_57.lo \
-	asn1_id_dsa.lo asn1_id_dsa_with_sha1.lo asn1_id_x520_at.lo \
-	asn1_id_at_commonName.lo asn1_id_at_surname.lo \
-	asn1_id_at_serialNumber.lo asn1_id_at_countryName.lo \
-	asn1_id_at_localityName.lo asn1_id_at_streetAddress.lo \
-	asn1_id_at_stateOrProvinceName.lo \
-	asn1_id_at_organizationName.lo \
-	asn1_id_at_organizationalUnitName.lo asn1_id_at_name.lo \
-	asn1_id_at_givenName.lo asn1_id_at_initials.lo \
-	asn1_id_at_generationQualifier.lo asn1_id_at_pseudonym.lo \
-	asn1_id_Userid.lo asn1_id_domainComponent.lo \
-	asn1_id_x509_ce.lo asn1_id_uspkicommon_card_id.lo \
-	asn1_id_uspkicommon_piv_interim.lo asn1_id_netscape.lo \
-	asn1_id_netscape_cert_comment.lo \
-	asn1_id_ms_cert_enroll_domaincontroller.lo \
-	asn1_id_ms_client_authentication.lo \
-	asn1_AlgorithmIdentifier.lo asn1_AttributeType.lo \
-	asn1_AttributeValue.lo asn1_TeletexStringx.lo \
-	asn1_DirectoryString.lo asn1_Attribute.lo \
-	asn1_AttributeTypeAndValue.lo \
-	asn1_AuthorityInfoAccessSyntax.lo asn1_AccessDescription.lo \
-	asn1_RelativeDistinguishedName.lo asn1_RDNSequence.lo \
-	asn1_Name.lo asn1_CertificateSerialNumber.lo asn1_Time.lo \
-	asn1_Validity.lo asn1_UniqueIdentifier.lo \
-	asn1_SubjectPublicKeyInfo.lo asn1_Extension.lo \
-	asn1_Extensions.lo asn1_TBSCertificate.lo asn1_Certificate.lo \
-	asn1_Certificates.lo asn1_ValidationParms.lo \
-	asn1_DomainParameters.lo asn1_DHPublicKey.lo asn1_OtherName.lo \
-	asn1_GeneralName.lo asn1_GeneralNames.lo \
-	asn1_id_x509_ce_keyUsage.lo asn1_KeyUsage.lo \
-	asn1_id_x509_ce_authorityKeyIdentifier.lo \
-	asn1_KeyIdentifier.lo asn1_AuthorityKeyIdentifier.lo \
-	asn1_id_x509_ce_subjectKeyIdentifier.lo \
-	asn1_SubjectKeyIdentifier.lo \
-	asn1_id_x509_ce_basicConstraints.lo asn1_BasicConstraints.lo \
-	asn1_id_x509_ce_nameConstraints.lo asn1_BaseDistance.lo \
-	asn1_GeneralSubtree.lo asn1_GeneralSubtrees.lo \
-	asn1_NameConstraints.lo \
-	asn1_id_x509_ce_privateKeyUsagePeriod.lo \
-	asn1_id_x509_ce_certificatePolicies.lo \
-	asn1_id_x509_ce_policyMappings.lo \
-	asn1_id_x509_ce_subjectAltName.lo \
-	asn1_id_x509_ce_issuerAltName.lo \
-	asn1_id_x509_ce_subjectDirectoryAttributes.lo \
-	asn1_id_x509_ce_policyConstraints.lo \
-	asn1_id_x509_ce_extKeyUsage.lo asn1_ExtKeyUsage.lo \
-	asn1_id_x509_ce_cRLDistributionPoints.lo \
-	asn1_id_x509_ce_deltaCRLIndicator.lo \
-	asn1_id_x509_ce_issuingDistributionPoint.lo \
-	asn1_id_x509_ce_holdInstructionCode.lo \
-	asn1_id_x509_ce_invalidityDate.lo \
-	asn1_id_x509_ce_certificateIssuer.lo \
-	asn1_id_x509_ce_inhibitAnyPolicy.lo \
-	asn1_DistributionPointReasonFlags.lo \
-	asn1_DistributionPointName.lo asn1_DistributionPoint.lo \
-	asn1_CRLDistributionPoints.lo asn1_DSASigValue.lo \
-	asn1_DSAPublicKey.lo asn1_DSAParams.lo asn1_RSAPublicKey.lo \
-	asn1_RSAPrivateKey.lo asn1_DigestInfo.lo \
-	asn1_TBSCRLCertList.lo asn1_CRLCertificateList.lo \
-	asn1_id_x509_ce_cRLNumber.lo asn1_id_x509_ce_freshestCRL.lo \
-	asn1_id_x509_ce_cRLReason.lo asn1_CRLReason.lo \
-	asn1_PKIXXmppAddr.lo asn1_id_pkix.lo asn1_id_pkix_on.lo \
-	asn1_id_pkix_on_dnsSRV.lo asn1_id_pkix_on_xmppAddr.lo \
-	asn1_id_pkix_kp.lo asn1_id_pkix_kp_serverAuth.lo \
-	asn1_id_pkix_kp_clientAuth.lo \
-	asn1_id_pkix_kp_emailProtection.lo \
-	asn1_id_pkix_kp_timeStamping.lo asn1_id_pkix_kp_OCSPSigning.lo \
-	asn1_id_pkix_pe.lo asn1_id_pkix_pe_authorityInfoAccess.lo \
-	asn1_id_pkix_pe_proxyCertInfo.lo asn1_id_pkix_ppl.lo \
-	asn1_id_pkix_ppl_anyLanguage.lo asn1_id_pkix_ppl_inheritAll.lo \
-	asn1_id_pkix_ppl_independent.lo asn1_ProxyPolicy.lo \
-	asn1_ProxyCertInfo.lo
-am__objects_2 = asn1_CMSAttributes.lo asn1_CMSCBCParameter.lo \
-	asn1_CMSEncryptedData.lo asn1_CMSIdentifier.lo \
-	asn1_CMSRC2CBCParameter.lo asn1_CMSVersion.lo \
-	asn1_CertificateList.lo asn1_CertificateRevocationLists.lo \
-	asn1_CertificateSet.lo \
-	asn1_ContentEncryptionAlgorithmIdentifier.lo \
-	asn1_ContentInfo.lo asn1_ContentType.lo \
-	asn1_DigestAlgorithmIdentifier.lo \
-	asn1_DigestAlgorithmIdentifiers.lo \
-	asn1_EncapsulatedContentInfo.lo asn1_EncryptedContent.lo \
-	asn1_EncryptedContentInfo.lo asn1_EncryptedKey.lo \
-	asn1_EnvelopedData.lo asn1_IssuerAndSerialNumber.lo \
-	asn1_KeyEncryptionAlgorithmIdentifier.lo \
-	asn1_KeyTransRecipientInfo.lo asn1_MessageDigest.lo \
-	asn1_OriginatorInfo.lo asn1_RecipientIdentifier.lo \
-	asn1_RecipientInfo.lo asn1_RecipientInfos.lo \
-	asn1_SignatureAlgorithmIdentifier.lo asn1_SignatureValue.lo \
-	asn1_SignedData.lo asn1_SignerIdentifier.lo asn1_SignerInfo.lo \
-	asn1_SignerInfos.lo asn1_id_pkcs7.lo asn1_id_pkcs7_data.lo \
-	asn1_id_pkcs7_digestedData.lo asn1_id_pkcs7_encryptedData.lo \
-	asn1_id_pkcs7_envelopedData.lo \
-	asn1_id_pkcs7_signedAndEnvelopedData.lo \
-	asn1_id_pkcs7_signedData.lo asn1_UnprotectedAttributes.lo
-am__objects_3 = asn1_AD_AND_OR.lo asn1_AD_IF_RELEVANT.lo \
-	asn1_AD_KDCIssued.lo asn1_AD_MANDATORY_FOR_KDC.lo \
-	asn1_AD_LoginAlias.lo asn1_APOptions.lo asn1_AP_REP.lo \
-	asn1_AP_REQ.lo asn1_AS_REP.lo asn1_AS_REQ.lo \
-	asn1_AUTHDATA_TYPE.lo asn1_Authenticator.lo \
-	asn1_AuthorizationData.lo asn1_AuthorizationDataElement.lo \
-	asn1_CKSUMTYPE.lo asn1_ChangePasswdDataMS.lo asn1_Checksum.lo \
-	asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO2.lo \
-	asn1_ETYPE_INFO2_ENTRY.lo asn1_ETYPE_INFO_ENTRY.lo \
-	asn1_EncAPRepPart.lo asn1_EncASRepPart.lo \
-	asn1_EncKDCRepPart.lo asn1_EncKrbCredPart.lo \
-	asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo \
-	asn1_EncTicketPart.lo asn1_EncryptedData.lo \
-	asn1_EncryptionKey.lo asn1_EtypeList.lo asn1_HostAddress.lo \
-	asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
-	asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
-	asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
-	asn1_KRB_SAFE_BODY.lo asn1_KerberosString.lo \
-	asn1_KerberosTime.lo asn1_KrbCredInfo.lo asn1_LR_TYPE.lo \
-	asn1_LastReq.lo asn1_MESSAGE_TYPE.lo asn1_METHOD_DATA.lo \
-	asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo asn1_PA_DATA.lo \
-	asn1_PA_ENC_SAM_RESPONSE_ENC.lo asn1_PA_ENC_TS_ENC.lo \
-	asn1_PA_PAC_REQUEST.lo asn1_PA_S4U2Self.lo \
-	asn1_PA_SAM_CHALLENGE_2.lo asn1_PA_SAM_CHALLENGE_2_BODY.lo \
-	asn1_PA_SAM_REDIRECT.lo asn1_PA_SAM_RESPONSE_2.lo \
-	asn1_PA_SAM_TYPE.lo asn1_PA_ClientCanonicalized.lo \
-	asn1_PA_ClientCanonicalizedNames.lo asn1_PA_SvrReferralData.lo \
-	asn1_PROV_SRV_LOCATION.lo asn1_Principal.lo \
-	asn1_PrincipalName.lo asn1_Realm.lo asn1_SAMFlags.lo \
-	asn1_TGS_REP.lo asn1_TGS_REQ.lo asn1_TYPED_DATA.lo \
-	asn1_Ticket.lo asn1_TicketFlags.lo asn1_TransitedEncoding.lo \
-	asn1_TypedData.lo asn1_krb5int32.lo asn1_krb5uint32.lo \
-	asn1_KRB5SignedPathData.lo asn1_KRB5SignedPathPrincipals.lo \
-	asn1_KRB5SignedPath.lo
-am__objects_4 = asn1_id_pkinit.lo asn1_id_pkauthdata.lo \
-	asn1_id_pkdhkeydata.lo asn1_id_pkrkeydata.lo \
-	asn1_id_pkekuoid.lo asn1_id_pkkdcekuoid.lo \
-	asn1_id_pkinit_san.lo asn1_id_pkinit_ms_eku.lo \
-	asn1_id_pkinit_ms_san.lo asn1_MS_UPN_SAN.lo asn1_DHNonce.lo \
-	asn1_KDFAlgorithmId.lo asn1_TrustedCA.lo \
-	asn1_ExternalPrincipalIdentifier.lo \
-	asn1_ExternalPrincipalIdentifiers.lo asn1_PA_PK_AS_REQ.lo \
-	asn1_PKAuthenticator.lo asn1_AuthPack.lo \
-	asn1_TD_TRUSTED_CERTIFIERS.lo asn1_TD_INVALID_CERTIFICATES.lo \
-	asn1_KRB5PrincipalName.lo asn1_AD_INITIAL_VERIFIED_CAS.lo \
-	asn1_DHRepInfo.lo asn1_PA_PK_AS_REP.lo asn1_KDCDHKeyInfo.lo \
-	asn1_ReplyKeyPack.lo asn1_TD_DH_PARAMETERS.lo \
-	asn1_PKAuthenticator_Win2k.lo asn1_AuthPack_Win2k.lo \
-	asn1_TrustedCA_Win2k.lo asn1_PA_PK_AS_REQ_Win2k.lo \
-	asn1_PA_PK_AS_REP_Win2k.lo asn1_KDCDHKeyInfo_Win2k.lo \
-	asn1_ReplyKeyPack_Win2k.lo asn1_PkinitSuppPubInfo.lo
-am__objects_5 = asn1_PKCS8PrivateKeyAlgorithmIdentifier.lo \
-	asn1_PKCS8PrivateKey.lo asn1_PKCS8PrivateKeyInfo.lo \
-	asn1_PKCS8Attributes.lo asn1_PKCS8EncryptedPrivateKeyInfo.lo \
-	asn1_PKCS8EncryptedData.lo
-am__objects_6 = asn1_id_pkcs_9.lo asn1_id_pkcs9_contentType.lo \
-	asn1_id_pkcs9_emailAddress.lo asn1_id_pkcs9_messageDigest.lo \
-	asn1_id_pkcs9_signingTime.lo asn1_id_pkcs9_countersignature.lo \
-	asn1_id_pkcs_9_at_friendlyName.lo \
-	asn1_id_pkcs_9_at_localKeyId.lo asn1_id_pkcs_9_at_certTypes.lo \
-	asn1_id_pkcs_9_at_certTypes_x509.lo asn1_PKCS9_BMPString.lo \
-	asn1_PKCS9_friendlyName.lo
-am__objects_7 = asn1_id_pkcs_12.lo asn1_id_pkcs_12PbeIds.lo \
-	asn1_id_pbeWithSHAAnd128BitRC4.lo \
-	asn1_id_pbeWithSHAAnd40BitRC4.lo \
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.lo \
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.lo \
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.lo \
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.lo \
-	asn1_id_pkcs12_bagtypes.lo asn1_id_pkcs12_keyBag.lo \
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.lo \
-	asn1_id_pkcs12_certBag.lo asn1_id_pkcs12_crlBag.lo \
-	asn1_id_pkcs12_secretBag.lo asn1_id_pkcs12_safeContentsBag.lo \
-	asn1_PKCS12_MacData.lo asn1_PKCS12_PFX.lo \
-	asn1_PKCS12_AuthenticatedSafe.lo asn1_PKCS12_CertBag.lo \
-	asn1_PKCS12_Attribute.lo asn1_PKCS12_Attributes.lo \
-	asn1_PKCS12_SafeBag.lo asn1_PKCS12_SafeContents.lo \
-	asn1_PKCS12_OctetString.lo asn1_PKCS12_PBEParams.lo
-am__objects_8 = asn1_DigestError.lo asn1_DigestInit.lo \
-	asn1_DigestInitReply.lo asn1_DigestREP.lo asn1_DigestREQ.lo \
-	asn1_DigestRepInner.lo asn1_DigestReqInner.lo \
-	asn1_DigestRequest.lo asn1_DigestResponse.lo \
-	asn1_DigestTypes.lo asn1_NTLMInit.lo asn1_NTLMInitReply.lo \
-	asn1_NTLMRequest.lo asn1_NTLMResponse.lo
-am__objects_9 = asn1_Kx509Response.lo asn1_Kx509Request.lo
-am__objects_10 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \
-	$(am__objects_4) $(am__objects_5) $(am__objects_6) \
-	$(am__objects_7) $(am__objects_8) $(am__objects_9) asn1_err.lo
-nodist_libasn1_la_OBJECTS = $(am__objects_10)
-libasn1_la_OBJECTS = $(dist_libasn1_la_OBJECTS) \
-	$(nodist_libasn1_la_OBJECTS)
-libasn1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libasn1_la_LDFLAGS) $(LDFLAGS) -o $@
-am__EXEEXT_1 = check-der$(EXEEXT) check-gen$(EXEEXT) \
-	check-timegm$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \
-	gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
-	gen_glue.$(OBJEXT) gen_length.$(OBJEXT) gen_seq.$(OBJEXT) \
-	hash.$(OBJEXT) lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) \
-	symbol.$(OBJEXT)
-asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS)
-asn1_compile_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_asn1_gen_OBJECTS = asn1_gen.$(OBJEXT)
-asn1_gen_OBJECTS = $(am_asn1_gen_OBJECTS)
-am__DEPENDENCIES_2 = libasn1.la $(am__DEPENDENCIES_1)
-asn1_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_asn1_print_OBJECTS = asn1_print.$(OBJEXT)
-asn1_print_OBJECTS = $(am_asn1_print_OBJECTS)
-asn1_print_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT)
-check_der_OBJECTS = $(am_check_der_OBJECTS)
-check_der_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1)
-dist_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT)
-am__objects_11 = asn1_TESTAlloc.$(OBJEXT) \
-	asn1_TESTAllocInner.$(OBJEXT) asn1_TESTCONTAINING.$(OBJEXT) \
-	asn1_TESTCONTAININGENCODEDBY.$(OBJEXT) \
-	asn1_TESTCONTAININGENCODEDBY2.$(OBJEXT) \
-	asn1_TESTChoice1.$(OBJEXT) asn1_TESTChoice2.$(OBJEXT) \
-	asn1_TESTDer.$(OBJEXT) asn1_TESTENCODEDBY.$(OBJEXT) \
-	asn1_TESTImplicit.$(OBJEXT) asn1_TESTImplicit2.$(OBJEXT) \
-	asn1_TESTInteger.$(OBJEXT) asn1_TESTInteger2.$(OBJEXT) \
-	asn1_TESTInteger3.$(OBJEXT) asn1_TESTLargeTag.$(OBJEXT) \
-	asn1_TESTSeq.$(OBJEXT) asn1_TESTUSERCONSTRAINED.$(OBJEXT) \
-	asn1_TESTSeqOf.$(OBJEXT) asn1_TESTOSSize1.$(OBJEXT) \
-	asn1_TESTSeqSizeOf1.$(OBJEXT) asn1_TESTSeqSizeOf2.$(OBJEXT) \
-	asn1_TESTSeqSizeOf3.$(OBJEXT) asn1_TESTSeqSizeOf4.$(OBJEXT)
-nodist_check_gen_OBJECTS = $(am__objects_11)
-check_gen_OBJECTS = $(dist_check_gen_OBJECTS) \
-	$(nodist_check_gen_OBJECTS)
-check_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
-check_timegm_SOURCES = check-timegm.c
-check_timegm_OBJECTS = check-timegm.$(OBJEXT)
-check_timegm_DEPENDENCIES = $(am__DEPENDENCIES_2)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libasn1_la_SOURCES) $(nodist_libasn1_la_SOURCES) \
-	$(asn1_compile_SOURCES) $(asn1_gen_SOURCES) \
-	$(asn1_print_SOURCES) $(check_der_SOURCES) \
-	$(dist_check_gen_SOURCES) $(nodist_check_gen_SOURCES) \
-	check-timegm.c
-DIST_SOURCES = $(dist_libasn1_la_SOURCES) $(asn1_compile_SOURCES) \
-	$(asn1_gen_SOURCES) $(asn1_print_SOURCES) $(check_der_SOURCES) \
-	$(dist_check_gen_SOURCES) check-timegm.c
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d -t
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 8:0:0
-libasn1_la_LIBADD = \
-	@LIB_com_err@ \
-	$(LIBADD_roken)
-
-BUILT_SOURCES = \
-	$(gen_files_rfc2459:.x=.c)	\
-	$(gen_files_cms:.x=.c)		\
-	$(gen_files_k5:.x=.c)		\
-	$(gen_files_pkinit:.x=.c)	\
-	$(gen_files_pkcs8:.x=.c)	\
-	$(gen_files_pkcs9:.x=.c)	\
-	$(gen_files_pkcs12:.x=.c)	\
-	$(gen_files_digest:.x=.c)	\
-	$(gen_files_kx509:.x=.c)	\
-	asn1_err.h			\
-	asn1_err.c
-
-gen_files_k5 = \
-	asn1_AD_AND_OR.x				\
-	asn1_AD_IF_RELEVANT.x				\
-	asn1_AD_KDCIssued.x				\
-	asn1_AD_MANDATORY_FOR_KDC.x			\
-	asn1_AD_LoginAlias.x				\
-	asn1_APOptions.x				\
-	asn1_AP_REP.x					\
-	asn1_AP_REQ.x					\
-	asn1_AS_REP.x					\
-	asn1_AS_REQ.x					\
-	asn1_AUTHDATA_TYPE.x				\
-	asn1_Authenticator.x				\
-	asn1_AuthorizationData.x			\
-	asn1_AuthorizationDataElement.x			\
-	asn1_CKSUMTYPE.x				\
-	asn1_ChangePasswdDataMS.x			\
-	asn1_Checksum.x					\
-	asn1_ENCTYPE.x					\
-	asn1_ETYPE_INFO.x				\
-	asn1_ETYPE_INFO2.x				\
-	asn1_ETYPE_INFO2_ENTRY.x			\
-	asn1_ETYPE_INFO_ENTRY.x				\
-	asn1_EncAPRepPart.x				\
-	asn1_EncASRepPart.x				\
-	asn1_EncKDCRepPart.x				\
-	asn1_EncKrbCredPart.x				\
-	asn1_EncKrbPrivPart.x				\
-	asn1_EncTGSRepPart.x				\
-	asn1_EncTicketPart.x				\
-	asn1_EncryptedData.x				\
-	asn1_EncryptionKey.x				\
-	asn1_EtypeList.x				\
-	asn1_HostAddress.x				\
-	asn1_HostAddresses.x				\
-	asn1_KDCOptions.x				\
-	asn1_KDC_REP.x					\
-	asn1_KDC_REQ.x					\
-	asn1_KDC_REQ_BODY.x				\
-	asn1_KRB_CRED.x					\
-	asn1_KRB_ERROR.x				\
-	asn1_KRB_PRIV.x					\
-	asn1_KRB_SAFE.x					\
-	asn1_KRB_SAFE_BODY.x				\
-	asn1_KerberosString.x				\
-	asn1_KerberosTime.x				\
-	asn1_KrbCredInfo.x				\
-	asn1_LR_TYPE.x					\
-	asn1_LastReq.x					\
-	asn1_MESSAGE_TYPE.x				\
-	asn1_METHOD_DATA.x				\
-	asn1_NAME_TYPE.x				\
-	asn1_PADATA_TYPE.x				\
-	asn1_PA_DATA.x					\
-	asn1_PA_ENC_SAM_RESPONSE_ENC.x         		\
-	asn1_PA_ENC_TS_ENC.x				\
-	asn1_PA_PAC_REQUEST.x				\
-	asn1_PA_S4U2Self.x				\
-	asn1_PA_SAM_CHALLENGE_2.x               	\
-	asn1_PA_SAM_CHALLENGE_2_BODY.x 			\
-	asn1_PA_SAM_REDIRECT.x				\
-	asn1_PA_SAM_RESPONSE_2.x			\
-	asn1_PA_SAM_TYPE.x				\
-	asn1_PA_ClientCanonicalized.x			\
-	asn1_PA_ClientCanonicalizedNames.x		\
-	asn1_PA_SvrReferralData.x			\
-	asn1_PROV_SRV_LOCATION.x			\
-	asn1_Principal.x				\
-	asn1_PrincipalName.x				\
-	asn1_Realm.x					\
-	asn1_SAMFlags.x					\
-	asn1_TGS_REP.x					\
-	asn1_TGS_REQ.x					\
-	asn1_TYPED_DATA.x				\
-	asn1_Ticket.x					\
-	asn1_TicketFlags.x				\
-	asn1_TransitedEncoding.x			\
-	asn1_TypedData.x				\
-	asn1_krb5int32.x				\
-	asn1_krb5uint32.x				\
-	asn1_KRB5SignedPathData.x			\
-	asn1_KRB5SignedPathPrincipals.x			\
-	asn1_KRB5SignedPath.x
-
-gen_files_cms = \
-	asn1_CMSAttributes.x				\
-	asn1_CMSCBCParameter.x				\
-	asn1_CMSEncryptedData.x				\
-	asn1_CMSIdentifier.x				\
-	asn1_CMSRC2CBCParameter.x			\
-	asn1_CMSVersion.x				\
-	asn1_CertificateList.x				\
-	asn1_CertificateRevocationLists.x		\
-	asn1_CertificateSet.x				\
-	asn1_ContentEncryptionAlgorithmIdentifier.x	\
-	asn1_ContentInfo.x				\
-	asn1_ContentType.x				\
-	asn1_DigestAlgorithmIdentifier.x		\
-	asn1_DigestAlgorithmIdentifiers.x		\
-	asn1_EncapsulatedContentInfo.x			\
-	asn1_EncryptedContent.x				\
-	asn1_EncryptedContentInfo.x			\
-	asn1_EncryptedKey.x				\
-	asn1_EnvelopedData.x				\
-	asn1_IssuerAndSerialNumber.x			\
-	asn1_KeyEncryptionAlgorithmIdentifier.x		\
-	asn1_KeyTransRecipientInfo.x			\
-	asn1_MessageDigest.x				\
-	asn1_OriginatorInfo.x				\
-	asn1_RecipientIdentifier.x			\
-	asn1_RecipientInfo.x				\
-	asn1_RecipientInfos.x				\
-	asn1_SignatureAlgorithmIdentifier.x		\
-	asn1_SignatureValue.x				\
-	asn1_SignedData.x				\
-	asn1_SignerIdentifier.x				\
-	asn1_SignerInfo.x				\
-	asn1_SignerInfos.x				\
-	asn1_id_pkcs7.x					\
-	asn1_id_pkcs7_data.x				\
-	asn1_id_pkcs7_digestedData.x			\
-	asn1_id_pkcs7_encryptedData.x			\
-	asn1_id_pkcs7_envelopedData.x			\
-	asn1_id_pkcs7_signedAndEnvelopedData.x		\
-	asn1_id_pkcs7_signedData.x			\
-	asn1_UnprotectedAttributes.x
-
-gen_files_rfc2459 = \
-	asn1_Version.x					\
-	asn1_id_pkcs_1.x				\
-	asn1_id_pkcs1_rsaEncryption.x			\
-	asn1_id_pkcs1_md2WithRSAEncryption.x		\
-	asn1_id_pkcs1_md5WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha1WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha256WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha384WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha512WithRSAEncryption.x		\
-	asn1_id_heim_rsa_pkcs1_x509.x			\
-	asn1_id_pkcs_2.x				\
-	asn1_id_pkcs2_md2.x				\
-	asn1_id_pkcs2_md4.x				\
-	asn1_id_pkcs2_md5.x				\
-	asn1_id_rsa_digestAlgorithm.x			\
-	asn1_id_rsa_digest_md2.x			\
-	asn1_id_rsa_digest_md4.x			\
-	asn1_id_rsa_digest_md5.x			\
-	asn1_id_pkcs_3.x				\
-	asn1_id_pkcs3_rc2_cbc.x				\
-	asn1_id_pkcs3_rc4.x				\
-	asn1_id_pkcs3_des_ede3_cbc.x			\
-	asn1_id_rsadsi_encalg.x				\
-	asn1_id_rsadsi_rc2_cbc.x			\
-	asn1_id_rsadsi_des_ede3_cbc.x			\
-	asn1_id_secsig_sha_1.x				\
-	asn1_id_nistAlgorithm.x				\
-	asn1_id_nist_aes_algs.x				\
-	asn1_id_aes_128_cbc.x				\
-	asn1_id_aes_192_cbc.x				\
-	asn1_id_aes_256_cbc.x				\
-	asn1_id_nist_sha_algs.x				\
-	asn1_id_sha256.x				\
-	asn1_id_sha224.x				\
-	asn1_id_sha384.x				\
-	asn1_id_sha512.x				\
-	asn1_id_dhpublicnumber.x			\
-	asn1_id_x9_57.x					\
-	asn1_id_dsa.x					\
-	asn1_id_dsa_with_sha1.x				\
-	asn1_id_x520_at.x				\
-	asn1_id_at_commonName.x				\
-	asn1_id_at_surname.x				\
-	asn1_id_at_serialNumber.x			\
-	asn1_id_at_countryName.x			\
-	asn1_id_at_localityName.x			\
-	asn1_id_at_streetAddress.x			\
-	asn1_id_at_stateOrProvinceName.x		\
-	asn1_id_at_organizationName.x			\
-	asn1_id_at_organizationalUnitName.x		\
-	asn1_id_at_name.x				\
-	asn1_id_at_givenName.x				\
-	asn1_id_at_initials.x				\
-	asn1_id_at_generationQualifier.x		\
-	asn1_id_at_pseudonym.x				\
-	asn1_id_Userid.x				\
-	asn1_id_domainComponent.x			\
-	asn1_id_x509_ce.x				\
-	asn1_id_uspkicommon_card_id.x			\
-	asn1_id_uspkicommon_piv_interim.x		\
-	asn1_id_netscape.x				\
-	asn1_id_netscape_cert_comment.x			\
-	asn1_id_ms_cert_enroll_domaincontroller.x	\
-	asn1_id_ms_client_authentication.x		\
-	asn1_AlgorithmIdentifier.x			\
-	asn1_AttributeType.x				\
-	asn1_AttributeValue.x				\
-	asn1_TeletexStringx.x				\
-	asn1_DirectoryString.x				\
-	asn1_Attribute.x				\
-	asn1_AttributeTypeAndValue.x			\
-	asn1_AuthorityInfoAccessSyntax.x		\
-	asn1_AccessDescription.x			\
-	asn1_RelativeDistinguishedName.x		\
-	asn1_RDNSequence.x				\
-	asn1_Name.x					\
-	asn1_CertificateSerialNumber.x			\
-	asn1_Time.x					\
-	asn1_Validity.x					\
-	asn1_UniqueIdentifier.x				\
-	asn1_SubjectPublicKeyInfo.x			\
-	asn1_Extension.x				\
-	asn1_Extensions.x				\
-	asn1_TBSCertificate.x				\
-	asn1_Certificate.x				\
-	asn1_Certificates.x				\
-	asn1_ValidationParms.x				\
-	asn1_DomainParameters.x				\
-	asn1_DHPublicKey.x				\
-	asn1_OtherName.x				\
-	asn1_GeneralName.x				\
-	asn1_GeneralNames.x				\
-	asn1_id_x509_ce_keyUsage.x			\
-	asn1_KeyUsage.x					\
-	asn1_id_x509_ce_authorityKeyIdentifier.x	\
-	asn1_KeyIdentifier.x				\
-	asn1_AuthorityKeyIdentifier.x			\
-	asn1_id_x509_ce_subjectKeyIdentifier.x		\
-	asn1_SubjectKeyIdentifier.x			\
-	asn1_id_x509_ce_basicConstraints.x		\
-	asn1_BasicConstraints.x				\
-	asn1_id_x509_ce_nameConstraints.x		\
-	asn1_BaseDistance.x				\
-	asn1_GeneralSubtree.x				\
-	asn1_GeneralSubtrees.x				\
-	asn1_NameConstraints.x				\
-	asn1_id_x509_ce_privateKeyUsagePeriod.x		\
-	asn1_id_x509_ce_certificatePolicies.x		\
-	asn1_id_x509_ce_policyMappings.x		\
-	asn1_id_x509_ce_subjectAltName.x		\
-	asn1_id_x509_ce_issuerAltName.x			\
-	asn1_id_x509_ce_subjectDirectoryAttributes.x	\
-	asn1_id_x509_ce_policyConstraints.x		\
-	asn1_id_x509_ce_extKeyUsage.x			\
-	asn1_ExtKeyUsage.x				\
-	asn1_id_x509_ce_cRLDistributionPoints.x		\
-	asn1_id_x509_ce_deltaCRLIndicator.x		\
-	asn1_id_x509_ce_issuingDistributionPoint.x	\
-	asn1_id_x509_ce_holdInstructionCode.x		\
-	asn1_id_x509_ce_invalidityDate.x		\
-	asn1_id_x509_ce_certificateIssuer.x		\
-	asn1_id_x509_ce_inhibitAnyPolicy.x		\
-	asn1_DistributionPointReasonFlags.x		\
-	asn1_DistributionPointName.x			\
-	asn1_DistributionPoint.x			\
-	asn1_CRLDistributionPoints.x			\
-	asn1_DSASigValue.x				\
-	asn1_DSAPublicKey.x				\
-	asn1_DSAParams.x				\
-	asn1_RSAPublicKey.x				\
-	asn1_RSAPrivateKey.x				\
-	asn1_DigestInfo.x				\
-	asn1_TBSCRLCertList.x				\
-	asn1_CRLCertificateList.x			\
-	asn1_id_x509_ce_cRLNumber.x			\
-	asn1_id_x509_ce_freshestCRL.x			\
-	asn1_id_x509_ce_cRLReason.x			\
-	asn1_CRLReason.x				\
-	asn1_PKIXXmppAddr.x				\
-	asn1_id_pkix.x					\
-	asn1_id_pkix_on.x				\
-	asn1_id_pkix_on_dnsSRV.x			\
-	asn1_id_pkix_on_xmppAddr.x			\
-	asn1_id_pkix_kp.x				\
-	asn1_id_pkix_kp_serverAuth.x			\
-	asn1_id_pkix_kp_clientAuth.x			\
-	asn1_id_pkix_kp_emailProtection.x		\
-	asn1_id_pkix_kp_timeStamping.x			\
-	asn1_id_pkix_kp_OCSPSigning.x			\
-	asn1_id_pkix_pe.x				\
-	asn1_id_pkix_pe_authorityInfoAccess.x		\
-	asn1_id_pkix_pe_proxyCertInfo.x			\
-	asn1_id_pkix_ppl.x				\
-	asn1_id_pkix_ppl_anyLanguage.x			\
-	asn1_id_pkix_ppl_inheritAll.x			\
-	asn1_id_pkix_ppl_independent.x			\
-	asn1_ProxyPolicy.x				\
-	asn1_ProxyCertInfo.x 
-
-gen_files_pkinit = \
-	asn1_id_pkinit.x				\
-	asn1_id_pkauthdata.x				\
-	asn1_id_pkdhkeydata.x				\
-	asn1_id_pkrkeydata.x				\
-	asn1_id_pkekuoid.x				\
-	asn1_id_pkkdcekuoid.x				\
-	asn1_id_pkinit_san.x				\
-	asn1_id_pkinit_ms_eku.x				\
-	asn1_id_pkinit_ms_san.x				\
-	asn1_MS_UPN_SAN.x				\
-	asn1_DHNonce.x					\
-	asn1_KDFAlgorithmId.x				\
-	asn1_TrustedCA.x				\
-	asn1_ExternalPrincipalIdentifier.x		\
-	asn1_ExternalPrincipalIdentifiers.x		\
-	asn1_PA_PK_AS_REQ.x				\
-	asn1_PKAuthenticator.x				\
-	asn1_AuthPack.x					\
-	asn1_TD_TRUSTED_CERTIFIERS.x			\
-	asn1_TD_INVALID_CERTIFICATES.x			\
-	asn1_KRB5PrincipalName.x			\
-	asn1_AD_INITIAL_VERIFIED_CAS.x			\
-	asn1_DHRepInfo.x				\
-	asn1_PA_PK_AS_REP.x				\
-	asn1_KDCDHKeyInfo.x				\
-	asn1_ReplyKeyPack.x				\
-	asn1_TD_DH_PARAMETERS.x				\
-	asn1_PKAuthenticator_Win2k.x			\
-	asn1_AuthPack_Win2k.x				\
-	asn1_TrustedCA_Win2k.x				\
-	asn1_PA_PK_AS_REQ_Win2k.x			\
-	asn1_PA_PK_AS_REP_Win2k.x			\
-	asn1_KDCDHKeyInfo_Win2k.x			\
-	asn1_ReplyKeyPack_Win2k.x			\
-	asn1_PkinitSuppPubInfo.x 
-
-gen_files_pkcs12 = \
-	asn1_id_pkcs_12.x				\
-	asn1_id_pkcs_12PbeIds.x				\
-	asn1_id_pbeWithSHAAnd128BitRC4.x		\
-	asn1_id_pbeWithSHAAnd40BitRC4.x			\
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.x		\
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.x		\
-	asn1_id_pkcs12_bagtypes.x			\
-	asn1_id_pkcs12_keyBag.x				\
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.x		\
-	asn1_id_pkcs12_certBag.x			\
-	asn1_id_pkcs12_crlBag.x				\
-	asn1_id_pkcs12_secretBag.x			\
-	asn1_id_pkcs12_safeContentsBag.x		\
-	asn1_PKCS12_MacData.x				\
-	asn1_PKCS12_PFX.x				\
-	asn1_PKCS12_AuthenticatedSafe.x			\
-	asn1_PKCS12_CertBag.x				\
-	asn1_PKCS12_Attribute.x				\
-	asn1_PKCS12_Attributes.x			\
-	asn1_PKCS12_SafeBag.x				\
-	asn1_PKCS12_SafeContents.x			\
-	asn1_PKCS12_OctetString.x			\
-	asn1_PKCS12_PBEParams.x
-
-gen_files_pkcs8 = \
-	asn1_PKCS8PrivateKeyAlgorithmIdentifier.x	\
-	asn1_PKCS8PrivateKey.x				\
-	asn1_PKCS8PrivateKeyInfo.x			\
-	asn1_PKCS8Attributes.x				\
-	asn1_PKCS8EncryptedPrivateKeyInfo.x		\
-	asn1_PKCS8EncryptedData.x
-
-gen_files_pkcs9 = \
-	asn1_id_pkcs_9.x				\
-	asn1_id_pkcs9_contentType.x			\
-	asn1_id_pkcs9_emailAddress.x			\
-	asn1_id_pkcs9_messageDigest.x			\
-	asn1_id_pkcs9_signingTime.x			\
-	asn1_id_pkcs9_countersignature.x		\
-	asn1_id_pkcs_9_at_friendlyName.x		\
-	asn1_id_pkcs_9_at_localKeyId.x			\
-	asn1_id_pkcs_9_at_certTypes.x			\
-	asn1_id_pkcs_9_at_certTypes_x509.x		\
-	asn1_PKCS9_BMPString.x				\
-	asn1_PKCS9_friendlyName.x
-
-gen_files_test = \
-	asn1_TESTAlloc.x				\
-	asn1_TESTAllocInner.x				\
-	asn1_TESTCONTAINING.x				\
-	asn1_TESTCONTAININGENCODEDBY.x			\
-	asn1_TESTCONTAININGENCODEDBY2.x			\
-	asn1_TESTChoice1.x				\
-	asn1_TESTChoice2.x				\
-	asn1_TESTDer.x					\
-	asn1_TESTENCODEDBY.x				\
-	asn1_TESTImplicit.x				\
-	asn1_TESTImplicit2.x				\
-	asn1_TESTInteger.x				\
-	asn1_TESTInteger2.x				\
-	asn1_TESTInteger3.x				\
-	asn1_TESTLargeTag.x				\
-	asn1_TESTSeq.x					\
-	asn1_TESTUSERCONSTRAINED.x			\
-	asn1_TESTSeqOf.x				\
-	asn1_TESTOSSize1.x				\
-	asn1_TESTSeqSizeOf1.x				\
-	asn1_TESTSeqSizeOf2.x				\
-	asn1_TESTSeqSizeOf3.x				\
-	asn1_TESTSeqSizeOf4.x
-
-gen_files_digest = \
-	asn1_DigestError.x				\
-	asn1_DigestInit.x				\
-	asn1_DigestInitReply.x				\
-	asn1_DigestREP.x				\
-	asn1_DigestREQ.x				\
-	asn1_DigestRepInner.x				\
-	asn1_DigestReqInner.x				\
-	asn1_DigestRequest.x				\
-	asn1_DigestResponse.x				\
-	asn1_DigestTypes.x				\
-	asn1_NTLMInit.x					\
-	asn1_NTLMInitReply.x				\
-	asn1_NTLMRequest.x				\
-	asn1_NTLMResponse.x
-
-gen_files_kx509 = \
-	asn1_Kx509Response.x				\
-	asn1_Kx509Request.x
-
-asn1_gen_SOURCES = asn1_gen.c
-asn1_print_SOURCES = asn1_print.c
-check_der_SOURCES = check-der.c check-common.c check-common.h
-dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
-nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
-asn1_compile_SOURCES = \
-	asn1-common.h				\
-	asn1_queue.h				\
-	der.h					\
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	gen_locl.h				\
-	gen_seq.c				\
-	hash.c					\
-	hash.h					\
-	lex.l					\
-	lex.h					\
-	main.c					\
-	parse.y					\
-	symbol.c				\
-	symbol.h
-
-dist_libasn1_la_SOURCES = \
-	der-protos.h 				\
-	der_locl.h 				\
-	der.c					\
-	der.h					\
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	der_cmp.c				\
-	der_format.c				\
-	heim_asn1.h				\
-	extra.c					\
-	timegm.c
-
-nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-asn1_gen_LDADD = $(check_der_LDADD)
-check_timegm_LDADD = $(check_der_LDADD)
-CLEANFILES = \
-	$(BUILT_SOURCES) \
-	$(gen_files_rfc2459) \
-	$(gen_files_cms) \
-	$(gen_files_k5) \
-	$(gen_files_pkinit) \
-	$(gen_files_pkcs8) \
-	$(gen_files_pkcs9) \
-	$(gen_files_pkcs12) \
-	$(gen_files_digest) \
-	$(gen_files_kx509) \
-	$(gen_files_test) $(nodist_check_gen_SOURCES) \
-	rfc2459_asn1_files rfc2459_asn1.h \
-	cms_asn1_files cms_asn1.h \
-	krb5_asn1_files krb5_asn1.h \
-	pkinit_asn1_files pkinit_asn1.h \
-	pkcs8_asn1_files pkcs8_asn1.h \
-	pkcs9_asn1_files pkcs9_asn1.h \
-	pkcs12_asn1_files pkcs12_asn1.h \
-	digest_asn1_files digest_asn1.h \
-	kx509_asn1_files kx509_asn1.h \
-	test_asn1_files test_asn1.h
-
-dist_include_HEADERS = der.h heim_asn1.h der-protos.h
-nodist_include_HEADERS = asn1_err.h krb5_asn1.h pkinit_asn1.h \
-	cms_asn1.h rfc2459_asn1.h pkcs8_asn1.h pkcs9_asn1.h \
-	pkcs12_asn1.h digest_asn1.h kx509_asn1.h
-EXTRA_DIST = \
-	asn1_err.et	\
-	canthandle.asn1	\
-	CMS.asn1	\
-	digest.asn1	\
-	k5.asn1		\
-	kx509.asn1	\
-	test.asn1	\
-	setchgpw2.asn1	\
-	pkcs12.asn1	\
-	pkcs8.asn1	\
-	pkcs9.asn1	\
-	pkinit.asn1	\
-	rfc2459.asn1	\
-	test.gen
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/asn1/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/asn1/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) 
-	$(libasn1_la_LINK) -rpath $(libdir) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES) 
-	@rm -f asn1_compile$(EXEEXT)
-	$(LINK) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS)
-asn1_gen$(EXEEXT): $(asn1_gen_OBJECTS) $(asn1_gen_DEPENDENCIES) 
-	@rm -f asn1_gen$(EXEEXT)
-	$(LINK) $(asn1_gen_OBJECTS) $(asn1_gen_LDADD) $(LIBS)
-asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) 
-	@rm -f asn1_print$(EXEEXT)
-	$(LINK) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS)
-check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) 
-	@rm -f check-der$(EXEEXT)
-	$(LINK) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS)
-check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) 
-	@rm -f check-gen$(EXEEXT)
-	$(LINK) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS)
-check-timegm$(EXEEXT): $(check_timegm_OBJECTS) $(check_timegm_DEPENDENCIES) 
-	@rm -f check-timegm$(EXEEXT)
-	$(LINK) $(check_timegm_OBJECTS) $(check_timegm_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS \
-	install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dist_includeHEADERS \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
-$(check_gen_OBJECTS): test_asn1.h
-$(asn1_print_OBJECTS): krb5_asn1.h
-
-parse.h: parse.c
-
-$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
-$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
-$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
-$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
-$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
-$(gen_files_digest) digest_asn1.h: digest_asn1_files
-$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
-$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
-$(gen_files_cms) cms_asn1.h: cms_asn1_files
-$(gen_files_test) test_asn1.h: test_asn1_files
-
-rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
-	./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
-
-cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
-
-krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
-
-pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
-
-pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
-
-pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
-
-pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
-
-digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
-
-kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
-
-test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
-	./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
-
-$(srcdir)/der-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/asn1-common.h b/crypto/heimdal/lib/asn1/asn1-common.h
deleted file mode 100644
index 5789e0f..0000000
--- a/crypto/heimdal/lib/asn1/asn1-common.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */
-
-#include <stddef.h>
-#include <time.h>
-
-#ifndef __asn1_common_definitions__
-#define __asn1_common_definitions__
-
-typedef struct heim_integer {
-    size_t length;
-    void *data;
-    int negative;
-} heim_integer;
-
-typedef struct heim_octet_string {
-    size_t length;
-    void *data;
-} heim_octet_string;
-
-typedef char *heim_general_string;
-typedef char *heim_utf8_string;
-typedef char *heim_printable_string;
-typedef char *heim_ia5_string;
-
-typedef struct heim_bmp_string {
-    size_t length;
-    uint16_t *data;
-} heim_bmp_string;
-
-typedef struct heim_universal_string {
-    size_t length;
-    uint32_t *data;
-} heim_universal_string;
-
-typedef char *heim_visible_string;
-
-typedef struct heim_oid {
-    size_t length;
-    unsigned *components;
-} heim_oid;
-
-typedef struct heim_bit_string {
-    size_t length;
-    void *data;
-} heim_bit_string;
-
-typedef struct heim_octet_string heim_any;
-typedef struct heim_octet_string heim_any_set;
-
-#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \
-  do {                                                         \
-    (BL) = length_##T((S));                                    \
-    (B) = malloc((BL));                                        \
-    if((B) == NULL) {                                          \
-      (R) = ENOMEM;                                            \
-    } else {                                                   \
-      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \
-                       (S), (L));                              \
-      if((R) != 0) {                                           \
-        free((B));                                             \
-        (B) = NULL;                                            \
-      }                                                        \
-    }                                                          \
-  } while (0)
-
-#endif
diff --git a/crypto/heimdal/lib/asn1/asn1_err.et b/crypto/heimdal/lib/asn1/asn1_err.et
deleted file mode 100644
index c624e21..0000000
--- a/crypto/heimdal/lib/asn1/asn1_err.et
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Error messages for the asn.1 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
-
-error_table asn1
-prefix ASN1
-error_code BAD_TIMEFORMAT,	"ASN.1 failed call to system time library"
-error_code MISSING_FIELD,	"ASN.1 structure is missing a required field"
-error_code MISPLACED_FIELD,	"ASN.1 unexpected field number"
-error_code TYPE_MISMATCH,	"ASN.1 type numbers are inconsistent"
-error_code OVERFLOW,		"ASN.1 value too large"
-error_code OVERRUN,		"ASN.1 encoding ended unexpectedly"
-error_code BAD_ID,		"ASN.1 identifier doesn't match expected value"
-error_code BAD_LENGTH,		"ASN.1 length doesn't match expected value"
-error_code BAD_FORMAT,		"ASN.1 badly-formatted encoding"
-error_code PARSE_ERROR,		"ASN.1 parse error"
-error_code EXTRA_DATA,		"ASN.1 extra data past end of end structure"
-error_code BAD_CHARACTER,	"ASN.1 invalid character in string"
-error_code MIN_CONSTRAINT,	"ASN.1 too few elements"
-error_code MAX_CONSTRAINT,	"ASN.1 too many elements"
-error_code EXACT_CONSTRAINT,	"ASN.1 wrong number of elements"
-end
diff --git a/crypto/heimdal/lib/asn1/asn1_gen.c b/crypto/heimdal/lib/asn1/asn1_gen.c
deleted file mode 100644
index 65b382e..0000000
--- a/crypto/heimdal/lib/asn1/asn1_gen.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <getarg.h>
-#include <hex.h>
-#include <err.h>
-
-RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $");
-
-static int
-doit(const char *fn)
-{
-    char buf[2048];
-    char *fnout;
-    const char *bname;
-    unsigned long line = 0;
-    FILE *f, *fout;
-    size_t offset = 0;
-
-    f = fopen(fn, "r");
-    if (f == NULL)
-	err(1, "fopen");
-
-    bname = strrchr(fn, '/');
-    if (bname)
-	bname++;
-    else
-	bname = fn;
-
-    asprintf(&fnout, "%s.out", bname);
-    if (fnout == NULL)
-	errx(1, "malloc");
-
-    fout = fopen(fnout, "w");
-    if (fout == NULL)
-	err(1, "fopen: output file");
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *ptr, *class, *type, *tag, *length, *data, *foo;
-	int ret, l, c, ty, ta;
-	unsigned char p[6], *pdata;
-	size_t sz;
-
-	line++;
-
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (buf[0] == '#' || buf[0] == '\0')
-	    continue;
-
-	ptr = buf;
-	while (isspace((unsigned char)*ptr))
-	       ptr++;
-
-	class = strtok_r(ptr, " \t\n", &foo);
-	if (class == NULL) errx(1, "class missing on line %lu", line);
-	type = strtok_r(NULL, " \t\n", &foo);
-	if (type == NULL) errx(1, "type missing on line %lu", line);
-	tag = strtok_r(NULL, " \t\n", &foo);
-	if (tag == NULL) errx(1, "tag missing on line %lu", line);
-	length = strtok_r(NULL, " \t\n", &foo);
-	if (length == NULL) errx(1, "length missing on line %lu", line);
-	data = strtok_r(NULL, " \t\n", &foo);
-
-	c = der_get_class_num(class);
-	if (c == -1) errx(1, "no valid class on line %lu", line);
-	ty = der_get_type_num(type);
-	if (ty == -1) errx(1, "no valid type on line %lu", line);
-	ta = der_get_tag_num(tag);
-	if (ta == -1)
-	    ta = atoi(tag);
-
-	l = atoi(length);
-
-	printf("line: %3lu offset: %3lu class: %d type: %d "
-	       "tag: %3d length: %3d %s\n", 
-	       line, (unsigned long)offset, c, ty, ta, l, 
-	       data ? "<have data>" : "<no data>");
-
-	ret = der_put_length_and_tag(p + sizeof(p) - 1, sizeof(p),
-				     l,
-				     c,
-				     ty,
-				     ta,
-				     &sz);
-	if (ret)
-	    errx(1, "der_put_length_and_tag: %d", ret);
-	
-	if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1)
-	    err(1, "fwrite length/tag failed");
-	offset += sz;
-	
-	if (data) {
-	    size_t datalen;
-	    
-	    datalen = strlen(data) / 2;
-	    pdata = emalloc(sz);
-	    
-	    if (hex_decode(data, pdata, datalen) != datalen)
-		errx(1, "failed to decode data");
-	    
-	    if (fwrite(pdata, datalen, 1, fout) != 1)
-		err(1, "fwrite data failed");
-	    offset += datalen;
-	    
-	    free(pdata);
-	}
-    }
-    printf("line: eof offset: %lu\n", (unsigned long)offset);
-    
-    fclose(fout);
-    fclose(f);
-    return 0;
-}
-
-
-static int version_flag;
-static int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "parse-file");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-    if (argc != 1)
-	usage (1);
-
-    return doit (argv[0]);
-}
diff --git a/crypto/heimdal/lib/asn1/asn1_print.c b/crypto/heimdal/lib/asn1/asn1_print.c
deleted file mode 100644
index e00bf10..0000000
--- a/crypto/heimdal/lib/asn1/asn1_print.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <getarg.h>
-#include <err.h>
-#include <der.h>
-
-RCSID("$Id: asn1_print.c 19539 2006-12-28 17:15:05Z lha $");
-
-static int indent_flag = 1;
-
-static unsigned long indefinite_form_loop;
-static unsigned long indefinite_form_loop_max = 10000;
-
-static size_t
-loop (unsigned char *buf, size_t len, int indent)
-{
-    unsigned char *start_buf = buf;
-
-    while (len > 0) {
-	int ret;
-	Der_class class;
-	Der_type type;
-	unsigned int tag;
-	size_t sz;
-	size_t length;
-	size_t loop_length = 0;
-	int end_tag = 0;
-	const char *tagname;
-
-	ret = der_get_tag (buf, len, &class, &type, &tag, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	if (sz > len)
-	    errx (1, "unreasonable length (%u) > %u",
-		  (unsigned)sz, (unsigned)len);
-	buf += sz;
-	len -= sz;
-	if (indent_flag) {
-	    int i;
-	    for (i = 0; i < indent; ++i)
-		printf (" ");
-	}
-	printf ("%s %s ", der_get_class_name(class), der_get_type_name(type));
-	tagname = der_get_tag_name(tag);
-	if (class == ASN1_C_UNIV && tagname != NULL)
-	    printf ("%s = ", tagname);
-	else
-	    printf ("tag %d = ", tag);
-	ret = der_get_length (buf, len, &length, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	if (sz > len)
-	    errx (1, "unreasonable tag length (%u) > %u",
-		  (unsigned)sz, (unsigned)len);
-	buf += sz;
-	len -= sz;
-	if (length == ASN1_INDEFINITE) {
-	    if ((class == ASN1_C_UNIV && type == PRIM && tag == UT_OctetString) ||
-		(class == ASN1_C_CONTEXT && type == CONS) ||
-		(class == ASN1_C_UNIV && type == CONS && tag == UT_Sequence) ||
-		(class == ASN1_C_UNIV && type == CONS && tag == UT_Set)) {
-		printf("*INDEFINITE FORM*");
-	    } else {
-		fflush(stdout);
-		errx(1, "indef form used on unsupported object");
-	    }
-	    end_tag = 1;
-	    if (indefinite_form_loop > indefinite_form_loop_max)
-		errx(1, "indefinite form used recursively more then %lu "
-		     "times, aborting", indefinite_form_loop_max);
-	    indefinite_form_loop++;
-	    length = len;
-	} else if (length > len) {
-	    printf("\n");
-	    fflush(stdout);
-	    errx (1, "unreasonable inner length (%u) > %u",
-		  (unsigned)length, (unsigned)len);
-	}
-	if (class == ASN1_C_CONTEXT || class == ASN1_C_APPL) {
-	    printf ("%lu bytes [%u]", (unsigned long)length, tag);
-	    if (type == CONS) {
-		printf("\n");
-		loop_length = loop (buf, length, indent + 2);
-	    } else {
-		printf(" IMPLICIT content\n");
-	    }
-	} else if (class == ASN1_C_UNIV) {
-	    switch (tag) {
-	    case UT_EndOfContent:
-		printf (" INDEFINITE length was %lu\n",
-			(unsigned long)(buf - start_buf));
-		break;
-	    case UT_Set :
-	    case UT_Sequence :
-		printf ("%lu bytes {\n", (unsigned long)length);
-		loop_length = loop (buf, length, indent + 2);
-		if (indent_flag) {
-		    int i;
-		    for (i = 0; i < indent; ++i)
-			printf (" ");
-		    printf ("}\n");
-		} else
-		    printf ("} indent = %d\n", indent / 2);
-		break;
-	    case UT_Integer : {
-		int val;
-
-		if (length <= sizeof(val)) {
-		    ret = der_get_integer (buf, length, &val, NULL);
-		    if (ret)
-			errx (1, "der_get_integer: %s", error_message (ret));
-		    printf ("integer %d\n", val);
-		} else {
-		    heim_integer vali;
-		    char *p;
-
-		    ret = der_get_heim_integer(buf, length, &vali, NULL);
-		    if (ret)
-			errx (1, "der_get_heim_integer: %s", 
-			      error_message (ret));
-		    ret = der_print_hex_heim_integer(&vali, &p);
-		    if (ret)
-			errx (1, "der_print_hex_heim_integer: %s", 
-			      error_message (ret));
-		    printf ("BIG NUM integer: length %lu %s\n", 
-			    (unsigned long)length, p);
-		    free(p);
-		}
-		break;
-	    }
-	    case UT_OctetString : {
-		heim_octet_string str;
-		int i;
-		unsigned char *uc;
-
-		ret = der_get_octet_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_octet_string: %s", error_message (ret));
-		printf ("(length %lu), ", (unsigned long)length);
-		uc = (unsigned char *)str.data;
-		for (i = 0; i < min(16,length); ++i)
-		    printf ("%02x", uc[i]);
-		printf ("\n");
-		free (str.data);
-		break;
-	    }
-	    case UT_GeneralizedTime :
-	    case UT_GeneralString :
-	    case UT_PrintableString :
-	    case UT_VisibleString : {
-		heim_general_string str;
-
-		ret = der_get_general_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_general_string: %s",
-			  error_message (ret));
-		printf ("\"%s\"\n", str);
-		free (str);
-		break;
-	    }
-	    case UT_OID: {
-		heim_oid o;
-		char *p;
-
-		ret = der_get_oid(buf, length, &o, NULL);
-		if (ret)
-		    errx (1, "der_get_oid: %s", error_message (ret));
-		ret = der_print_heim_oid(&o, '.', &p);
-		der_free_oid(&o);
-		if (ret)
-		    errx (1, "der_print_heim_oid: %s", error_message (ret));
-		printf("%s\n", p);
-		free(p);
-
-		break;
-	    }
-	    case UT_Enumerated: {
-		int num;
-
-		ret = der_get_integer (buf, length, &num, NULL);
-		if (ret)
-		    errx (1, "der_get_enum: %s", error_message (ret));
-		
-		printf("%u\n", num);
-		break;
-	    }
-	    default :
-		printf ("%lu bytes\n", (unsigned long)length);
-		break;
-	    }
-	}
-	if (end_tag) {
-	    if (loop_length == 0)
-		errx(1, "zero length INDEFINITE data ? indent = %d\n", 
-		     indent / 2);
-	    if (loop_length < length)
-		length = loop_length;
-	    if (indefinite_form_loop == 0)
-		errx(1, "internal error in indefinite form loop detection");
-	    indefinite_form_loop--;
-	} else if (loop_length)
-	    errx(1, "internal error for INDEFINITE form");
-	buf += length;
-	len -= length;
-    }
-    return 0;
-}
-
-static int
-doit (const char *filename)
-{
-    int fd = open (filename, O_RDONLY);
-    struct stat sb;
-    unsigned char *buf;
-    size_t len;
-    int ret;
-
-    if(fd < 0)
-	err (1, "opening %s for read", filename);
-    if (fstat (fd, &sb) < 0)
-	err (1, "stat %s", filename);
-    len = sb.st_size;
-    buf = emalloc (len);
-    if (read (fd, buf, len) != len)
-	errx (1, "read failed");
-    close (fd);
-    ret = loop (buf, len, 0);
-    free (buf);
-    return 0;
-}
-
-
-static int version_flag;
-static int help_flag;
-struct getargs args[] = {
-    { "indent", 0, arg_negative_flag, &indent_flag },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "dump-file");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname (argv[0]);
-    initialize_asn1_error_table ();
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-    if (argc != 1)
-	usage (1);
-    return doit (argv[0]);
-}
diff --git a/crypto/heimdal/lib/asn1/asn1_queue.h b/crypto/heimdal/lib/asn1/asn1_queue.h
deleted file mode 100644
index 3659b38..0000000
--- a/crypto/heimdal/lib/asn1/asn1_queue.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*	$NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $	*/
-/*	$Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */
-
-/*
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)queue.h	8.5 (Berkeley) 8/20/94
- */
-
-#ifndef	_ASN1_QUEUE_H_
-#define	_ASN1_QUEUE_H_
-
-/*
- * Tail queue definitions.
- */
-#define	ASN1_TAILQ_HEAD(name, type)					\
-struct name {								\
-	struct type *tqh_first;	/* first element */			\
-	struct type **tqh_last;	/* addr of last next element */		\
-}
-
-#define	ASN1_TAILQ_HEAD_INITIALIZER(head)				\
-	{ NULL, &(head).tqh_first }
-#define	ASN1_TAILQ_ENTRY(type)						\
-struct {								\
-	struct type *tqe_next;	/* next element */			\
-	struct type **tqe_prev;	/* address of previous next element */	\
-}
-
-/*
- * Tail queue functions.
- */
-#if defined(_KERNEL) && defined(QUEUEDEBUG)
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field)		\
-	if ((head)->tqh_first &&					\
-	    (head)->tqh_first->field.tqe_prev != &(head)->tqh_first)	\
-		panic("ASN1_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field)		\
-	if (*(head)->tqh_last != NULL)					\
-		panic("ASN1_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_OP(elm, field)				\
-	if ((elm)->field.tqe_next &&					\
-	    (elm)->field.tqe_next->field.tqe_prev !=			\
-	    &(elm)->field.tqe_next)					\
-		panic("ASN1_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\
-	if (*(elm)->field.tqe_prev != (elm))				\
-		panic("ASN1_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field)		\
-	if ((elm)->field.tqe_next == NULL &&				\
-	    (head)->tqh_last != &(elm)->field.tqe_next)			\
-		panic("ASN1_TAILQ_PREREMOVE head %p elm %p %s:%d",	\
-		      (head), (elm), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field)			\
-	(elm)->field.tqe_next = (void *)1L;				\
-	(elm)->field.tqe_prev = (void *)1L;
-#else
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_OP(elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field)
-#endif
-
-#define	ASN1_TAILQ_INIT(head) do {					\
-	(head)->tqh_first = NULL;					\
-	(head)->tqh_last = &(head)->tqh_first;				\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_HEAD(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD((head), (elm), field)		\
-	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
-		(head)->tqh_first->field.tqe_prev =			\
-		    &(elm)->field.tqe_next;				\
-	else								\
-		(head)->tqh_last = &(elm)->field.tqe_next;		\
-	(head)->tqh_first = (elm);					\
-	(elm)->field.tqe_prev = &(head)->tqh_first;			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_TAIL(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL((head), (elm), field)		\
-	(elm)->field.tqe_next = NULL;					\
-	(elm)->field.tqe_prev = (head)->tqh_last;			\
-	*(head)->tqh_last = (elm);					\
-	(head)->tqh_last = &(elm)->field.tqe_next;			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field)			\
-	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
-		(elm)->field.tqe_next->field.tqe_prev = 		\
-		    &(elm)->field.tqe_next;				\
-	else								\
-		(head)->tqh_last = &(elm)->field.tqe_next;		\
-	(listelm)->field.tqe_next = (elm);				\
-	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_BEFORE(listelm, elm, field) do {		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field)			\
-	(elm)->field.tqe_prev = (listelm)->field.tqe_prev;		\
-	(elm)->field.tqe_next = (listelm);				\
-	*(listelm)->field.tqe_prev = (elm);				\
-	(listelm)->field.tqe_prev = &(elm)->field.tqe_next;		\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_REMOVE(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE((head), (elm), field)		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((elm), field)				\
-	if (((elm)->field.tqe_next) != NULL)				\
-		(elm)->field.tqe_next->field.tqe_prev = 		\
-		    (elm)->field.tqe_prev;				\
-	else								\
-		(head)->tqh_last = (elm)->field.tqe_prev;		\
-	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
-	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE((elm), field);			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_FOREACH(var, head, field)				\
-	for ((var) = ((head)->tqh_first);				\
-		(var);							\
-		(var) = ((var)->field.tqe_next))
-
-#define	ASN1_TAILQ_FOREACH_REVERSE(var, head, headname, field)		\
-	for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
-		(var);							\
-		(var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
-
-/*
- * Tail queue access methods.
- */
-#define	ASN1_TAILQ_EMPTY(head)		((head)->tqh_first == NULL)
-#define	ASN1_TAILQ_FIRST(head)		((head)->tqh_first)
-#define	ASN1_TAILQ_NEXT(elm, field)		((elm)->field.tqe_next)
-
-#define	ASN1_TAILQ_LAST(head, headname) \
-	(*(((struct headname *)((head)->tqh_last))->tqh_last))
-#define	ASN1_TAILQ_PREV(elm, headname, field) \
-	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
-
-
-#endif	/* !_ASN1_QUEUE_H_ */
diff --git a/crypto/heimdal/lib/asn1/canthandle.asn1 b/crypto/heimdal/lib/asn1/canthandle.asn1
deleted file mode 100644
index 5ba3e38..0000000
--- a/crypto/heimdal/lib/asn1/canthandle.asn1
+++ /dev/null
@@ -1,34 +0,0 @@
--- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ --
-
-CANTHANDLE DEFINITIONS ::= BEGIN
-
--- Code the tag [1] but not the [ CONTEXT CONS UT_Sequence ] for Kaka2
--- Workaround: use inline the structure directly
--- Code the tag [2] but it should be primitive since KAKA3 is
--- Workaround: use the INTEGER type directly
-
-Kaka2  ::= SEQUENCE { 
-        kaka2-1 [0] INTEGER
-}
-
-Kaka3  ::= INTEGER
-
-Foo ::= SEQUENCE {
-        kaka1 [0] IMPLICIT INTEGER OPTIONAL,
-        kaka2 [1] IMPLICIT Kaka2 OPTIONAL,
-        kaka3 [2] IMPLICIT Kaka3 OPTIONAL
-}
-
--- Don't code kaka if it's 1
--- Workaround is to use OPTIONAL and check for in the encoder stubs
-
-Bar ::= SEQUENCE {
-        kaka [0] INTEGER DEFAULT 1
-}
-
---  Can't handle primitives in SET OF
---  Workaround is to define a type that is only an integer and use that
-
-Baz ::= SET OF INTEGER
-
-END
diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c
deleted file mode 100644
index adf95f6..0000000
--- a/crypto/heimdal/lib/asn1/check-common.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Copyright (c) 1999 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-common.c 18751 2006-10-21 14:49:13Z lha $");
-
-struct map_page {
-    void *start;
-    size_t size;
-    void *data_start;
-    size_t data_size;
-    enum map_type type;
-};
-
-/* #undef HAVE_MMAP */
-
-void *
-map_alloc(enum map_type type, const void *buf, 
-	  size_t size, struct map_page **map)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p;
-    size_t len = size + sizeof(long) * 2;
-    int i;
-    
-    *map = ecalloc(1, sizeof(**map));
-
-    p = emalloc(len);
-    (*map)->type = type;
-    (*map)->start = p;
-    (*map)->size = len;
-    (*map)->data_start = p + sizeof(long);
-    for (i = sizeof(long); i > 0; i--)
-	p[sizeof(long) - i] = 0xff - i;
-    for (i = sizeof(long); i > 0; i--)
-	p[len - i] = 0xff - i;
-#else
-    unsigned char *p;
-    int flags, ret, fd;
-    size_t pagesize = getpagesize();
-
-    *map = ecalloc(1, sizeof(**map));
-
-    (*map)->type = type;
-
-#ifdef MAP_ANON
-    flags = MAP_ANON;
-    fd = -1;
-#else
-    flags = 0;
-    fd = open ("/dev/zero", O_RDONLY);
-    if(fd < 0)
-	err (1, "open /dev/zero");
-#endif
-    flags |= MAP_PRIVATE;
-
-    (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
-
-    p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
-			      flags, fd, 0);
-    if (p == (unsigned char *)MAP_FAILED)
-	err (1, "mmap");
-
-    (*map)->start = p;
-
-    ret = mprotect (p, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    switch (type) {
-    case OVERRUN:
-	(*map)->data_start = p + (*map)->size - pagesize - size;
-	break;
-    case UNDERRUN:
-	(*map)->data_start = p + pagesize;
-	break;
-   default:
-	abort();
-    }
-#endif
-    (*map)->data_size = size;
-    if (buf)
-	memcpy((*map)->data_start, buf, size);
-    return (*map)->data_start;
-}
-
-void
-map_free(struct map_page *map, const char *test_name, const char *map_name)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p = map->start;
-    int i;
-    
-    for (i = sizeof(long); i > 0; i--)
-	if (p[sizeof(long) - i] != 0xff - i)
-	    errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
-    for (i = sizeof(long); i > 0; i--)
-	if (p[map->size - i] != 0xff - i)
-	    errx(1, "%s: %s overrun %lu\n", test_name, map_name, 
-		 (unsigned long)map->size - i);
-    free(map->start);
-#else
-    int ret;
-    
-    ret = munmap (map->start, map->size);
-    if (ret < 0)
-	err (1, "munmap");
-#endif
-    free(map);
-}
-
-static void
-print_bytes (unsigned const char *buf, size_t len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i)
-	printf ("%02x ", buf[i]);
-}
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-static char *current_test = "<uninit>";
-static char *current_state = "<uninit>";
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    int fd;
-    char msg[] = "SIGSEGV i current test: ";
-    
-    fd = open("/dev/stdout", O_WRONLY, 0600);
-    if (fd >= 0) {
-	write(fd, msg, sizeof(msg));
-	write(fd, current_test, strlen(current_test));
-	write(fd, " ", 1);
-	write(fd, current_state, strlen(current_state));
-	write(fd, "\n", 1);
-	close(fd);
-    }
-    _exit(1);
-}
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*free_data)(void *),
-	      int (*cmp)(void *a, void *b))
-{
-    unsigned char *buf, *buf2;
-    int i;
-    int failures = 0;
-    void *data;
-    struct map_page *data_map, *buf_map, *buf2_map;
-
-    struct sigaction sa, osa;
-
-    for (i = 0; i < ntests; ++i) {
-	int ret;
-	size_t sz, consumed_sz, length_sz, buf_sz;
-
-	current_test = tests[i].name;
-
-	current_state = "init";
-
-	sigemptyset (&sa.sa_mask);
-	sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-	sa.sa_flags |= SA_RESETHAND;
-#endif
-	sa.sa_handler = segv_handler;
-	sigaction (SIGSEGV, &sa, &osa);
-
-	data = map_alloc(OVERRUN, NULL, data_size, &data_map);
-
-	buf_sz = tests[i].byte_len;
-	buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
-
-	current_state = "encode";
-	ret = (*encode) (buf + buf_sz - 1, buf_sz,
-			 tests[i].val, &sz);
-	if (ret != 0) {
-	    printf ("encoding of %s failed %d\n", tests[i].name, ret);
-	    ++failures;
-	    continue;
-	}
-	if (sz != tests[i].byte_len) {
-	    printf ("encoding of %s has wrong len (%lu != %lu)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)tests[i].byte_len);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "length";
-	length_sz = (*length) (tests[i].val);
-	if (sz != length_sz) {
-	    printf ("length for %s is bad (%lu != %lu)\n",
-		    tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "memcmp";
-	if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
-	    printf ("encoding of %s has bad bytes:\n"
-		    "correct: ", tests[i].name);
-	    print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
-	    printf ("\nactual:  ");
-	    print_bytes (buf, sz);
-	    printf ("\n");
-	    ++failures;
-	    continue;
-	}
-
-	buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
-
-	current_state = "decode";
-	ret = (*decode) (buf2, sz, data, &consumed_sz);
-	if (ret != 0) {
-	    printf ("decoding of %s failed %d\n", tests[i].name, ret);
-	    ++failures;
-	    continue;
-	}
-	if (sz != consumed_sz) {
-	    printf ("different length decoding %s (%ld != %ld)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)consumed_sz);
-	    ++failures;
-	    continue;
-	}
-	current_state = "cmp";
-	if ((*cmp)(data, tests[i].val) != 0) {
-	    printf ("%s: comparison failed\n", tests[i].name);
-	    ++failures;
-	    continue;
-	}
-	current_state = "free";
-	if (free_data)
-	    (*free_data)(data);
-
-	current_state = "free";
-	map_free(buf_map, tests[i].name, "encode");
-	map_free(buf2_map, tests[i].name, "decode");
-	map_free(data_map, tests[i].name, "data");
-
-	sigaction (SIGSEGV, &osa, NULL);
-    }
-    current_state = "done";
-    return failures;
-}
-
-/*
- * check for failures
- * 
- * a test size (byte_len) of -1 means that the test tries to trigger a
- * integer overflow (and later a malloc of to little memory), just
- * allocate some memory and hope that is enough for that test.
- */
-
-int
-generic_decode_fail (const struct test_case *tests,
-		     unsigned ntests,
-		     size_t data_size,
-		     int (*decode)(unsigned char *, size_t, void *, size_t *))
-{
-    unsigned char *buf;
-    int i;
-    int failures = 0;
-    void *data;
-    struct map_page *data_map, *buf_map;
-
-    struct sigaction sa, osa;
-
-    for (i = 0; i < ntests; ++i) {
-	int ret;
-	size_t sz;
-	const void *bytes;
-	
-	current_test = tests[i].name;
-
-	current_state = "init";
-
-	sigemptyset (&sa.sa_mask);
-	sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-	sa.sa_flags |= SA_RESETHAND;
-#endif
-	sa.sa_handler = segv_handler;
-	sigaction (SIGSEGV, &sa, &osa);
-
-	data = map_alloc(OVERRUN, NULL, data_size, &data_map);
-
-	if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
-	    sz = tests[i].byte_len;
-	    bytes = tests[i].bytes;
-	} else {
-	    sz = 4096;
-	    bytes = NULL;
-	}
-		
-	buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
-
-	if (tests[i].byte_len == -1)
-	    memset(buf, 0, sz);
-
-	current_state = "decode";
-	ret = (*decode) (buf, tests[i].byte_len, data, &sz);
-	if (ret == 0) {
-	    printf ("sucessfully decoded %s\n", tests[i].name);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "free";
-	if (buf)
-	    map_free(buf_map, tests[i].name, "encode");
-	map_free(data_map, tests[i].name, "data");
-
-	sigaction (SIGSEGV, &osa, NULL);
-    }
-    current_state = "done";
-    return failures;
-}
diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h
deleted file mode 100644
index b1cb647..0000000
--- a/crypto/heimdal/lib/asn1/check-common.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-struct test_case {
-    void *val;
-    int byte_len;
-    const char *bytes;
-    char *name;
-};
-
-typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *);
-typedef int (*generic_length)(void *);
-typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *);
-typedef int (*generic_free)(void *);
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*free_data)(void *),
-	      int (*cmp)(void *a, void *b));
-
-int
-generic_decode_fail(const struct test_case *tests,
-		    unsigned ntests,
-		    size_t data_size,
-		    int (*decode)(unsigned char *, size_t, void *, size_t *));
-
-
-struct map_page;
-
-enum map_type { OVERRUN, UNDERRUN };
-
-struct map_page;
-
-void *	map_alloc(enum map_type, const void *, size_t, struct map_page **);
-void	map_free(struct map_page *, const char *, const char *);
diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c
deleted file mode 100644
index 9ba2601..0000000
--- a/crypto/heimdal/lib/asn1/check-der.c
+++ /dev/null
@@ -1,1089 +0,0 @@
-/*
- * Copyright (c) 1999 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-der.c 21359 2007-06-27 08:15:41Z lha $");
-
-static int
-cmp_integer (void *a, void *b)
-{
-    int *ia = (int *)a;
-    int *ib = (int *)b;
-
-    return *ib - *ia;
-}
-
-static int
-test_integer (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x7f"},
-	{NULL, 2, "\x00\x80"},
-	{NULL, 2, "\x01\x00"},
-	{NULL, 1, "\x80"},
-	{NULL, 2, "\xff\x7f"},
-	{NULL, 1, "\xff"},
-	{NULL, 2, "\xff\x01"},
-	{NULL, 2, "\x00\xff"},
-	{NULL, 4, "\x7f\xff\xff\xff"}
-    };
-
-    int values[] = {0, 127, 128, 256, -128, -129, -1, -255, 255,
-		    0x7fffffff};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "integer %d", values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_integer,
-			 (generic_length) der_length_integer,
-			 (generic_decode)der_get_integer,
-			 (generic_free)NULL,
-			 cmp_integer);
-
-    for (i = 0; i < ntests; ++i)
-	free (tests[i].name);
-    return ret;
-}
-
-static int
-test_one_int(int val)
-{
-    int ret, dval;
-    unsigned char *buf;
-    size_t len_len, len;
-
-    len = _heim_len_int(val);
-
-    buf = emalloc(len + 2);
-
-    buf[0] = '\xff';
-    buf[len + 1] = '\xff';
-    memset(buf + 1, 0, len);
-
-    ret = der_put_integer(buf + 1 + len - 1, len, &val, &len_len);
-    if (ret) {
-	printf("integer %d encode failed %d\n", val, ret);
-	return 1;
-    }
-    if (len != len_len) {
-	printf("integer %d encode fail with %d len %lu, result len %lu\n",
-	       val, ret, (unsigned long)len, (unsigned long)len_len);
-	return 1;
-    }
-
-    ret = der_get_integer(buf + 1, len, &dval, &len_len);
-    if (ret) {
-	printf("integer %d decode failed %d\n", val, ret);
-	return 1;
-    }
-    if (len != len_len) {
-	printf("integer %d decoded diffrent len %lu != %lu",
-	       val, (unsigned long)len, (unsigned long)len_len);
-	return 1;
-    }
-    if (val != dval) {
-	printf("decode decoded to diffrent value %d != %d",
-	       val, dval);
-	return 1;
-    }
-
-    if (buf[0] != (unsigned char)'\xff') {
-	printf("precanary dead %d\n", val);
-	return 1;
-    }
-    if (buf[len + 1] != (unsigned char)'\xff') {
-	printf("postecanary dead %d\n", val);
-	return 1;
-    }
-    free(buf);
-    return 0;
-}
-
-static int
-test_integer_more (void)
-{
-    int i, n1, n2, n3, n4, n5, n6;
-
-    n2 = 0;
-    for (i = 0; i < (sizeof(int) * 8); i++) {
-	n1 = 0x01 << i;
-	n2 = n2 | n1;
-	n3 = ~n1;
-	n4 = ~n2;
-	n5 = (-1) & ~(0x3f << i);
-	n6 = (-1) & ~(0x7f << i);
-
-	test_one_int(n1);
-	test_one_int(n2);
-	test_one_int(n3);
-	test_one_int(n4);
-	test_one_int(n5);
-	test_one_int(n6);
-    }
-    return 0;
-}
-
-static int
-cmp_unsigned (void *a, void *b)
-{
-    return *(unsigned int*)b - *(unsigned int*)a;
-}
-
-static int
-test_unsigned (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x7f"},
-	{NULL, 2, "\x00\x80"},
-	{NULL, 2, "\x01\x00"},
-	{NULL, 2, "\x02\x00"},
-	{NULL, 3, "\x00\x80\x00"},
-	{NULL, 5, "\x00\x80\x00\x00\x00"},
-	{NULL, 4, "\x7f\xff\xff\xff"}
-    };
-
-    unsigned int values[] = {0, 127, 128, 256, 512, 32768, 
-			     0x80000000, 0x7fffffff};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "unsigned %u", values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_unsigned,
-			(generic_length)der_length_unsigned,
-			(generic_decode)der_get_unsigned,
-			(generic_free)NULL,
-			cmp_unsigned);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    return ret;
-}
-
-static int
-cmp_octet_string (void *a, void *b)
-{
-    heim_octet_string *oa = (heim_octet_string *)a;
-    heim_octet_string *ob = (heim_octet_string *)b;
-
-    if (oa->length != ob->length)
-	return ob->length - oa->length;
-
-    return (memcmp (oa->data, ob->data, oa->length));
-}
-
-static int
-test_octet_string (void)
-{
-    heim_octet_string s1 = {8, "\x01\x23\x45\x67\x89\xab\xcd\xef"};
-
-    struct test_case tests[] = {
-	{NULL, 8, "\x01\x23\x45\x67\x89\xab\xcd\xef"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a octet string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_octet_string),
-			(generic_encode)der_put_octet_string,
-			(generic_length)der_length_octet_string,
-			(generic_decode)der_get_octet_string,
-			(generic_free)der_free_octet_string,
-			cmp_octet_string);
-    free(tests[0].name);
-    return ret;
-}
-
-static int
-cmp_bmp_string (void *a, void *b)
-{
-    heim_bmp_string *oa = (heim_bmp_string *)a;
-    heim_bmp_string *ob = (heim_bmp_string *)b;
-
-    return der_heim_bmp_string_cmp(oa, ob);
-}
-
-static uint16_t bmp_d1[] = { 32 };
-static uint16_t bmp_d2[] = { 32, 32 };
-
-static int
-test_bmp_string (void)
-{
-    heim_bmp_string s1 = { 1, bmp_d1 };
-    heim_bmp_string s2 = { 2, bmp_d2 };
-
-    struct test_case tests[] = {
-	{NULL, 2, "\x00\x20"},
-	{NULL, 4, "\x00\x20\x00\x20"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a bmp string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-    tests[1].val = &s2;
-    asprintf (&tests[1].name, "second bmp string");
-    if (tests[1].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_bmp_string),
-			(generic_encode)der_put_bmp_string,
-			(generic_length)der_length_bmp_string,
-			(generic_decode)der_get_bmp_string,
-			(generic_free)der_free_bmp_string,
-			cmp_bmp_string);
-    free(tests[0].name);
-    free(tests[1].name);
-    return ret;
-}
-
-static int
-cmp_universal_string (void *a, void *b)
-{
-    heim_universal_string *oa = (heim_universal_string *)a;
-    heim_universal_string *ob = (heim_universal_string *)b;
-
-    return der_heim_universal_string_cmp(oa, ob);
-}
-
-static uint32_t universal_d1[] = { 32 };
-static uint32_t universal_d2[] = { 32, 32 };
-
-static int
-test_universal_string (void)
-{
-    heim_universal_string s1 = { 1, universal_d1 };
-    heim_universal_string s2 = { 2, universal_d2 };
-
-    struct test_case tests[] = {
-	{NULL, 4, "\x00\x00\x00\x20"},
-	{NULL, 8, "\x00\x00\x00\x20\x00\x00\x00\x20"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a universal string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-    tests[1].val = &s2;
-    asprintf (&tests[1].name, "second universal string");
-    if (tests[1].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_universal_string),
-			(generic_encode)der_put_universal_string,
-			(generic_length)der_length_universal_string,
-			(generic_decode)der_get_universal_string,
-			(generic_free)der_free_universal_string,
-			cmp_universal_string);
-    free(tests[0].name);
-    free(tests[1].name);
-    return ret;
-}
-
-static int
-cmp_general_string (void *a, void *b)
-{
-    char **sa = (char **)a;
-    char **sb = (char **)b;
-
-    return strcmp (*sa, *sb);
-}
-
-static int
-test_general_string (void)
-{
-    char *s1 = "Test User 1";
-
-    struct test_case tests[] = {
-	{NULL, 11, "\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31"}
-    };
-    int ret, ntests = sizeof(tests) / sizeof(*tests);
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "the string \"%s\"", s1);
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(unsigned char *),
-			(generic_encode)der_put_general_string,
-			(generic_length)der_length_general_string,
-			(generic_decode)der_get_general_string,
-			(generic_free)der_free_general_string,
-			cmp_general_string);
-    free(tests[0].name);
-    return ret;
-}
-
-static int
-cmp_generalized_time (void *a, void *b)
-{
-    time_t *ta = (time_t *)a;
-    time_t *tb = (time_t *)b;
-
-    return *tb - *ta;
-}
-
-static int
-test_generalized_time (void)
-{
-    struct test_case tests[] = {
-	{NULL, 15, "19700101000000Z"},
-	{NULL, 15, "19851106210627Z"}
-    };
-    time_t values[] = {0, 500159187};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "time %d", (int)values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(time_t),
-			(generic_encode)der_put_generalized_time,
-			(generic_length)der_length_generalized_time,
-			(generic_decode)der_get_generalized_time,
-			(generic_free)NULL,
-			cmp_generalized_time);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_oid (void *a, void *b)
-{
-    return der_heim_oid_cmp((heim_oid *)a, (heim_oid *)b);
-}
-
-static unsigned oid_comp1[] = { 1, 1, 1 };
-static unsigned oid_comp2[] = { 1, 1 };
-static unsigned oid_comp3[] = { 6, 15, 1 };
-static unsigned oid_comp4[] = { 6, 15 };
-
-static int
-test_oid (void)
-{
-    struct test_case tests[] = {
-	{NULL, 2, "\x29\x01"},
-	{NULL, 1, "\x29"},
-	{NULL, 2, "\xff\x01"},
-	{NULL, 1, "\xff"}
-    };
-    heim_oid values[] = {
-	{ 3, oid_comp1 },
-	{ 2, oid_comp2 },
-	{ 3, oid_comp3 },
-	{ 2, oid_comp4 }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "oid %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_oid),
-			(generic_encode)der_put_oid,
-			(generic_length)der_length_oid,
-			(generic_decode)der_get_oid,
-			(generic_free)der_free_oid,
-			test_cmp_oid);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_bit_string (void *a, void *b)
-{
-    return der_heim_bit_string_cmp((heim_bit_string *)a, (heim_bit_string *)b);
-}
-
-static int
-test_bit_string (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"}
-    };
-    heim_bit_string values[] = {
-	{ 0, "" }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "bit_string %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_bit_string),
-			(generic_encode)der_put_bit_string,
-			(generic_length)der_length_bit_string,
-			(generic_decode)der_get_bit_string,
-			(generic_free)der_free_bit_string,
-			test_cmp_bit_string);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_heim_integer (void *a, void *b)
-{
-    return der_heim_integer_cmp((heim_integer *)a, (heim_integer *)b);
-}
-
-static int
-test_heim_integer (void)
-{
-    struct test_case tests[] = {
-	{NULL, 2, "\xfe\x01"},
-	{NULL, 2, "\xef\x01"},
-	{NULL, 3, "\xff\x00\xff"},
-	{NULL, 3, "\xff\x01\x00"},
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x01"},
-	{NULL, 2, "\x00\x80"}
-    };
-
-    heim_integer values[] = {
-	{ 2, "\x01\xff", 1 },
-	{ 2, "\x10\xff", 1 },
-	{ 2, "\xff\x01", 1 },
-	{ 2, "\xff\x00", 1 },
-	{ 0, "", 0 },
-	{ 1, "\x01", 0 },
-	{ 1, "\x80", 0 }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(tests[0]);
-    size_t size;
-    heim_integer i2;
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "heim_integer %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_integer),
-			(generic_encode)der_put_heim_integer,
-			(generic_length)der_length_heim_integer,
-			(generic_decode)der_get_heim_integer,
-			(generic_free)der_free_heim_integer,
-			test_cmp_heim_integer);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    if (ret)
-	return ret;
-
-    /* test zero length integer (BER format) */
-    ret = der_get_heim_integer(NULL, 0, &i2, &size);
-    if (ret)
-	errx(1, "der_get_heim_integer");
-    if (i2.length != 0)
-	errx(1, "der_get_heim_integer wrong length");
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-test_cmp_boolean (void *a, void *b)
-{
-    return !!*(int *)a != !!*(int *)b;
-}
-
-static int
-test_boolean (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\xff"},
-	{NULL, 1, "\x00"}
-    };
-
-    int values[] = { 1, 0 };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(tests[0]);
-    size_t size;
-    heim_integer i2;
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "heim_boolean %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_boolean,
-			(generic_length)der_length_boolean,
-			(generic_decode)der_get_boolean,
-			(generic_free)NULL,
-			test_cmp_boolean);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    if (ret)
-	return ret;
-
-    /* test zero length integer (BER format) */
-    ret = der_get_heim_integer(NULL, 0, &i2, &size);
-    if (ret)
-	errx(1, "der_get_heim_integer");
-    if (i2.length != 0)
-	errx(1, "der_get_heim_integer wrong length");
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-check_fail_unsigned(void)
-{
-    struct test_case tests[] = {
-	{NULL, sizeof(unsigned) + 1,
-	 "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(unsigned),
-			       (generic_decode)der_get_unsigned);
-}
-
-static int
-check_fail_integer(void)
-{
-    struct test_case tests[] = {
-	{NULL, sizeof(int) + 1,
-	 "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(int),
-			       (generic_decode)der_get_integer);
-}
-
-static int
-check_fail_length(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 1, "\x82", "internal length overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(size_t),
-			       (generic_decode)der_get_length);
-}
-
-static int
-check_fail_boolean(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(int),
-			       (generic_decode)der_get_boolean);
-}
-
-static int
-check_fail_general_string(void)
-{
-    struct test_case tests[] = {
-	{ NULL, 3, "A\x00i", "NUL char in string"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_general_string),
-			       (generic_decode)der_get_general_string);
-}
-
-static int
-check_fail_bmp_string(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "odd (1) length bmpstring"},
-	{NULL, 3, "\x00\x00\x00", "odd (3) length bmpstring"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_bmp_string),
-			       (generic_decode)der_get_bmp_string);
-}
-
-static int
-check_fail_universal_string(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "x & 3 == 1 universal string"},
-	{NULL, 2, "\x00\x00", "x & 3 == 2 universal string"},
-	{NULL, 3, "\x00\x00\x00", "x & 3 == 3 universal string"},
-	{NULL, 5, "\x00\x00\x00\x00\x00", "x & 3 == 1 universal string"},
-	{NULL, 6, "\x00\x00\x00\x00\x00\x00", "x & 3 == 2 universal string"},
-	{NULL, 7, "\x00\x00\x00\x00\x00\x00\x00", "x & 3 == 3 universal string"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_universal_string),
-			       (generic_decode)der_get_universal_string);
-}
-
-static int
-check_fail_heim_integer(void)
-{
-#if 0
-    struct test_case tests[] = {
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_integer),
-			       (generic_decode)der_get_heim_integer);
-#else
-    return 0;
-#endif
-}
-
-static int
-check_fail_generalized_time(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "no time"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(time_t),
-			       (generic_decode)der_get_generalized_time);
-}
-
-static int
-check_fail_oid(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 2, "\x00\x80", "last byte continuation" },
-	{NULL, 11, "\x00\x81\x80\x80\x80\x80\x80\x80\x80\x80\x00", 
-	"oid element overflow" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_oid),
-			       (generic_decode)der_get_oid);
-}
-
-static int
-check_fail_bitstring(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 1, "\x08", "larger then 8 bits trailer"},
-	{NULL, 1, "\x01", "to few bytes for bits"},
-	{NULL, -2, "\x00", "length overrun"},
-	{NULL, -1, "", "length to short"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_bit_string),
-			       (generic_decode)der_get_bit_string);
-}
-
-static int
-check_heim_integer_same(const char *p, const char *norm_p, heim_integer *i)
-{
-    heim_integer i2;
-    char *str;
-    int ret;
-
-    ret = der_print_hex_heim_integer(i, &str);
-    if (ret)
-	errx(1, "der_print_hex_heim_integer: %d", ret);
-
-    if (strcmp(str, norm_p) != 0)
-	errx(1, "der_print_hex_heim_integer: %s != %s", str, p);
-
-    ret = der_parse_hex_heim_integer(str, &i2);
-    if (ret)
-	errx(1, "der_parse_hex_heim_integer: %d", ret);
-
-    if (der_heim_integer_cmp(i, &i2) != 0)
-	errx(1, "der_heim_integer_cmp: p %s", p);
-
-    der_free_heim_integer(&i2);
-    free(str);
-
-    ret = der_parse_hex_heim_integer(p, &i2);
-    if (ret)
-	errx(1, "der_parse_hex_heim_integer: %d", ret);
-
-    if (der_heim_integer_cmp(i, &i2) != 0)
-	errx(1, "der_heim_integer_cmp: norm");
-
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-test_heim_int_format(void)
-{
-    heim_integer i = { 1, "\x10", 0 };
-    heim_integer i2 = { 1, "\x10", 1 };
-    heim_integer i3 = { 1, "\01", 0 };
-    char *p =
-	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
-	"FFFFFFFF" "FFFFFFFF";
-    heim_integer bni = {
-	128, 
-	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2"
-	"\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1"
-	"\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6"
-	"\x3B\x13\x9B\x22\x51\x4A\x08\x79\x8E\x34\x04\xDD"
-	"\xEF\x95\x19\xB3\xCD\x3A\x43\x1B\x30\x2B\x0A\x6D"
-	"\xF2\x5F\x14\x37\x4F\xE1\x35\x6D\x6D\x51\xC2\x45"
-	"\xE4\x85\xB5\x76\x62\x5E\x7E\xC6\xF4\x4C\x42\xE9"
-	"\xA6\x37\xED\x6B\x0B\xFF\x5C\xB6\xF4\x06\xB7\xED"
-	"\xEE\x38\x6B\xFB\x5A\x89\x9F\xA5\xAE\x9F\x24\x11"
-	"\x7C\x4B\x1F\xE6\x49\x28\x66\x51\xEC\xE6\x53\x81"
-	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
-	0
-    };
-    heim_integer f;
-    int ret = 0;
-
-    ret += check_heim_integer_same(p, p, &bni);
-    ret += check_heim_integer_same("10", "10", &i);
-    ret += check_heim_integer_same("00000010", "10", &i);
-    ret += check_heim_integer_same("-10", "-10", &i2);
-    ret += check_heim_integer_same("-00000010", "-10", &i2);
-    ret += check_heim_integer_same("01", "01", &i3);
-    ret += check_heim_integer_same("1", "01", &i3);
-
-    {
-	int r;
-	r = der_parse_hex_heim_integer("-", &f);
-	if (r == 0) {
-	    der_free_heim_integer(&f);
-	    ret++;
-	}
-	/* used to cause UMR */
-	r = der_parse_hex_heim_integer("00", &f);
-	if (r == 0)
-	    der_free_heim_integer(&f);
-	else
-	    ret++;
-    }
-
-    return ret;
-}
-
-static int
-test_heim_oid_format_same(const char *str, const heim_oid *oid)
-{
-    int ret;
-    char *p;
-    heim_oid o2;
-
-    ret = der_print_heim_oid(oid, ' ', &p);
-    if (ret) {
-	printf("fail to print oid: %s\n", str);
-	return 1;
-    }
-    ret = strcmp(p, str);
-    if (ret) {
-	printf("oid %s != formated oid %s\n", str, p);
-	free(p);
-	return ret;
-    }
-
-    ret = der_parse_heim_oid(p, " ", &o2);
-    if (ret) {
-	printf("failed to parse %s\n", p);
-	free(p);
-	return ret;
-    }
-    free(p);
-    ret = der_heim_oid_cmp(&o2, oid);
-    der_free_oid(&o2);
-
-    return ret;
-}
-
-static unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
-
-static int
-test_heim_oid_format(void)
-{
-    heim_oid sha1 = { 6, sha1_oid_tree };
-    int ret = 0;
-
-    ret += test_heim_oid_format_same("1 3 14 3 2 26", &sha1);
-
-    return ret;
-}
-
-static int
-check_trailing_nul(void)
-{
-    int i, ret;
-    struct {
-	int fail;
-	const unsigned char *p;
-	size_t len;
-	const char *s;
-	size_t size;
-    } foo[] = {
-	{ 1, (const unsigned char *)"foo\x00o", 5, NULL, 0 },
-	{ 1, (const unsigned char *)"\x00o", 2, NULL, 0 },
-	{ 0, (const unsigned char *)"\x00\x00\x00\x00\x00", 5, "", 5 },
-	{ 0, (const unsigned char *)"\x00", 1, "", 1 },
-	{ 0, (const unsigned char *)"", 0, "", 0 },
-	{ 0, (const unsigned char *)"foo\x00\x00", 5, "foo", 5 },
-	{ 0, (const unsigned char *)"foo\0", 4, "foo", 4 },
-	{ 0, (const unsigned char *)"foo", 3, "foo", 3 }
-    };
-    
-    for (i = 0; i < sizeof(foo)/sizeof(foo[0]); i++) {
-	char *s;
-	size_t size;
-	ret = der_get_general_string(foo[i].p, foo[i].len, &s, &size);
-	if (foo[i].fail) {
-	    if (ret == 0)
-		errx(1, "check %d NULL didn't fail", i);
-	    continue;
-	}
-	if (ret)
-	    errx(1, "NULL check %d der_get_general_string failed", i);
-	if (foo[i].size != size)
-	    errx(1, "NUL check i = %d size failed", i);
-	if (strcmp(foo[i].s, s) != 0)
-	    errx(1, "NUL check i = %d content failed", i);
-	free(s);
-    }
-    return 0;
-}
-
-static int
-test_misc_cmp(void)
-{
-    int ret;
-
-    /* diffrent lengths are diffrent */
-    {
-	const heim_octet_string os1 = { 1, "a" } , os2 = { 0, NULL };
-	ret = der_heim_octet_string_cmp(&os1, &os2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent data are diffrent */
-    {
-	const heim_octet_string os1 = { 1, "a" } , os2 = { 1, "b" };
-	ret = der_heim_octet_string_cmp(&os1, &os2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	const heim_bit_string bs1 = { 8, "a" } , bs2 = { 7, "a" };
-	ret = der_heim_bit_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent data are diffrent */
-    {
-	const heim_bit_string bs1 = { 7, "\x0f" } , bs2 = { 7, "\x02" };
-	ret = der_heim_bit_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	uint16_t data = 1;
-	heim_bmp_string bs1 = { 1, NULL } , bs2 = { 0, NULL };
-	bs1.data = &data;
-	ret = der_heim_bmp_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	uint32_t data;
-	heim_universal_string us1 = { 1, NULL } , us2 = { 0, NULL };
-	us1.data = &data;
-	ret = der_heim_universal_string_cmp(&us1, &us2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* same */
-    {
-	uint32_t data = (uint32_t)'a';
-	heim_universal_string us1 = { 1, NULL } , us2 = { 1, NULL };
-	us1.data = &data;
-	us2.data = &data;
-	ret = der_heim_universal_string_cmp(&us1, &us2);
-	if (ret != 0)
-	    return 1;
-    }
-
-    return 0;
-}
-
-static int
-corner_generalized_time(void)
-{
-    const char *str = "760520140000Z";
-    size_t size;
-    time_t t;
-    int ret;
-
-    ret = der_get_generalized_time((const unsigned char*)str, strlen(str),
-				   &t, &size);
-    if (ret)
-	return 1;
-    return 0;
-}
-
-static int
-corner_tag(void)
-{
-    struct {
-	int ok;
-	const char *ptr;
-	size_t len;
-    } tests[] = { 
-	{ 1, "\x00", 1 },
-	{ 0, "\xff", 1 },
-	{ 0, "\xff\xff\xff\xff\xff\xff\xff\xff", 8 }
-    };
-    int i, ret;
-    Der_class cl;
-    Der_type ty;
-    unsigned int tag;
-    size_t size;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	ret = der_get_tag((const unsigned char*)tests[i].ptr, 
-			  tests[i].len, &cl, &ty, &tag, &size);
-	if (ret) {
-	    if (tests[i].ok)
-		errx(1, "failed while shouldn't");
-	} else {
-	    if (!tests[i].ok)
-		errx(1, "passed while shouldn't");
-	}
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_integer ();
-    ret += test_integer_more();
-    ret += test_unsigned ();
-    ret += test_octet_string ();
-    ret += test_bmp_string ();
-    ret += test_universal_string ();
-    ret += test_general_string ();
-    ret += test_generalized_time ();
-    ret += test_oid ();
-    ret += test_bit_string();
-    ret += test_heim_integer();
-    ret += test_boolean();
-
-    ret += check_fail_unsigned();
-    ret += check_fail_integer();
-    ret += check_fail_length();
-    ret += check_fail_boolean();
-    ret += check_fail_general_string();
-    ret += check_fail_bmp_string();
-    ret += check_fail_universal_string();
-    ret += check_fail_heim_integer();
-    ret += check_fail_generalized_time();
-    ret += check_fail_oid();
-    ret += check_fail_bitstring();
-    ret += test_heim_int_format();
-    ret += test_heim_oid_format();
-    ret += check_trailing_nul();
-    ret += test_misc_cmp();
-    ret += corner_generalized_time();
-    ret += corner_tag();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c
deleted file mode 100644
index a18a21d..0000000
--- a/crypto/heimdal/lib/asn1/check-gen.c
+++ /dev/null
@@ -1,955 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-#include <krb5_asn1.h>
-#include <heim_asn1.h>
-#include <rfc2459_asn1.h>
-#include <test_asn1.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-gen.c 21539 2007-07-14 16:12:04Z lha $");
-
-static char *lha_principal[] = { "lha" };
-static char *lharoot_princ[] = { "lha", "root" };
-static char *datan_princ[] = { "host", "nutcracker.e.kth.se" };
-static char *nada_tgt_principal[] = { "krbtgt", "NADA.KTH.SE" };
-
-
-#define IF_OPT_COMPARE(ac,bc,e) \
-	if (((ac)->e == NULL && (bc)->e != NULL) || (((ac)->e != NULL && (bc)->e == NULL))) return 1; if ((ab)->e)
-#define COMPARE_OPT_STRING(ac,bc,e) \
-	do { if (strcmp(*(ac)->e, *(bc)->e) != 0) return 1; } while(0)
-#define COMPARE_OPT_OCTECT_STRING(ac,bc,e) \
-	do { if ((ac)->e->length != (bc)->e->length || memcmp((ac)->e->data, (bc)->e->data, (ac)->e->length) != 0) return 1; } while(0)
-#define COMPARE_STRING(ac,bc,e) \
-	do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0)
-#define COMPARE_INTEGER(ac,bc,e) \
-	do { if ((ac)->e != (bc)->e) return 1; } while(0)
-#define COMPARE_MEM(ac,bc,e,len) \
-	do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0)
-
-static int
-cmp_principal (void *a, void *b)
-{
-    Principal *pa = a;
-    Principal *pb = b;
-    int i;
-
-    COMPARE_STRING(pa,pb,realm);
-    COMPARE_INTEGER(pa,pb,name.name_type);
-    COMPARE_INTEGER(pa,pb,name.name_string.len);
-
-    for (i = 0; i < pa->name.name_string.len; i++)
-	COMPARE_STRING(pa,pb,name.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_principal (void)
-{
-
-    struct test_case tests[] = {
-	{ NULL, 29, 
-	  "\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b"
-	  "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45"
-	},
-	{ NULL, 35,
-	  "\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b"
-	  "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55"
-	  "\x2e\x53\x45"
-	},
-	{ NULL, 54, 
-	  "\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b"
-	  "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65"
-	  "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e"
-	  "\x4b\x54\x48\x2e\x53\x45"
-	}
-    };
-
-
-    Principal values[] = { 
-	{ { KRB5_NT_PRINCIPAL, { 1, lha_principal } },  "SU.SE" },
-	{ { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },  "SU.SE" },
-	{ { KRB5_NT_SRV_HST, { 2, datan_princ } },  "E.KTH.SE" }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Principal %d", i);
-    }
-
-    ret = generic_test (tests, ntests, sizeof(Principal),
-			(generic_encode)encode_Principal,
-			(generic_length)length_Principal,
-			(generic_decode)decode_Principal,
-			(generic_free)free_Principal,
-			cmp_principal);
-    for (i = 0; i < ntests; ++i)
-	free (tests[i].name);
-
-    return ret;
-}
-
-static int
-cmp_authenticator (void *a, void *b)
-{
-    Authenticator *aa = a;
-    Authenticator *ab = b;
-    int i;
-
-    COMPARE_INTEGER(aa,ab,authenticator_vno);
-    COMPARE_STRING(aa,ab,crealm);
-
-    COMPARE_INTEGER(aa,ab,cname.name_type);
-    COMPARE_INTEGER(aa,ab,cname.name_string.len);
-
-    for (i = 0; i < aa->cname.name_string.len; i++)
-	COMPARE_STRING(aa,ab,cname.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_authenticator (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 63, 
-	  "\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08"
-	  "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0"
-	  "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61"
-	  "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30"
-	  "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a"
-	},
-	{ NULL, 67, 
-	  "\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05"
-	  "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01"
-	  "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72"
-	  "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f"
-	  "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33"
-	  "\x39\x5a"
-	}
-    };
-
-    Authenticator values[] = {
-	{ 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_principal } },
-	  NULL, 10, 99, NULL, NULL, NULL },
-	{ 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },
-	  NULL, 292, 999, NULL, NULL, NULL }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Authenticator %d", i);
-    }
-
-    ret = generic_test (tests, ntests, sizeof(Authenticator),
-			(generic_encode)encode_Authenticator,
-			(generic_length)length_Authenticator,
-			(generic_decode)decode_Authenticator,
-			(generic_free)free_Authenticator,
-			cmp_authenticator);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-
-    return ret;
-}
-
-static int
-cmp_KRB_ERROR (void *a, void *b)
-{
-    KRB_ERROR *aa = a;
-    KRB_ERROR *ab = b;
-    int i;
-
-    COMPARE_INTEGER(aa,ab,pvno);
-    COMPARE_INTEGER(aa,ab,msg_type);
-
-    IF_OPT_COMPARE(aa,ab,ctime) {
-	COMPARE_INTEGER(aa,ab,ctime);
-    }
-    IF_OPT_COMPARE(aa,ab,cusec) {
-	COMPARE_INTEGER(aa,ab,cusec);
-    }
-    COMPARE_INTEGER(aa,ab,stime);
-    COMPARE_INTEGER(aa,ab,susec);
-    COMPARE_INTEGER(aa,ab,error_code);
-
-    IF_OPT_COMPARE(aa,ab,crealm) {
-	COMPARE_OPT_STRING(aa,ab,crealm);
-    }
-#if 0
-    IF_OPT_COMPARE(aa,ab,cname) {
-	COMPARE_OPT_STRING(aa,ab,cname);
-    }
-#endif
-    COMPARE_STRING(aa,ab,realm);
-
-    COMPARE_INTEGER(aa,ab,sname.name_string.len);
-    for (i = 0; i < aa->sname.name_string.len; i++)
-	COMPARE_STRING(aa,ab,sname.name_string.val[i]);
-
-    IF_OPT_COMPARE(aa,ab,e_text) {
-	COMPARE_OPT_STRING(aa,ab,e_text);
-    }
-    IF_OPT_COMPARE(aa,ab,e_data) {
-	/* COMPARE_OPT_OCTECT_STRING(aa,ab,e_data); */
-    }
-
-    return 0;
-}
-
-static int
-test_krb_error (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 127, 
-	  "\x7e\x7d\x30\x7b\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11"
-	  "\x18\x0f\x32\x30\x30\x33\x31\x31\x32\x34\x30\x30\x31\x31\x31\x39"
-	  "\x5a\xa5\x05\x02\x03\x04\xed\xa5\xa6\x03\x02\x01\x1f\xa7\x0d\x1b"
-	  "\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xa8\x10\x30\x0e"
-	  "\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61\xa9\x0d"
-	  "\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xaa\x20\x30"
-	  "\x1e\xa0\x03\x02\x01\x01\xa1\x17\x30\x15\x1b\x06\x6b\x72\x62\x74"
-	  "\x67\x74\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45",
-	  "KRB-ERROR Test 1"
-	}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    KRB_ERROR e1;
-    PrincipalName lhaprincipalname = { 1, { 1, lha_principal } };
-    PrincipalName tgtprincipalname = { 1, { 2, nada_tgt_principal } };
-    char *realm = "NADA.KTH.SE";
-
-    e1.pvno = 5;
-    e1.msg_type = 30;
-    e1.ctime = NULL;
-    e1.cusec = NULL;
-    e1.stime = 1069632679;
-    e1.susec = 322981;
-    e1.error_code = 31;
-    e1.crealm = &realm;
-    e1.cname = &lhaprincipalname;
-    e1.realm = "NADA.KTH.SE";
-    e1.sname = tgtprincipalname;
-    e1.e_text = NULL;
-    e1.e_data = NULL;
-
-    tests[0].val = &e1;
-
-    return generic_test (tests, ntests, sizeof(KRB_ERROR),
-			 (generic_encode)encode_KRB_ERROR,
-			 (generic_length)length_KRB_ERROR,
-			 (generic_decode)decode_KRB_ERROR,
-			 (generic_free)free_KRB_ERROR,
-			 cmp_KRB_ERROR);
-}
-
-static int
-cmp_Name (void *a, void *b)
-{
-    Name *aa = a;
-    Name *ab = b;
-
-    COMPARE_INTEGER(aa,ab,element);
-
-    return 0;
-}
-
-static int
-test_Name (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 35, 
-	  "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
-	  "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
-	  "\x4f\x4c\x4d",
-	  "Name CN=Love+L=STOCKHOLM"
-	},
-	{ NULL, 35, 
-	  "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
-	  "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
-	  "\x4f\x4c\x4d",
-	  "Name L=STOCKHOLM+CN=Love"
-	}
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    Name n1, n2;
-    RelativeDistinguishedName rdn1[1];
-    RelativeDistinguishedName rdn2[1];
-    AttributeTypeAndValue atv1[2];
-    AttributeTypeAndValue atv2[2];
-    unsigned cmp_CN[] = { 2, 5, 4, 3 };
-    unsigned cmp_L[] = { 2, 5, 4, 7 };
-
-    /* n1 */
-    n1.element = choice_Name_rdnSequence;
-    n1.u.rdnSequence.val = rdn1;
-    n1.u.rdnSequence.len = sizeof(rdn1)/sizeof(rdn1[0]);
-    rdn1[0].val = atv1;
-    rdn1[0].len = sizeof(atv1)/sizeof(atv1[0]);
-
-    atv1[0].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
-    atv1[0].type.components = cmp_CN;
-    atv1[0].value.element = choice_DirectoryString_printableString;
-    atv1[0].value.u.printableString = "Love";
-
-    atv1[1].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
-    atv1[1].type.components = cmp_L;
-    atv1[1].value.element = choice_DirectoryString_printableString;
-    atv1[1].value.u.printableString = "STOCKHOLM";
-
-    /* n2 */
-    n2.element = choice_Name_rdnSequence;
-    n2.u.rdnSequence.val = rdn2;
-    n2.u.rdnSequence.len = sizeof(rdn2)/sizeof(rdn2[0]);
-    rdn2[0].val = atv2;
-    rdn2[0].len = sizeof(atv2)/sizeof(atv2[0]);
-
-    atv2[0].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
-    atv2[0].type.components = cmp_L;
-    atv2[0].value.element = choice_DirectoryString_printableString;
-    atv2[0].value.u.printableString = "STOCKHOLM";
-
-    atv2[1].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
-    atv2[1].type.components = cmp_CN;
-    atv2[1].value.element = choice_DirectoryString_printableString;
-    atv2[1].value.u.printableString = "Love";
-
-    /* */
-    tests[0].val = &n1;
-    tests[1].val = &n2;
-
-    return generic_test (tests, ntests, sizeof(Name),
-			 (generic_encode)encode_Name,
-			 (generic_length)length_Name,
-			 (generic_decode)decode_Name,
-			 (generic_free)free_Name,
-			 cmp_Name);
-}
-
-static int
-cmp_KeyUsage (void *a, void *b)
-{
-    KeyUsage *aa = a;
-    KeyUsage *ab = b;
-
-    return KeyUsage2int(*aa) != KeyUsage2int(*ab);
-}
-
-static int
-test_bit_string (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 4,
-	  "\x03\x02\x07\x80",
-	  "bitstring 1"
-	},
-	{ NULL, 4,
-	  "\x03\x02\x05\xa0",
-	  "bitstring 2"
-	},
-	{ NULL, 5,
-	  "\x03\x03\x07\x00\x80",
-	  "bitstring 3"
-	},
-	{ NULL, 3,
-	  "\x03\x01\x00",
-	  "bitstring 4"
-	}
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    KeyUsage ku1, ku2, ku3, ku4;
-
-    memset(&ku1, 0, sizeof(ku1));
-    ku1.digitalSignature = 1;
-    tests[0].val = &ku1;
-
-    memset(&ku2, 0, sizeof(ku2));
-    ku2.digitalSignature = 1;
-    ku2.keyEncipherment = 1;
-    tests[1].val = &ku2;
-
-    memset(&ku3, 0, sizeof(ku3));
-    ku3.decipherOnly = 1;
-    tests[2].val = &ku3;
-
-    memset(&ku4, 0, sizeof(ku4));
-    tests[3].val = &ku4;
-
-
-    return generic_test (tests, ntests, sizeof(KeyUsage),
-			 (generic_encode)encode_KeyUsage,
-			 (generic_length)length_KeyUsage,
-			 (generic_decode)decode_KeyUsage,
-			 (generic_free)free_KeyUsage,
-			 cmp_KeyUsage);
-}
-
-static int
-cmp_TESTLargeTag (void *a, void *b)
-{
-    TESTLargeTag *aa = a;
-    TESTLargeTag *ab = b;
-
-    COMPARE_INTEGER(aa,ab,foo);
-    return 0;
-}
-
-static int
-test_large_tag (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  8,  "\x30\x06\xbf\x7f\x03\x02\x01\x01", "large tag 1" }
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    TESTLargeTag lt1;
-
-    memset(&lt1, 0, sizeof(lt1));
-    lt1.foo = 1;
-
-    tests[0].val = &lt1;
-
-    return generic_test (tests, ntests, sizeof(TESTLargeTag),
-			 (generic_encode)encode_TESTLargeTag,
-			 (generic_length)length_TESTLargeTag,
-			 (generic_decode)decode_TESTLargeTag,
-			 (generic_free)free_TESTLargeTag,
-			 cmp_TESTLargeTag);
-}
-
-struct test_data {
-    int ok;
-    size_t len;
-    size_t expected_len;
-    void *data;
-};
-
-static int
-check_tag_length(void)
-{
-    struct test_data td[] = {
-	{ 1, 3, 3, "\x02\x01\x00"},
-	{ 1, 3, 3, "\x02\x01\x7f"},
-	{ 1, 4, 4, "\x02\x02\x00\x80"},
-	{ 1, 4, 4, "\x02\x02\x01\x00"},
-	{ 1, 4, 4, "\x02\x02\x02\x00"},
-	{ 0, 3, 0, "\x02\x02\x00"},
-	{ 0, 3, 0, "\x02\x7f\x7f"},
-	{ 0, 4, 0, "\x02\x03\x00\x80"},
-	{ 0, 4, 0, "\x02\x7f\x01\x00"},
-	{ 0, 5, 0, "\x02\xff\x7f\x02\x00"}
-    };
-    size_t sz;
-    krb5uint32 values[] = {0, 127, 128, 256, 512,
-			 0, 127, 128, 256, 512 };
-    krb5uint32 u;
-    int i, ret, failed = 0;
-    void *buf;
-
-    for (i = 0; i < sizeof(td)/sizeof(td[0]); i++) {
-	struct map_page *page;
-
-	buf = map_alloc(OVERRUN, td[i].data, td[i].len, &page);
-
-	ret = decode_krb5uint32(buf, td[i].len, &u, &sz);
-	if (ret) {
-	    if (td[i].ok) {
-		printf("failed with tag len test %d\n", i);
-		failed = 1;
-	    }
-	} else {
-	    if (td[i].ok == 0) {
-		printf("failed with success for tag len test %d\n", i);
-		failed = 1;
-	    }
-	    if (td[i].expected_len != sz) {
-		printf("wrong expected size for tag test %d\n", i);
-		failed = 1;
-	    }
-	    if (values[i] != u) {
-		printf("wrong value for tag test %d\n", i);
-		failed = 1;
-	    }
-	}
-	map_free(page, "test", "decode");
-    }
-    return failed;
-}
-
-static int
-cmp_TESTChoice (void *a, void *b)
-{
-    return 0;
-}
-
-static int
-test_choice (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  5,  "\xa1\x03\x02\x01\x01", "large choice 1" },
-	{ NULL,  5,  "\xa2\x03\x02\x01\x02", "large choice 2" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTChoice1 c1;
-    TESTChoice1 c2_1;
-    TESTChoice2 c2_2;
-
-    memset(&c1, 0, sizeof(c1));
-    c1.element = choice_TESTChoice1_i1;
-    c1.u.i1 = 1;
-    tests[0].val = &c1;
-
-    memset(&c2_1, 0, sizeof(c2_1));
-    c2_1.element = choice_TESTChoice1_i2;
-    c2_1.u.i2 = 2;
-    tests[1].val = &c2_1;
-
-    ret += generic_test (tests, ntests, sizeof(TESTChoice1),
-			 (generic_encode)encode_TESTChoice1,
-			 (generic_length)length_TESTChoice1,
-			 (generic_decode)decode_TESTChoice1,
-			 (generic_free)free_TESTChoice1,
-			 cmp_TESTChoice);
-
-    memset(&c2_2, 0, sizeof(c2_2));
-    c2_2.element = choice_TESTChoice2_asn1_ellipsis;
-    c2_2.u.asn1_ellipsis.data = "\xa2\x03\x02\x01\x02";
-    c2_2.u.asn1_ellipsis.length = 5;
-    tests[1].val = &c2_2;
-
-    ret += generic_test (tests, ntests, sizeof(TESTChoice2),
-			 (generic_encode)encode_TESTChoice2,
-			 (generic_length)length_TESTChoice2,
-			 (generic_decode)decode_TESTChoice2,
-			 (generic_free)free_TESTChoice2,
-			 cmp_TESTChoice);
-
-    return ret;
-}
-
-static int
-cmp_TESTImplicit (void *a, void *b)
-{
-    TESTImplicit *aa = a;
-    TESTImplicit *ab = b;
-
-    COMPARE_INTEGER(aa,ab,ti1);
-    COMPARE_INTEGER(aa,ab,ti2.foo);
-    COMPARE_INTEGER(aa,ab,ti3);
-    return 0;
-}
-
-/*
-UNIV CONS Sequence 14
-  CONTEXT PRIM 0 1 00
-  CONTEXT CONS 1 6
-   CONTEXT CONS 127 3
-     UNIV PRIM Integer 1 02
-  CONTEXT PRIM 2 1 03
-*/
-
-static int
-test_implicit (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  16,  
-	  "\x30\x0e\x80\x01\x00\xa1\x06\xbf"
-	  "\x7f\x03\x02\x01\x02\x82\x01\x03", 
-	  "implicit 1" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTImplicit c0;
-
-    memset(&c0, 0, sizeof(c0));
-    c0.ti1 = 0;
-    c0.ti2.foo = 2;
-    c0.ti3 = 3;
-    tests[0].val = &c0;
-
-    ret += generic_test (tests, ntests, sizeof(TESTImplicit),
-			 (generic_encode)encode_TESTImplicit,
-			 (generic_length)length_TESTImplicit,
-			 (generic_decode)decode_TESTImplicit,
-			 (generic_free)free_TESTImplicit,
-			 cmp_TESTImplicit);
-
-#ifdef IMPLICIT_TAGGING_WORKS
-    ret += generic_test (tests, ntests, sizeof(TESTImplicit2),
-			 (generic_encode)encode_TESTImplicit2,
-			 (generic_length)length_TESTImplicit2,
-			 (generic_decode)decode_TESTImplicit2,
-			 (generic_free)free_TESTImplicit2,
-			 cmp_TESTImplicit);
-
-#endif /* IMPLICIT_TAGGING_WORKS */
-    return ret;
-}
-
-static int
-cmp_TESTAlloc (void *a, void *b)
-{
-    TESTAlloc *aa = a;
-    TESTAlloc *ab = b;
-
-    IF_OPT_COMPARE(aa,ab,tagless) {
-	COMPARE_INTEGER(aa,ab,tagless->ai);
-    }
-
-    COMPARE_INTEGER(aa,ab,three);
-
-    IF_OPT_COMPARE(aa,ab,tagless2) {
-	COMPARE_OPT_OCTECT_STRING(aa, ab, tagless2);
-    }
-
-    return 0;
-}
-
-/*
-UNIV CONS Sequence 12
-  UNIV CONS Sequence 5
-    CONTEXT CONS 0 3
-      UNIV PRIM Integer 1 01
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 03
-
-UNIV CONS Sequence 5
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 03
-
-UNIV CONS Sequence 8
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 04
-  UNIV PRIM Integer 1 05
-
-*/
-
-static int
-test_taglessalloc (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  14,  
-	  "\x30\x0c\x30\x05\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x03", 
-	  "alloc 1" },
-	{ NULL,  7,  
-	  "\x30\x05\xa1\x03\x02\x01\x03", 
-	  "alloc 2" },
-	{ NULL,  10,  
-	  "\x30\x08\xa1\x03\x02\x01\x04\x02\x01\x05", 
-	  "alloc 3" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTAlloc c1, c2, c3;
-    heim_any any3;
-
-    memset(&c1, 0, sizeof(c1));
-    c1.tagless = ecalloc(1, sizeof(*c1.tagless));
-    c1.tagless->ai = 1;
-    c1.three = 3;
-    tests[0].val = &c1;
-
-    memset(&c2, 0, sizeof(c2));
-    c2.tagless = NULL;
-    c2.three = 3;
-    tests[1].val = &c2;
-
-    memset(&c3, 0, sizeof(c3));
-    c3.tagless = NULL;
-    c3.three = 4;
-    c3.tagless2 = &any3;
-    any3.data = "\x02\x01\x05";
-    any3.length = 3;
-    tests[2].val = &c3;
-
-    ret += generic_test (tests, ntests, sizeof(TESTAlloc),
-			 (generic_encode)encode_TESTAlloc,
-			 (generic_length)length_TESTAlloc,
-			 (generic_decode)decode_TESTAlloc,
-			 (generic_free)free_TESTAlloc,
-			 cmp_TESTAlloc);
-
-    free(c1.tagless);
-
-    return ret;
-}
-
-
-static int
-check_fail_largetag(void)
-{
-    struct test_case tests[] = {
-	{NULL, 14, "\x30\x0c\xbf\x87\xff\xff\xff\xff\xff\x7f\x03\x02\x01\x01",
-	 "tag overflow"},
-	{NULL, 0, "", "empty buffer"},
-	{NULL, 7, "\x30\x05\xa1\x03\x02\x02\x01",
-	 "one too short" },
-	{NULL, 7, "\x30\x04\xa1\x03\x02\x02\x01"
-	 "two too short" },
-	{NULL, 7, "\x30\x03\xa1\x03\x02\x02\x01",
-	 "three too short" },
-	{NULL, 7, "\x30\x02\xa1\x03\x02\x02\x01",
-	 "four too short" },
-	{NULL, 7, "\x30\x01\xa1\x03\x02\x02\x01",
-	 "five too short" },
-	{NULL, 7, "\x30\x00\xa1\x03\x02\x02\x01",
-	 "six too short" },
-	{NULL, 7, "\x30\x05\xa1\x04\x02\x02\x01",
-	 "inner one too long" },
-	{NULL, 7, "\x30\x00\xa1\x02\x02\x02\x01",
-	 "inner one too short" },
-	{NULL, 8, "\x30\x05\xbf\x7f\x03\x02\x02\x01",
-	 "inner one too short"},
-	{NULL, 8, "\x30\x06\xbf\x64\x03\x02\x01\x01",
-	 "wrong tag"},
-	{NULL, 10, "\x30\x08\xbf\x9a\x9b\x38\x03\x02\x01\x01",
-	 "still wrong tag"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTLargeTag),
-			       (generic_decode)decode_TESTLargeTag);
-}
-
-
-static int
-check_fail_sequence(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty buffer"},
-	{NULL, 24, 
-	 "\x30\x16\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
-	 "\x02\x01\x01\xa2\x03\x02\x01\x01"
-	 "missing one byte from the end, internal length ok"},
-	{NULL, 25,
-	 "\x30\x18\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
-	 "\x02\x01\x01\xa2\x03\x02\x01\x01",
-	 "inner length one byte too long"},
-	{NULL, 24, 
-	 "\x30\x17\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01"
-	 "\x01\x02\x01\x01\xa2\x03\x02\x01\x01",
-	 "correct buffer but missing one too short"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTSeq),
-			       (generic_decode)decode_TESTSeq);
-}
-
-static int
-check_fail_choice(void)
-{
-    struct test_case tests[] = {
-	{NULL, 6,
-	 "\xa1\x02\x02\x01\x01",
-	 "one too short"},
-	{NULL, 6,
-	 "\xa1\x03\x02\x02\x01",
-	 "one too short inner"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTChoice1),
-			       (generic_decode)decode_TESTChoice1);
-}
-
-static int
-check_seq(void)
-{
-    TESTSeqOf seq;
-    TESTInteger i;
-    int ret;
-
-    seq.val = NULL;
-    seq.len = 0;
-
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-
-    ret = remove_TESTSeqOf(&seq, seq.len - 1);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 2);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret == 0) {
-	printf("can remove from empty list");
-	return 1;
-    }
-
-    if (seq.len != 0) {
-	printf("seq not empty!");
-	return 1;
-    }
-    free_TESTSeqOf(&seq);
-    ret = 0;
-
-out:
-
-    return ret;
-}
-
-#define test_seq_of(type, ok, ptr)					\
-{									\
-    heim_octet_string os;						\
-    size_t size;							\
-    type decode;							\
-    ASN1_MALLOC_ENCODE(type, os.data, os.length, ptr, &size, ret);	\
-    if (ret)								\
-	return ret;							\
-    if (os.length != size)						\
-	abort();							\
-    ret = decode_##type(os.data, os.length, &decode, &size);		\
-    free(os.data);							\
-    if (ret) {								\
-	if (ok)								\
-	    return 1;							\
-    } else {								\
-	free_##type(&decode);						\
-	if (!ok)							\
-	    return 1;							\
-	if (size != 0)							\
-            return 1;							\
-    }									\
-    return 0;								\
-}
-
-static int
-check_seq_of_size(void)
-{
-    TESTInteger integers[4] = { 1, 2, 3, 4 };
-    int ret;
-
-    {
-	TESTSeqSizeOf1 ssof1f1 = { 1, integers };
-	TESTSeqSizeOf1 ssof1ok1 = { 2, integers };
-	TESTSeqSizeOf1 ssof1f2 = { 3, integers };
-
-	test_seq_of(TESTSeqSizeOf1, 0, &ssof1f1);
-	test_seq_of(TESTSeqSizeOf1, 1, &ssof1ok1);
-	test_seq_of(TESTSeqSizeOf1, 0, &ssof1f2);
-    }
-    {
-	TESTSeqSizeOf2 ssof2f1 = { 0, NULL };
-	TESTSeqSizeOf2 ssof2ok1 = { 1, integers };
-	TESTSeqSizeOf2 ssof2ok2 = { 2, integers };
-	TESTSeqSizeOf2 ssof2f2 = { 3, integers };
-	
-	test_seq_of(TESTSeqSizeOf2, 0, &ssof2f1);
-	test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok1);
-	test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok2);
-	test_seq_of(TESTSeqSizeOf2, 0, &ssof2f2);
-    }
-    {
-	TESTSeqSizeOf3 ssof3f1 = { 0, NULL };
-	TESTSeqSizeOf3 ssof3ok1 = { 1, integers };
-	TESTSeqSizeOf3 ssof3ok2 = { 2, integers };
-	
-	test_seq_of(TESTSeqSizeOf3, 0, &ssof3f1);
-	test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok1);
-	test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok2);
-    }
-    {
-	TESTSeqSizeOf4 ssof4ok1 = { 0, NULL };
-	TESTSeqSizeOf4 ssof4ok2 = { 1, integers };
-	TESTSeqSizeOf4 ssof4ok3 = { 2, integers };
-	TESTSeqSizeOf4 ssof4f1  = { 3, integers };
-	
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok1);
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok2); 
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok3);
-	test_seq_of(TESTSeqSizeOf4, 0, &ssof4f1);
-   }
-
-    return 0;
-}
-
-
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_principal ();
-    ret += test_authenticator();
-    ret += test_krb_error();
-    ret += test_Name();
-    ret += test_bit_string();
-
-    ret += check_tag_length();
-    ret += test_large_tag();
-    ret += test_choice();
-
-    ret += test_implicit();
-    ret += test_taglessalloc();
-
-    ret += check_fail_largetag();
-    ret += check_fail_sequence();
-    ret += check_fail_choice();
-
-    ret += check_seq();
-    ret += check_seq_of_size();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/check-timegm.c b/crypto/heimdal/lib/asn1/check-timegm.c
deleted file mode 100644
index 7d33455..0000000
--- a/crypto/heimdal/lib/asn1/check-timegm.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <der_locl.h>
-
-RCSID("$Id: check-timegm.c 18610 2006-10-19 16:33:24Z lha $");
-
-static int
-test_timegm(void)
-{
-    int ret = 0;
-    struct tm tm;
-    time_t t;
-
-    memset(&tm, 0, sizeof(tm));
-    tm.tm_year = 106;
-    tm.tm_mon = 9;
-    tm.tm_mday = 1;
-    tm.tm_hour = 10;
-    tm.tm_min = 3;
-
-    t = _der_timegm(&tm);
-    if (t != 1159696980)
-	ret += 1;
-
-    tm.tm_mday = 0;
-    t = _der_timegm(&tm);
-    if (t != -1)
-	ret += 1;
-
-    return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_timegm();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/der-protos.h b/crypto/heimdal/lib/asn1/der-protos.h
deleted file mode 100644
index 7bfe02e..0000000
--- a/crypto/heimdal/lib/asn1/der-protos.h
+++ /dev/null
@@ -1,567 +0,0 @@
-/* This is a generated file */
-#ifndef __der_protos_h__
-#define __der_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int
-copy_heim_any (
-	const heim_any */*from*/,
-	heim_any */*to*/);
-
-int
-copy_heim_any_set (
-	const heim_any_set */*from*/,
-	heim_any_set */*to*/);
-
-int
-decode_heim_any (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_any */*data*/,
-	size_t */*size*/);
-
-int
-decode_heim_any_set (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_any_set */*data*/,
-	size_t */*size*/);
-
-int
-der_copy_bit_string (
-	const heim_bit_string */*from*/,
-	heim_bit_string */*to*/);
-
-int
-der_copy_bmp_string (
-	const heim_bmp_string */*from*/,
-	heim_bmp_string */*to*/);
-
-int
-der_copy_general_string (
-	const heim_general_string */*from*/,
-	heim_general_string */*to*/);
-
-int
-der_copy_heim_integer (
-	const heim_integer */*from*/,
-	heim_integer */*to*/);
-
-int
-der_copy_ia5_string (
-	const heim_printable_string */*from*/,
-	heim_printable_string */*to*/);
-
-int
-der_copy_octet_string (
-	const heim_octet_string */*from*/,
-	heim_octet_string */*to*/);
-
-int
-der_copy_oid (
-	const heim_oid */*from*/,
-	heim_oid */*to*/);
-
-int
-der_copy_printable_string (
-	const heim_printable_string */*from*/,
-	heim_printable_string */*to*/);
-
-int
-der_copy_universal_string (
-	const heim_universal_string */*from*/,
-	heim_universal_string */*to*/);
-
-int
-der_copy_utf8string (
-	const heim_utf8_string */*from*/,
-	heim_utf8_string */*to*/);
-
-int
-der_copy_visible_string (
-	const heim_visible_string */*from*/,
-	heim_visible_string */*to*/);
-
-void
-der_free_bit_string (heim_bit_string */*k*/);
-
-void
-der_free_bmp_string (heim_bmp_string */*k*/);
-
-void
-der_free_general_string (heim_general_string */*str*/);
-
-void
-der_free_heim_integer (heim_integer */*k*/);
-
-void
-der_free_ia5_string (heim_ia5_string */*str*/);
-
-void
-der_free_octet_string (heim_octet_string */*k*/);
-
-void
-der_free_oid (heim_oid */*k*/);
-
-void
-der_free_printable_string (heim_printable_string */*str*/);
-
-void
-der_free_universal_string (heim_universal_string */*k*/);
-
-void
-der_free_utf8string (heim_utf8_string */*str*/);
-
-void
-der_free_visible_string (heim_visible_string */*str*/);
-
-int
-der_get_bit_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_bit_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_bmp_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_bmp_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_boolean (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	int */*data*/,
-	size_t */*size*/);
-
-const char *
-der_get_class_name (unsigned /*num*/);
-
-int
-der_get_class_num (const char */*name*/);
-
-int
-der_get_general_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_general_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_generalized_time (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_get_heim_integer (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_integer */*data*/,
-	size_t */*size*/);
-
-int
-der_get_ia5_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_ia5_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_integer (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	int */*ret*/,
-	size_t */*size*/);
-
-int
-der_get_length (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	size_t */*val*/,
-	size_t */*size*/);
-
-int
-der_get_octet_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_octet_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_oid (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_oid */*data*/,
-	size_t */*size*/);
-
-int
-der_get_printable_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_printable_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_tag (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class */*class*/,
-	Der_type */*type*/,
-	unsigned int */*tag*/,
-	size_t */*size*/);
-
-const char *
-der_get_tag_name (unsigned /*num*/);
-
-int
-der_get_tag_num (const char */*name*/);
-
-const char *
-der_get_type_name (unsigned /*num*/);
-
-int
-der_get_type_num (const char */*name*/);
-
-int
-der_get_universal_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_universal_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_unsigned (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	unsigned */*ret*/,
-	size_t */*size*/);
-
-int
-der_get_utctime (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_get_utf8string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_utf8_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_visible_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_visible_string */*str*/,
-	size_t */*size*/);
-
-int
-der_heim_bit_string_cmp (
-	const heim_bit_string */*p*/,
-	const heim_bit_string */*q*/);
-
-int
-der_heim_bmp_string_cmp (
-	const heim_bmp_string */*p*/,
-	const heim_bmp_string */*q*/);
-
-int
-der_heim_integer_cmp (
-	const heim_integer */*p*/,
-	const heim_integer */*q*/);
-
-int
-der_heim_octet_string_cmp (
-	const heim_octet_string */*p*/,
-	const heim_octet_string */*q*/);
-
-int
-der_heim_oid_cmp (
-	const heim_oid */*p*/,
-	const heim_oid */*q*/);
-
-int
-der_heim_universal_string_cmp (
-	const heim_universal_string */*p*/,
-	const heim_universal_string */*q*/);
-
-size_t
-der_length_bit_string (const heim_bit_string */*k*/);
-
-size_t
-der_length_bmp_string (const heim_bmp_string */*data*/);
-
-size_t
-der_length_boolean (const int */*k*/);
-
-size_t
-der_length_enumerated (const unsigned */*data*/);
-
-size_t
-der_length_general_string (const heim_general_string */*data*/);
-
-size_t
-der_length_generalized_time (const time_t */*t*/);
-
-size_t
-der_length_heim_integer (const heim_integer */*k*/);
-
-size_t
-der_length_ia5_string (const heim_ia5_string */*data*/);
-
-size_t
-der_length_integer (const int */*data*/);
-
-size_t
-der_length_len (size_t /*len*/);
-
-size_t
-der_length_octet_string (const heim_octet_string */*k*/);
-
-size_t
-der_length_oid (const heim_oid */*k*/);
-
-size_t
-der_length_printable_string (const heim_printable_string */*data*/);
-
-size_t
-der_length_universal_string (const heim_universal_string */*data*/);
-
-size_t
-der_length_unsigned (const unsigned */*data*/);
-
-size_t
-der_length_utctime (const time_t */*t*/);
-
-size_t
-der_length_utf8string (const heim_utf8_string */*data*/);
-
-size_t
-der_length_visible_string (const heim_visible_string */*data*/);
-
-int
-der_match_tag (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_match_tag_and_length (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*length_ret*/,
-	size_t */*size*/);
-
-int
-der_parse_heim_oid (
-	const char */*str*/,
-	const char */*sep*/,
-	heim_oid */*data*/);
-
-int
-der_parse_hex_heim_integer (
-	const char */*p*/,
-	heim_integer */*data*/);
-
-int
-der_print_heim_oid (
-	const heim_oid */*oid*/,
-	char /*delim*/,
-	char **/*str*/);
-
-int
-der_print_hex_heim_integer (
-	const heim_integer */*data*/,
-	char **/*p*/);
-
-int
-der_put_bit_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_bit_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_bmp_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_bmp_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_boolean (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const int */*data*/,
-	size_t */*size*/);
-
-int
-der_put_general_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_general_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_generalized_time (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_put_heim_integer (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_integer */*data*/,
-	size_t */*size*/);
-
-int
-der_put_ia5_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_ia5_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_integer (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const int */*v*/,
-	size_t */*size*/);
-
-int
-der_put_length (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	size_t /*val*/,
-	size_t */*size*/);
-
-int
-der_put_length_and_tag (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	size_t /*len_val*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_put_octet_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_octet_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_oid (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_oid */*data*/,
-	size_t */*size*/);
-
-int
-der_put_printable_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_printable_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_tag (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_put_universal_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_universal_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_unsigned (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const unsigned */*v*/,
-	size_t */*size*/);
-
-int
-der_put_utctime (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_put_utf8string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_utf8_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_visible_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_visible_string */*str*/,
-	size_t */*size*/);
-
-int
-encode_heim_any (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_any */*data*/,
-	size_t */*size*/);
-
-int
-encode_heim_any_set (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_any_set */*data*/,
-	size_t */*size*/);
-
-void
-free_heim_any (heim_any */*data*/);
-
-void
-free_heim_any_set (heim_any_set */*data*/);
-
-int
-heim_any_cmp (
-	const heim_any_set */*p*/,
-	const heim_any_set */*q*/);
-
-size_t
-length_heim_any (const heim_any */*data*/);
-
-size_t
-length_heim_any_set (const heim_any */*data*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __der_protos_h__ */
diff --git a/crypto/heimdal/lib/asn1/der.c b/crypto/heimdal/lib/asn1/der.c
deleted file mode 100644
index 120dc08..0000000
--- a/crypto/heimdal/lib/asn1/der.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $");
-
-
-static const char *class_names[] = {
-    "UNIV",			/* 0 */
-    "APPL",			/* 1 */
-    "CONTEXT",			/* 2 */
-    "PRIVATE"			/* 3 */
-};
-
-static const char *type_names[] = {
-    "PRIM",			/* 0 */
-    "CONS"			/* 1 */
-};
-
-static const char *tag_names[] = {
-    "EndOfContent",		/* 0 */
-    "Boolean",			/* 1 */
-    "Integer",			/* 2 */
-    "BitString",		/* 3 */
-    "OctetString",		/* 4 */
-    "Null",			/* 5 */
-    "ObjectID",			/* 6 */
-    NULL,			/* 7 */
-    NULL,			/* 8 */
-    NULL,			/* 9 */
-    "Enumerated",		/* 10 */
-    NULL,			/* 11 */
-    NULL,			/* 12 */
-    NULL,			/* 13 */
-    NULL,			/* 14 */
-    NULL,			/* 15 */
-    "Sequence",			/* 16 */
-    "Set",			/* 17 */
-    NULL,			/* 18 */
-    "PrintableString",		/* 19 */
-    NULL,			/* 20 */
-    NULL,			/* 21 */
-    "IA5String",		/* 22 */
-    "UTCTime",			/* 23 */
-    "GeneralizedTime",		/* 24 */
-    NULL,			/* 25 */
-    "VisibleString",		/* 26 */
-    "GeneralString",		/* 27 */
-    NULL,			/* 28 */
-    NULL,			/* 29 */
-    "BMPString"			/* 30 */
-};
-
-static int
-get_type(const char *name, const char *list[], unsigned len)
-{
-    unsigned i;
-    for (i = 0; i < len; i++)
-	if (list[i] && strcasecmp(list[i], name) == 0)
-	    return i;
-    return -1;
-}
-
-#define SIZEOF_ARRAY(a) (sizeof((a))/sizeof((a)[0]))
-
-const char *
-der_get_class_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(class_names))
-	return NULL;
-    return class_names[num];
-}
-
-int
-der_get_class_num(const char *name)
-{
-    return get_type(name, class_names, SIZEOF_ARRAY(class_names));
-}
-
-const char *
-der_get_type_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(type_names))
-	return NULL;
-    return type_names[num];
-}
-
-int
-der_get_type_num(const char *name)
-{
-    return get_type(name, type_names, SIZEOF_ARRAY(type_names));
-}
-
-const char *
-der_get_tag_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(tag_names))
-	return NULL;
-    return tag_names[num];
-}
-
-int
-der_get_tag_num(const char *name)
-{
-    return get_type(name, tag_names, SIZEOF_ARRAY(tag_names));
-}
diff --git a/crypto/heimdal/lib/asn1/der.h b/crypto/heimdal/lib/asn1/der.h
deleted file mode 100644
index 13e3932..0000000
--- a/crypto/heimdal/lib/asn1/der.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */
-
-#ifndef __DER_H__
-#define __DER_H__
-
-typedef enum {
-    ASN1_C_UNIV = 0,
-    ASN1_C_APPL = 1,
-    ASN1_C_CONTEXT = 2,
-    ASN1_C_PRIVATE = 3
-} Der_class;
-
-typedef enum {PRIM = 0, CONS = 1} Der_type;
-
-#define MAKE_TAG(CLASS, TYPE, TAG)  (((CLASS) << 6) | ((TYPE) << 5) | (TAG))
-
-/* Universal tags */
-
-enum {
-    UT_EndOfContent	= 0,
-    UT_Boolean		= 1,
-    UT_Integer		= 2,	
-    UT_BitString	= 3,
-    UT_OctetString	= 4,
-    UT_Null		= 5,
-    UT_OID		= 6,
-    UT_Enumerated	= 10,
-    UT_UTF8String	= 12,
-    UT_Sequence		= 16,
-    UT_Set		= 17,
-    UT_PrintableString	= 19,
-    UT_IA5String	= 22,
-    UT_UTCTime		= 23,
-    UT_GeneralizedTime	= 24,
-    UT_UniversalString	= 25,
-    UT_VisibleString	= 26,
-    UT_GeneralString	= 27,
-    UT_BMPString	= 30,
-    /* unsupported types */
-    UT_ObjectDescriptor = 7,
-    UT_External		= 8,
-    UT_Real		= 9,
-    UT_EmbeddedPDV	= 11,
-    UT_RelativeOID	= 13,
-    UT_NumericString	= 18,
-    UT_TeletexString	= 20,
-    UT_VideotexString	= 21,
-    UT_GraphicString	= 25
-};
-
-#define ASN1_INDEFINITE 0xdce0deed
-
-typedef struct heim_der_time_t {
-    time_t dt_sec;
-    unsigned long dt_nsec;
-} heim_der_time_t;
-
-typedef struct heim_ber_time_t {
-    time_t bt_sec;
-    unsigned bt_nsec;
-    int bt_zone;
-} heim_ber_time_t;
-
-#include <der-protos.h>
-
-int _heim_fix_dce(size_t reallen, size_t *len);
-int _heim_der_set_sort(const void *, const void *);
-int _heim_time2generalizedtime (time_t, heim_octet_string *, int);
-
-#endif /* __DER_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_cmp.c b/crypto/heimdal/lib/asn1/der_cmp.c
deleted file mode 100644
index f27f03c..0000000
--- a/crypto/heimdal/lib/asn1/der_cmp.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-int
-der_heim_oid_cmp(const heim_oid *p, const heim_oid *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->components, 
-		  q->components,
-		  p->length * sizeof(*p->components));
-}
-
-int
-der_heim_octet_string_cmp(const heim_octet_string *p, 
-			  const heim_octet_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
-
-int
-der_heim_bit_string_cmp(const heim_bit_string *p,
-			const heim_bit_string *q)
-{
-    int i, r1, r2;
-    if (p->length != q->length)
-	return p->length - q->length;
-    i = memcmp(p->data, q->data, p->length / 8);
-    if (i)
-	return i;
-    if ((p->length % 8) == 0)
-	return 0;
-    i = (p->length / 8);
-    r1 = ((unsigned char *)p->data)[i];
-    r2 = ((unsigned char *)q->data)[i];
-    i = 8 - (p->length % 8);
-    r1 = r1 >> i;
-    r2 = r2 >> i;
-    return r1 - r2;
-}
-
-int
-der_heim_integer_cmp(const heim_integer *p,
-		     const heim_integer *q)
-{
-    if (p->negative != q->negative)
-	return q->negative - p->negative;
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
-
-int
-der_heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
-}
-
-int
-der_heim_universal_string_cmp(const heim_universal_string *p, 
-			      const heim_universal_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
-}
diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c
deleted file mode 100644
index 04c4531..0000000
--- a/crypto/heimdal/lib/asn1/der_copy.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $");
-
-int
-der_copy_general_string (const heim_general_string *from, 
-			 heim_general_string *to)
-{
-    *to = strdup(*from);
-    if(*to == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_printable_string (const heim_printable_string *from, 
-		       heim_printable_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_ia5_string (const heim_printable_string *from, 
-		     heim_printable_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length * sizeof(to->data[0]));
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
-    return 0;
-}
-
-int
-der_copy_universal_string (const heim_universal_string *from,
-			   heim_universal_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length * sizeof(to->data[0]));
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
-    return 0;
-}
-
-int
-der_copy_visible_string (const heim_visible_string *from, 
-			 heim_visible_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length);
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length);
-    return 0;
-}
-
-int
-der_copy_heim_integer (const heim_integer *from, heim_integer *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length);
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length);
-    to->negative = from->negative;
-    return 0;
-}
-
-int
-der_copy_oid (const heim_oid *from, heim_oid *to)
-{
-    to->length     = from->length;
-    to->components = malloc(to->length * sizeof(*to->components));
-    if (to->length != 0 && to->components == NULL)
-	return ENOMEM;
-    memcpy(to->components, from->components,
-	   to->length * sizeof(*to->components));
-    return 0;
-}
-
-int
-der_copy_bit_string (const heim_bit_string *from, heim_bit_string *to)
-{
-    size_t len;
-
-    len = (from->length + 7) / 8;
-    to->length = from->length;
-    to->data   = malloc(len);
-    if(len != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, len);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_format.c b/crypto/heimdal/lib/asn1/der_format.c
deleted file mode 100644
index 6908bdd..0000000
--- a/crypto/heimdal/lib/asn1/der_format.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <hex.h>
-
-RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $");
-
-int
-der_parse_hex_heim_integer (const char *p, heim_integer *data)
-{
-    ssize_t len;
-
-    data->length = 0;
-    data->negative = 0;
-    data->data = NULL;
-
-    if (*p == '-') {
-	p++;
-	data->negative = 1;
-    }
-
-    len = strlen(p);
-    if (len <= 0) {
-	data->data = NULL;
-	data->length = 0;
-	return EINVAL;
-    }
-    
-    data->length = (len / 2) + 1;
-    data->data = malloc(data->length);
-    if (data->data == NULL) {
-	data->length = 0;
-	return ENOMEM;
-    }
-
-    len = hex_decode(p, data->data, data->length);
-    if (len < 0) {
-	free(data->data);
-	data->data = NULL;
-	data->length = 0;
-	return EINVAL;
-    }
-
-    {
-	unsigned char *q = data->data;
-	while(len > 0 && *q == 0) {
-	    q++;
-	    len--;
-	}
-	data->length = len;
-	memmove(data->data, q, len);
-    }
-    return 0;
-}
-
-int
-der_print_hex_heim_integer (const heim_integer *data, char **p)
-{
-    ssize_t len;
-    char *q;
-
-    len = hex_encode(data->data, data->length, p);
-    if (len < 0)
-	return ENOMEM;
-
-    if (data->negative) {
-	len = asprintf(&q, "-%s", *p);
-	free(*p);
-	if (len < 0)
-	    return ENOMEM;
-	*p = q;
-    }
-    return 0;
-}
-
-int
-der_print_heim_oid (const heim_oid *oid, char delim, char **str)
-{
-    struct rk_strpool *p = NULL;
-    int i;
-
-    if (oid->length == 0)
-	return EINVAL;
-
-    for (i = 0; i < oid->length ; i++) {
-	p = rk_strpoolprintf(p, "%d", oid->components[i]);
-	if (p && i < oid->length - 1)
-	    p = rk_strpoolprintf(p, "%c", delim);
-	if (p == NULL) {
-	    *str = NULL;
-	    return ENOMEM;
-	}
-    }
-
-    *str = rk_strpoolcollect(p);
-    if (*str == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-der_parse_heim_oid (const char *str, const char *sep, heim_oid *data)
-{
-    char *s, *w, *brkt, *endptr;
-    unsigned int *c;
-    long l;
-
-    data->length = 0;
-    data->components = NULL;
-
-    if (sep == NULL)
-	sep = ".";
-
-    s = strdup(str);
-
-    for (w = strtok_r(s, sep, &brkt); 
-	 w != NULL; 
-	 w = strtok_r(NULL, sep, &brkt)) {
-
-	c = realloc(data->components,
-		    (data->length + 1) * sizeof(data->components[0]));
-	if (c == NULL) {
-	    der_free_oid(data);
-	    free(s);
-	    return ENOMEM;
-	}
-	data->components = c;
-
-	l = strtol(w, &endptr, 10);
-	if (*endptr != '\0' || l < 0 || l > INT_MAX) {
-	    der_free_oid(data);
-	    free(s);
-	    return EINVAL;
-	}
-	data->components[data->length++] = l;
-    }
-    free(s);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_free.c b/crypto/heimdal/lib/asn1/der_free.c
deleted file mode 100644
index 851cb1d..0000000
--- a/crypto/heimdal/lib/asn1/der_free.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $");
-
-void
-der_free_general_string (heim_general_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_utf8string (heim_utf8_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_printable_string (heim_printable_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_ia5_string (heim_ia5_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_bmp_string (heim_bmp_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_universal_string (heim_universal_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_visible_string (heim_visible_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_octet_string (heim_octet_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_heim_integer (heim_integer *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_oid (heim_oid *k)
-{
-    free(k->components);
-    k->components = NULL;
-    k->length = 0;
-}
-
-void
-der_free_bit_string (heim_bit_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c
deleted file mode 100644
index f232ce9..0000000
--- a/crypto/heimdal/lib/asn1/der_get.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
-
-#include <version.h>
-
-/* 
- * All decoding functions take a pointer `p' to first position in
- * which to read, from the left, `len' which means the maximum number
- * of characters we are able to read, `ret' were the value will be
- * returned and `size' where the number of used bytes is stored.
- * Either 0 or an error code is returned.
- */
-
-int
-der_get_unsigned (const unsigned char *p, size_t len,
-		  unsigned *ret, size_t *size)
-{
-    unsigned val = 0;
-    size_t oldlen = len;
-
-    if (len == sizeof(unsigned) + 1 && p[0] == 0)
-	;
-    else if (len > sizeof(unsigned))
-	return ASN1_OVERRUN;
-
-    while (len--)
-	val = val * 256 + *p++;
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_integer (const unsigned char *p, size_t len,
-		 int *ret, size_t *size)
-{
-    int val = 0;
-    size_t oldlen = len;
-
-    if (len > sizeof(int))
-	return ASN1_OVERRUN;
-
-    if (len > 0) {
-	val = (signed char)*p++;
-	while (--len)
-	    val = val * 256 + *p++;
-    }
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_length (const unsigned char *p, size_t len,
-		size_t *val, size_t *size)
-{
-    size_t v;
-
-    if (len <= 0)
-	return ASN1_OVERRUN;
-    --len;
-    v = *p++;
-    if (v < 128) {
-	*val = v;
-	if(size) *size = 1;
-    } else {
-	int e;
-	size_t l;
-	unsigned tmp;
-
-	if(v == 0x80){
-	    *val = ASN1_INDEFINITE;
-	    if(size) *size = 1;
-	    return 0;
-	}
-	v &= 0x7F;
-	if (len < v)
-	    return ASN1_OVERRUN;
-	e = der_get_unsigned (p, v, &tmp, &l);
-	if(e) return e;
-	*val = tmp;
-	if(size) *size = l + 1;
-    }
-    return 0;
-}
-
-int
-der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size)
-{
-    if(len < 1)
-	return ASN1_OVERRUN;
-    if(*p != 0)
-	*data = 1;
-    else
-	*data = 0;
-    *size = 1;
-    return 0;
-}
-
-int
-der_get_general_string (const unsigned char *p, size_t len, 
-			heim_general_string *str, size_t *size)
-{
-    const unsigned char *p1;
-    char *s;
-
-    p1 = memchr(p, 0, len);
-    if (p1 != NULL) {
-	/* 
-	 * Allow trailing NULs. We allow this since MIT Kerberos sends
-	 * an strings in the NEED_PREAUTH case that includes a
-	 * trailing NUL.
-	 */
-	while (p1 - p < len && *p1 == '\0')
-	    p1++;
-       if (p1 - p != len)
-	    return ASN1_BAD_CHARACTER;
-    }
-    if (len > len + 1)
-	return ASN1_BAD_LENGTH;
-
-    s = malloc (len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    memcpy (s, p, len);
-    s[len] = '\0';
-    *str = s;
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_utf8string (const unsigned char *p, size_t len, 
-		    heim_utf8_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_printable_string (const unsigned char *p, size_t len, 
-			  heim_printable_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_ia5_string (const unsigned char *p, size_t len, 
-		    heim_ia5_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_bmp_string (const unsigned char *p, size_t len, 
-		    heim_bmp_string *data, size_t *size)
-{
-    size_t i;
-
-    if (len & 1)
-	return ASN1_BAD_FORMAT;
-    data->length = len / 2;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
-	return ERANGE;
-    data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-
-    for (i = 0; i < data->length; i++) {
-	data->data[i] = (p[0] << 8) | p[1];
-	p += 2;
-    }
-    if (size) *size = len;
-
-    return 0;
-}
-
-int
-der_get_universal_string (const unsigned char *p, size_t len, 
-			  heim_universal_string *data, size_t *size)
-{
-    size_t i;
-
-    if (len & 3)
-	return ASN1_BAD_FORMAT;
-    data->length = len / 4;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
-	return ERANGE;
-    data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-
-    for (i = 0; i < data->length; i++) {
-	data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-	p += 4;
-    }
-    if (size) *size = len;
-    return 0;
-}
-
-int
-der_get_visible_string (const unsigned char *p, size_t len, 
-			heim_visible_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_octet_string (const unsigned char *p, size_t len, 
-		      heim_octet_string *data, size_t *size)
-{
-    data->length = len;
-    data->data = malloc(len);
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-    memcpy (data->data, p, len);
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_heim_integer (const unsigned char *p, size_t len, 
-		      heim_integer *data, size_t *size)
-{
-    data->length = 0;
-    data->negative = 0;
-    data->data = NULL;
-
-    if (len == 0) {
-	if (size)
-	    *size = 0;
-	return 0;
-    }
-    if (p[0] & 0x80) {
-	unsigned char *q;
-	int carry = 1;
-	data->negative = 1;
-
-	data->length = len;
-
-	if (p[0] == 0xff) {
-	    p++;
-	    data->length--;
-	}
-	data->data = malloc(data->length);
-	if (data->data == NULL) {
-	    data->length = 0;
-	    if (size)
-		*size = 0;
-	    return ENOMEM;
-	}
-	q = &((unsigned char*)data->data)[data->length - 1];
-	p += data->length - 1;
-	while (q >= (unsigned char*)data->data) {
-	    *q = *p ^ 0xff;
-	    if (carry)
-		carry = !++*q;
-	    p--;
-	    q--;
-	}
-    } else {
-	data->negative = 0;
-	data->length = len;
-
-	if (p[0] == 0) {
-	    p++;
-	    data->length--;
-	}
-	data->data = malloc(data->length);
-	if (data->data == NULL && data->length != 0) {
-	    data->length = 0;
-	    if (size)
-		*size = 0;
-	    return ENOMEM;
-	}
-	memcpy(data->data, p, data->length);
-    }
-    if (size)
-	*size = len;
-    return 0;
-}
-
-static int
-generalizedtime2time (const char *s, time_t *t)
-{
-    struct tm tm;
-
-    memset(&tm, 0, sizeof(tm));
-    if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ",
-		&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
-		&tm.tm_min, &tm.tm_sec) != 6) {
-	if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ",
-		    &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
-		    &tm.tm_min, &tm.tm_sec) != 6)
-	    return ASN1_BAD_TIMEFORMAT;
-	if (tm.tm_year < 50)
-	    tm.tm_year += 2000;
-	else
-	    tm.tm_year += 1900;
-    }
-    tm.tm_year -= 1900;
-    tm.tm_mon -= 1;
-    *t = _der_timegm (&tm);
-    return 0;
-}
-
-static int
-der_get_time (const unsigned char *p, size_t len, 
-	      time_t *data, size_t *size)
-{
-    char *times;
-    int e;
-
-    if (len > len + 1 || len == 0)
-	return ASN1_BAD_LENGTH;
-
-    times = malloc(len + 1);
-    if (times == NULL)
-	return ENOMEM;
-    memcpy(times, p, len);
-    times[len] = '\0';
-    e = generalizedtime2time(times, data);
-    free (times);
-    if(size) *size = len;
-    return e;
-}
-
-int
-der_get_generalized_time (const unsigned char *p, size_t len, 
-			  time_t *data, size_t *size)
-{
-    return der_get_time(p, len, data, size);
-}
-
-int
-der_get_utctime (const unsigned char *p, size_t len, 
-			  time_t *data, size_t *size)
-{
-    return der_get_time(p, len, data, size);
-}
-
-int
-der_get_oid (const unsigned char *p, size_t len,
-	     heim_oid *data, size_t *size)
-{
-    size_t n;
-    size_t oldlen = len;
-
-    if (len < 1)
-	return ASN1_OVERRUN;
-
-    if (len > len + 1)
-	return ASN1_BAD_LENGTH;
-
-    if (len + 1 > UINT_MAX/sizeof(data->components[0]))
-	return ERANGE;
-
-    data->components = malloc((len + 1) * sizeof(data->components[0]));
-    if (data->components == NULL)
-	return ENOMEM;
-    data->components[0] = (*p) / 40;
-    data->components[1] = (*p) % 40;
-    --len;
-    ++p;
-    for (n = 2; len > 0; ++n) {
-	unsigned u = 0, u1;
-	
-	do {
-	    --len;
-	    u1 = u * 128 + (*p++ % 128);
-	    /* check that we don't overflow the element */
-	    if (u1 < u) {
-		der_free_oid(data);
-		return ASN1_OVERRUN;
-	    }
-	    u = u1;
-	} while (len > 0 && p[-1] & 0x80);
-	data->components[n] = u;
-    }
-    if (n > 2 && p[-1] & 0x80) {
-	der_free_oid (data);
-	return ASN1_OVERRUN;
-    }
-    data->length = n;
-    if (size)
-	*size = oldlen;
-    return 0;
-}
-
-int
-der_get_tag (const unsigned char *p, size_t len,
-	     Der_class *class, Der_type *type,
-	     unsigned int *tag, size_t *size)
-{
-    size_t ret = 0;
-    if (len < 1)
-	return ASN1_OVERRUN;
-    *class = (Der_class)(((*p) >> 6) & 0x03);
-    *type = (Der_type)(((*p) >> 5) & 0x01);
-    *tag = (*p) & 0x1f;
-    p++; len--; ret++;
-    if(*tag == 0x1f) {
-	unsigned int continuation;
-	unsigned int tag1;
-	*tag = 0;
-	do {
-	    if(len < 1)
-		return ASN1_OVERRUN;
-	    continuation = *p & 128;
-	    tag1 = *tag * 128 + (*p % 128);
-	    /* check that we don't overflow the tag */
-	    if (tag1 < *tag)
-		return ASN1_OVERFLOW;
-	    *tag = tag1;
-	    p++; len--; ret++;
-	} while(continuation);
-    }
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-der_match_tag (const unsigned char *p, size_t len,
-	       Der_class class, Der_type type,
-	       unsigned int tag, size_t *size)
-{
-    size_t l;
-    Der_class thisclass;
-    Der_type thistype;
-    unsigned int thistag;
-    int e;
-
-    e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
-    if (e) return e;
-    if (class != thisclass || type != thistype)
-	return ASN1_BAD_ID;
-    if(tag > thistag)
-	return ASN1_MISPLACED_FIELD;
-    if(tag < thistag)
-	return ASN1_MISSING_FIELD;
-    if(size) *size = l;
-    return 0;
-}
-
-int
-der_match_tag_and_length (const unsigned char *p, size_t len,
-			  Der_class class, Der_type type, unsigned int tag,
-			  size_t *length_ret, size_t *size)
-{
-    size_t l, ret = 0;
-    int e;
-
-    e = der_match_tag (p, len, class, type, tag, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, length_ret, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-/* 
- * Old versions of DCE was based on a very early beta of the MIT code,
- * which used MAVROS for ASN.1 encoding. MAVROS had the interesting
- * feature that it encoded data in the forward direction, which has
- * it's problems, since you have no idea how long the data will be
- * until after you're done. MAVROS solved this by reserving one byte
- * for length, and later, if the actual length was longer, it reverted
- * to indefinite, BER style, lengths. The version of MAVROS used by
- * the DCE people could apparently generate correct X.509 DER encodings, and
- * did this by making space for the length after encoding, but
- * unfortunately this feature wasn't used with Kerberos. 
- */
-
-int
-_heim_fix_dce(size_t reallen, size_t *len)
-{
-    if(reallen == ASN1_INDEFINITE)
-	return 1;
-    if(*len < reallen)
-	return -1;
-    *len = reallen;
-    return 0;
-}
-
-int
-der_get_bit_string (const unsigned char *p, size_t len, 
-		    heim_bit_string *data, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERRUN;
-    if (p[0] > 7)
-	return ASN1_BAD_FORMAT;
-    if (len - 1 == 0 && p[0] != 0)
-	return ASN1_BAD_FORMAT;
-    /* check if any of the three upper bits are set
-     * any of them will cause a interger overrun */
-    if ((len - 1) >> (sizeof(len) * 8 - 3))
-	return ASN1_OVERRUN;
-    data->length = (len - 1) * 8;
-    data->data = malloc(len - 1);
-    if (data->data == NULL && (len - 1) != 0)
-	return ENOMEM;
-    memcpy (data->data, p + 1, len - 1);
-    data->length -= p[0];
-    if(size) *size = len;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_length.c b/crypto/heimdal/lib/asn1/der_length.c
deleted file mode 100644
index a7f8f59..0000000
--- a/crypto/heimdal/lib/asn1/der_length.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $");
-
-size_t
-_heim_len_unsigned (unsigned val)
-{
-    size_t ret = 0;
-    int last_val_gt_128;
-    
-    do {
-	++ret;
-	last_val_gt_128 = (val >= 128);
-	val /= 256;
-    } while (val);
-
-    if(last_val_gt_128)
-	ret++;
-
-    return ret;
-}
-
-size_t
-_heim_len_int (int val)
-{
-    unsigned char q;
-    size_t ret = 0;
-
-    if (val >= 0) {
-	do {
-	    q = val % 256;
-	    ret++;
-	    val /= 256;
-	} while(val);
-	if(q >= 128)
-	    ret++;
-    } else {
-	val = ~val;
-	do {
-	    q = ~(val % 256);
-	    ret++;
-	    val /= 256;
-	} while(val);
-	if(q < 128)
-	    ret++;
-    }
-    return ret;
-}
-
-static size_t
-len_oid (const heim_oid *oid)
-{
-    size_t ret = 1;
-    int n;
-
-    for (n = 2; n < oid->length; ++n) {
-	unsigned u = oid->components[n];
-
-	do {
-	    ++ret;
-	    u /= 128;
-	} while(u > 0);
-    }
-    return ret;
-}
-
-size_t
-der_length_len (size_t len)
-{
-    if (len < 128)
-	return 1;
-    else {
-	int ret = 0;
-	do {
-	    ++ret;
-	    len /= 256;
-	} while (len);
-	return ret + 1;
-    }
-}
-
-size_t
-der_length_integer (const int *data)
-{
-    return _heim_len_int (*data);
-}
-
-size_t
-der_length_unsigned (const unsigned *data)
-{
-    return _heim_len_unsigned(*data);
-}
-
-size_t
-der_length_enumerated (const unsigned *data)
-{
-  return _heim_len_int (*data);
-}
-
-size_t
-der_length_general_string (const heim_general_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_utf8string (const heim_utf8_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_printable_string (const heim_printable_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_ia5_string (const heim_ia5_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_bmp_string (const heim_bmp_string *data)
-{
-    return data->length * 2;
-}
-
-size_t
-der_length_universal_string (const heim_universal_string *data)
-{
-    return data->length * 4;
-}
-
-size_t
-der_length_visible_string (const heim_visible_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_octet_string (const heim_octet_string *k)
-{
-    return k->length;
-}
-
-size_t
-der_length_heim_integer (const heim_integer *k)
-{
-    if (k->length == 0)
-	return 1;
-    if (k->negative)
-	return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1);
-    else
-	return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0);
-}
-
-size_t
-der_length_oid (const heim_oid *k)
-{
-    return len_oid (k);
-}
-
-size_t
-der_length_generalized_time (const time_t *t)
-{
-    heim_octet_string k;
-    size_t ret;
-
-    _heim_time2generalizedtime (*t, &k, 1);
-    ret = k.length;
-    free(k.data);
-    return ret;
-}
-
-size_t
-der_length_utctime (const time_t *t)
-{
-    heim_octet_string k;
-    size_t ret;
-
-    _heim_time2generalizedtime (*t, &k, 0);
-    ret = k.length;
-    free(k.data);
-    return ret;
-}
-
-size_t
-der_length_boolean (const int *k)
-{
-    return 1;
-}
-
-size_t
-der_length_bit_string (const heim_bit_string *k)
-{
-    return (k->length + 7) / 8 + 1;
-}
diff --git a/crypto/heimdal/lib/asn1/der_locl.h b/crypto/heimdal/lib/asn1/der_locl.h
deleted file mode 100644
index 5b97557..0000000
--- a/crypto/heimdal/lib/asn1/der_locl.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */
-
-#ifndef __DER_LOCL_H__
-#define __DER_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-time_t _der_timegm (struct tm *);
-size_t _heim_len_unsigned (unsigned);
-size_t _heim_len_int (int);
-
-#endif /* __DER_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c
deleted file mode 100644
index 1fdbfe1..0000000
--- a/crypto/heimdal/lib/asn1/der_put.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $");
-
-/*
- * All encoding functions take a pointer `p' to first position in
- * which to write, from the right, `len' which means the maximum
- * number of characters we are able to write.  The function returns
- * the number of characters written in `size' (if non-NULL).
- * The return value is 0 or an error.
- */
-
-int
-der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size)
-{
-    unsigned char *base = p;
-    unsigned val = *v;
-
-    if (val) {
-	while (len > 0 && val) {
-	    *p-- = val % 256;
-	    val /= 256;
-	    --len;
-	}
-	if (val != 0)
-	    return ASN1_OVERFLOW;
-	else {
-	    if(p[1] >= 128) {
-		if(len < 1)
-		    return ASN1_OVERFLOW;
-		*p-- = 0;
-	    }
-	    *size = base - p;
-	    return 0;
-	}
-    } else if (len < 1)
-	return ASN1_OVERFLOW;
-    else {
-	*p    = 0;
-	*size = 1;
-	return 0;
-    }
-}
-
-int
-der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
-{
-    unsigned char *base = p;
-    int val = *v;
-
-    if(val >= 0) {
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = val % 256;
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] >= 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0;
-	    len--;
-	}
-    } else {
-	val = ~val;
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = ~(val % 256);
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] < 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0xff;
-	    len--;
-	}
-    }
-    *size = base - p;
-    return 0;
-}
-
-
-int
-der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERFLOW;
-
-    if (val < 128) {
-	*p = val;
-	*size = 1;
-    } else {
-	size_t l = 0;
-
-	while(val > 0) {
-	    if(len < 2)
-		return ASN1_OVERFLOW;
-	    *p-- = val % 256;
-	    val /= 256;
-	    len--;
-	    l++;
-	}
-	*p = 0x80 | l;
-	if(size)
-	    *size = l + 1;
-    }
-    return 0;
-}
-
-int
-der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size)
-{
-    if(len < 1)
-	return ASN1_OVERFLOW;
-    if(*data != 0)
-	*p = 0xff;
-    else
-	*p = 0;
-    *size = 1;
-    return 0;
-}
-
-int
-der_put_general_string (unsigned char *p, size_t len, 
-			const heim_general_string *str, size_t *size)
-{
-    size_t slen = strlen(*str);
-
-    if (len < slen)
-	return ASN1_OVERFLOW;
-    p -= slen;
-    len -= slen;
-    memcpy (p+1, *str, slen);
-    *size = slen;
-    return 0;
-}
-
-int
-der_put_utf8string (unsigned char *p, size_t len, 
-		    const heim_utf8_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_printable_string (unsigned char *p, size_t len, 
-			  const heim_printable_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_ia5_string (unsigned char *p, size_t len, 
-		    const heim_ia5_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_bmp_string (unsigned char *p, size_t len, 
-		    const heim_bmp_string *data, size_t *size)
-{
-    size_t i;
-    if (len / 2 < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length * 2;
-    len -= data->length * 2;
-    for (i = 0; i < data->length; i++) {
-	p[1] = (data->data[i] >> 8) & 0xff;
-	p[2] = data->data[i] & 0xff;
-	p += 2;
-    }
-    if (size) *size = data->length * 2;
-    return 0;
-}
-
-int
-der_put_universal_string (unsigned char *p, size_t len, 
-			  const heim_universal_string *data, size_t *size)
-{
-    size_t i;
-    if (len / 4 < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length * 4;
-    len -= data->length * 4;
-    for (i = 0; i < data->length; i++) {
-	p[1] = (data->data[i] >> 24) & 0xff;
-	p[2] = (data->data[i] >> 16) & 0xff;
-	p[3] = (data->data[i] >> 8) & 0xff;
-	p[4] = data->data[i] & 0xff;
-	p += 4;
-    }
-    if (size) *size = data->length * 4;
-    return 0;
-}
-
-int
-der_put_visible_string (unsigned char *p, size_t len, 
-			 const heim_visible_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_octet_string (unsigned char *p, size_t len, 
-		      const heim_octet_string *data, size_t *size)
-{
-    if (len < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length;
-    len -= data->length;
-    memcpy (p+1, data->data, data->length);
-    *size = data->length;
-    return 0;
-}
-
-int
-der_put_heim_integer (unsigned char *p, size_t len, 
-		     const heim_integer *data, size_t *size)
-{
-    unsigned char *buf = data->data;
-    int hibitset = 0;
-
-    if (data->length == 0) {
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = 0;
-	if (size)
-	    *size = 1;
-	return 0;
-    }
-    if (len < data->length)
-	return ASN1_OVERFLOW;
-
-    len -= data->length;
-
-    if (data->negative) {
-	int i, carry;
-	for (i = data->length - 1, carry = 1; i >= 0; i--) {
-	    *p = buf[i] ^ 0xff;
-	    if (carry)
-		carry = !++*p;
-	    p--;
-	}
-	if (p[1] < 128) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0xff;
-	    len--;
-	    hibitset = 1;
-	}
-    } else {
-	p -= data->length;
-	memcpy(p + 1, buf, data->length);
-
-	if (p[1] >= 128) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    p[0] = 0;
-	    len--;
-	    hibitset = 1;
-	}
-    }
-    if (size)
-	*size = data->length + hibitset;
-    return 0;
-}
-
-int
-der_put_generalized_time (unsigned char *p, size_t len, 
-			  const time_t *data, size_t *size)
-{
-    heim_octet_string k;
-    size_t l;
-    int e;
-
-    e = _heim_time2generalizedtime (*data, &k, 1);
-    if (e)
-	return e;
-    e = der_put_octet_string(p, len, &k, &l);
-    free(k.data);
-    if(e)
-	return e;
-    if(size)
-	*size = l;
-    return 0;
-}
-
-int
-der_put_utctime (unsigned char *p, size_t len, 
-		 const time_t *data, size_t *size)
-{
-    heim_octet_string k;
-    size_t l;
-    int e;
-
-    e = _heim_time2generalizedtime (*data, &k, 0);
-    if (e)
-	return e;
-    e = der_put_octet_string(p, len, &k, &l);
-    free(k.data);
-    if(e)
-	return e;
-    if(size)
-	*size = l;
-    return 0;
-}
-
-int
-der_put_oid (unsigned char *p, size_t len,
-	     const heim_oid *data, size_t *size)
-{
-    unsigned char *base = p;
-    int n;
-
-    for (n = data->length - 1; n >= 2; --n) {
-	unsigned u = data->components[n];
-
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = u % 128;
-	u /= 128;
-	--len;
-	while (u > 0) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 128 + u % 128;
-	    u /= 128;
-	    --len;
-	}
-    }
-    if (len < 1)
-	return ASN1_OVERFLOW;
-    *p-- = 40 * data->components[0] + data->components[1];
-    *size = base - p;
-    return 0;
-}
-
-int
-der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
-	     unsigned int tag, size_t *size)
-{
-    if (tag <= 30) {
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p = MAKE_TAG(class, type, tag);
-	*size = 1;
-    } else {
-	size_t ret = 0;
-	unsigned int continuation = 0;
-	
-	do {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = tag % 128 | continuation;
-	    len--;
-	    ret++;
-	    tag /= 128;
-	    continuation = 0x80;
-	} while(tag > 0);
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = MAKE_TAG(class, type, 0x1f);
-	ret++;
-	*size = ret;
-    }
-    return 0;
-}
-
-int
-der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
-			Der_class class, Der_type type, 
-			unsigned int tag, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_length (p, len, len_val, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_tag (p, len, class, type, tag, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-_heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
-{
-     struct tm *tm;
-     const size_t len = gtimep ? 15 : 13;
-
-     s->data = malloc(len + 1);
-     if (s->data == NULL)
-	 return ENOMEM;
-     s->length = len;
-     tm = gmtime (&t);
-     if (gtimep)
-	 snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", 
-		   tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
-		   tm->tm_hour, tm->tm_min, tm->tm_sec);
-     else
-	 snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ", 
-		   tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, 
-		   tm->tm_hour, tm->tm_min, tm->tm_sec);
-
-     return 0;
-}
-
-int
-der_put_bit_string (unsigned char *p, size_t len, 
-		    const heim_bit_string *data, size_t *size)
-{
-    size_t data_size = (data->length + 7) / 8;
-    if (len < data_size + 1)
-	return ASN1_OVERFLOW;
-    p -= data_size + 1;
-    len -= data_size + 1;
-    memcpy (p+2, data->data, data_size);
-    if (data->length && (data->length % 8) != 0)
-	p[1] = 8 - (data->length % 8);
-    else
-	p[1] = 0;
-    *size = data_size + 1;
-    return 0;
-}
-
-int 
-_heim_der_set_sort(const void *a1, const void *a2)
-{
-    const struct heim_octet_string *s1 = a1, *s2 = a2;
-    int ret;
-
-    ret = memcmp(s1->data, s2->data, 
-		 s1->length < s2->length ? s1->length : s2->length);
-    if(ret)
-	return ret;
-    return s1->length - s2->length;
-}
diff --git a/crypto/heimdal/lib/asn1/digest.asn1 b/crypto/heimdal/lib/asn1/digest.asn1
deleted file mode 100644
index eafe48e..0000000
--- a/crypto/heimdal/lib/asn1/digest.asn1
+++ /dev/null
@@ -1,164 +0,0 @@
--- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $
-
-DIGEST DEFINITIONS ::=
-BEGIN
-
-IMPORTS EncryptedData, Principal FROM krb5;
-
-DigestTypes ::= BIT STRING {
-	ntlm-v1(0),
-	ntlm-v1-session(1),
-	ntlm-v2(2),
-	digest-md5(3),
-	chap-md5(4),
-	ms-chap-v2(5)
-}
-
-DigestInit ::= SEQUENCE {
-    type		UTF8String, -- http, sasl, chap, cram-md5 --
-    channel		[0] SEQUENCE {
-    	cb-type		UTF8String,
-    	cb-binding	UTF8String
-    } OPTIONAL,
-    hostname		[1] UTF8String OPTIONAL -- for chap/cram-md5
-}
-
-DigestInitReply ::= SEQUENCE {
-    nonce		UTF8String,	-- service nonce/challange
-    opaque		UTF8String,	-- server state
-    identifier		[0] UTF8String OPTIONAL
-}
-
-
-DigestRequest ::= SEQUENCE  {
-    type		UTF8String, -- http, sasl-md5, chap, cram-md5 --
-    digest		UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
-    username		UTF8String, -- username user used
-    responseData	UTF8String, -- client response
-    authid		[0] UTF8String OPTIONAL,
-    authentication-user	[1] Principal OPTIONAL, -- principal to get key from
-    realm		[2] UTF8String OPTIONAL,
-    method		[3] UTF8String OPTIONAL,
-    uri			[4] UTF8String OPTIONAL,
-    serverNonce		UTF8String, -- same as "DigestInitReply.nonce"
-    clientNonce		[5] UTF8String OPTIONAL,
-    nonceCount		[6] UTF8String OPTIONAL,
-    qop			[7] UTF8String OPTIONAL,
-    identifier		[8] UTF8String OPTIONAL,
-    hostname		[9] UTF8String OPTIONAL,
-    opaque		UTF8String -- same as "DigestInitReply.opaque"
-}
--- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
--- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
-
-
-DigestError ::= SEQUENCE {
-    reason		UTF8String,
-    code		INTEGER (-2147483648..2147483647)
-}
-
-DigestResponse ::= SEQUENCE  {
-    success		BOOLEAN,
-    rsp			[0] UTF8String OPTIONAL,
-    tickets		[1] SEQUENCE OF OCTET STRING OPTIONAL,
-    channel		[2] SEQUENCE {
-    	cb-type		UTF8String,
-    	cb-binding	UTF8String
-    } OPTIONAL,
-    session-key		[3] OCTET STRING OPTIONAL
-}
-
-NTLMInit ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    hostname		[1] UTF8String OPTIONAL,
-    domain		[1] UTF8String OPTIONAL
-}
-
-NTLMInitReply ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    opaque		[1] OCTET STRING,
-    targetname		[2] UTF8String,
-    challange		[3] OCTET STRING,
-    targetinfo		[4] OCTET STRING OPTIONAL
-}
-
-NTLMRequest ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    opaque		[1] OCTET STRING,
-    username		[2] UTF8String,
-    targetname		[3] UTF8String,
-    targetinfo		[4] OCTET STRING OPTIONAL,
-    lm			[5] OCTET STRING,
-    ntlm		[6] OCTET STRING,
-    sessionkey		[7] OCTET STRING OPTIONAL
-}
-
-NTLMResponse ::= SEQUENCE {
-    success		[0] BOOLEAN,
-    flags		[1] INTEGER (0..4294967295),
-    sessionkey		[2] OCTET STRING OPTIONAL,
-    tickets		[3] SEQUENCE OF OCTET STRING OPTIONAL
-}
-
-DigestReqInner ::= CHOICE {
-    init		[0] DigestInit,
-    digestRequest	[1] DigestRequest,
-    ntlmInit		[2] NTLMInit,
-    ntlmRequest		[3] NTLMRequest,
-    supportedMechs	[4] NULL
-}
-
-DigestREQ ::= [APPLICATION 128] SEQUENCE {
-    apReq		[0] OCTET STRING,
-    innerReq		[1] EncryptedData
-}
-
-DigestRepInner ::= CHOICE {
-    error		[0] DigestError,
-    initReply		[1] DigestInitReply,
-    response		[2] DigestResponse,
-    ntlmInitReply	[3] NTLMInitReply,
-    ntlmResponse	[4] NTLMResponse,
-    supportedMechs	[5] DigestTypes,
-    ...
-}
-
-DigestREP ::= [APPLICATION 129] SEQUENCE {
-    apRep		[0] OCTET STRING,
-    innerRep		[1] EncryptedData
-}
-
-
--- HTTP
-
--- md5
--- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
--- md5-sess
--- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
-
--- qop == auth
--- A2 = Method ":" digest-uri-value
--- qop == auth-int
--- A2 = Method ":" digest-uri-value ":" H(entity-body) 
-
--- request-digest  = HEX(KD(HEX(H(A1)),
---    unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
--- no "qop"
--- request-digest  = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
-
-
--- SASL:
--- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
--- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
--- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
-
--- A2 = "AUTHENTICATE:", ":", digest-uri-value
--- qop == auth-int,auth-conf
--- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
-
--- response-value = HEX( KD ( HEX(H(A1)),
---                 { unq(nonce-value), ":" nc-value, ":",
---                   unq(cnonce-value), ":", qop-value, ":",
---                   HEX(H(A2)) }))
-
-END
diff --git a/crypto/heimdal/lib/asn1/extra.c b/crypto/heimdal/lib/asn1/extra.c
deleted file mode 100644
index e29a437..0000000
--- a/crypto/heimdal/lib/asn1/extra.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include "heim_asn1.h"
-
-RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $");
-
-int
-encode_heim_any(unsigned char *p, size_t len, 
-		const heim_any *data, size_t *size)
-{
-    if (data->length > len)
-	return ASN1_OVERFLOW;
-    p -= data->length;
-    len -= data->length;
-    memcpy (p+1, data->data, data->length);
-    *size = data->length;
-    return 0;
-}
-
-int
-decode_heim_any(const unsigned char *p, size_t len, 
-		heim_any *data, size_t *size)
-{
-    size_t len_len, length, l;
-    Der_class thisclass;
-    Der_type thistype;
-    unsigned int thistag;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-
-    e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
-    if (e) return e;
-    if (l > len)
-	return ASN1_OVERFLOW;
-    e = der_get_length(p + l, len - l, &length, &len_len);
-    if (e) return e;
-    if (length + len_len + l > len)
-	return ASN1_OVERFLOW;
-
-    data->data = malloc(length + len_len + l);
-    if (data->data == NULL)
-	return ENOMEM;
-    data->length = length + len_len + l;
-    memcpy(data->data, p, length + len_len + l);
-
-    if (size)
-	*size = length + len_len + l;
-
-    return 0;
-}
-
-void
-free_heim_any(heim_any *data)
-{
-    free(data->data);
-    data->data = NULL;
-}
-
-size_t
-length_heim_any(const heim_any *data)
-{
-    return data->length;
-}
-
-int
-copy_heim_any(const heim_any *from, heim_any *to)
-{
-    to->data = malloc(from->length);
-    if (to->data == NULL && from->length != 0)
-	return ENOMEM;
-    memcpy(to->data, from->data, from->length);
-    to->length = from->length;
-    return 0;
-}
-
-int
-encode_heim_any_set(unsigned char *p, size_t len, 
-		    const heim_any_set *data, size_t *size)
-{
-    return encode_heim_any(p, len, data, size);
-}
-
-
-int
-decode_heim_any_set(const unsigned char *p, size_t len, 
-		heim_any_set *data, size_t *size)
-{
-    memset(data, 0, sizeof(*data));
-    data->data = malloc(len);
-    if (data->data == NULL && len != 0)
-	return ENOMEM;
-    data->length = len;
-    memcpy(data->data, p, len);
-    if (size) *size = len;
-    return 0;
-}
-
-void
-free_heim_any_set(heim_any_set *data)
-{
-    free_heim_any(data);
-}
-
-size_t
-length_heim_any_set(const heim_any *data)
-{
-    return length_heim_any(data);
-}
-
-int
-copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
-{
-    return copy_heim_any(from, to);
-}
-
-int
-heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c
deleted file mode 100644
index 499f8ea..0000000
--- a/crypto/heimdal/lib/asn1/gen.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $");
-
-FILE *headerfile, *codefile, *logfile;
-
-#define STEM "asn1"
-
-static const char *orig_filename;
-static char *header;
-static const char *headerbase = STEM;
-
-/*
- * list of all IMPORTs
- */
-
-struct import {
-    const char *module;
-    struct import *next;
-};
-
-static struct import *imports = NULL;
-
-void
-add_import (const char *module)
-{
-    struct import *tmp = emalloc (sizeof(*tmp));
-
-    tmp->module = module;
-    tmp->next   = imports;
-    imports     = tmp;
-
-    fprintf (headerfile, "#include <%s_asn1.h>\n", module);
-}
-
-const char *
-get_filename (void)
-{
-    return orig_filename;
-}
-
-void
-init_generate (const char *filename, const char *base)
-{
-    char *fn;
-
-    orig_filename = filename;
-    if (base != NULL) {
-	headerbase = strdup(base);
-	if (headerbase == NULL)
-	    errx(1, "strdup");
-    }
-    asprintf(&header, "%s.h", headerbase);
-    if (header == NULL)
-	errx(1, "malloc");
-    headerfile = fopen (header, "w");
-    if (headerfile == NULL)
-	err (1, "open %s", header);
-    fprintf (headerfile,
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n",
-	     filename);
-    fprintf (headerfile, 
-	     "#ifndef __%s_h__\n"
-	     "#define __%s_h__\n\n", headerbase, headerbase);
-    fprintf (headerfile, 
-	     "#include <stddef.h>\n"
-	     "#include <time.h>\n\n");
-    fprintf (headerfile,
-	     "#ifndef __asn1_common_definitions__\n"
-	     "#define __asn1_common_definitions__\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_integer {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "  int negative;\n"
-	     "} heim_integer;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_octet_string {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "} heim_octet_string;\n\n");
-    fprintf (headerfile,
-	     "typedef char *heim_general_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_utf8_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_printable_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_ia5_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef struct heim_bmp_string {\n"
-	     "  size_t length;\n"
-	     "  uint16_t *data;\n"
-	     "} heim_bmp_string;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_universal_string {\n"
-	     "  size_t length;\n"
-	     "  uint32_t *data;\n"
-	     "} heim_universal_string;\n\n");
-    fprintf (headerfile,
-	     "typedef char *heim_visible_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef struct heim_oid {\n"
-	     "  size_t length;\n"
-	     "  unsigned *components;\n"
-	     "} heim_oid;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_bit_string {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "} heim_bit_string;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_octet_string heim_any;\n"
-	     "typedef struct heim_octet_string heim_any_set;\n\n");
-    fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \\\n"
-	  "  do {                                                         \\\n"
-	  "    (BL) = length_##T((S));                                    \\\n"
-	  "    (B) = malloc((BL));                                        \\\n"
-	  "    if((B) == NULL) {                                          \\\n"
-	  "      (R) = ENOMEM;                                            \\\n"
-	  "    } else {                                                   \\\n"
-	  "      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
-	  "                       (S), (L));                              \\\n"
-	  "      if((R) != 0) {                                           \\\n"
-	  "        free((B));                                             \\\n"
-	  "        (B) = NULL;                                            \\\n"
-	  "      }                                                        \\\n"
-	  "    }                                                          \\\n"
-	  "  } while (0)\n\n",
-	  headerfile);
-    fprintf (headerfile, "struct units;\n\n");
-    fprintf (headerfile, "#endif\n\n");
-    asprintf(&fn, "%s_files", base);
-    if (fn == NULL)
-	errx(1, "malloc");
-    logfile = fopen(fn, "w");
-    if (logfile == NULL)
-	err (1, "open %s", fn);
-}
-
-void
-close_generate (void)
-{
-    fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
-
-    fclose (headerfile);
-    fprintf (logfile, "\n");
-    fclose (logfile);
-}
-
-void
-gen_assign_defval(const char *var, struct value *val)
-{
-    switch(val->type) {
-    case stringvalue:
-	fprintf(codefile, "if((%s = strdup(\"%s\")) == NULL)\nreturn ENOMEM;\n", var, val->u.stringvalue);
-	break;
-    case integervalue:
-	fprintf(codefile, "%s = %d;\n", var, val->u.integervalue);
-	break;
-    case booleanvalue:
-	if(val->u.booleanvalue)
-	    fprintf(codefile, "%s = TRUE;\n", var);
-	else
-	    fprintf(codefile, "%s = FALSE;\n", var);
-	break;
-    default:
-	abort();
-    }
-}
-
-void
-gen_compare_defval(const char *var, struct value *val)
-{
-    switch(val->type) {
-    case stringvalue:
-	fprintf(codefile, "if(strcmp(%s, \"%s\") != 0)\n", var, val->u.stringvalue);
-	break;
-    case integervalue:
-	fprintf(codefile, "if(%s != %d)\n", var, val->u.integervalue);
-	break;
-    case booleanvalue:
-	if(val->u.booleanvalue)
-	    fprintf(codefile, "if(!%s)\n", var);
-	else
-	    fprintf(codefile, "if(%s)\n", var);
-	break;
-    default:
-	abort();
-    }
-}
-
-static void
-generate_header_of_codefile(const char *name)
-{
-    char *filename;
-
-    if (codefile != NULL)
-	abort();
-
-    asprintf (&filename, "%s_%s.x", STEM, name);
-    if (filename == NULL)
-	errx(1, "malloc");
-    codefile = fopen (filename, "w");
-    if (codefile == NULL)
-	err (1, "fopen %s", filename);
-    fprintf(logfile, "%s ", filename);
-    free(filename);
-    fprintf (codefile, 
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n"
-	     "#include <stdio.h>\n"
-	     "#include <stdlib.h>\n"
-	     "#include <time.h>\n"
-	     "#include <string.h>\n"
-	     "#include <errno.h>\n"
-	     "#include <limits.h>\n"
-	     "#include <krb5-types.h>\n",
-	     orig_filename);
-
-    fprintf (codefile,
-	     "#include <%s.h>\n",
-	     headerbase);
-    fprintf (codefile,
-	     "#include <asn1_err.h>\n"
-	     "#include <der.h>\n"
-	     "#include <parse_units.h>\n\n");
-
-}
-
-static void
-close_codefile(void)
-{
-    if (codefile == NULL)
-	abort();
-
-    fclose(codefile);
-    codefile = NULL;
-}
-
-
-void
-generate_constant (const Symbol *s)
-{
-    switch(s->value->type) {
-    case booleanvalue:
-	break;
-    case integervalue:
-	fprintf (headerfile, "enum { %s = %d };\n\n",
-		 s->gen_name, s->value->u.integervalue);
-	break;
-    case nullvalue:
-	break;
-    case stringvalue:
-	break;
-    case objectidentifiervalue: {
-	struct objid *o, **list;
-	int i, len;
-
-	generate_header_of_codefile(s->gen_name);
-
-	len = 0;
-	for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
-	    len++;
-	list = emalloc(sizeof(*list) * len);
-
-	i = 0;
-	for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
-	    list[i++] = o;
-
-	fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name);
-	for (i = len - 1 ; i >= 0; i--) {
-	    o = list[i];
-	    fprintf(headerfile, "%s(%d) ",
-		    o->label ? o->label : "label-less", o->value);
-	}
-
-	fprintf (headerfile, "} */\n");
-	fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n",
-		 s->gen_name);
-
-	fprintf (codefile, "static unsigned oid_%s_variable_num[%d] =  {",
-		 s->gen_name, len);
-	for (i = len - 1 ; i >= 0; i--) {
-	    fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : "");
-	}
-	fprintf(codefile, "};\n");
-
-	fprintf (codefile, "static const heim_oid oid_%s_variable = "
-		 "{ %d, oid_%s_variable_num };\n\n", 
-		 s->gen_name, len, s->gen_name);
-
-	fprintf (codefile, "const heim_oid *oid_%s(void)\n"
-		 "{\n"
-		 "return &oid_%s_variable;\n"
-		 "}\n\n",
-		 s->gen_name, s->gen_name);
-
-	close_codefile();
-
-	break;
-    }
-    default:
-	abort();
-    }
-}
-
-static void
-space(int level)
-{
-    while(level-- > 0)
-	fprintf(headerfile, "  ");
-}
-
-static const char *
-last_member_p(struct member *m)
-{
-    struct member *n = ASN1_TAILQ_NEXT(m, members);
-    if (n == NULL)
-	return "";
-    if (n->ellipsis && ASN1_TAILQ_NEXT(n, members) == NULL)
-	return "";
-    return ",";
-}
-
-static struct member *
-have_ellipsis(Type *t)
-{
-    struct member *m;
-    ASN1_TAILQ_FOREACH(m, t->members, members) {
-	if (m->ellipsis)
-	    return m;
-    }
-    return NULL;
-}
-
-static void
-define_asn1 (int level, Type *t)
-{
-    switch (t->type) {
-    case TType:
-	fprintf (headerfile, "%s", t->symbol->name);
-	break;
-    case TInteger:
-	if(t->members == NULL) {
-            fprintf (headerfile, "INTEGER");
-	    if (t->range)
-		fprintf (headerfile, " (%d..%d)",
-			 t->range->min, t->range->max);
-        } else {
-	    Member *m;
-            fprintf (headerfile, "INTEGER {\n");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-                space (level + 1);
-		fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val, 
-			last_member_p(m));
-            }
-	    space(level);
-            fprintf (headerfile, "}");
-        }
-	break;
-    case TBoolean:
-	fprintf (headerfile, "BOOLEAN");
-	break;
-    case TOctetString:
-	fprintf (headerfile, "OCTET STRING");
-	break;
-    case TEnumerated :
-    case TBitString: {
-	Member *m;
-
-	space(level);
-	if(t->type == TBitString)
-	    fprintf (headerfile, "BIT STRING {\n");
-	else
-	    fprintf (headerfile, "ENUMERATED {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 1);
-	    fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, 
-		     last_member_p(m));
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TChoice:
-    case TSet:
-    case TSequence: {
-	Member *m;
-	int max_width = 0;
-
-	if(t->type == TChoice)
-	    fprintf(headerfile, "CHOICE {\n");
-	else if(t->type == TSet)
-	    fprintf(headerfile, "SET {\n");
-	else
-	    fprintf(headerfile, "SEQUENCE {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if(strlen(m->name) > max_width)
-		max_width = strlen(m->name);
-	}
-	max_width += 3;
-	if(max_width < 16) max_width = 16;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    int width = max_width;
-	    space(level + 1);
-	    if (m->ellipsis) {
-		fprintf (headerfile, "...");
-	    } else {
-		width -= fprintf(headerfile, "%s", m->name);
-		fprintf(headerfile, "%*s", width, "");
-		define_asn1(level + 1, m->type);
-		if(m->optional)
-		    fprintf(headerfile, " OPTIONAL");
-	    }
-	    if(last_member_p(m))
-		fprintf (headerfile, ",");
-	    fprintf (headerfile, "\n");
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TSequenceOf:
-	fprintf (headerfile, "SEQUENCE OF ");
-	define_asn1 (0, t->subtype);
-	break;
-    case TSetOf:
-	fprintf (headerfile, "SET OF ");
-	define_asn1 (0, t->subtype);
-	break;
-    case TGeneralizedTime:
-	fprintf (headerfile, "GeneralizedTime");
-	break;
-    case TGeneralString:
-	fprintf (headerfile, "GeneralString");
-	break;
-    case TTag: {
-	const char *classnames[] = { "UNIVERSAL ", "APPLICATION ", 
-				     "" /* CONTEXT */, "PRIVATE " };
-	if(t->tag.tagclass != ASN1_C_UNIV)
-	    fprintf (headerfile, "[%s%d] ", 
-		     classnames[t->tag.tagclass],
-		     t->tag.tagvalue);
-	if(t->tag.tagenv == TE_IMPLICIT)
-	    fprintf (headerfile, "IMPLICIT ");
-	define_asn1 (level, t->subtype);
-	break;
-    }
-    case TUTCTime:
-	fprintf (headerfile, "UTCTime");
-	break;
-    case TUTF8String:
-	space(level);
-	fprintf (headerfile, "UTF8String");
-	break;
-    case TPrintableString:
-	space(level);
-	fprintf (headerfile, "PrintableString");
-	break;
-    case TIA5String:
-	space(level);
-	fprintf (headerfile, "IA5String");
-	break;
-    case TBMPString:
-	space(level);
-	fprintf (headerfile, "BMPString");
-	break;
-    case TUniversalString:
-	space(level);
-	fprintf (headerfile, "UniversalString");
-	break;
-    case TVisibleString:
-	space(level);
-	fprintf (headerfile, "VisibleString");
-	break;
-    case TOID :
-	space(level);
-	fprintf(headerfile, "OBJECT IDENTIFIER");
-	break;
-    case TNull:
-	space(level);
-	fprintf (headerfile, "NULL");
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-define_type (int level, const char *name, Type *t, int typedefp, int preservep)
-{
-    switch (t->type) {
-    case TType:
-	space(level);
-	fprintf (headerfile, "%s %s;\n", t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	space(level);
-	if(t->members) {
-            Member *m;
-            fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-                space (level + 1);
-                fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, 
-                        last_member_p(m));
-            }
-            fprintf (headerfile, "} %s;\n", name);
-	} else if (t->range == NULL) {
-	    fprintf (headerfile, "heim_integer %s;\n", name);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    fprintf (headerfile, "int %s;\n", name);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    fprintf (headerfile, "unsigned int %s;\n", name);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    fprintf (headerfile, "unsigned int %s;\n", name);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	break;
-    case TBoolean:
-	space(level);
-	fprintf (headerfile, "int %s;\n", name);
-	break;
-    case TOctetString:
-	space(level);
-	fprintf (headerfile, "heim_octet_string %s;\n", name);
-	break;
-    case TBitString: {
-	Member *m;
-	Type i;
-	struct range range = { 0, INT_MAX };
-
-	i.type = TInteger;
-	i.range = &range;
-	i.members = NULL;
-	i.constraint = NULL;
-
-	space(level);
-	if(ASN1_TAILQ_EMPTY(t->members)) 
-	    fprintf (headerfile, "heim_bit_string %s;\n", name);
-	else {
-	    fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-		char *n;
-		
-		asprintf (&n, "%s:1", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 1, n, &i, FALSE, FALSE);
-		free (n);
-	    }
-	    space(level);
-	    fprintf (headerfile, "} %s;\n\n", name);
-	}
-	break;
-    }
-    case TEnumerated: {
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 1);
-	    if (m->ellipsis)
-		fprintf (headerfile, "/* ... */\n");
-	    else
-		fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val,
-			 last_member_p(m));
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n\n", name);
-	break;
-    }
-    case TSet:
-    case TSequence: {
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	if (t->type == TSequence && preservep) {
-	    space(level + 1);
-	    fprintf(headerfile, "heim_octet_string _save;\n");
-	}
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if (m->ellipsis) {
-		;
-	    } else if (m->optional) {
-		char *n;
-
-		asprintf (&n, "*%s", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 1, n, m->type, FALSE, FALSE);
-		free (n);
-	    } else
-		define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	Type i;
-	struct range range = { 0, INT_MAX };
-
-	i.type = TInteger;
-	i.range = &range;
-	i.members = NULL;
-	i.constraint = NULL;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	define_type (level + 1, "len", &i, FALSE, FALSE);
-	define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TGeneralizedTime:
-	space(level);
-	fprintf (headerfile, "time_t %s;\n", name);
-	break;
-    case TGeneralString:
-	space(level);
-	fprintf (headerfile, "heim_general_string %s;\n", name);
-	break;
-    case TTag:
-	define_type (level, name, t->subtype, typedefp, preservep);
-	break;
-    case TChoice: {
-	int first = 1;
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	if (preservep) {
-	    space(level + 1);
-	    fprintf(headerfile, "heim_octet_string _save;\n");
-	}
-	space(level + 1);
-	fprintf (headerfile, "enum {\n");
-	m = have_ellipsis(t);
-	if (m) {
-	    space(level + 2);
-	    fprintf (headerfile, "%s = 0,\n", m->label); 
-	    first = 0;
-	}
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 2);
-	    if (m->ellipsis)
-		fprintf (headerfile, "/* ... */\n");
-	    else
-		fprintf (headerfile, "%s%s%s\n", m->label, 
-			 first ? " = 1" : "", 
-			 last_member_p(m));
-	    first = 0;
-	}
-	space(level + 1);
-	fprintf (headerfile, "} element;\n");
-	space(level + 1);
-	fprintf (headerfile, "union {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if (m->ellipsis) {
-		space(level + 2);
-		fprintf(headerfile, "heim_octet_string asn1_ellipsis;\n");
-	    } else if (m->optional) {
-		char *n;
-
-		asprintf (&n, "*%s", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 2, n, m->type, FALSE, FALSE);
-		free (n);
-	    } else
-		define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
-	}
-	space(level + 1);
-	fprintf (headerfile, "} u;\n");
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TUTCTime:
-	space(level);
-	fprintf (headerfile, "time_t %s;\n", name);
-	break;
-    case TUTF8String:
-	space(level);
-	fprintf (headerfile, "heim_utf8_string %s;\n", name);
-	break;
-    case TPrintableString:
-	space(level);
-	fprintf (headerfile, "heim_printable_string %s;\n", name);
-	break;
-    case TIA5String:
-	space(level);
-	fprintf (headerfile, "heim_ia5_string %s;\n", name);
-	break;
-    case TBMPString:
-	space(level);
-	fprintf (headerfile, "heim_bmp_string %s;\n", name);
-	break;
-    case TUniversalString:
-	space(level);
-	fprintf (headerfile, "heim_universal_string %s;\n", name);
-	break;
-    case TVisibleString:
-	space(level);
-	fprintf (headerfile, "heim_visible_string %s;\n", name);
-	break;
-    case TOID :
-	space(level);
-	fprintf (headerfile, "heim_oid %s;\n", name);
-	break;
-    case TNull:
-	space(level);
-	fprintf (headerfile, "int %s;\n", name);
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-generate_type_header (const Symbol *s)
-{
-    int preservep = preserve_type(s->name) ? TRUE : FALSE;
-
-    fprintf (headerfile, "/*\n");
-    fprintf (headerfile, "%s ::= ", s->name);
-    define_asn1 (0, s->type);
-    fprintf (headerfile, "\n*/\n\n");
-
-    fprintf (headerfile, "typedef ");
-    define_type (0, s->gen_name, s->type, TRUE, preservep);
-
-    fprintf (headerfile, "\n");
-}
-
-
-void
-generate_type (const Symbol *s)
-{
-    generate_header_of_codefile(s->gen_name);
-
-    generate_type_header (s);
-    generate_type_encode (s);
-    generate_type_decode (s);
-    generate_type_free (s);
-    generate_type_length (s);
-    generate_type_copy (s);
-    generate_type_seq (s);
-    generate_glue (s->type, s->gen_name);
-    fprintf(headerfile, "\n\n");
-    close_codefile();
-}
diff --git a/crypto/heimdal/lib/asn1/gen.h b/crypto/heimdal/lib/asn1/gen.h
deleted file mode 100644
index 369b6e3..0000000
--- a/crypto/heimdal/lib/asn1/gen.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */
-
-#include <stdio.h>
-#include "symbol.h"
-
diff --git a/crypto/heimdal/lib/asn1/gen_copy.c b/crypto/heimdal/lib/asn1/gen_copy.c
deleted file mode 100644
index abf1185..0000000
--- a/crypto/heimdal/lib/asn1/gen_copy.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $");
-
-static int used_fail;
-
-static void
-copy_primitive (const char *typename, const char *from, const char *to)
-{
-    fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n", 
-	     typename, from, to);
-    used_fail++;
-}
-
-static void
-copy_type (const char *from, const char *to, const Type *t, int preserve)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	copy_type (from, to, t->symbol->type, preserve);
-#endif
-	fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", 
-		 t->symbol->gen_name, from, to);
-	used_fail++;
-	break;
-    case TInteger:
-	if (t->range == NULL && t->members == NULL) {
-	    copy_primitive ("heim_integer", from, to);
-	    break;
-	}
-    case TBoolean:
-    case TEnumerated :
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TOctetString:
-	copy_primitive ("octet_string", from, to);
-	break;
-    case TBitString:
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    copy_primitive ("bit_string", from, to);
-	else
-	    fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TSet:
-    case TSequence:
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-
-	if(t->members == NULL)
-	    break;
-      
-	if ((t->type == TSequence || t->type == TChoice) && preserve) {
-	    fprintf(codefile,
-		    "{ int ret;\n"
-		    "ret = der_copy_octet_string(&(%s)->_save, &(%s)->_save);\n"
-		    "if (ret) goto fail;\n"
-		    "}\n",
-		    from, to);
-	    used_fail++;
-	}
-
-	if(t->type == TChoice) {
-	    fprintf(codefile, "(%s)->element = (%s)->element;\n", to, from);
-	    fprintf(codefile, "switch((%s)->element) {\n", from);
-	}
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *fs;
-	    char *ts;
-
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-
-	    asprintf (&fs, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", from, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (fs == NULL)
-		errx(1, "malloc");
-	    asprintf (&ts, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", to, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (ts == NULL)
-		errx(1, "malloc");
-	    if(m->optional){
-		fprintf(codefile, "if(%s) {\n", fs);
-		fprintf(codefile, "%s = malloc(sizeof(*%s));\n", ts, ts);
-		fprintf(codefile, "if(%s == NULL) goto fail;\n", ts);
-		used_fail++;
-	    }
-	    copy_type (fs, ts, m->type, FALSE);
-	    if(m->optional){
-		fprintf(codefile, "}else\n");
-		fprintf(codefile, "%s = NULL;\n", ts);
-	    }
-	    free (fs);
-	    free (ts);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	if(t->type == TChoice) {
-	    if (have_ellipsis) {
-		fprintf(codefile, "case %s: {\n"
-			"int ret;\n"
-			"ret=der_copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n"
-			"if (ret) goto fail;\n"
-			"break;\n"
-			"}\n",
-			have_ellipsis->label,
-			from, have_ellipsis->gen_name, 
-			to, have_ellipsis->gen_name);
-		used_fail++;
-	    }
-	    fprintf(codefile, "}\n");	
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *f;
-	char *T;
-
-	fprintf (codefile, "if(((%s)->val = "
-		 "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", 
-		 to, from, to, from);
-	fprintf (codefile, "goto fail;\n");
-	used_fail++;
-	fprintf(codefile,
-		"for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n",
-		to, to, from, to);
-	asprintf(&f, "&(%s)->val[(%s)->len]", from, to);
-	if (f == NULL)
-	    errx(1, "malloc");
-	asprintf(&T, "&(%s)->val[(%s)->len]", to, to);
-	if (T == NULL)
-	    errx(1, "malloc");
-	copy_type(f, T, t->subtype, FALSE);
-	fprintf(codefile, "}\n");
-	free(f);
-	free(T);
-	break;
-    }
-    case TGeneralizedTime:
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TGeneralString:
-	copy_primitive ("general_string", from, to);
-	break;
-    case TUTCTime:
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TUTF8String:
-	copy_primitive ("utf8string", from, to);
-	break;
-    case TPrintableString:
-	copy_primitive ("printable_string", from, to);
-	break;
-    case TIA5String:
-	copy_primitive ("ia5_string", from, to);
-	break;
-    case TBMPString:
-	copy_primitive ("bmp_string", from, to);
-	break;
-    case TUniversalString:
-	copy_primitive ("universal_string", from, to);
-	break;
-    case TVisibleString:
-	copy_primitive ("visible_string", from, to);
-	break;
-    case TTag:
-	copy_type (from, to, t->subtype, preserve);
-	break;
-    case TOID:
-	copy_primitive ("oid", from, to);
-	break;
-    case TNull:
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_copy (const Symbol *s)
-{
-  int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-  used_fail = 0;
-
-  fprintf (headerfile,
-	   "int    copy_%s  (const %s *, %s *);\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-
-  fprintf (codefile, "int\n"
-	   "copy_%s(const %s *from, %s *to)\n"
-	   "{\n"
-	   "memset(to, 0, sizeof(*to));\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-  copy_type ("from", "to", s->type, preserve);
-  fprintf (codefile, "return 0;\n");
-
-  if (used_fail)
-      fprintf (codefile, "fail:\n"
-	       "free_%s(to);\n"
-	       "return ENOMEM;\n",
-	       s->gen_name);
-
-  fprintf(codefile,
-	  "}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_decode.c b/crypto/heimdal/lib/asn1/gen_decode.c
deleted file mode 100644
index face9ba..0000000
--- a/crypto/heimdal/lib/asn1/gen_decode.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-#include "lex.h"
-
-RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
-
-static void
-decode_primitive (const char *typename, const char *name, const char *forwstr)
-{
-#if 0
-    fprintf (codefile,
-	     "e = decode_%s(p, len, %s, &l);\n"
-	     "%s;\n",
-	     typename,
-	     name,
-	     forwstr);
-#else
-    fprintf (codefile,
-	     "e = der_get_%s(p, len, %s, &l);\n"
-	     "if(e) %s;\np += l; len -= l; ret += l;\n",
-	     typename,
-	     name,
-	     forwstr);
-#endif
-}
-
-static int
-is_primitive_type(int type)
-{
-    switch(type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TBitString:
-    case TEnumerated:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TOID:
-    case TUTCTime:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TNull:
-	return 1;
-    default:
-	return 0;
-    }
-}
-
-static void
-find_tag (const Type *t,
-	  Der_class *cl, Der_type *ty, unsigned *tag)
-{
-    switch (t->type) {
-    case TBitString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_BitString;
-	break;
-    case TBoolean:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Boolean;
-	break;
-    case TChoice: 
-	errx(1, "Cannot have recursive CHOICE");
-    case TEnumerated:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Enumerated;
-	break;
-    case TGeneralString: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_GeneralString;
-	break;
-    case TGeneralizedTime: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_GeneralizedTime;
-	break;
-    case TIA5String:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_IA5String;
-	break;
-    case TInteger: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Integer;
-	break;
-    case TNull:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Null;
-	break;
-    case TOID: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_OID;
-	break;
-    case TOctetString: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_OctetString;
-	break;
-    case TPrintableString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_PrintableString;
-	break;
-    case TSequence: 
-    case TSequenceOf:
-	*cl  = ASN1_C_UNIV;
-	*ty  = CONS;
-	*tag = UT_Sequence;
-	break;
-    case TSet: 
-    case TSetOf:
-	*cl  = ASN1_C_UNIV;
-	*ty  = CONS;
-	*tag = UT_Set;
-	break;
-    case TTag: 
-	*cl  = t->tag.tagclass;
-	*ty  = is_primitive_type(t->subtype->type) ? PRIM : CONS;
-	*tag = t->tag.tagvalue;
-	break;
-    case TType: 
-	if ((t->symbol->stype == Stype && t->symbol->type == NULL)
-	    || t->symbol->stype == SUndefined) {
-	    error_message("%s is imported or still undefined, "
-			  " can't generate tag checking data in CHOICE "
-			  "without this information",
-			  t->symbol->name);
-	    exit(1);
-	}
-	find_tag(t->symbol->type, cl, ty, tag);
-	return;
-    case TUTCTime: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UTCTime;
-	break;
-    case TUTF8String:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UTF8String;
-	break;
-    case TBMPString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_BMPString;
-	break;
-    case TUniversalString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UniversalString;
-	break;
-    case TVisibleString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_VisibleString;
-	break;
-    default:
-	abort();
-    }
-}
-
-static void
-range_check(const char *name,
-	    const char *length,
-	    const char *forwstr, 
-	    struct range *r)
-{
-    if (r->min == r->max + 2 || r->min < r->max)
-	fprintf (codefile,
-		 "if ((%s)->%s > %d) {\n"
-		 "e = ASN1_MAX_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->max, forwstr);
-    if (r->min - 1 == r->max || r->min < r->max)
-	fprintf (codefile,
-		 "if ((%s)->%s < %d) {\n"
-		 "e = ASN1_MIN_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->min, forwstr);
-    if (r->max == r->min)
-	fprintf (codefile,
-		 "if ((%s)->%s != %d) {\n"
-		 "e = ASN1_EXACT_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->min, forwstr);
-}
-
-static int
-decode_type (const char *name, const Type *t, int optional, 
-	     const char *forwstr, const char *tmpstr)
-{
-    switch (t->type) {
-    case TType: {
-	if (optional)
-	    fprintf(codefile, 
-		    "%s = calloc(1, sizeof(*%s));\n"
-		    "if (%s == NULL) %s;\n",
-		    name, name, name, forwstr);
-	fprintf (codefile,
-		 "e = decode_%s(p, len, %s, &l);\n",
-		 t->symbol->gen_name, name);
-	if (optional) {
-	    fprintf (codefile,
-		     "if(e) {\n"
-		     "free(%s);\n"
-		     "%s = NULL;\n"
-		     "} else {\n"
-		     "p += l; len -= l; ret += l;\n"
-		     "}\n",
-		     name, name);
-	} else {
-	    fprintf (codefile,
-		     "if(e) %s;\n",
-		     forwstr);
-	    fprintf (codefile,
-		     "p += l; len -= l; ret += l;\n");
-	}
-	break;
-    }
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint;\n");
-	    decode_primitive ("integer", "&enumint", forwstr);
-	    fprintf(codefile,
-		    "*%s = enumint;\n"
-		    "}\n",
-		    name);
-	} else if (t->range == NULL) {
-	    decode_primitive ("heim_integer", name, forwstr);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    decode_primitive ("integer", name, forwstr);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    decode_primitive ("unsigned", name, forwstr);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    decode_primitive ("unsigned", name, forwstr);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	break;
-    case TBoolean:
-      decode_primitive ("boolean", name, forwstr);
-      break;
-    case TEnumerated:
-	decode_primitive ("enumerated", name, forwstr);
-	break;
-    case TOctetString:
-	decode_primitive ("octet_string", name, forwstr);
-	if (t->range)
-	    range_check(name, "length", forwstr, t->range);
-	break;
-    case TBitString: {
-	Member *m;
-	int pos = 0;
-
-	if (ASN1_TAILQ_EMPTY(t->members)) {
-	    decode_primitive ("bit_string", name, forwstr);
-	    break;
-	}
-	fprintf(codefile,
-		"if (len < 1) return ASN1_OVERRUN;\n"
-		"p++; len--; ret++;\n");
-	fprintf(codefile,
-		"do {\n"
-		"if (len < 1) break;\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    while (m->val / 8 > pos / 8) {
-		fprintf (codefile,
-			 "p++; len--; ret++;\n"
-			 "if (len < 1) break;\n");
-		pos += 8;
-	    }
-	    fprintf (codefile,
-		     "(%s)->%s = (*p >> %d) & 1;\n",
-		     name, m->gen_name, 7 - m->val % 8);
-	}
-	fprintf(codefile,
-		"} while(0);\n");
-	fprintf (codefile,
-		 "p += len; ret += len;\n");
-	break;
-    }
-    case TSequence: {
-	Member *m;
-
-	if (t->members == NULL)
-	    break;
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    if (m->ellipsis)
-		continue;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
-		      name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    decode_type (s, m->type, m->optional, forwstr, m->gen_name);
-	    free (s);
-	}
-	
-	break;
-    }
-    case TSet: {
-	Member *m;
-	unsigned int memno;
-
-	if(t->members == NULL)
-	    break;
-
-	fprintf(codefile, "{\n");
-	fprintf(codefile, "unsigned int members = 0;\n");
-	fprintf(codefile, "while(len > 0) {\n");
-	fprintf(codefile, 
-		"Der_class class;\n"
-		"Der_type type;\n"
-		"int tag;\n"
-		"e = der_get_tag (p, len, &class, &type, &tag, NULL);\n"
-		"if(e) %s;\n", forwstr);
-	fprintf(codefile, "switch (MAKE_TAG(class, type, tag)) {\n");
-	memno = 0;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    assert(m->type->type == TTag);
-
-	    fprintf(codefile, "case MAKE_TAG(%s, %s, %s):\n",
-		    classname(m->type->tag.tagclass),
-		    is_primitive_type(m->type->subtype->type) ? "PRIM" : "CONS",
-		    valuename(m->type->tag.tagclass, m->type->tag.tagvalue));
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if(m->optional)
-		fprintf(codefile, 
-			"%s = calloc(1, sizeof(*%s));\n"
-			"if (%s == NULL) { e = ENOMEM; %s; }\n",
-			s, s, s, forwstr);
-	    decode_type (s, m->type, 0, forwstr, m->gen_name);
-	    free (s);
-
-	    fprintf(codefile, "members |= (1 << %d);\n", memno);
-	    memno++;
-	    fprintf(codefile, "break;\n");
-	}
-	fprintf(codefile, 
-		"default:\n"
-		"return ASN1_MISPLACED_FIELD;\n"
-		"break;\n");
-	fprintf(codefile, "}\n");
-	fprintf(codefile, "}\n");
-	memno = 0;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    asprintf (&s, "%s->%s", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    fprintf(codefile, "if((members & (1 << %d)) == 0)\n", memno);
-	    if(m->optional)
-		fprintf(codefile, "%s = NULL;\n", s);
-	    else if(m->defval)
-		gen_assign_defval(s, m->defval);
-	    else
-		fprintf(codefile, "return ASN1_MISSING_FIELD;\n");
-	    free(s);
-	    memno++;
-	}
-	fprintf(codefile, "}\n");
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "{\n"
-		 "size_t %s_origlen = len;\n"
-		 "size_t %s_oldret = ret;\n"
-		 "size_t %s_olen = 0;\n"
-		 "void *%s_tmp;\n"
-		 "ret = 0;\n"
-		 "(%s)->len = 0;\n"
-		 "(%s)->val = NULL;\n",
-		 tmpstr,
-		 tmpstr,
-		 tmpstr,
-		 tmpstr,
-		 name,
-		 name);
-
-	fprintf (codefile,
-		 "while(ret < %s_origlen) {\n"
-		 "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
-		 "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
-		 "%s_olen = %s_nlen;\n"
-		 "%s_tmp = realloc((%s)->val, %s_olen);\n"
-		 "if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
-		 "(%s)->val = %s_tmp;\n",
-		 tmpstr,
-		 tmpstr, tmpstr, name,
-		 tmpstr, tmpstr, forwstr,
-		 tmpstr, tmpstr,
-		 tmpstr, name, tmpstr,
-		 tmpstr, forwstr, 
-		 name, tmpstr);
-
-	asprintf (&n, "&(%s)->val[(%s)->len]", name, name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_s_of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	decode_type (n, t->subtype, 0, forwstr, sname);
-	fprintf (codefile, 
-		 "(%s)->len++;\n"
-		 "len = %s_origlen - ret;\n"
-		 "}\n"
-		 "ret += %s_oldret;\n"
-		 "}\n",
-		 name,
-		 tmpstr, tmpstr);
-	if (t->range)
-	    range_check(name, "len", forwstr, t->range);
-	free (n);
-	free (sname);
-	break;
-    }
-    case TGeneralizedTime:
-	decode_primitive ("generalized_time", name, forwstr);
-	break;
-    case TGeneralString:
-	decode_primitive ("general_string", name, forwstr);
-	break;
-    case TTag:{
-    	char *tname;
-
-	fprintf(codefile, 
-		"{\n"
-		"size_t %s_datalen, %s_oldlen;\n",
-		tmpstr, tmpstr);
-	if(dce_fix)
-	    fprintf(codefile, 
-		    "int dce_fix;\n");
-	fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, "
-		"&%s_datalen, &l);\n",
-		classname(t->tag.tagclass),
-		is_primitive_type(t->subtype->type) ? "PRIM" : "CONS",
-		valuename(t->tag.tagclass, t->tag.tagvalue),
-		tmpstr);
-	if(optional) {
-	    fprintf(codefile, 
-		    "if(e) {\n"
-		    "%s = NULL;\n"
-		    "} else {\n"
-		     "%s = calloc(1, sizeof(*%s));\n"
-		     "if (%s == NULL) { e = ENOMEM; %s; }\n",
-		     name, name, name, name, forwstr);
-	} else {
-	    fprintf(codefile, "if(e) %s;\n", forwstr);
-	}
-	fprintf (codefile,
-		 "p += l; len -= l; ret += l;\n"
-		 "%s_oldlen = len;\n",
-		 tmpstr);
-	if(dce_fix)
-	    fprintf (codefile,
-		     "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
-		     "{ e = ASN1_BAD_FORMAT; %s; }\n",
-		     tmpstr, forwstr);
-	else
-	    fprintf(codefile, 
-		    "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
-		    "len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
-	asprintf (&tname, "%s_Tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");
-	decode_type (name, t->subtype, 0, forwstr, tname);
-	if(dce_fix)
-	    fprintf(codefile,
-		    "if(dce_fix){\n"
-		    "e = der_match_tag_and_length (p, len, "
-		    "(Der_class)0,(Der_type)0, UT_EndOfContent, "
-		    "&%s_datalen, &l);\n"
-		    "if(e) %s;\np += l; len -= l; ret += l;\n"
-		    "} else \n", tmpstr, forwstr);
-	fprintf(codefile, 
-		"len = %s_oldlen - %s_datalen;\n",
-		tmpstr, tmpstr);
-	if(optional)
-	    fprintf(codefile, 
-		    "}\n");
-	fprintf(codefile, 
-		"}\n");
-	free(tname);
-	break;
-    }
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-	const char *els = "";
-
-	if (t->members == NULL)
-	    break;
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    const Type *tt = m->type;
-	    char *s;
-	    Der_class cl;
-	    Der_type  ty;
-	    unsigned  tag;
-	    
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    find_tag(tt, &cl, &ty, &tag);
-
-	    fprintf(codefile,
-		    "%sif (der_match_tag(p, len, %s, %s, %s, NULL) == 0) {\n",
-		    els,
-		    classname(cl),
-		    ty ? "CONS" : "PRIM",
-		    valuename(cl, tag));
-	    asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
-		      name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    decode_type (s, m->type, m->optional, forwstr, m->gen_name);
-	    fprintf(codefile,
-		    "(%s)->element = %s;\n",
-		    name, m->label);
-	    free(s);
-	    fprintf(codefile,
-		    "}\n");
-	    els = "else ";
-	}
-	if (have_ellipsis) {
-	    fprintf(codefile,
-		    "else {\n"
-		    "(%s)->u.%s.data = calloc(1, len);\n"
-		    "if ((%s)->u.%s.data == NULL) {\n"
-		    "e = ENOMEM; %s;\n"
-		    "}\n"
-		    "(%s)->u.%s.length = len;\n"
-		    "memcpy((%s)->u.%s.data, p, len);\n"
-		    "(%s)->element = %s;\n"
-		    "p += len;\n"
-		    "ret += len;\n"
-		    "len -= len;\n"
-		    "}\n",
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    forwstr, 
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->label);
-	} else {
-	    fprintf(codefile,
-		    "else {\n"
-		    "e = ASN1_PARSE_ERROR;\n"
-		    "%s;\n"
-		    "}\n",
-		    forwstr);
-	}
-	break;
-    }
-    case TUTCTime:
-	decode_primitive ("utctime", name, forwstr);
-	break;
-    case TUTF8String:
-	decode_primitive ("utf8string", name, forwstr);
-	break;
-    case TPrintableString:
-	decode_primitive ("printable_string", name, forwstr);
-	break;
-    case TIA5String:
-	decode_primitive ("ia5_string", name, forwstr);
-	break;
-    case TBMPString:
-	decode_primitive ("bmp_string", name, forwstr);
-	break;
-    case TUniversalString:
-	decode_primitive ("universal_string", name, forwstr);
-	break;
-    case TVisibleString:
-	decode_primitive ("visible_string", name, forwstr);
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	break;
-    case TOID:
-	decode_primitive ("oid", name, forwstr);
-	break;
-    default :
-	abort ();
-    }
-    return 0;
-}
-
-void
-generate_type_decode (const Symbol *s)
-{
-    int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-    fprintf (headerfile,
-	     "int    "
-	     "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "decode_%s(const unsigned char *p,"
-	     " size_t len, %s *data, size_t *size)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    switch (s->type->type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TOID:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TUTCTime:
-    case TNull:
-    case TEnumerated:
-    case TBitString:
-    case TSequence:
-    case TSequenceOf:
-    case TSet:
-    case TSetOf:
-    case TTag:
-    case TType:
-    case TChoice:
-	fprintf (codefile,
-		 "size_t ret = 0;\n"
-		 "size_t l;\n"
-		 "int e;\n");
-	if (preserve)
-	    fprintf (codefile, "const unsigned char *begin = p;\n");
-
-	fprintf (codefile, "\n");
-	fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
-
-	decode_type ("data", s->type, 0, "goto fail", "Top");
-	if (preserve)
-	    fprintf (codefile,
-		     "data->_save.data = calloc(1, ret);\n"
-		     "if (data->_save.data == NULL) { \n"
-		     "e = ENOMEM; goto fail; \n"
-		     "}\n"
-		     "data->_save.length = ret;\n"
-		     "memcpy(data->_save.data, begin, ret);\n");
-	fprintf (codefile, 
-		 "if(size) *size = ret;\n"
-		 "return 0;\n");
-	fprintf (codefile,
-		 "fail:\n"
-		 "free_%s(data);\n"
-		 "return e;\n",
-		 s->gen_name);
-	break;
-    default:
-	abort ();
-    }
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_encode.c b/crypto/heimdal/lib/asn1/gen_encode.c
deleted file mode 100644
index 08f1a94..0000000
--- a/crypto/heimdal/lib/asn1/gen_encode.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $");
-
-static void
-encode_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile,
-	     "e = der_put_%s(p, len, %s, &l);\n"
-	     "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-	     typename,
-	     name);
-}
-
-const char *
-classname(Der_class class)
-{
-    const char *cn[] = { "ASN1_C_UNIV", "ASN1_C_APPL",
-			 "ASN1_C_CONTEXT", "ASN1_C_PRIV" };
-    if(class < ASN1_C_UNIV || class > ASN1_C_PRIVATE)
-	return "???";
-    return cn[class];
-}
-
-
-const char *
-valuename(Der_class class, int value)
-{
-    static char s[32];
-    struct { 
-	int value;
-	const char *s;
-    } *p, values[] = {
-#define X(Y) { Y, #Y }
-	X(UT_BMPString),
-	X(UT_BitString),
-	X(UT_Boolean),
-	X(UT_EmbeddedPDV),
-	X(UT_Enumerated),
-	X(UT_External),
-	X(UT_GeneralString),
-	X(UT_GeneralizedTime),
-	X(UT_GraphicString),
-	X(UT_IA5String),
-	X(UT_Integer),
-	X(UT_Null),
-	X(UT_NumericString),
-	X(UT_OID),
-	X(UT_ObjectDescriptor),
-	X(UT_OctetString),
-	X(UT_PrintableString),
-	X(UT_Real),
-	X(UT_RelativeOID),
-	X(UT_Sequence),
-	X(UT_Set),
-	X(UT_TeletexString),
-	X(UT_UTCTime),
-	X(UT_UTF8String),
-	X(UT_UniversalString),
-	X(UT_VideotexString),
-	X(UT_VisibleString),
-#undef X
-	{ -1, NULL }
-    };
-    if(class == ASN1_C_UNIV) {
-	for(p = values; p->value != -1; p++)
-	    if(p->value == value)
-		return p->s;
-    }
-    snprintf(s, sizeof(s), "%d", value);
-    return s;
-}
-
-static int
-encode_type (const char *name, const Type *t, const char *tmpstr)
-{
-    int constructed = 1;
-
-    switch (t->type) {
-    case TType:
-#if 0
-	encode_type (name, t->symbol->type);
-#endif
-	fprintf (codefile,
-		 "e = encode_%s(p, len, %s, &l);\n"
-		 "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-		 t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint = (int)*%s;\n",
-		    name);
-	    encode_primitive ("integer", "&enumint");
-	    fprintf(codefile, "}\n;");
-	} else if (t->range == NULL) {
-	    encode_primitive ("heim_integer", name);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    encode_primitive ("integer", name);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    encode_primitive ("unsigned", name);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    encode_primitive ("unsigned", name);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	constructed = 0;
-	break;
-    case TBoolean:
-	encode_primitive ("boolean", name);
-	constructed = 0;
-	break;
-    case TOctetString:
-	encode_primitive ("octet_string", name);
-	constructed = 0;
-	break;
-    case TBitString: {
-	Member *m;
-	int pos;
-
-	if (ASN1_TAILQ_EMPTY(t->members)) {
-	    encode_primitive("bit_string", name);
-	    constructed = 0;
-	    break;
-	}
-
-	fprintf (codefile, "{\n"
-		 "unsigned char c = 0;\n");
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "int rest = 0;\n"
-		     "int bit_set = 0;\n");
-#if 0
-	pos = t->members->prev->val;
-	/* fix for buggy MIT (and OSF?) code */
-	if (pos > 31)
-	    abort ();
-#endif
-	/*
-	 * It seems that if we do not always set pos to 31 here, the MIT
-	 * code will do the wrong thing.
-	 *
-	 * I hate ASN.1 (and DER), but I hate it even more when everybody
-	 * has to screw it up differently.
-	 */
-	pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
-	if (rfc1510_bitstring) {
-	    if (pos < 31)
-		pos = 31;
-	}
-
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    while (m->val / 8 < pos / 8) {
-		if (!rfc1510_bitstring)
-		    fprintf (codefile,
-			     "if (c != 0 || bit_set) {\n");
-		fprintf (codefile,
-			 "if (len < 1) return ASN1_OVERFLOW;\n"
-			 "*p-- = c; len--; ret++;\n");
-		if (!rfc1510_bitstring)
-		    fprintf (codefile,
-			     "if (!bit_set) {\n"
-			     "rest = 0;\n"
-			     "while(c) { \n"
-			     "if (c & 1) break;\n"
-			     "c = c >> 1;\n"
-			     "rest++;\n"
-			     "}\n"
-			     "bit_set = 1;\n"
-			     "}\n"
-			     "}\n");
-		fprintf (codefile,
-			 "c = 0;\n");
-		pos -= 8;
-	    }
-	    fprintf (codefile,
-		     "if((%s)->%s) {\n"
-		     "c |= 1<<%d;\n", 
-		     name, m->gen_name, 7 - m->val % 8);
-	    fprintf (codefile,
-		     "}\n");
-	}
-
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "if (c != 0 || bit_set) {\n");
-	fprintf (codefile, 
-		 "if (len < 1) return ASN1_OVERFLOW;\n"
-		 "*p-- = c; len--; ret++;\n");
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "if (!bit_set) {\n"
-		     "rest = 0;\n"
-		     "if(c) { \n"
-		     "while(c) { \n"
-		     "if (c & 1) break;\n"
-		     "c = c >> 1;\n"
-		     "rest++;\n"
-		     "}\n"
-		     "}\n"
-		     "}\n"
-		     "}\n");
-
-	fprintf (codefile, 
-		 "if (len < 1) return ASN1_OVERFLOW;\n"
-		 "*p-- = %s;\n"
-		 "len -= 1;\n"
-		 "ret += 1;\n"
-		 "}\n\n",
-		 rfc1510_bitstring ? "0" : "rest");
-	constructed = 0;
-	break;
-    }
-    case TEnumerated : {
-	encode_primitive ("enumerated", name);
-	constructed = 0;
-	break;
-    }
-
-    case TSet:
-    case TSequence: {
-	Member *m;
-
-	if (t->members == NULL)
-	    break;
-	
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    char *s;
-
-	    if (m->ellipsis)
-		continue;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    fprintf(codefile, "/* %s */\n", m->name);
-	    if (m->optional)
-		fprintf (codefile,
-			 "if(%s) ",
-			 s);
-	    else if(m->defval)
-		gen_compare_defval(s + 1, m->defval);
-	    fprintf (codefile, "{\n");
-	    fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
-	    fprintf (codefile, "ret = 0;\n");
-	    encode_type (s, m->type, m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    fprintf (codefile, "}\n");
-	    free (s);
-	}
-	break;
-    }
-    case TSetOf: {
-
-	fprintf(codefile,
-		"{\n"
-		"struct heim_octet_string *val;\n"
-		"size_t elen, totallen = 0;\n"
-		"int eret;\n");
-
-	fprintf(codefile,
-		"if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
-		"return ERANGE;\n",
-		name);
-
-	fprintf(codefile,
-		"val = malloc(sizeof(val[0]) * (%s)->len);\n"
-		"if (val == NULL && (%s)->len != 0) return ENOMEM;\n",
-		name, name);
-
-	fprintf(codefile,
-		"for(i = 0; i < (%s)->len; i++) {\n",
-		name);
-
-	fprintf(codefile,
-		"ASN1_MALLOC_ENCODE(%s, val[i].data, "
-		"val[i].length, &(%s)->val[i], &elen, eret);\n",
-		t->subtype->symbol->gen_name,
-		name);
-
-	fprintf(codefile,
-		"if(eret) {\n"
-		"i--;\n"
-		"while (i >= 0) {\n"
-		"free(val[i].data);\n"
-		"i--;\n"
-		"}\n"
-		"free(val);\n"
-		"return eret;\n"
-		"}\n"
-		"totallen += elen;\n"
-		"}\n");
-
-	fprintf(codefile,
-		"if (totallen > len) {\n"
-		"for (i = 0; i < (%s)->len; i++) {\n"
-		"free(val[i].data);\n"
-		"}\n"
-		"free(val);\n"
-		"return ASN1_OVERFLOW;\n"
-		"}\n",
-		name);
-
-	fprintf(codefile,
-		"qsort(val, (%s)->len, sizeof(val[0]), _heim_der_set_sort);\n",
-		name);
-
-	fprintf (codefile,
-		 "for(i = (%s)->len - 1; i >= 0; --i) {\n"
-		 "p -= val[i].length;\n"
-		 "ret += val[i].length;\n"
-		 "memcpy(p + 1, val[i].data, val[i].length);\n"
-		 "free(val[i].data);\n"
-		 "}\n"
-		 "free(val);\n"
-		 "}\n",
-		 name);
-	break;
-    }
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "for(i = (%s)->len - 1; i >= 0; --i) {\n"
-		 "size_t %s_for_oldret = ret;\n"
-		 "ret = 0;\n",
-		 name, tmpstr);
-	asprintf (&n, "&(%s)->val[i]", name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_S_Of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	encode_type (n, t->subtype, sname);
-	fprintf (codefile,
-		 "ret += %s_for_oldret;\n"
-		 "}\n",
-		 tmpstr);
-	free (n);
-	free (sname);
-	break;
-    }
-    case TGeneralizedTime:
-	encode_primitive ("generalized_time", name);
-	constructed = 0;
-	break;
-    case TGeneralString:
-	encode_primitive ("general_string", name);
-	constructed = 0;
-	break;
-    case TTag: {
-    	char *tname;
-	int c;
-	asprintf (&tname, "%s_tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");	
-	c = encode_type (name, t->subtype, tname);
-	fprintf (codefile,
-		 "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n"
-		 "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-		 classname(t->tag.tagclass),
-		 c ? "CONS" : "PRIM", 
-		 valuename(t->tag.tagclass, t->tag.tagvalue));
-	free (tname);
-	break;
-    }
-    case TChoice:{
-	Member *m, *have_ellipsis = NULL;
-	char *s;
-
-	if (t->members == NULL)
-	    break;
-
-	fprintf(codefile, "\n");
-
-	asprintf (&s, "(%s)", name);
-	if (s == NULL)
-	    errx(1, "malloc");
-	fprintf(codefile, "switch(%s->element) {\n", s);
-
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    char *s2;
-
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    fprintf (codefile, "case %s: {", m->label); 
-	    asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&", 
-		     s, m->gen_name);
-	    if (s2 == NULL)
-		errx(1, "malloc");
-	    if (m->optional)
-		fprintf (codefile, "if(%s) {\n", s2);
-	    fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
-	    fprintf (codefile, "ret = 0;\n");
-	    constructed = encode_type (s2, m->type, m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    if(m->optional)
-		fprintf (codefile, "}\n");
-	    fprintf(codefile, "break;\n");
-	    fprintf(codefile, "}\n");
-	    free (s2);
-	}
-	free (s);
-	if (have_ellipsis) {
-	    fprintf(codefile,
-		    "case %s: {\n"
-		    "if (len < (%s)->u.%s.length)\n"
-		    "return ASN1_OVERFLOW;\n"
-		    "p -= (%s)->u.%s.length;\n"
-		    "ret += (%s)->u.%s.length;\n"
-		    "memcpy(p + 1, (%s)->u.%s.data, (%s)->u.%s.length);\n"
-		    "break;\n"
-		    "}\n",
-		    have_ellipsis->label,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name);
-	}
-	fprintf(codefile, "};\n");
-	break;
-    }
-    case TOID:
-	encode_primitive ("oid", name);
-	constructed = 0;
-	break;
-    case TUTCTime:
-	encode_primitive ("utctime", name);
-	constructed = 0;
-	break;
-    case TUTF8String:
-	encode_primitive ("utf8string", name);
-	constructed = 0;
-	break;
-    case TPrintableString:
-	encode_primitive ("printable_string", name);
-	constructed = 0;
-	break;
-    case TIA5String:
-	encode_primitive ("ia5_string", name);
-	constructed = 0;
-	break;
-    case TBMPString:
-	encode_primitive ("bmp_string", name);
-	constructed = 0;
-	break;
-    case TUniversalString:
-	encode_primitive ("universal_string", name);
-	constructed = 0;
-	break;
-    case TVisibleString:
-	encode_primitive ("visible_string", name);
-	constructed = 0;
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	constructed = 0;
-	break;
-    default:
-	abort ();
-    }
-    return constructed;
-}
-
-void
-generate_type_encode (const Symbol *s)
-{
-    fprintf (headerfile,
-	     "int    "
-	     "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "encode_%s(unsigned char *p, size_t len,"
-	     " const %s *data, size_t *size)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    switch (s->type->type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TUTCTime:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TNull:
-    case TBitString:
-    case TEnumerated:
-    case TOID:
-    case TSequence:
-    case TSequenceOf:
-    case TSet:
-    case TSetOf:
-    case TTag:
-    case TType:
-    case TChoice:
-	fprintf (codefile,
-		 "size_t ret = 0;\n"
-		 "size_t l;\n"
-		 "int i, e;\n\n");
-	fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
-    
-	encode_type("data", s->type, "Top");
-
-	fprintf (codefile, "*size = ret;\n"
-		 "return 0;\n");
-	break;
-    default:
-	abort ();
-    }
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_free.c b/crypto/heimdal/lib/asn1/gen_free.c
deleted file mode 100644
index d667c5d..0000000
--- a/crypto/heimdal/lib/asn1/gen_free.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $");
-
-static void
-free_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile, "der_free_%s(%s);\n", typename, name);
-}
-
-static void
-free_type (const char *name, const Type *t, int preserve)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	free_type (name, t->symbol->type, preserve);
-#endif
-	fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if (t->range == NULL && t->members == NULL) {
-	    free_primitive ("heim_integer", name);
-	    break;
-	}
-    case TBoolean:
-    case TEnumerated :
-    case TNull:
-    case TGeneralizedTime:
-    case TUTCTime:
-	break;
-    case TBitString:
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    free_primitive("bit_string", name);
-	break;
-    case TOctetString:
-	free_primitive ("octet_string", name);
-	break;
-    case TChoice:
-    case TSet:
-    case TSequence: {
-	Member *m, *have_ellipsis = NULL;
-
-	if (t->members == NULL)
-	    break;
-
-	if ((t->type == TSequence || t->type == TChoice) && preserve)
-	    fprintf(codefile, "der_free_octet_string(&data->_save);\n");
-
-	if(t->type == TChoice)
-	    fprintf(codefile, "switch((%s)->element) {\n", name);
-      
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    if (m->ellipsis){
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-	    asprintf (&s, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", name, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if(m->optional)
-		fprintf(codefile, "if(%s) {\n", s);
-	    free_type (s, m->type, FALSE);
-	    if(m->optional)
-		fprintf(codefile, 
-			"free(%s);\n"
-			"%s = NULL;\n"
-			"}\n",s, s);
-	    free (s);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	
-	if(t->type == TChoice) {
-	    if (have_ellipsis)
-		fprintf(codefile,
-			"case %s:\n"
-			"der_free_octet_string(&(%s)->u.%s);\n"
-			"break;",
-			have_ellipsis->label,
-			name, have_ellipsis->gen_name);
-	    fprintf(codefile, "}\n");
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-
-	fprintf (codefile, "while((%s)->len){\n", name);
-	asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	free_type(n, t->subtype, FALSE);
-	fprintf(codefile, 
-		"(%s)->len--;\n"
-		"}\n",
-		name);
-	fprintf(codefile,
-		"free((%s)->val);\n"
-		"(%s)->val = NULL;\n", name, name);
-	free(n);
-	break;
-    }
-    case TGeneralString:
-	free_primitive ("general_string", name);
-	break;
-    case TUTF8String:
-	free_primitive ("utf8string", name);
-	break;
-    case TPrintableString:
-	free_primitive ("printable_string", name);
-	break;
-    case TIA5String:
-	free_primitive ("ia5_string", name);
-	break;
-    case TBMPString:
-	free_primitive ("bmp_string", name);
-	break;
-    case TUniversalString:
-	free_primitive ("universal_string", name);
-	break;
-    case TVisibleString:
-	free_primitive ("visible_string", name);
-	break;
-    case TTag:
-	free_type (name, t->subtype, preserve);
-	break;
-    case TOID :
-	free_primitive ("oid", name);
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_free (const Symbol *s)
-{
-  int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-  fprintf (headerfile,
-	   "void   free_%s  (%s *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile, "void\n"
-	   "free_%s(%s *data)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name);
-
-  free_type ("data", s->type, preserve);
-  fprintf (codefile, "}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_glue.c b/crypto/heimdal/lib/asn1/gen_glue.c
deleted file mode 100644
index 8d8bd15..0000000
--- a/crypto/heimdal/lib/asn1/gen_glue.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $");
-
-static void
-generate_2int (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "unsigned %s2int(%s);\n",
-	     gen_name, gen_name);
-
-    fprintf (codefile,
-	     "unsigned %s2int(%s f)\n"
-	     "{\n"
-	     "unsigned r = 0;\n",
-	     gen_name, gen_name);
-
-    ASN1_TAILQ_FOREACH(m, t->members, members) {
-	fprintf (codefile, "if(f.%s) r |= (1U << %d);\n",
-		 m->gen_name, m->val);
-    }
-    fprintf (codefile, "return r;\n"
-	     "}\n\n");
-}
-
-static void
-generate_int2 (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "%s int2%s(unsigned);\n",
-	     gen_name, gen_name);
-
-    fprintf (codefile,
-	     "%s int2%s(unsigned n)\n"
-	     "{\n"
-	     "\t%s flags;\n\n",
-	     gen_name, gen_name, gen_name);
-
-    if(t->members) {
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n",
-		     m->gen_name, m->val);
-	}
-    }
-    fprintf (codefile, "\treturn flags;\n"
-	     "}\n\n");
-}
-
-/*
- * This depends on the bit string being declared in increasing order
- */
-
-static void
-generate_units (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "const struct units * asn1_%s_units(void);",
-	     gen_name);
-
-    fprintf (codefile,
-	     "static struct units %s_units[] = {\n",
-	     gen_name);
-
-    if(t->members) {
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    fprintf (codefile,
-		     "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val);
-	}
-    }
-
-    fprintf (codefile,
-	     "\t{NULL,\t0}\n"
-	     "};\n\n");
-
-    fprintf (codefile,
-	     "const struct units * asn1_%s_units(void){\n"
-	     "return %s_units;\n"
-	     "}\n\n",
-	     gen_name, gen_name);
-
-
-}
-
-void
-generate_glue (const Type *t, const char *gen_name)
-{
-    switch(t->type) {
-    case TTag:
-	generate_glue(t->subtype, gen_name);
-	break;
-    case TBitString :
-	if (!ASN1_TAILQ_EMPTY(t->members)) {
-	    generate_2int (t, gen_name);
-	    generate_int2 (t, gen_name);
-	    generate_units (t, gen_name);
-	}
-	break;
-    default :
-	break;
-    }
-}
diff --git a/crypto/heimdal/lib/asn1/gen_length.c b/crypto/heimdal/lib/asn1/gen_length.c
deleted file mode 100644
index 4cb5d45..0000000
--- a/crypto/heimdal/lib/asn1/gen_length.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
-
-static void
-length_primitive (const char *typename,
-		  const char *name,
-		  const char *variable)
-{
-    fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
-}
-
-static size_t
-length_tag(unsigned int tag)
-{
-    size_t len = 0;
-    
-    if(tag <= 30)
-	return 1;
-    while(tag) {
-	tag /= 128;
-	len++;
-    }
-    return len + 1;
-}
-
-
-static int
-length_type (const char *name, const Type *t, 
-	     const char *variable, const char *tmpstr)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	length_type (name, t->symbol->type);
-#endif
-	fprintf (codefile, "%s += length_%s(%s);\n",
-		 variable, t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint = *%s;\n", name);
-	    length_primitive ("integer", "&enumint", variable);
-	    fprintf(codefile, "}\n");
-	} else if (t->range == NULL) {
-	    length_primitive ("heim_integer", name, variable);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    length_primitive ("integer", name, variable);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    length_primitive ("unsigned", name, variable);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    length_primitive ("unsigned", name, variable);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-
-	break;
-    case TBoolean:
-	fprintf (codefile, "%s += 1;\n", variable);
-	break;
-    case TEnumerated :
-	length_primitive ("enumerated", name, variable);
-	break;
-    case TOctetString:
-	length_primitive ("octet_string", name, variable);
-	break;
-    case TBitString: {
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    length_primitive("bit_string", name, variable);
-	else {
-	    if (!rfc1510_bitstring) {
-		Member *m;
-		int pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
-
-		fprintf(codefile,
-			"do {\n");
-		ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-		    while (m->val / 8 < pos / 8) {
-			pos -= 8;
-		    }
-		    fprintf (codefile,
-			     "if((%s)->%s) { %s += %d; break; }\n",
-			     name, m->gen_name, variable, (pos + 8) / 8);
-		}
-		fprintf(codefile,
-			"} while(0);\n");
-		fprintf (codefile, "%s += 1;\n", variable);
-	    } else {
-		fprintf (codefile, "%s += 5;\n", variable);
-	    }
-	}
-	break;
-    }
-    case TSet:
-    case TSequence:
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-
-	if (t->members == NULL)
-	    break;
-      
-	if(t->type == TChoice)
-	    fprintf (codefile, "switch((%s)->element) {\n", name);
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-	    
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-
-	    asprintf (&s, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", name, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if (m->optional)
-		fprintf (codefile, "if(%s)", s);
-	    else if(m->defval)
-		gen_compare_defval(s + 1, m->defval);
-	    fprintf (codefile, "{\n"
-		     "size_t %s_oldret = %s;\n"
-		     "%s = 0;\n", tmpstr, variable, variable);
-	    length_type (s, m->type, "ret", m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    fprintf (codefile, "}\n");
-	    free (s);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	if(t->type == TChoice) {
-	    if (have_ellipsis)
-		fprintf(codefile,
-			"case %s:\n"
-			"ret += (%s)->u.%s.length;\n"
-			"break;\n",
-			have_ellipsis->label,
-			name,
-			have_ellipsis->gen_name);
-	    fprintf (codefile, "}\n"); /* switch */
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "{\n"
-		 "int %s_oldret = %s;\n"
-		 "int i;\n"
-		 "%s = 0;\n",
-		 tmpstr, variable, variable);
-
-	fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name);
-	fprintf (codefile, "int %s_for_oldret = %s;\n"
-		 "%s = 0;\n", tmpstr, variable, variable);
-	asprintf (&n, "&(%s)->val[i]", name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_S_Of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	length_type(n, t->subtype, variable, sname);
-	fprintf (codefile, "%s += %s_for_oldret;\n",
-		 variable, tmpstr);
-	fprintf (codefile, "}\n");
-
-	fprintf (codefile,
-		 "%s += %s_oldret;\n"
-		 "}\n", variable, tmpstr);
-	free(n);
-	free(sname);
-	break;
-    }
-    case TGeneralizedTime:
-	length_primitive ("generalized_time", name, variable);
-	break;
-    case TGeneralString:
-	length_primitive ("general_string", name, variable);
-	break;
-    case TUTCTime:
-	length_primitive ("utctime", name, variable);
-	break;
-    case TUTF8String:
-	length_primitive ("utf8string", name, variable);
-	break;
-    case TPrintableString:
-	length_primitive ("printable_string", name, variable);
-	break;
-    case TIA5String:
-	length_primitive ("ia5_string", name, variable);
-	break;
-    case TBMPString:
-	length_primitive ("bmp_string", name, variable);
-	break;
-    case TUniversalString:
-	length_primitive ("universal_string", name, variable);
-	break;
-    case TVisibleString:
-	length_primitive ("visible_string", name, variable);
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	break;
-    case TTag:{
-    	char *tname;
-	asprintf(&tname, "%s_tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");
-	length_type (name, t->subtype, variable, tname);
-	fprintf (codefile, "ret += %lu + der_length_len (ret);\n", 
-		 (unsigned long)length_tag(t->tag.tagvalue));
-	free(tname);
-	break;
-    }
-    case TOID:
-	length_primitive ("oid", name, variable);
-	break;
-    default :
-	abort ();
-    }
-    return 0;
-}
-
-void
-generate_type_length (const Symbol *s)
-{
-    fprintf (headerfile,
-	     "size_t length_%s(const %s *);\n",
-	     s->gen_name, s->gen_name);
-    
-    fprintf (codefile,
-	     "size_t\n"
-	     "length_%s(const %s *data)\n"
-	     "{\n"
-	     "size_t ret = 0;\n",
-	     s->gen_name, s->gen_name);
-    
-    length_type ("data", s->type, "ret", "Top");
-    fprintf (codefile, "return ret;\n}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_locl.h b/crypto/heimdal/lib/asn1/gen_locl.h
deleted file mode 100644
index 8cd4dba..0000000
--- a/crypto/heimdal/lib/asn1/gen_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */
-
-#ifndef __GEN_LOCL_H__
-#define __GEN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <err.h>
-#include <roken.h>
-#include "hash.h"
-#include "symbol.h"
-#include "asn1-common.h"
-#include "der.h"
-
-void generate_type (const Symbol *);
-void generate_constant (const Symbol *);
-void generate_type_encode (const Symbol *);
-void generate_type_decode (const Symbol *);
-void generate_type_free (const Symbol *);
-void generate_type_length (const Symbol *);
-void generate_type_copy (const Symbol *);
-void generate_type_seq (const Symbol *);
-void generate_glue (const Type *, const char*);
-
-const char *classname(Der_class);
-const char *valuename(Der_class, int);
-
-void gen_compare_defval(const char *, struct value *);
-void gen_assign_defval(const char *, struct value *);
-
-
-void init_generate (const char *, const char *);
-const char *get_filename (void);
-void close_generate(void);
-void add_import(const char *);
-int yyparse(void);
-
-int preserve_type(const char *);
-int seq_type(const char *);
-
-extern FILE *headerfile, *codefile, *logfile;
-extern int dce_fix;
-extern int rfc1510_bitstring;
-
-extern int error_flag;
-
-#endif /* __GEN_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/gen_seq.c b/crypto/heimdal/lib/asn1/gen_seq.c
deleted file mode 100644
index 5477675..0000000
--- a/crypto/heimdal/lib/asn1/gen_seq.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $");
-
-void
-generate_type_seq (const Symbol *s)
-{
-    char *subname;
-    Type *type;
-
-    if (!seq_type(s->name))
-	return;
-    type = s->type;
-    while(type->type == TTag)
-	type = type->subtype;
-
-    if (type->type != TSequenceOf) {
-	printf("%s not seq of %d\n", s->name, (int)type->type);
-	return;
-    }
-
-    /*
-     * Require the subtype to be a type so we can name it and use
-     * copy_/free_
-     */
-    
-    if (type->subtype->type != TType) {
-	fprintf(stderr, "%s subtype is not a type, can't generate "
-	       "sequence code for this case: %d\n",
-		s->name, (int)type->subtype->type);
-	exit(1);
-    }
-
-    subname = type->subtype->symbol->gen_name;
-
-    fprintf (headerfile,
-	     "int   add_%s  (%s *, const %s *);\n"
-	     "int   remove_%s  (%s *, unsigned int);\n",
-	     s->gen_name, s->gen_name, subname,
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "add_%s(%s *data, const %s *element)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name, subname);
-
-    fprintf (codefile, 
-	     "int ret;\n"
-	     "void *ptr;\n"
-	     "\n"
-	     "ptr = realloc(data->val, \n"
-	     "\t(data->len + 1) * sizeof(data->val[0]));\n"
-	     "if (ptr == NULL) return ENOMEM;\n"
-	     "data->val = ptr;\n\n"
-	     "ret = copy_%s(element, &data->val[data->len]);\n"
-	     "if (ret) return ret;\n"
-	     "data->len++;\n"
-	     "return 0;\n",
-	     subname);
-
-    fprintf (codefile, "}\n\n");
-    
-    fprintf (codefile, "int\n"
-	     "remove_%s(%s *data, unsigned int element)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, 
-	     "void *ptr;\n"
-	     "\n"
-	     "if (data->len == 0 || element >= data->len)\n"
-	     "\treturn ASN1_OVERRUN;\n"
-	     "free_%s(&data->val[element]);\n"
-	     "data->len--;\n"
-	     /* don't move if its the last element */
-	     "if (element < data->len)\n"
-	     "\tmemmove(&data->val[element], &data->val[element + 1], \n"
-	     "\t\tsizeof(data->val[0]) * data->len);\n"
-	     /* resize but don't care about failures since it doesn't matter */
-	     "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n"
-	     "if (ptr != NULL || data->len == 0) data->val = ptr;\n"
-	     "return 0;\n",
-	     subname);
-
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/hash.c b/crypto/heimdal/lib/asn1/hash.c
deleted file mode 100644
index eeb6b6d..0000000
--- a/crypto/heimdal/lib/asn1/hash.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * Hash table functions
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $");
-
-static Hashentry *_search(Hashtab * htab,	/* The hash table */
-			  void *ptr);	/* And key */
-
-Hashtab *
-hashtabnew(int sz,
-	   int (*cmp) (void *, void *),
-	   unsigned (*hash) (void *))
-{
-    Hashtab *htab;
-    int i;
-
-    assert(sz > 0);
-
-    htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
-    if (htab == NULL)
-	return NULL;
-
-    for (i = 0; i < sz; ++i)
-	htab->tab[i] = NULL;
-
-    htab->cmp = cmp;
-    htab->hash = hash;
-    htab->sz = sz;
-    return htab;
-}
-
-/* Intern search function */
-
-static Hashentry *
-_search(Hashtab * htab, void *ptr)
-{
-    Hashentry *hptr;
-
-    assert(htab && ptr);
-
-    for (hptr = htab->tab[(*htab->hash) (ptr) % htab->sz];
-	 hptr;
-	 hptr = hptr->next)
-	if ((*htab->cmp) (ptr, hptr->ptr) == 0)
-	    break;
-    return hptr;
-}
-
-/* Search for element in hash table */
-
-void *
-hashtabsearch(Hashtab * htab, void *ptr)
-{
-    Hashentry *tmp;
-
-    tmp = _search(htab, ptr);
-    return tmp ? tmp->ptr : tmp;
-}
-
-/* add element to hash table */
-/* if already there, set new value */
-/* !NULL if succesful */
-
-void *
-hashtabadd(Hashtab * htab, void *ptr)
-{
-    Hashentry *h = _search(htab, ptr);
-    Hashentry **tabptr;
-
-    assert(htab && ptr);
-
-    if (h)
-	free((void *) h->ptr);
-    else {
-	h = (Hashentry *) malloc(sizeof(Hashentry));
-	if (h == NULL) {
-	    return NULL;
-	}
-	tabptr = &htab->tab[(*htab->hash) (ptr) % htab->sz];
-	h->next = *tabptr;
-	*tabptr = h;
-	h->prev = tabptr;
-	if (h->next)
-	    h->next->prev = &h->next;
-    }
-    h->ptr = ptr;
-    return h;
-}
-
-/* delete element with key key. Iff freep, free Hashentry->ptr */
-
-int
-_hashtabdel(Hashtab * htab, void *ptr, int freep)
-{
-    Hashentry *h;
-
-    assert(htab && ptr);
-
-    h = _search(htab, ptr);
-    if (h) {
-	if (freep)
-	    free(h->ptr);
-	if ((*(h->prev) = h->next))
-	    h->next->prev = h->prev;
-	free(h);
-	return 0;
-    } else
-	return -1;
-}
-
-/* Do something for each element */
-
-void
-hashtabforeach(Hashtab * htab, int (*func) (void *ptr, void *arg),
-	       void *arg)
-{
-    Hashentry **h, *g;
-
-    assert(htab);
-
-    for (h = htab->tab; h < &htab->tab[htab->sz]; ++h)
-	for (g = *h; g; g = g->next)
-	    if ((*func) (g->ptr, arg))
-		return;
-}
-
-/* standard hash-functions for strings */
-
-unsigned
-hashadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += *s;
-    return i;
-}
-
-unsigned
-hashcaseadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += toupper((unsigned char)*s);
-    return i;
-}
-
-#define TWELVE (sizeof(unsigned))
-#define SEVENTYFIVE (6*sizeof(unsigned))
-#define HIGH_BITS (~((unsigned)(~0) >> TWELVE))
-
-unsigned
-hashjpw(const char *ss)
-{				/* another hash function */
-    unsigned h = 0;
-    unsigned g;
-    const unsigned char *s = (const unsigned char *)ss;
-
-    for (; *s; ++s) {
-	h = (h << TWELVE) + *s;
-	if ((g = h & HIGH_BITS))
-	    h = (h ^ (g >> SEVENTYFIVE)) & ~HIGH_BITS;
-    }
-    return h;
-}
diff --git a/crypto/heimdal/lib/asn1/hash.h b/crypto/heimdal/lib/asn1/hash.h
deleted file mode 100644
index 10d8ce9..0000000
--- a/crypto/heimdal/lib/asn1/hash.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * hash.h. Header file for hash table functions
- */
-
-/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */
-
-struct hashentry {		/* Entry in bucket */
-     struct hashentry **prev;
-     struct hashentry *next;
-     void *ptr;
-};
-
-typedef struct hashentry Hashentry;
-
-struct hashtab {		/* Hash table */
-     int (*cmp)(void *, void *); /* Compare function */
-     unsigned (*hash)(void *);	/* hash function */
-     int sz;			/* Size */
-     Hashentry *tab[1];		/* The table */
-};
-
-typedef struct hashtab Hashtab;
-
-/* prototypes */
-
-Hashtab *hashtabnew(int sz, 
-		    int (*cmp)(void *, void *),
-		    unsigned (*hash)(void *));	/* Make new hash table */
-
-void *hashtabsearch(Hashtab *htab, /* The hash table */
-		    void *ptr);	/*  The key */
-
-
-void *hashtabadd(Hashtab *htab,	/* The hash table */
-	       void *ptr);	/* The element */
-
-int _hashtabdel(Hashtab *htab,	/* The table */
-		void *ptr,	/* Key */
-		int freep);	/* Free data part? */
-
-void hashtabforeach(Hashtab *htab,
-		    int (*func)(void *ptr, void *arg),
-		    void *arg);
-
-unsigned hashadd(const char *s);		/* Standard hash function */
-unsigned hashcaseadd(const char *s);		/* Standard hash function */
-unsigned hashjpw(const char *s);		/* another hash function */
-
-/* macros */
-
- /* Don't free space */
-#define hashtabdel(htab,key)  _hashtabdel(htab,key,FALSE)
-
-#define hashtabfree(htab,key) _hashtabdel(htab,key,TRUE) /* Do! */
diff --git a/crypto/heimdal/lib/asn1/heim_asn1.h b/crypto/heimdal/lib/asn1/heim_asn1.h
deleted file mode 100644
index afee6f4..0000000
--- a/crypto/heimdal/lib/asn1/heim_asn1.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __HEIM_ANY_H__
-#define __HEIM_ANY_H__ 1
-
-int	encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *);
-int	decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *);
-void	free_heim_any(heim_any *);
-size_t	length_heim_any(const heim_any *);
-int	copy_heim_any(const heim_any *, heim_any *);
-
-int	encode_heim_any_set(unsigned char *, size_t,
-			    const heim_any_set *, size_t *);
-int	decode_heim_any_set(const unsigned char *, size_t,
-			    heim_any_set *,size_t *);
-void	free_heim_any_set(heim_any_set *);
-size_t	length_heim_any_set(const heim_any_set *);
-int	copy_heim_any_set(const heim_any_set *, heim_any_set *);
-int	heim_any_cmp(const heim_any_set *, const heim_any_set *);
-
-#endif /* __HEIM_ANY_H__ */
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
deleted file mode 100644
index 18f1e15..0000000
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ /dev/null
@@ -1,659 +0,0 @@
--- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $
-
-KERBEROS5 DEFINITIONS ::=
-BEGIN
-
-NAME-TYPE ::= INTEGER {
-	KRB5_NT_UNKNOWN(0),	-- Name type not known
-	KRB5_NT_PRINCIPAL(1),	-- Just the name of the principal as in
-	KRB5_NT_SRV_INST(2),	-- Service and other unique instance (krbtgt)
-	KRB5_NT_SRV_HST(3),	-- Service with host name as instance
-	KRB5_NT_SRV_XHST(4),	-- Service with host as remaining components
-	KRB5_NT_UID(5),		-- Unique ID
-	KRB5_NT_X500_PRINCIPAL(6), -- PKINIT
-	KRB5_NT_SMTP_NAME(7),	-- Name in form of SMTP email name
-	KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN
-	KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID
-	KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name
-	KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID
-}
-
--- message types
-
-MESSAGE-TYPE ::= INTEGER {
-	krb-as-req(10), -- Request for initial authentication
-	krb-as-rep(11), -- Response to KRB_AS_REQ request
-	krb-tgs-req(12), -- Request for authentication based on TGT
-	krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
-	krb-ap-req(14), -- application request to server
-	krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
-	krb-safe(20), -- Safe (checksummed) application message
-	krb-priv(21), -- Private (encrypted) application message
-	krb-cred(22), -- Private (encrypted) message to forward credentials
-	krb-error(30) -- Error response
-}
-
-
--- pa-data types
-
-PADATA-TYPE ::= INTEGER {
-	KRB5-PADATA-NONE(0),
-	KRB5-PADATA-TGS-REQ(1),
-	KRB5-PADATA-AP-REQ(1),
-	KRB5-PADATA-ENC-TIMESTAMP(2),
-	KRB5-PADATA-PW-SALT(3),
-	KRB5-PADATA-ENC-UNIX-TIME(5),
-	KRB5-PADATA-SANDIA-SECUREID(6),
-	KRB5-PADATA-SESAME(7),
-	KRB5-PADATA-OSF-DCE(8),
-	KRB5-PADATA-CYBERSAFE-SECUREID(9),
-	KRB5-PADATA-AFS3-SALT(10),
-	KRB5-PADATA-ETYPE-INFO(11),
-	KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
-	KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
-	KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
-	KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
-	KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
-	KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
-	KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
-	KRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
-	KRB5-PADATA-ETYPE-INFO2(19),
-	KRB5-PADATA-USE-SPECIFIED-KVNO(20),
-	KRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
-	KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
-	KRB5-PADATA-GET-FROM-TYPED-DATA(22),
-	KRB5-PADATA-SAM-ETYPE-INFO(23),
-	KRB5-PADATA-SERVER-REFERRAL(25),
-	KRB5-PADATA-TD-KRB-PRINCIPAL(102),	-- PrincipalName
-	KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
-	KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
-	KRB5-PADATA-TD-APP-DEFINED-ERROR(106),	-- application specific
-	KRB5-PADATA-TD-REQ-NONCE(107),		-- INTEGER
-	KRB5-PADATA-TD-REQ-SEQ(108),		-- INTEGER
-	KRB5-PADATA-PA-PAC-REQUEST(128),	-- jbrezak@exchange.microsoft.com
-	KRB5-PADATA-S4U2SELF(129),
-	KRB5-PADATA-PK-AS-09-BINDING(132),	-- client send this to 
-						-- tell KDC that is supports 
-						-- the asCheckSum in the
-						--  PK-AS-REP
-	KRB5-PADATA-CLIENT-CANONICALIZED(133)	-- 
-}
-
-AUTHDATA-TYPE ::= INTEGER {
-	KRB5-AUTHDATA-IF-RELEVANT(1),
-	KRB5-AUTHDATA-INTENDED-FOR_SERVER(2),
-	KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
-	KRB5-AUTHDATA-KDC-ISSUED(4),
-	KRB5-AUTHDATA-AND-OR(5),
-	KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
-	KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
-	KRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
-	KRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
-	KRB5-AUTHDATA-OSF-DCE(64),
-	KRB5-AUTHDATA-SESAME(65),
-	KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
-	KRB5-AUTHDATA-WIN2K-PAC(128),
-	KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
-	KRB5-AUTHDATA-SIGNTICKET(-17)
-}
-
--- checksumtypes
-
-CKSUMTYPE ::= INTEGER {
-	CKSUMTYPE_NONE(0),
-	CKSUMTYPE_CRC32(1),
-	CKSUMTYPE_RSA_MD4(2),
-	CKSUMTYPE_RSA_MD4_DES(3),
-	CKSUMTYPE_DES_MAC(4),
-	CKSUMTYPE_DES_MAC_K(5),
-	CKSUMTYPE_RSA_MD4_DES_K(6),
-	CKSUMTYPE_RSA_MD5(7),
-	CKSUMTYPE_RSA_MD5_DES(8),
-	CKSUMTYPE_RSA_MD5_DES3(9),
-	CKSUMTYPE_SHA1_OTHER(10),
-	CKSUMTYPE_HMAC_SHA1_DES3(12),
-	CKSUMTYPE_SHA1(14),
-	CKSUMTYPE_HMAC_SHA1_96_AES_128(15),
-	CKSUMTYPE_HMAC_SHA1_96_AES_256(16),
-	CKSUMTYPE_GSSAPI(0x8003),
-	CKSUMTYPE_HMAC_MD5(-138),	-- unofficial microsoft number
-	CKSUMTYPE_HMAC_MD5_ENC(-1138)	-- even more unofficial
-}
-
---enctypes
-ENCTYPE ::= INTEGER {
-	ETYPE_NULL(0),
-	ETYPE_DES_CBC_CRC(1),
-	ETYPE_DES_CBC_MD4(2),
-	ETYPE_DES_CBC_MD5(3),
-	ETYPE_DES3_CBC_MD5(5),
-	ETYPE_OLD_DES3_CBC_SHA1(7),
-	ETYPE_SIGN_DSA_GENERATE(8),
-	ETYPE_ENCRYPT_RSA_PRIV(9),
-	ETYPE_ENCRYPT_RSA_PUB(10),
-	ETYPE_DES3_CBC_SHA1(16),	-- with key derivation
-	ETYPE_AES128_CTS_HMAC_SHA1_96(17),
-	ETYPE_AES256_CTS_HMAC_SHA1_96(18),
-	ETYPE_ARCFOUR_HMAC_MD5(23),
-	ETYPE_ARCFOUR_HMAC_MD5_56(24),
-	ETYPE_ENCTYPE_PK_CROSS(48),
--- some "old" windows types
-	ETYPE_ARCFOUR_MD4(-128),
-	ETYPE_ARCFOUR_HMAC_OLD(-133),
-	ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
--- these are for Heimdal internal use
-	ETYPE_DES_CBC_NONE(-0x1000),
-	ETYPE_DES3_CBC_NONE(-0x1001),
-	ETYPE_DES_CFB64_NONE(-0x1002),
-	ETYPE_DES_PCBC_NONE(-0x1003),
-	ETYPE_DIGEST_MD5_NONE(-0x1004),		-- private use, lukeh@padl.com
-	ETYPE_CRAM_MD5_NONE(-0x1005)		-- private use, lukeh@padl.com
-}
-
-
-
-
--- this is sugar to make something ASN1 does not have: unsigned
-
-krb5uint32 ::= INTEGER (0..4294967295)
-krb5int32 ::= INTEGER (-2147483648..2147483647)
-
-KerberosString  ::= GeneralString
-
-Realm ::= GeneralString
-PrincipalName ::= SEQUENCE {
-	name-type[0]		NAME-TYPE,
-	name-string[1]		SEQUENCE OF GeneralString
-}
-
--- this is not part of RFC1510
-Principal ::= SEQUENCE {
-	name[0]			PrincipalName,
-	realm[1]		Realm
-}
-
-HostAddress ::= SEQUENCE  {
-	addr-type[0]		krb5int32,
-	address[1]		OCTET STRING
-}
-
--- This is from RFC1510.
---
--- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- 	addr-type[0]		krb5int32,
---	address[1]		OCTET STRING
--- }
-
--- This seems much better.
-HostAddresses ::= SEQUENCE OF HostAddress
-
-
-KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
-
-AuthorizationDataElement ::= SEQUENCE {
-	ad-type[0]		krb5int32,
-	ad-data[1]		OCTET STRING
-}
-
-AuthorizationData ::= SEQUENCE OF AuthorizationDataElement
-
-APOptions ::= BIT STRING {
-	reserved(0),
-	use-session-key(1),
-	mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	may-postdate(5),
-	postdated(6),
-	invalid(7),
-	renewable(8),
-	initial(9),
-	pre-authent(10),
-	hw-authent(11),
-	transited-policy-checked(12),
-	ok-as-delegate(13),
-	anonymous(14)
-}
-
-KDCOptions ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	allow-postdate(5),
-	postdated(6),
-	unused7(7),
-	renewable(8),
-	unused9(9),
-	unused10(10),
-	unused11(11),
-	request-anonymous(14),
-	canonicalize(15),
-	constrained-delegation(16), -- ms extension
-	disable-transited-check(26),
-	renewable-ok(27),
-	enc-tkt-in-skey(28),
-	renew(30),
-	validate(31)
-}
-
-LR-TYPE ::= INTEGER {
-	LR_NONE(0),		-- no information
-	LR_INITIAL_TGT(1),	-- last initial TGT request
-	LR_INITIAL(2),		-- last initial request
-	LR_ISSUE_USE_TGT(3),	-- time of newest TGT used
-	LR_RENEWAL(4),		-- time of last renewal
-	LR_REQUEST(5),		-- time of last request (of any type)
-	LR_PW_EXPTIME(6),	-- expiration time of password
-	LR_ACCT_EXPTIME(7)	-- expiration time of account
-}
-
-LastReq ::= SEQUENCE OF SEQUENCE {
-	lr-type[0]		LR-TYPE,
-	lr-value[1]		KerberosTime
-}
-
-
-EncryptedData ::= SEQUENCE {
-	etype[0] 		ENCTYPE, -- EncryptionType
-	kvno[1]			krb5int32 OPTIONAL,
-	cipher[2]		OCTET STRING -- ciphertext
-}
-
-EncryptionKey ::= SEQUENCE {
-	keytype[0]		krb5int32,
-	keyvalue[1]		OCTET STRING
-}
-
--- encoded Transited field
-TransitedEncoding ::= SEQUENCE {
-	tr-type[0]		krb5int32, -- must be registered
-	contents[1]		OCTET STRING
-}
-
-Ticket ::= [APPLICATION 1] SEQUENCE {
-	tkt-vno[0]		krb5int32,
-	realm[1]		Realm,
-	sname[2]		PrincipalName,
-	enc-part[3]		EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-	flags[0]		TicketFlags,
-	key[1]			EncryptionKey,
-	crealm[2]		Realm,
-	cname[3]		PrincipalName,
-	transited[4]		TransitedEncoding,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	caddr[9]		HostAddresses OPTIONAL,
-	authorization-data[10]	AuthorizationData OPTIONAL
-}
-
-Checksum ::= SEQUENCE {
-	cksumtype[0]		CKSUMTYPE,
-	checksum[1]		OCTET STRING
-}
-
-Authenticator ::= [APPLICATION 2] SEQUENCE    {
-	authenticator-vno[0]	krb5int32,
-	crealm[1]		Realm,
-	cname[2]		PrincipalName,
-	cksum[3]		Checksum OPTIONAL,
-	cusec[4]		krb5int32,
-	ctime[5]		KerberosTime,
-	subkey[6]		EncryptionKey OPTIONAL,
-	seq-number[7]		krb5uint32 OPTIONAL,
-	authorization-data[8]	AuthorizationData OPTIONAL
-}
-
-PA-DATA ::= SEQUENCE {
-	-- might be encoded AP-REQ
-	padata-type[1]		PADATA-TYPE,
-	padata-value[2]		OCTET STRING
-}
-
-ETYPE-INFO-ENTRY ::= SEQUENCE {
-	etype[0]		ENCTYPE,
-	salt[1]			OCTET STRING OPTIONAL,
-	salttype[2]		krb5int32 OPTIONAL
-}
-
-ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
-
-ETYPE-INFO2-ENTRY ::= SEQUENCE {
-	etype[0]		ENCTYPE,
-	salt[1]			KerberosString OPTIONAL,
-	s2kparams[2]		OCTET STRING OPTIONAL
-}
-
-ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
-
-METHOD-DATA ::= SEQUENCE OF PA-DATA
-
-TypedData ::=   SEQUENCE {
-	data-type[0]		krb5int32,
-	data-value[1]		OCTET STRING OPTIONAL
-}
-
-TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
-
-KDC-REQ-BODY ::= SEQUENCE {
-	kdc-options[0]		KDCOptions,
-	cname[1]		PrincipalName OPTIONAL, -- Used only in AS-REQ
-	realm[2]		Realm,	-- Server's realm
-					-- Also client's in AS-REQ
-	sname[3]		PrincipalName OPTIONAL,
-	from[4]			KerberosTime OPTIONAL,
-	till[5]			KerberosTime OPTIONAL,
-	rtime[6]		KerberosTime OPTIONAL,
-	nonce[7]		krb5int32,
-	etype[8]		SEQUENCE OF ENCTYPE, -- EncryptionType,
-					-- in preference order
-	addresses[9]		HostAddresses OPTIONAL,
-	enc-authorization-data[10] EncryptedData OPTIONAL,
-					-- Encrypted AuthorizationData encoding
-	additional-tickets[11]	SEQUENCE OF Ticket OPTIONAL
-}
-
-KDC-REQ ::= SEQUENCE {
-	pvno[1]			krb5int32,
-	msg-type[2]		MESSAGE-TYPE,
-	padata[3]		METHOD-DATA OPTIONAL,
-	req-body[4]		KDC-REQ-BODY
-}
-
-AS-REQ ::= [APPLICATION 10] KDC-REQ
-TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
--- padata-type ::= PA-ENC-TIMESTAMP
--- padata-value ::= EncryptedData - PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC ::= SEQUENCE {
-	patimestamp[0]		KerberosTime, -- client's time
-	pausec[1]		krb5int32 OPTIONAL
-}
-
--- draft-brezak-win2k-krb-authz-01
-PA-PAC-REQUEST ::= SEQUENCE {
-	include-pac[0]		BOOLEAN -- Indicates whether a PAC 
-					-- should be included or not
-}
-
--- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf
-PROV-SRV-LOCATION ::= GeneralString
-
-KDC-REP ::= SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	padata[2]		METHOD-DATA OPTIONAL,
-	crealm[3]		Realm,
-	cname[4]		PrincipalName,
-	ticket[5]		Ticket,
-	enc-part[6]		EncryptedData
-}
-
-AS-REP ::= [APPLICATION 11] KDC-REP
-TGS-REP ::= [APPLICATION 13] KDC-REP
-
-EncKDCRepPart ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	last-req[1]		LastReq,
-	nonce[2]		krb5int32,
-	key-expiration[3]	KerberosTime OPTIONAL,
-	flags[4]		TicketFlags,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	srealm[9]		Realm,
-	sname[10]		PrincipalName,
-	caddr[11]		HostAddresses OPTIONAL,
-	encrypted-pa-data[12]	METHOD-DATA OPTIONAL
-}
-
-EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
-EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
-
-AP-REQ ::= [APPLICATION 14] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	ap-options[2]		APOptions,
-	ticket[3]		Ticket,
-	authenticator[4]	EncryptedData
-}
-
-AP-REP ::= [APPLICATION 15] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[2]		EncryptedData
-}
-
-EncAPRepPart ::= [APPLICATION 27]     SEQUENCE {
-	ctime[0]		KerberosTime,
-	cusec[1]		krb5int32,
-	subkey[2]		EncryptionKey OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL
-}
-
-KRB-SAFE-BODY ::= SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			krb5int32 OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	safe-body[2]		KRB-SAFE-BODY,
-	cksum[3]		Checksum
-}
-
-KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[3]		EncryptedData
-}
-EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			krb5int32 OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL, -- sender's addr
-	r-address[5]		HostAddress OPTIONAL  -- recip's addr
-}
-
-KRB-CRED ::= [APPLICATION 22]   SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE, -- KRB_CRED
-	tickets[2]		SEQUENCE OF Ticket,
-	enc-part[3]		EncryptedData
-}
-
-KrbCredInfo ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	prealm[1]		Realm OPTIONAL,
-	pname[2]		PrincipalName OPTIONAL,
-	flags[3]		TicketFlags OPTIONAL,
-	authtime[4]		KerberosTime OPTIONAL,
-	starttime[5]		KerberosTime OPTIONAL,
-	endtime[6] 		KerberosTime OPTIONAL,
-	renew-till[7]		KerberosTime OPTIONAL,
-	srealm[8]		Realm OPTIONAL,
-	sname[9]		PrincipalName OPTIONAL,
-	caddr[10]		HostAddresses OPTIONAL
-}
-
-EncKrbCredPart ::= [APPLICATION 29]   SEQUENCE {
-	ticket-info[0]		SEQUENCE OF KrbCredInfo,
-	nonce[1]		krb5int32 OPTIONAL,
-	timestamp[2]		KerberosTime OPTIONAL,
-	usec[3]			krb5int32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	ctime[2]		KerberosTime OPTIONAL,
-	cusec[3]		krb5int32 OPTIONAL,
-	stime[4]		KerberosTime,
-	susec[5]		krb5int32,
-	error-code[6]		krb5int32,
-	crealm[7]		Realm OPTIONAL,
-	cname[8]		PrincipalName OPTIONAL,
-	realm[9]		Realm, -- Correct realm
-	sname[10]		PrincipalName, -- Correct name
-	e-text[11]		GeneralString OPTIONAL,
-	e-data[12]		OCTET STRING OPTIONAL
-}
-
-ChangePasswdDataMS ::= SEQUENCE {
-	newpasswd[0]		OCTET STRING,
-	targname[1]		PrincipalName OPTIONAL,
-	targrealm[2]		Realm OPTIONAL
-}
-
-EtypeList ::= SEQUENCE OF krb5int32
-	-- the client's proposed enctype list in
-	-- decreasing preference order, favorite choice first
-
-krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number
-
--- transited encodings
-
-DOMAIN-X500-COMPRESS	krb5int32 ::= 1
-
--- authorization data primitives
-
-AD-IF-RELEVANT ::= AuthorizationData
-
-AD-KDCIssued ::= SEQUENCE {
-	ad-checksum[0]		Checksum,
-	i-realm[1]		Realm OPTIONAL,
-	i-sname[2]		PrincipalName OPTIONAL,
-	elements[3]		AuthorizationData
-}
-
-AD-AND-OR ::= SEQUENCE {
-	condition-count[0]	INTEGER,
-	elements[1]		AuthorizationData
-}
-
-AD-MANDATORY-FOR-KDC ::= AuthorizationData
-
--- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2
-
-PA-SAM-TYPE ::= INTEGER {
-	PA_SAM_TYPE_ENIGMA(1),		-- Enigma Logic
-	PA_SAM_TYPE_DIGI_PATH(2),	-- Digital Pathways
-	PA_SAM_TYPE_SKEY_K0(3),		-- S/key where  KDC has key 0
-	PA_SAM_TYPE_SKEY(4),		-- Traditional S/Key
-	PA_SAM_TYPE_SECURID(5),		-- Security Dynamics
-	PA_SAM_TYPE_CRYPTOCARD(6)	-- CRYPTOCard
-}
-
-PA-SAM-REDIRECT ::= HostAddresses
-
-SAMFlags ::= BIT STRING {
-	use-sad-as-key(0),
-	send-encrypted-sad(1),
-	must-pk-encrypt-sad(2)
-}
-
-PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
-	sam-type[0]		krb5int32,
-	sam-flags[1]		SAMFlags,
-	sam-type-name[2]	GeneralString OPTIONAL,
-	sam-track-id[3]		GeneralString OPTIONAL,
-	sam-challenge-label[4]	GeneralString OPTIONAL,
-	sam-challenge[5]	GeneralString OPTIONAL,
-	sam-response-prompt[6]	GeneralString OPTIONAL,
-	sam-pk-for-sad[7]	EncryptionKey OPTIONAL,
-	sam-nonce[8]		krb5int32,
-	sam-etype[9]		krb5int32,
-	...
-}
-
-PA-SAM-CHALLENGE-2 ::= SEQUENCE {
-	sam-body[0]		PA-SAM-CHALLENGE-2-BODY,
-	sam-cksum[1]		SEQUENCE OF Checksum, -- (1..MAX)
-	...
-}
-
-PA-SAM-RESPONSE-2 ::= SEQUENCE {
-	sam-type[0]		krb5int32,
-	sam-flags[1]		SAMFlags,
-	sam-track-id[2]		GeneralString OPTIONAL,
-	sam-enc-nonce-or-sad[3]	EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC
-	sam-nonce[4]		krb5int32,
-	...
-}
-
-PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
-	sam-nonce[0]		krb5int32,
-	sam-sad[1]		GeneralString OPTIONAL,
-	...
-}
-
-PA-S4U2Self ::= SEQUENCE {
-	name[0]		PrincipalName,
-        realm[1]	Realm,
-        cksum[2]	Checksum,
-        auth[3]		GeneralString
-}
-
-KRB5SignedPathPrincipals ::= SEQUENCE OF Principal
-
--- never encoded on the wire, just used to checksum over
-KRB5SignedPathData ::= SEQUENCE {
-	encticket[0]	EncTicketPart,
-	delegated[1]	KRB5SignedPathPrincipals OPTIONAL
-}
-
-KRB5SignedPath ::= SEQUENCE {
-	-- DERcoded KRB5SignedPathData
-	-- krbtgt key (etype), KeyUsage = XXX 
-	etype[0]	ENCTYPE,
-	cksum[1]	Checksum,
-	-- srvs delegated though
-	delegated[2]	KRB5SignedPathPrincipals OPTIONAL
-}
-
-PA-ClientCanonicalizedNames ::= SEQUENCE{
-	requested-name [0] PrincipalName,
-	real-name      [1] PrincipalName
-}
-
-PA-ClientCanonicalized ::= SEQUENCE {
-	names          [0] PA-ClientCanonicalizedNames,
-	canon-checksum [1] Checksum
-}
-
-AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD --
-	login-alias  [0] PrincipalName,
-	checksum     [1] Checksum
-}
-
--- old ms referral
-PA-SvrReferralData ::= SEQUENCE {
-	referred-name   [1] PrincipalName OPTIONAL,
-	referred-realm  [0] Realm
-}
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
diff --git a/crypto/heimdal/lib/asn1/kx509.asn1 b/crypto/heimdal/lib/asn1/kx509.asn1
deleted file mode 100644
index fc6a696..0000000
--- a/crypto/heimdal/lib/asn1/kx509.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
--- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $
-
-KX509 DEFINITIONS ::=
-BEGIN
-
-Kx509Request ::= SEQUENCE {
-	authenticator OCTET STRING,
-	pk-hash OCTET STRING,
-	pk-key OCTET STRING
-}
-
-Kx509Response ::= SEQUENCE {
-	error-code[0]	INTEGER (-2147483648..2147483647)
-	      OPTIONAL -- DEFAULT 0 --,
-	hash[1]		OCTET STRING OPTIONAL,
-	certificate[2]	OCTET STRING OPTIONAL,
-	e-text[3]	VisibleString OPTIONAL
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/lex.c b/crypto/heimdal/lib/asn1/lex.c
deleted file mode 100644
index 812bce1..0000000
--- a/crypto/heimdal/lib/asn1/lex.c
+++ /dev/null
@@ -1,2693 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 95
-#define YY_END_OF_BUFFER 96
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[568] =
-    {   0,
-        0,    0,   96,   94,   90,   91,   87,   81,   81,   94,
-       94,   88,   88,   94,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   82,   83,   85,   88,   88,   93,   86,
-        0,    0,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   10,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   51,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   92,   88,   84,
-
-       89,    3,   89,   89,   89,    7,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   22,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   44,   45,   89,   89,   89,   89,   89,   89,
-       89,   55,   89,   89,   89,   89,   89,   89,   89,   63,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   30,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-
-       47,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   60,   89,   89,   64,   89,   89,   89,   68,   69,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       80,   89,   89,   89,   89,    6,   89,   89,   89,   89,
-       13,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   29,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   50,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   72,   89,   89,   89,   89,   89,
-       89,   89,    1,   89,   89,   89,   89,   89,   89,   12,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   24,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   49,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   65,   66,   89,
-       89,   89,   73,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,    9,   89,   89,   89,   89,   18,   89,
-       89,   21,   89,   89,   26,   89,   89,   89,   89,   89,
-       89,   89,   37,   38,   89,   89,   41,   89,   89,   89,
-       89,   89,   89,   54,   89,   57,   58,   89,   89,   89,
-       89,   89,   89,   89,   75,   89,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   20,   89,
-       25,   89,   28,   89,   89,   89,   89,   89,   36,   39,
-       40,   89,   89,   89,   89,   52,   89,   89,   89,   89,
-       62,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,    5,    8,   11,   14,   89,   89,   89,   89,   89,
-       89,   89,   89,   34,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   67,   89,   89,   74,   89,   89,   89,
-       89,   89,   89,   15,   89,   17,   89,   23,   89,   89,
-       89,   89,   35,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   76,   89,   89,   89,   89,    4,   16,
-
-       19,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   42,   43,   89,   89,   89,   89,   89,
-       61,   89,   89,   89,   89,   89,   89,   27,   31,   89,
-       33,   89,   48,   89,   56,   89,   89,   71,   89,   89,
-       79,   89,   89,   46,   89,   89,   89,   89,   78,    2,
-       32,   89,   59,   70,   77,   53,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    1,    1,    1,    1,    1,    5,
-        5,    6,    1,    5,    7,    8,    9,   10,   11,   12,
-       12,   13,   14,   15,   12,   16,   12,   17,    5,    1,
-       18,    1,    1,    1,   19,   20,   21,   22,   23,   24,
-       25,   26,   27,   28,   29,   30,   31,   32,   33,   34,
-       35,   36,   37,   38,   39,   40,   41,   42,   43,   44,
-       45,    1,   46,    1,   47,    1,   48,   49,   50,   51,
-
-       52,   53,   54,   55,   56,   57,   29,   58,   59,   60,
-       61,   62,   29,   63,   64,   65,   66,   67,   29,   68,
-       29,   69,    5,    5,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[70] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    2,    1,    1,    3,
-        3,    3,    3,    3,    3,    3,    1,    1,    3,    3,
-        3,    3,    3,    3,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    1,    1,    2,    3,    3,    3,
-        3,    3,    3,    2,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    2,    2,    2,    2,    2
-    } ;
-
-static yyconst flex_int16_t yy_base[570] =
-    {   0,
-        0,    0,  636,  637,  637,  637,  637,  637,   63,  627,
-      628,   70,   77,  616,   74,   72,   76,  609,   65,   81,
-       49,    0,   92,   91,   32,  101,   97,  608,  103,  113,
-       99,  574,  602,  637,  637,  637,  156,  163,  620,  637,
-        0,  609,    0,  589,  595,  590,  585,  597,  583,  586,
-      586,    0,  101,  599,  108,  593,  596,  122,  124,  585,
-      581,  553,  564,  597,  587,  575,  115,  575,  565,  574,
-      575,  545,  575,  564,    0,  563,  543,  561,  558,  558,
-      124,  540,  161,  119,  551,  558,  561,  581,  566,  551,
-      555,  530,  560,  160,  530,   91,  547,  637,    0,  637,
-
-      125,    0,  554,  550,  555,    0,  544,  550,  543,  551,
-      540,  542,  145,  166,  552,  541,    0,  542,  549,  156,
-      548,  533,  538,  516,  505,  529,  533,  157,  534,  525,
-      539,  546,    0,  521,  529,  506,  534,  533,  528,  502,
-      515,    0,  515,  514,  510,  489,  518,  528,  507,    0,
-      522,  517,  505,  505,  504,  517,  516,  486,  159,  499,
-      520,  468,  482,  477,  506,  499,  494,  502,  497,  495,
-      461,  502,  505,  502,  485,  488,  482,  500,  479,  485,
-      494,  493,  491,  479,  485,  475,  164,  487,    0,  446,
-      453,  442,  468,  478,  468,  464,  483,  170,  488,  463,
-
-        0,  436,  477,  459,  463,  445,  471,  486,  469,  472,
-      425,    0,  451,  465,    0,  455,  467,  420,    0,    0,
-      477,  418,  450,  442,  457,  423,  441,  425,  415,  426,
-        0,  436,  454,  451,  452,    0,  407,  450,  447,  444,
-        0,  434,  429,  437,  433,  435,  439,  437,  423,  420,
-      436,  418,  418,  422,    0,  405,  396,  388,  423,  180,
-      411,  426,  415,  423,  408,  429,  436,  386,  403,    0,
-      408,  374,  402,  410,  404,  397,  386,  406,  400,  406,
-      388,  366,  401,  375,    0,  403,  389,  365,  358,  359,
-      356,  362,    0,  398,  399,  379,  360,  383,  376,    0,
-
-      390,  393,  379,  372,  371,  385,  385,  387,    0,  378,
-      367,  376,  383,  343,  350,  343,  374,  370,  374,  358,
-      371,  372,  356,  368,  353,  362,  338,    0,  368,  364,
-      353,  352,  345,  359,  332,  340,  358,    0,    0,  322,
-      355,  308,    0,  338,  322,  310,  308,  319,  318,  331,
-      330,  340,  306,    0,  342,  332,  336,  335,    0,  334,
-      338,    0,  321,  320,    0,  337,  326,  151,  318,  294,
-      326,  314,    0,    0,  314,  327,    0,  328,  283,  315,
-      309,  315,  292,    0,  319,    0,    0,  284,  318,  317,
-      279,  315,  300,  317,    0,  279,  286,  265,  295,  324,
-
-      303,  308,  274,  291,  288,  293,  292,  290,    0,  299,
-        0,  294,    0,  255,  250,  253,  263,  293,    0,    0,
-        0,  277,  251,  289,  247,    0,  247,  283,  257,  261,
-        0,  253,  274,  240,  274,  243,  244,  264,  235,  262,
-      265,    0,    0,    0,  260,  273,  270,  262,  271,  262,
-      228,  238,  226,    0,  252,  260,  230,  258,  221,  233,
-      250,  244,  247,    0,  241,  215,    0,  223,  239,  210,
-      211,  230,  240,    0,  249,    0,  233,    0,  242,  212,
-      216,  210,    0,  232,  204,  231,  206,  198,  233,  194,
-      231,  230,  200,    0,  190,  191,  197,  220,    0,    0,
-
-        0,  213,  190,  211,  188,  215,  192,  218,  184,  187,
-      204,  178,  218,  215,  178,  174,  180,  175,  196,  190,
-      178,  175,  176,    0,    0,  191,  174,  165,  180,  166,
-        0,  194,  166,  163,  158,  163,  197,    0,    0,  156,
-        0,  171,    0,  148,    0,  152,  188,    0,  150,  155,
-        0,  166,  153,    0,  143,  148,  162,  143,    0,    0,
-        0,  101,    0,    0,    0,    0,  637,  223,   69
-    } ;
-
-static yyconst flex_int16_t yy_def[570] =
-    {   0,
-      567,    1,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  567,  567,  567,  567,  567,  567,  567,
-      569,  567,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  567,  569,  567,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,    0,  567,  567
-    } ;
-
-static yyconst flex_int16_t yy_nxt[707] =
-    {   0,
-        4,    5,    6,    7,    8,    4,    9,   10,   11,   12,
-       13,   13,   13,   13,   13,   13,   14,    4,   15,   16,
-       17,   18,   19,   20,   21,   22,   23,   22,   22,   22,
-       24,   25,   26,   27,   22,   28,   29,   30,   31,   32,
-       33,   22,   22,   22,   34,   35,    4,   22,   22,   22,
-       22,   22,   22,   22,   22,   22,   22,   22,   22,   22,
-       22,   22,   22,   22,   22,   22,   22,   22,   22,   36,
-       71,   99,   37,   38,   38,   38,   38,   38,   38,   38,
-       38,   38,   38,   38,   38,   38,   38,   38,   38,   38,
-       38,   38,   38,   44,   48,   57,   58,   72,   49,   60,
-
-       62,   53,   50,   45,   51,   54,   59,   46,   55,   69,
-       64,   63,   47,   65,   52,   78,   61,   70,   79,  109,
-       73,   74,   66,   67,   75,   84,   80,   88,   68,   85,
-       93,   89,   81,  110,   76,  129,   94,   41,  112,  113,
-       86,  163,  116,  117,  119,   87,  144,  166,   90,   77,
-      145,  130,  131,  149,  164,   91,  150,  120,   95,   82,
-      118,  121,  167,  566,   92,   38,   38,   38,   38,   38,
-       38,   38,   38,   38,   38,   38,   38,   38,   38,  147,
-      160,  177,  178,  161,  179,  185,  194,  414,  186,  195,
-      148,  223,  180,  224,  264,  253,  565,  564,  225,  254,
-
-      318,  563,  319,  562,  561,  265,  415,  560,  559,  558,
-      557,  556,  555,  554,  553,  552,  551,  550,  549,  548,
-      547,  546,  545,   41,   43,   43,  544,  543,  542,  541,
-      540,  539,  538,  537,  536,  535,  534,  533,  532,  531,
-      530,  529,  528,  527,  526,  525,  524,  523,  522,  521,
-      520,  519,  518,  517,  516,  515,  514,  513,  512,  511,
-      510,  509,  508,  507,  506,  505,  504,  503,  502,  501,
-      500,  499,  498,  497,  496,  495,  494,  493,  492,  491,
-      490,  489,  488,  487,  486,  485,  484,  483,  482,  481,
-      480,  479,  478,  477,  476,  475,  474,  473,  472,  471,
-
-      470,  469,  468,  467,  466,  465,  464,  463,  462,  461,
-      460,  459,  458,  457,  456,  455,  454,  453,  452,  451,
-      450,  449,  448,  447,  446,  445,  444,  443,  442,  441,
-      440,  439,  438,  437,  436,  435,  434,  433,  432,  431,
-      430,  429,  428,  427,  426,  425,  424,  423,  422,  421,
-      420,  419,  418,  417,  416,  413,  412,  411,  410,  409,
-      408,  407,  406,  405,  404,  403,  402,  401,  400,  399,
-      398,  397,  396,  395,  394,  393,  392,  391,  390,  389,
-      388,  387,  386,  385,  384,  383,  382,  381,  380,  379,
-      378,  377,  376,  375,  374,  373,  372,  371,  370,  369,
-
-      368,  367,  366,  365,  364,  363,  362,  361,  360,  359,
-      358,  357,  356,  355,  354,  353,  352,  351,  350,  349,
-      348,  347,  346,  345,  344,  343,  342,  341,  340,  339,
-      338,  337,  336,  335,  334,  333,  332,  331,  330,  329,
-      328,  327,  326,  325,  324,  323,  322,  321,  320,  317,
-      316,  315,  314,  313,  312,  311,  310,  309,  308,  307,
-      306,  305,  304,  303,  302,  301,  300,  299,  298,  297,
-      296,  295,  294,  293,  292,  291,  290,  289,  288,  287,
-      286,  285,  284,  283,  282,  281,  280,  279,  278,  277,
-      276,  275,  274,  273,  272,  271,  270,  269,  268,  267,
-
-      266,  263,  262,  261,  260,  259,  258,  257,  256,  255,
-      252,  251,  250,  249,  248,  247,  246,  245,  244,  243,
-      242,  241,  240,  239,  238,  237,  236,  235,  234,  233,
-      232,  231,  230,  229,  228,  227,  226,  222,  221,  220,
-      219,  218,  217,  216,  215,  214,  213,  212,  211,  210,
-      209,  208,  207,  206,  205,  204,  203,  202,  201,  200,
-      199,  198,  197,  196,  193,  192,  191,  190,  189,  188,
-      187,  184,  183,  182,  181,  176,  175,  174,  173,  172,
-      171,  170,  169,  168,  165,  162,  159,  158,  157,  156,
-      155,  154,  153,  152,  151,  146,  143,  142,  141,  140,
-
-      139,  138,  137,  136,  135,  134,  133,  132,  128,  127,
-      126,  125,  124,  123,  122,  115,  114,  111,  108,  107,
-      106,  105,  104,  103,  102,  101,  100,   98,   97,   96,
-       83,   56,   42,   40,   39,  567,    3,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-
-      567,  567,  567,  567,  567,  567
-    } ;
-
-static yyconst flex_int16_t yy_chk[707] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    9,
-       25,  569,    9,    9,    9,    9,    9,    9,    9,   12,
-       12,   12,   12,   12,   12,   12,   13,   13,   13,   13,
-       13,   13,   13,   15,   16,   19,   19,   25,   16,   20,
-
-       21,   17,   16,   15,   16,   17,   19,   15,   17,   24,
-       23,   21,   15,   23,   16,   27,   20,   24,   27,   53,
-       26,   26,   23,   23,   26,   29,   27,   30,   23,   29,
-       31,   30,   27,   53,   26,   67,   31,   12,   55,   55,
-       29,   96,   58,   58,   59,   29,   81,  101,   30,   26,
-       81,   67,   67,   84,   96,   30,   84,   59,   31,   27,
-       58,   59,  101,  562,   30,   37,   37,   37,   37,   37,
-       37,   37,   38,   38,   38,   38,   38,   38,   38,   83,
-       94,  113,  113,   94,  114,  120,  128,  368,  120,  128,
-       83,  159,  114,  159,  198,  187,  558,  557,  159,  187,
-
-      260,  556,  260,  555,  553,  198,  368,  552,  550,  549,
-      547,  546,  544,  542,  540,  537,  536,  535,  534,  533,
-      532,  530,  529,   37,  568,  568,  528,  527,  526,  523,
-      522,  521,  520,  519,  518,  517,  516,  515,  514,  513,
-      512,  511,  510,  509,  508,  507,  506,  505,  504,  503,
-      502,  498,  497,  496,  495,  493,  492,  491,  490,  489,
-      488,  487,  486,  485,  484,  482,  481,  480,  479,  477,
-      475,  473,  472,  471,  470,  469,  468,  466,  465,  463,
-      462,  461,  460,  459,  458,  457,  456,  455,  453,  452,
-      451,  450,  449,  448,  447,  446,  445,  441,  440,  439,
-
-      438,  437,  436,  435,  434,  433,  432,  430,  429,  428,
-      427,  425,  424,  423,  422,  418,  417,  416,  415,  414,
-      412,  410,  408,  407,  406,  405,  404,  403,  402,  401,
-      400,  399,  398,  397,  396,  394,  393,  392,  391,  390,
-      389,  388,  385,  383,  382,  381,  380,  379,  378,  376,
-      375,  372,  371,  370,  369,  367,  366,  364,  363,  361,
-      360,  358,  357,  356,  355,  353,  352,  351,  350,  349,
-      348,  347,  346,  345,  344,  342,  341,  340,  337,  336,
-      335,  334,  333,  332,  331,  330,  329,  327,  326,  325,
-      324,  323,  322,  321,  320,  319,  318,  317,  316,  315,
-
-      314,  313,  312,  311,  310,  308,  307,  306,  305,  304,
-      303,  302,  301,  299,  298,  297,  296,  295,  294,  292,
-      291,  290,  289,  288,  287,  286,  284,  283,  282,  281,
-      280,  279,  278,  277,  276,  275,  274,  273,  272,  271,
-      269,  268,  267,  266,  265,  264,  263,  262,  261,  259,
-      258,  257,  256,  254,  253,  252,  251,  250,  249,  248,
-      247,  246,  245,  244,  243,  242,  240,  239,  238,  237,
-      235,  234,  233,  232,  230,  229,  228,  227,  226,  225,
-      224,  223,  222,  221,  218,  217,  216,  214,  213,  211,
-      210,  209,  208,  207,  206,  205,  204,  203,  202,  200,
-
-      199,  197,  196,  195,  194,  193,  192,  191,  190,  188,
-      186,  185,  184,  183,  182,  181,  180,  179,  178,  177,
-      176,  175,  174,  173,  172,  171,  170,  169,  168,  167,
-      166,  165,  164,  163,  162,  161,  160,  158,  157,  156,
-      155,  154,  153,  152,  151,  149,  148,  147,  146,  145,
-      144,  143,  141,  140,  139,  138,  137,  136,  135,  134,
-      132,  131,  130,  129,  127,  126,  125,  124,  123,  122,
-      121,  119,  118,  116,  115,  112,  111,  110,  109,  108,
-      107,  105,  104,  103,   97,   95,   93,   92,   91,   90,
-       89,   88,   87,   86,   85,   82,   80,   79,   78,   77,
-
-       76,   74,   73,   72,   71,   70,   69,   68,   66,   65,
-       64,   63,   62,   61,   60,   57,   56,   54,   51,   50,
-       49,   48,   47,   46,   45,   44,   42,   39,   33,   32,
-       28,   18,   14,   11,   10,    3,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-
-      567,  567,  567,  567,  567,  567
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#undef ECHO
-#include "symbol.h"
-#include "parse.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-static unsigned lineno = 1;
-
-#undef ECHO
-
-static void unterminated(const char *, unsigned);
-
-/* This is for broken old lexes (solaris 10 and hpux) */
-#line 855 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 68 "lex.l"
-
-#line 1010 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 568 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 637 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 69 "lex.l"
-{ return kw_ABSENT; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 70 "lex.l"
-{ return kw_ABSTRACT_SYNTAX; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 71 "lex.l"
-{ return kw_ALL; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 72 "lex.l"
-{ return kw_APPLICATION; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 73 "lex.l"
-{ return kw_AUTOMATIC; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 74 "lex.l"
-{ return kw_BEGIN; }
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 75 "lex.l"
-{ return kw_BIT; }
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 76 "lex.l"
-{ return kw_BMPString; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 77 "lex.l"
-{ return kw_BOOLEAN; }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 78 "lex.l"
-{ return kw_BY; }
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 79 "lex.l"
-{ return kw_CHARACTER; }
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 80 "lex.l"
-{ return kw_CHOICE; }
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 81 "lex.l"
-{ return kw_CLASS; }
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 82 "lex.l"
-{ return kw_COMPONENT; }
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-#line 83 "lex.l"
-{ return kw_COMPONENTS; }
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 84 "lex.l"
-{ return kw_CONSTRAINED; }
-	YY_BREAK
-case 17:
-YY_RULE_SETUP
-#line 85 "lex.l"
-{ return kw_CONTAINING; }
-	YY_BREAK
-case 18:
-YY_RULE_SETUP
-#line 86 "lex.l"
-{ return kw_DEFAULT; }
-	YY_BREAK
-case 19:
-YY_RULE_SETUP
-#line 87 "lex.l"
-{ return kw_DEFINITIONS; }
-	YY_BREAK
-case 20:
-YY_RULE_SETUP
-#line 88 "lex.l"
-{ return kw_EMBEDDED; }
-	YY_BREAK
-case 21:
-YY_RULE_SETUP
-#line 89 "lex.l"
-{ return kw_ENCODED; }
-	YY_BREAK
-case 22:
-YY_RULE_SETUP
-#line 90 "lex.l"
-{ return kw_END; }
-	YY_BREAK
-case 23:
-YY_RULE_SETUP
-#line 91 "lex.l"
-{ return kw_ENUMERATED; }
-	YY_BREAK
-case 24:
-YY_RULE_SETUP
-#line 92 "lex.l"
-{ return kw_EXCEPT; }
-	YY_BREAK
-case 25:
-YY_RULE_SETUP
-#line 93 "lex.l"
-{ return kw_EXPLICIT; }
-	YY_BREAK
-case 26:
-YY_RULE_SETUP
-#line 94 "lex.l"
-{ return kw_EXPORTS; }
-	YY_BREAK
-case 27:
-YY_RULE_SETUP
-#line 95 "lex.l"
-{ return kw_EXTENSIBILITY; }
-	YY_BREAK
-case 28:
-YY_RULE_SETUP
-#line 96 "lex.l"
-{ return kw_EXTERNAL; }
-	YY_BREAK
-case 29:
-YY_RULE_SETUP
-#line 97 "lex.l"
-{ return kw_FALSE; }
-	YY_BREAK
-case 30:
-YY_RULE_SETUP
-#line 98 "lex.l"
-{ return kw_FROM; }
-	YY_BREAK
-case 31:
-YY_RULE_SETUP
-#line 99 "lex.l"
-{ return kw_GeneralString; }
-	YY_BREAK
-case 32:
-YY_RULE_SETUP
-#line 100 "lex.l"
-{ return kw_GeneralizedTime; }
-	YY_BREAK
-case 33:
-YY_RULE_SETUP
-#line 101 "lex.l"
-{ return kw_GraphicString; }
-	YY_BREAK
-case 34:
-YY_RULE_SETUP
-#line 102 "lex.l"
-{ return kw_IA5String; }
-	YY_BREAK
-case 35:
-YY_RULE_SETUP
-#line 103 "lex.l"
-{ return kw_IDENTIFIER; }
-	YY_BREAK
-case 36:
-YY_RULE_SETUP
-#line 104 "lex.l"
-{ return kw_IMPLICIT; }
-	YY_BREAK
-case 37:
-YY_RULE_SETUP
-#line 105 "lex.l"
-{ return kw_IMPLIED; }
-	YY_BREAK
-case 38:
-YY_RULE_SETUP
-#line 106 "lex.l"
-{ return kw_IMPORTS; }
-	YY_BREAK
-case 39:
-YY_RULE_SETUP
-#line 107 "lex.l"
-{ return kw_INCLUDES; }
-	YY_BREAK
-case 40:
-YY_RULE_SETUP
-#line 108 "lex.l"
-{ return kw_INSTANCE; }
-	YY_BREAK
-case 41:
-YY_RULE_SETUP
-#line 109 "lex.l"
-{ return kw_INTEGER; }
-	YY_BREAK
-case 42:
-YY_RULE_SETUP
-#line 110 "lex.l"
-{ return kw_INTERSECTION; }
-	YY_BREAK
-case 43:
-YY_RULE_SETUP
-#line 111 "lex.l"
-{ return kw_ISO646String; }
-	YY_BREAK
-case 44:
-YY_RULE_SETUP
-#line 112 "lex.l"
-{ return kw_MAX; }
-	YY_BREAK
-case 45:
-YY_RULE_SETUP
-#line 113 "lex.l"
-{ return kw_MIN; }
-	YY_BREAK
-case 46:
-YY_RULE_SETUP
-#line 114 "lex.l"
-{ return kw_MINUS_INFINITY; }
-	YY_BREAK
-case 47:
-YY_RULE_SETUP
-#line 115 "lex.l"
-{ return kw_NULL; }
-	YY_BREAK
-case 48:
-YY_RULE_SETUP
-#line 116 "lex.l"
-{ return kw_NumericString; }
-	YY_BREAK
-case 49:
-YY_RULE_SETUP
-#line 117 "lex.l"
-{ return kw_OBJECT; }
-	YY_BREAK
-case 50:
-YY_RULE_SETUP
-#line 118 "lex.l"
-{ return kw_OCTET; }
-	YY_BREAK
-case 51:
-YY_RULE_SETUP
-#line 119 "lex.l"
-{ return kw_OF; }
-	YY_BREAK
-case 52:
-YY_RULE_SETUP
-#line 120 "lex.l"
-{ return kw_OPTIONAL; }
-	YY_BREAK
-case 53:
-YY_RULE_SETUP
-#line 121 "lex.l"
-{ return kw_ObjectDescriptor; }
-	YY_BREAK
-case 54:
-YY_RULE_SETUP
-#line 122 "lex.l"
-{ return kw_PATTERN; }
-	YY_BREAK
-case 55:
-YY_RULE_SETUP
-#line 123 "lex.l"
-{ return kw_PDV; }
-	YY_BREAK
-case 56:
-YY_RULE_SETUP
-#line 124 "lex.l"
-{ return kw_PLUS_INFINITY; }
-	YY_BREAK
-case 57:
-YY_RULE_SETUP
-#line 125 "lex.l"
-{ return kw_PRESENT; }
-	YY_BREAK
-case 58:
-YY_RULE_SETUP
-#line 126 "lex.l"
-{ return kw_PRIVATE; }
-	YY_BREAK
-case 59:
-YY_RULE_SETUP
-#line 127 "lex.l"
-{ return kw_PrintableString; }
-	YY_BREAK
-case 60:
-YY_RULE_SETUP
-#line 128 "lex.l"
-{ return kw_REAL; }
-	YY_BREAK
-case 61:
-YY_RULE_SETUP
-#line 129 "lex.l"
-{ return kw_RELATIVE_OID; }
-	YY_BREAK
-case 62:
-YY_RULE_SETUP
-#line 130 "lex.l"
-{ return kw_SEQUENCE; }
-	YY_BREAK
-case 63:
-YY_RULE_SETUP
-#line 131 "lex.l"
-{ return kw_SET; }
-	YY_BREAK
-case 64:
-YY_RULE_SETUP
-#line 132 "lex.l"
-{ return kw_SIZE; }
-	YY_BREAK
-case 65:
-YY_RULE_SETUP
-#line 133 "lex.l"
-{ return kw_STRING; }
-	YY_BREAK
-case 66:
-YY_RULE_SETUP
-#line 134 "lex.l"
-{ return kw_SYNTAX; }
-	YY_BREAK
-case 67:
-YY_RULE_SETUP
-#line 135 "lex.l"
-{ return kw_T61String; }
-	YY_BREAK
-case 68:
-YY_RULE_SETUP
-#line 136 "lex.l"
-{ return kw_TAGS; }
-	YY_BREAK
-case 69:
-YY_RULE_SETUP
-#line 137 "lex.l"
-{ return kw_TRUE; }
-	YY_BREAK
-case 70:
-YY_RULE_SETUP
-#line 138 "lex.l"
-{ return kw_TYPE_IDENTIFIER; }
-	YY_BREAK
-case 71:
-YY_RULE_SETUP
-#line 139 "lex.l"
-{ return kw_TeletexString; }
-	YY_BREAK
-case 72:
-YY_RULE_SETUP
-#line 140 "lex.l"
-{ return kw_UNION; }
-	YY_BREAK
-case 73:
-YY_RULE_SETUP
-#line 141 "lex.l"
-{ return kw_UNIQUE; }
-	YY_BREAK
-case 74:
-YY_RULE_SETUP
-#line 142 "lex.l"
-{ return kw_UNIVERSAL; }
-	YY_BREAK
-case 75:
-YY_RULE_SETUP
-#line 143 "lex.l"
-{ return kw_UTCTime; }
-	YY_BREAK
-case 76:
-YY_RULE_SETUP
-#line 144 "lex.l"
-{ return kw_UTF8String; }
-	YY_BREAK
-case 77:
-YY_RULE_SETUP
-#line 145 "lex.l"
-{ return kw_UniversalString; }
-	YY_BREAK
-case 78:
-YY_RULE_SETUP
-#line 146 "lex.l"
-{ return kw_VideotexString; }
-	YY_BREAK
-case 79:
-YY_RULE_SETUP
-#line 147 "lex.l"
-{ return kw_VisibleString; }
-	YY_BREAK
-case 80:
-YY_RULE_SETUP
-#line 148 "lex.l"
-{ return kw_WITH; }
-	YY_BREAK
-case 81:
-YY_RULE_SETUP
-#line 149 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 82:
-YY_RULE_SETUP
-#line 150 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 83:
-YY_RULE_SETUP
-#line 151 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 84:
-YY_RULE_SETUP
-#line 152 "lex.l"
-{ return EEQUAL; }
-	YY_BREAK
-case 85:
-YY_RULE_SETUP
-#line 153 "lex.l"
-{ 
-			    int c, start_lineno = lineno;
-			    int f = 0;
-			    while((c = input()) != EOF) {
-				if(f && c == '-')
-				    break;
-				if(c == '-') {
-				    f = 1;
-				    continue;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    break;
-				}
-				f = 0;
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-	YY_BREAK
-case 86:
-YY_RULE_SETUP
-#line 172 "lex.l"
-{ 
-			    int c, start_lineno = lineno;
-			    int level = 1;
-			    int seen_star = 0;
-			    int seen_slash = 0;
-			    while((c = input()) != EOF) {
-				if(c == '/') {
-				    if(seen_star) {
-					if(--level == 0)
-					    break;
-					seen_star = 0;
-					continue;
-				    }
-				    seen_slash = 1;
-				    continue;
-				}
-				if(seen_star && c == '/') {
-				    if(--level == 0)
-					break;
-				    seen_star = 0;
-				    continue;
-				}
-				if(c == '*') {
-				    if(seen_slash) {
-					level++;
-					seen_star = seen_slash = 0;
-					continue;
-				    } 
-				    seen_star = 1;
-				    continue;
-				}
-				seen_star = seen_slash = 0;
-				if(c == '\n') {
-				    lineno++;
-				    continue;
-				}
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-	YY_BREAK
-case 87:
-YY_RULE_SETUP
-#line 212 "lex.l"
-{ 
-			    int start_lineno = lineno;
-			    int c;
-			    char buf[1024];
-			    char *p = buf;
-			    int f = 0;
-			    int skip_ws = 0;
-			    
-			    while((c = input()) != EOF) {
-				if(isspace(c) && skip_ws) {
-				    if(c == '\n')
-					lineno++;
-				    continue;
-				}
-				skip_ws = 0;
-				
-				if(c == '"') {
-				    if(f) {
-					*p++ = '"';
-					f = 0;
-				    } else
-					f = 1;
-				    continue;
-				}
-				if(f == 1) {
-				    unput(c);
-				    break;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    while(p > buf && isspace((unsigned char)p[-1]))
-					p--;
-				    skip_ws = 1;
-				    continue;
-				}
-				*p++ = c;
-			    }
-			    if(c == EOF)
-				unterminated("string", start_lineno);
-			    *p++ = '\0';
-			    fprintf(stderr, "string -- %s\n", buf);
-			    yylval.name = estrdup(buf);
-			    return STRING; 
-			}
-	YY_BREAK
-case 88:
-YY_RULE_SETUP
-#line 257 "lex.l"
-{ char *e, *y = yytext;
-			  yylval.constant = strtol((const char *)yytext,
-						   &e, 0);
-			  if(e == y) 
-			    error_message("malformed constant (%s)", yytext); 
-			  else
-			    return NUMBER;
-			}
-	YY_BREAK
-case 89:
-YY_RULE_SETUP
-#line 265 "lex.l"
-{
-			  yylval.name =  estrdup ((const char *)yytext);
-			  return IDENTIFIER;
-			}
-	YY_BREAK
-case 90:
-YY_RULE_SETUP
-#line 269 "lex.l"
-;
-	YY_BREAK
-case 91:
-/* rule 91 can match eol */
-YY_RULE_SETUP
-#line 270 "lex.l"
-{ ++lineno; }
-	YY_BREAK
-case 92:
-YY_RULE_SETUP
-#line 271 "lex.l"
-{ return ELLIPSIS; }
-	YY_BREAK
-case 93:
-YY_RULE_SETUP
-#line 272 "lex.l"
-{ return RANGE; }
-	YY_BREAK
-case 94:
-YY_RULE_SETUP
-#line 273 "lex.l"
-{ error_message("Ignoring char(%c)\n", *yytext); }
-	YY_BREAK
-case 95:
-YY_RULE_SETUP
-#line 274 "lex.l"
-ECHO;
-	YY_BREAK
-#line 1679 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 568 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 568 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 567);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 274 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-void
-error_message (const char *format, ...)
-{
-    va_list args;
-
-    va_start (args, format);
-    fprintf (stderr, "%s:%d: ", get_filename(), lineno);
-    vfprintf (stderr, format, args);
-    va_end (args);
-    error_flag++;
-}
-
-static void
-unterminated(const char *type, unsigned start_lineno)
-{
-    error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
-}
-
diff --git a/crypto/heimdal/lib/asn1/lex.h b/crypto/heimdal/lib/asn1/lex.h
deleted file mode 100644
index 7aececf..0000000
--- a/crypto/heimdal/lib/asn1/lex.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */
-
-#include <roken.h>
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-extern int error_flag;
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/asn1/lex.l b/crypto/heimdal/lib/asn1/lex.l
deleted file mode 100644
index ec74422..0000000
--- a/crypto/heimdal/lib/asn1/lex.l
+++ /dev/null
@@ -1,300 +0,0 @@
-%{
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#undef ECHO
-#include "symbol.h"
-#include "parse.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-static unsigned lineno = 1;
-
-#undef ECHO
-
-static void unterminated(const char *, unsigned);
-
-%}
-
-/* This is for broken old lexes (solaris 10 and hpux) */
-%e 2000
-%p 5000
-%a 5000
-%n 1000
-%o 10000
-
-%%
-ABSENT			{ return kw_ABSENT; }
-ABSTRACT-SYNTAX		{ return kw_ABSTRACT_SYNTAX; }
-ALL			{ return kw_ALL; }
-APPLICATION		{ return kw_APPLICATION; }
-AUTOMATIC		{ return kw_AUTOMATIC; }
-BEGIN			{ return kw_BEGIN; }
-BIT			{ return kw_BIT; }
-BMPString		{ return kw_BMPString; }
-BOOLEAN			{ return kw_BOOLEAN; }
-BY			{ return kw_BY; }
-CHARACTER		{ return kw_CHARACTER; }
-CHOICE			{ return kw_CHOICE; }
-CLASS			{ return kw_CLASS; }
-COMPONENT		{ return kw_COMPONENT; }
-COMPONENTS		{ return kw_COMPONENTS; }
-CONSTRAINED		{ return kw_CONSTRAINED; }
-CONTAINING		{ return kw_CONTAINING; }
-DEFAULT			{ return kw_DEFAULT; }
-DEFINITIONS		{ return kw_DEFINITIONS; }
-EMBEDDED		{ return kw_EMBEDDED; }
-ENCODED			{ return kw_ENCODED; }
-END			{ return kw_END; }
-ENUMERATED		{ return kw_ENUMERATED; }
-EXCEPT			{ return kw_EXCEPT; }
-EXPLICIT		{ return kw_EXPLICIT; }
-EXPORTS			{ return kw_EXPORTS; }
-EXTENSIBILITY		{ return kw_EXTENSIBILITY; }
-EXTERNAL		{ return kw_EXTERNAL; }
-FALSE			{ return kw_FALSE; }
-FROM			{ return kw_FROM; }
-GeneralString		{ return kw_GeneralString; }
-GeneralizedTime		{ return kw_GeneralizedTime; }
-GraphicString		{ return kw_GraphicString; }
-IA5String		{ return kw_IA5String; }
-IDENTIFIER		{ return kw_IDENTIFIER; }
-IMPLICIT		{ return kw_IMPLICIT; }
-IMPLIED			{ return kw_IMPLIED; }
-IMPORTS			{ return kw_IMPORTS; }
-INCLUDES		{ return kw_INCLUDES; }
-INSTANCE		{ return kw_INSTANCE; }
-INTEGER			{ return kw_INTEGER; }
-INTERSECTION		{ return kw_INTERSECTION; }
-ISO646String		{ return kw_ISO646String; }
-MAX			{ return kw_MAX; }
-MIN			{ return kw_MIN; }
-MINUS-INFINITY		{ return kw_MINUS_INFINITY; }
-NULL			{ return kw_NULL; }
-NumericString		{ return kw_NumericString; }
-OBJECT			{ return kw_OBJECT; }
-OCTET			{ return kw_OCTET; }
-OF			{ return kw_OF; }
-OPTIONAL		{ return kw_OPTIONAL; }
-ObjectDescriptor	{ return kw_ObjectDescriptor; }
-PATTERN			{ return kw_PATTERN; }
-PDV			{ return kw_PDV; }
-PLUS-INFINITY		{ return kw_PLUS_INFINITY; }
-PRESENT			{ return kw_PRESENT; }
-PRIVATE			{ return kw_PRIVATE; }
-PrintableString		{ return kw_PrintableString; }
-REAL			{ return kw_REAL; }
-RELATIVE_OID		{ return kw_RELATIVE_OID; }
-SEQUENCE		{ return kw_SEQUENCE; }
-SET			{ return kw_SET; }
-SIZE			{ return kw_SIZE; }
-STRING			{ return kw_STRING; }
-SYNTAX			{ return kw_SYNTAX; }
-T61String		{ return kw_T61String; }
-TAGS			{ return kw_TAGS; }
-TRUE			{ return kw_TRUE; }
-TYPE-IDENTIFIER		{ return kw_TYPE_IDENTIFIER; }
-TeletexString		{ return kw_TeletexString; }
-UNION			{ return kw_UNION; }
-UNIQUE			{ return kw_UNIQUE; }
-UNIVERSAL		{ return kw_UNIVERSAL; }
-UTCTime			{ return kw_UTCTime; }
-UTF8String		{ return kw_UTF8String; }
-UniversalString		{ return kw_UniversalString; }
-VideotexString		{ return kw_VideotexString; }
-VisibleString		{ return kw_VisibleString; }
-WITH			{ return kw_WITH; }
-[-,;{}()|]		{ return *yytext; }
-"["			{ return *yytext; }
-"]"			{ return *yytext; }
-::=			{ return EEQUAL; }
---			{ 
-			    int c, start_lineno = lineno;
-			    int f = 0;
-			    while((c = input()) != EOF) {
-				if(f && c == '-')
-				    break;
-				if(c == '-') {
-				    f = 1;
-				    continue;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    break;
-				}
-				f = 0;
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-\/\*			{ 
-			    int c, start_lineno = lineno;
-			    int level = 1;
-			    int seen_star = 0;
-			    int seen_slash = 0;
-			    while((c = input()) != EOF) {
-				if(c == '/') {
-				    if(seen_star) {
-					if(--level == 0)
-					    break;
-					seen_star = 0;
-					continue;
-				    }
-				    seen_slash = 1;
-				    continue;
-				}
-				if(seen_star && c == '/') {
-				    if(--level == 0)
-					break;
-				    seen_star = 0;
-				    continue;
-				}
-				if(c == '*') {
-				    if(seen_slash) {
-					level++;
-					seen_star = seen_slash = 0;
-					continue;
-				    } 
-				    seen_star = 1;
-				    continue;
-				}
-				seen_star = seen_slash = 0;
-				if(c == '\n') {
-				    lineno++;
-				    continue;
-				}
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-"\""			{ 
-			    int start_lineno = lineno;
-			    int c;
-			    char buf[1024];
-			    char *p = buf;
-			    int f = 0;
-			    int skip_ws = 0;
-			    
-			    while((c = input()) != EOF) {
-				if(isspace(c) && skip_ws) {
-				    if(c == '\n')
-					lineno++;
-				    continue;
-				}
-				skip_ws = 0;
-				
-				if(c == '"') {
-				    if(f) {
-					*p++ = '"';
-					f = 0;
-				    } else
-					f = 1;
-				    continue;
-				}
-				if(f == 1) {
-				    unput(c);
-				    break;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    while(p > buf && isspace((unsigned char)p[-1]))
-					p--;
-				    skip_ws = 1;
-				    continue;
-				}
-				*p++ = c;
-			    }
-			    if(c == EOF)
-				unterminated("string", start_lineno);
-			    *p++ = '\0';
-			    fprintf(stderr, "string -- %s\n", buf);
-			    yylval.name = estrdup(buf);
-			    return STRING; 
-			}
-
--?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext;
-			  yylval.constant = strtol((const char *)yytext,
-						   &e, 0);
-			  if(e == y) 
-			    error_message("malformed constant (%s)", yytext); 
-			  else
-			    return NUMBER;
-			}
-[A-Za-z][-A-Za-z0-9_]*	{
-			  yylval.name =  estrdup ((const char *)yytext);
-			  return IDENTIFIER;
-			}
-[ \t]			;
-\n			{ ++lineno; }
-\.\.\.			{ return ELLIPSIS; }
-\.\.			{ return RANGE; }
-.			{ error_message("Ignoring char(%c)\n", *yytext); }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-void
-error_message (const char *format, ...)
-{
-    va_list args;
-
-    va_start (args, format);
-    fprintf (stderr, "%s:%d: ", get_filename(), lineno);
-    vfprintf (stderr, format, args);
-    va_end (args);
-    error_flag++;
-}
-
-static void
-unterminated(const char *type, unsigned start_lineno)
-{
-    error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
-}
diff --git a/crypto/heimdal/lib/asn1/main.c b/crypto/heimdal/lib/asn1/main.c
deleted file mode 100644
index 3b4a812..0000000
--- a/crypto/heimdal/lib/asn1/main.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-#include <getarg.h>
-#include "lex.h"
-
-RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $");
-
-extern FILE *yyin;
-
-static getarg_strings preserve;
-static getarg_strings seq;
-
-int
-preserve_type(const char *p)
-{
-    int i;
-    for (i = 0; i < preserve.num_strings; i++)
-	if (strcmp(preserve.strings[i], p) == 0)
-	    return 1;
-    return 0;
-}
-
-int
-seq_type(const char *p)
-{
-    int i;
-    for (i = 0; i < seq.num_strings; i++)
-	if (strcmp(seq.strings[i], p) == 0)
-	    return 1;
-    return 0;
-}
-
-int dce_fix;
-int rfc1510_bitstring;
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
-    { "decode-dce-ber", 0, arg_flag, &dce_fix },
-    { "preserve-binary", 0, arg_strings, &preserve },
-    { "sequence", 0, arg_strings, &seq },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "[asn1-file [name]]");
-    exit(code);
-}
-
-int error_flag;
-
-int
-main(int argc, char **argv)
-{
-    int ret;
-    const char *file;
-    const char *name = NULL;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if (argc == optidx) {
-	file = "stdin";
-	name = "stdin";
-	yyin = stdin;
-    } else {
-	file = argv[optidx];
-	yyin = fopen (file, "r");
-	if (yyin == NULL)
-	    err (1, "open %s", file);
-	if (argc == optidx + 1) {
-	    char *p;
-	    name = estrdup(file);
-	    p = strrchr(name, '.');
-	    if (p)
-		*p = '\0';
-	} else
-	    name = argv[optidx + 1];
-    }
-
-    init_generate (file, name);
-    initsym ();
-    ret = yyparse ();
-    if(ret != 0 || error_flag != 0)
-	exit(1);
-    close_generate ();
-    if (argc != optidx)
-	fclose(yyin);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/parse.c b/crypto/heimdal/lib/asn1/parse.c
deleted file mode 100644
index 9800d54..0000000
--- a/crypto/heimdal/lib/asn1/parse.c
+++ /dev/null
@@ -1,2831 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     kw_ABSENT = 258,
-     kw_ABSTRACT_SYNTAX = 259,
-     kw_ALL = 260,
-     kw_APPLICATION = 261,
-     kw_AUTOMATIC = 262,
-     kw_BEGIN = 263,
-     kw_BIT = 264,
-     kw_BMPString = 265,
-     kw_BOOLEAN = 266,
-     kw_BY = 267,
-     kw_CHARACTER = 268,
-     kw_CHOICE = 269,
-     kw_CLASS = 270,
-     kw_COMPONENT = 271,
-     kw_COMPONENTS = 272,
-     kw_CONSTRAINED = 273,
-     kw_CONTAINING = 274,
-     kw_DEFAULT = 275,
-     kw_DEFINITIONS = 276,
-     kw_EMBEDDED = 277,
-     kw_ENCODED = 278,
-     kw_END = 279,
-     kw_ENUMERATED = 280,
-     kw_EXCEPT = 281,
-     kw_EXPLICIT = 282,
-     kw_EXPORTS = 283,
-     kw_EXTENSIBILITY = 284,
-     kw_EXTERNAL = 285,
-     kw_FALSE = 286,
-     kw_FROM = 287,
-     kw_GeneralString = 288,
-     kw_GeneralizedTime = 289,
-     kw_GraphicString = 290,
-     kw_IA5String = 291,
-     kw_IDENTIFIER = 292,
-     kw_IMPLICIT = 293,
-     kw_IMPLIED = 294,
-     kw_IMPORTS = 295,
-     kw_INCLUDES = 296,
-     kw_INSTANCE = 297,
-     kw_INTEGER = 298,
-     kw_INTERSECTION = 299,
-     kw_ISO646String = 300,
-     kw_MAX = 301,
-     kw_MIN = 302,
-     kw_MINUS_INFINITY = 303,
-     kw_NULL = 304,
-     kw_NumericString = 305,
-     kw_OBJECT = 306,
-     kw_OCTET = 307,
-     kw_OF = 308,
-     kw_OPTIONAL = 309,
-     kw_ObjectDescriptor = 310,
-     kw_PATTERN = 311,
-     kw_PDV = 312,
-     kw_PLUS_INFINITY = 313,
-     kw_PRESENT = 314,
-     kw_PRIVATE = 315,
-     kw_PrintableString = 316,
-     kw_REAL = 317,
-     kw_RELATIVE_OID = 318,
-     kw_SEQUENCE = 319,
-     kw_SET = 320,
-     kw_SIZE = 321,
-     kw_STRING = 322,
-     kw_SYNTAX = 323,
-     kw_T61String = 324,
-     kw_TAGS = 325,
-     kw_TRUE = 326,
-     kw_TYPE_IDENTIFIER = 327,
-     kw_TeletexString = 328,
-     kw_UNION = 329,
-     kw_UNIQUE = 330,
-     kw_UNIVERSAL = 331,
-     kw_UTCTime = 332,
-     kw_UTF8String = 333,
-     kw_UniversalString = 334,
-     kw_VideotexString = 335,
-     kw_VisibleString = 336,
-     kw_WITH = 337,
-     RANGE = 338,
-     EEQUAL = 339,
-     ELLIPSIS = 340,
-     IDENTIFIER = 341,
-     referencename = 342,
-     STRING = 343,
-     NUMBER = 344
-   };
-#endif
-/* Tokens.  */
-#define kw_ABSENT 258
-#define kw_ABSTRACT_SYNTAX 259
-#define kw_ALL 260
-#define kw_APPLICATION 261
-#define kw_AUTOMATIC 262
-#define kw_BEGIN 263
-#define kw_BIT 264
-#define kw_BMPString 265
-#define kw_BOOLEAN 266
-#define kw_BY 267
-#define kw_CHARACTER 268
-#define kw_CHOICE 269
-#define kw_CLASS 270
-#define kw_COMPONENT 271
-#define kw_COMPONENTS 272
-#define kw_CONSTRAINED 273
-#define kw_CONTAINING 274
-#define kw_DEFAULT 275
-#define kw_DEFINITIONS 276
-#define kw_EMBEDDED 277
-#define kw_ENCODED 278
-#define kw_END 279
-#define kw_ENUMERATED 280
-#define kw_EXCEPT 281
-#define kw_EXPLICIT 282
-#define kw_EXPORTS 283
-#define kw_EXTENSIBILITY 284
-#define kw_EXTERNAL 285
-#define kw_FALSE 286
-#define kw_FROM 287
-#define kw_GeneralString 288
-#define kw_GeneralizedTime 289
-#define kw_GraphicString 290
-#define kw_IA5String 291
-#define kw_IDENTIFIER 292
-#define kw_IMPLICIT 293
-#define kw_IMPLIED 294
-#define kw_IMPORTS 295
-#define kw_INCLUDES 296
-#define kw_INSTANCE 297
-#define kw_INTEGER 298
-#define kw_INTERSECTION 299
-#define kw_ISO646String 300
-#define kw_MAX 301
-#define kw_MIN 302
-#define kw_MINUS_INFINITY 303
-#define kw_NULL 304
-#define kw_NumericString 305
-#define kw_OBJECT 306
-#define kw_OCTET 307
-#define kw_OF 308
-#define kw_OPTIONAL 309
-#define kw_ObjectDescriptor 310
-#define kw_PATTERN 311
-#define kw_PDV 312
-#define kw_PLUS_INFINITY 313
-#define kw_PRESENT 314
-#define kw_PRIVATE 315
-#define kw_PrintableString 316
-#define kw_REAL 317
-#define kw_RELATIVE_OID 318
-#define kw_SEQUENCE 319
-#define kw_SET 320
-#define kw_SIZE 321
-#define kw_STRING 322
-#define kw_SYNTAX 323
-#define kw_T61String 324
-#define kw_TAGS 325
-#define kw_TRUE 326
-#define kw_TYPE_IDENTIFIER 327
-#define kw_TeletexString 328
-#define kw_UNION 329
-#define kw_UNIQUE 330
-#define kw_UNIVERSAL 331
-#define kw_UTCTime 332
-#define kw_UTF8String 333
-#define kw_UniversalString 334
-#define kw_VideotexString 335
-#define kw_VisibleString 336
-#define kw_WITH 337
-#define RANGE 338
-#define EEQUAL 339
-#define ELLIPSIS 340
-#define IDENTIFIER 341
-#define referencename 342
-#define STRING 343
-#define NUMBER 344
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 36 "parse.y"
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-#include "der.h"
-
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
-
-static Type *new_type (Typetype t);
-static struct constraint_spec *new_constraint_spec(enum ctype);
-static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
-void yyerror (const char *);
-static struct objid *new_objid(const char *label, int value);
-static void add_oid_to_tail(struct objid *, struct objid *);
-static void fix_labels(Symbol *s);
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-};
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 1
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 65 "parse.y"
-{
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-/* Line 193 of yacc.c.  */
-#line 318 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 331 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  6
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   195
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  98
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  68
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  136
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  214
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   344
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-      92,    93,     2,     2,    91,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,    90,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,    96,     2,    97,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,    94,     2,    95,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
-      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
-      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
-      35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
-      45,    46,    47,    48,    49,    50,    51,    52,    53,    54,
-      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
-      65,    66,    67,    68,    69,    70,    71,    72,    73,    74,
-      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
-      85,    86,    87,    88,    89
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint16 yyprhs[] =
-{
-       0,     0,     3,    13,    16,    19,    22,    23,    26,    27,
-      30,    31,    35,    36,    38,    39,    41,    44,    49,    51,
-      54,    56,    58,    62,    64,    68,    70,    72,    74,    76,
-      78,    80,    82,    84,    86,    88,    90,    92,    94,    96,
-      98,   100,   102,   104,   110,   116,   122,   126,   128,   131,
-     136,   138,   142,   146,   151,   156,   158,   161,   167,   170,
-     174,   176,   177,   180,   185,   189,   194,   199,   203,   207,
-     212,   214,   216,   218,   220,   222,   225,   229,   231,   233,
-     235,   238,   242,   248,   253,   257,   262,   263,   265,   267,
-     269,   270,   272,   274,   279,   281,   283,   285,   287,   289,
-     291,   293,   295,   297,   301,   305,   308,   310,   313,   317,
-     319,   323,   328,   330,   331,   335,   336,   339,   344,   346,
-     348,   350,   352,   354,   356,   358,   360,   362,   364,   366,
-     368,   370,   372,   374,   376,   378,   380
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int16 yyrhs[] =
-{
-      99,     0,    -1,    86,   151,    21,   100,   101,    84,     8,
-     102,    24,    -1,    27,    70,    -1,    38,    70,    -1,     7,
-      70,    -1,    -1,    29,    39,    -1,    -1,   103,   107,    -1,
-      -1,    40,   104,    90,    -1,    -1,   105,    -1,    -1,   106,
-      -1,   105,   106,    -1,   109,    32,    86,   151,    -1,   108,
-      -1,   108,   107,    -1,   110,    -1,   143,    -1,    86,    91,
-     109,    -1,    86,    -1,    86,    84,   111,    -1,   112,    -1,
-     130,    -1,   133,    -1,   120,    -1,   113,    -1,   144,    -1,
-     129,    -1,   118,    -1,   115,    -1,   123,    -1,   121,    -1,
-     122,    -1,   125,    -1,   126,    -1,   127,    -1,   128,    -1,
-     139,    -1,    11,    -1,    92,   155,    83,   155,    93,    -1,
-      92,   155,    83,    46,    93,    -1,    92,    47,    83,   155,
-      93,    -1,    92,   155,    93,    -1,    43,    -1,    43,   114,
-      -1,    43,    94,   116,    95,    -1,   117,    -1,   116,    91,
-     117,    -1,   116,    91,    85,    -1,    86,    92,   163,    93,
-      -1,    25,    94,   119,    95,    -1,   116,    -1,     9,    67,
-      -1,     9,    67,    94,   149,    95,    -1,    51,    37,    -1,
-      52,    67,   124,    -1,    49,    -1,    -1,    66,   114,    -1,
-      64,    94,   146,    95,    -1,    64,    94,    95,    -1,    64,
-     124,    53,   111,    -1,    65,    94,   146,    95,    -1,    65,
-      94,    95,    -1,    65,    53,   111,    -1,    14,    94,   146,
-      95,    -1,   131,    -1,   132,    -1,    86,    -1,    34,    -1,
-      77,    -1,   111,   134,    -1,    92,   135,    93,    -1,   136,
-      -1,   137,    -1,   138,    -1,    19,   111,    -1,    23,    12,
-     155,    -1,    19,   111,    23,    12,   155,    -1,    18,    12,
-      94,    95,    -1,   140,   142,   111,    -1,    96,   141,    89,
-      97,    -1,    -1,    76,    -1,     6,    -1,    60,    -1,    -1,
-      27,    -1,    38,    -1,    86,   111,    84,   155,    -1,   145,
-      -1,    33,    -1,    78,    -1,    61,    -1,    81,    -1,    36,
-      -1,    10,    -1,    79,    -1,   148,    -1,   146,    91,   148,
-      -1,   146,    91,    85,    -1,    86,   111,    -1,   147,    -1,
-     147,    54,    -1,   147,    20,   155,    -1,   150,    -1,   149,
-      91,   150,    -1,    86,    92,    89,    93,    -1,   152,    -1,
-      -1,    94,   153,    95,    -1,    -1,   154,   153,    -1,    86,
-      92,    89,    93,    -1,    86,    -1,    89,    -1,   156,    -1,
-     157,    -1,   161,    -1,   160,    -1,   162,    -1,   165,    -1,
-     164,    -1,   158,    -1,   159,    -1,    86,    -1,    88,    -1,
-      71,    -1,    31,    -1,   163,    -1,    89,    -1,    49,    -1,
-     152,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint16 yyrline[] =
-{
-       0,   233,   233,   240,   241,   243,   245,   248,   250,   253,
-     254,   257,   258,   261,   262,   265,   266,   269,   280,   281,
-     284,   285,   288,   294,   302,   312,   313,   314,   317,   318,
-     319,   320,   321,   322,   323,   324,   325,   326,   327,   328,
-     329,   330,   333,   340,   350,   358,   366,   377,   382,   388,
-     396,   402,   407,   411,   424,   432,   435,   442,   450,   456,
-     465,   473,   474,   479,   485,   493,   502,   508,   516,   524,
-     531,   532,   535,   546,   551,   558,   574,   580,   583,   584,
-     587,   593,   601,   611,   617,   630,   639,   642,   646,   650,
-     657,   660,   664,   671,   682,   685,   690,   695,   700,   705,
-     710,   715,   723,   729,   734,   745,   756,   762,   768,   776,
-     782,   789,   802,   803,   806,   813,   816,   827,   831,   842,
-     848,   849,   852,   853,   854,   855,   856,   859,   862,   865,
-     876,   884,   890,   898,   906,   909,   914
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "kw_ABSENT", "kw_ABSTRACT_SYNTAX",
-  "kw_ALL", "kw_APPLICATION", "kw_AUTOMATIC", "kw_BEGIN", "kw_BIT",
-  "kw_BMPString", "kw_BOOLEAN", "kw_BY", "kw_CHARACTER", "kw_CHOICE",
-  "kw_CLASS", "kw_COMPONENT", "kw_COMPONENTS", "kw_CONSTRAINED",
-  "kw_CONTAINING", "kw_DEFAULT", "kw_DEFINITIONS", "kw_EMBEDDED",
-  "kw_ENCODED", "kw_END", "kw_ENUMERATED", "kw_EXCEPT", "kw_EXPLICIT",
-  "kw_EXPORTS", "kw_EXTENSIBILITY", "kw_EXTERNAL", "kw_FALSE", "kw_FROM",
-  "kw_GeneralString", "kw_GeneralizedTime", "kw_GraphicString",
-  "kw_IA5String", "kw_IDENTIFIER", "kw_IMPLICIT", "kw_IMPLIED",
-  "kw_IMPORTS", "kw_INCLUDES", "kw_INSTANCE", "kw_INTEGER",
-  "kw_INTERSECTION", "kw_ISO646String", "kw_MAX", "kw_MIN",
-  "kw_MINUS_INFINITY", "kw_NULL", "kw_NumericString", "kw_OBJECT",
-  "kw_OCTET", "kw_OF", "kw_OPTIONAL", "kw_ObjectDescriptor", "kw_PATTERN",
-  "kw_PDV", "kw_PLUS_INFINITY", "kw_PRESENT", "kw_PRIVATE",
-  "kw_PrintableString", "kw_REAL", "kw_RELATIVE_OID", "kw_SEQUENCE",
-  "kw_SET", "kw_SIZE", "kw_STRING", "kw_SYNTAX", "kw_T61String", "kw_TAGS",
-  "kw_TRUE", "kw_TYPE_IDENTIFIER", "kw_TeletexString", "kw_UNION",
-  "kw_UNIQUE", "kw_UNIVERSAL", "kw_UTCTime", "kw_UTF8String",
-  "kw_UniversalString", "kw_VideotexString", "kw_VisibleString", "kw_WITH",
-  "RANGE", "EEQUAL", "ELLIPSIS", "IDENTIFIER", "referencename", "STRING",
-  "NUMBER", "';'", "','", "'('", "')'", "'{'", "'}'", "'['", "']'",
-  "$accept", "ModuleDefinition", "TagDefault", "ExtensionDefault",
-  "ModuleBody", "Imports", "SymbolsImported", "SymbolsFromModuleList",
-  "SymbolsFromModule", "AssignmentList", "Assignment", "referencenames",
-  "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range",
-  "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType",
-  "Enumerations", "BitStringType", "ObjectIdentifierType",
-  "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType",
-  "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType",
-  "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec",
-  "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint",
-  "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment",
-  "CharacterStringType", "RestrictedCharactedStringType",
-  "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList",
-  "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value",
-  "BuiltinValue", "ReferencedValue", "DefinedValue", "Valuereference",
-  "CharacterStringValue", "BooleanValue", "IntegerValue", "SignedNumber",
-  "NullValue", "ObjectIdentifierValue", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
-     335,   336,   337,   338,   339,   340,   341,   342,   343,   344,
-      59,    44,    40,    41,   123,   125,    91,    93
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    98,    99,   100,   100,   100,   100,   101,   101,   102,
-     102,   103,   103,   104,   104,   105,   105,   106,   107,   107,
-     108,   108,   109,   109,   110,   111,   111,   111,   112,   112,
-     112,   112,   112,   112,   112,   112,   112,   112,   112,   112,
-     112,   112,   113,   114,   114,   114,   114,   115,   115,   115,
-     116,   116,   116,   117,   118,   119,   120,   120,   121,   122,
-     123,   124,   124,   125,   125,   126,   127,   127,   128,   129,
-     130,   130,   131,   132,   132,   133,   134,   135,   136,   136,
-     137,   137,   137,   138,   139,   140,   141,   141,   141,   141,
-     142,   142,   142,   143,   144,   145,   145,   145,   145,   145,
-     145,   145,   146,   146,   146,   147,   148,   148,   148,   149,
-     149,   150,   151,   151,   152,   153,   153,   154,   154,   154,
-     155,   155,   156,   156,   156,   156,   156,   157,   158,   159,
-     160,   161,   161,   162,   163,   164,   165
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     9,     2,     2,     2,     0,     2,     0,     2,
-       0,     3,     0,     1,     0,     1,     2,     4,     1,     2,
-       1,     1,     3,     1,     3,     1,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     5,     5,     5,     3,     1,     2,     4,
-       1,     3,     3,     4,     4,     1,     2,     5,     2,     3,
-       1,     0,     2,     4,     3,     4,     4,     3,     3,     4,
-       1,     1,     1,     1,     1,     2,     3,     1,     1,     1,
-       2,     3,     5,     4,     3,     4,     0,     1,     1,     1,
-       0,     1,     1,     4,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     3,     3,     2,     1,     2,     3,     1,
-       3,     4,     1,     0,     3,     0,     2,     4,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       0,   113,     0,   115,     0,   112,     1,   118,   119,     0,
-     115,     6,     0,   114,   116,     0,     0,     0,     8,     0,
-       5,     3,     4,     0,     0,   117,     7,     0,    10,    14,
-       0,     0,    23,     0,    13,    15,     0,     2,     0,     9,
-      18,    20,    21,     0,    11,    16,     0,     0,   100,    42,
-       0,     0,    95,    73,    99,    47,    60,     0,     0,    97,
-      61,     0,    74,    96,   101,    98,     0,    72,    86,     0,
-      25,    29,    33,    32,    28,    35,    36,    34,    37,    38,
-      39,    40,    31,    26,    70,    71,    27,    41,    90,    30,
-      94,    19,    22,   113,    56,     0,     0,     0,     0,    48,
-      58,    61,     0,     0,     0,     0,     0,    24,    88,    89,
-      87,     0,     0,     0,    75,    91,    92,     0,    17,     0,
-       0,     0,   106,   102,     0,    55,    50,     0,   132,     0,
-     135,   131,   129,   130,   134,   136,     0,   120,   121,   127,
-     128,   123,   122,   124,   133,   126,   125,     0,    59,    62,
-      64,     0,     0,    68,    67,     0,     0,    93,     0,     0,
-       0,     0,    77,    78,    79,    84,     0,     0,   109,   105,
-       0,    69,     0,   107,     0,     0,    54,     0,     0,    46,
-      49,    63,    65,    66,    85,     0,    80,     0,    76,     0,
-       0,    57,   104,   103,   108,     0,    52,    51,     0,     0,
-       0,     0,     0,    81,     0,   110,    53,    45,    44,    43,
-      83,     0,   111,    82
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int16 yydefgoto[] =
-{
-      -1,     2,    18,    24,    30,    31,    33,    34,    35,    39,
-      40,    36,    41,    69,    70,    71,    99,    72,   125,   126,
-      73,   127,    74,    75,    76,    77,   104,    78,    79,    80,
-      81,    82,    83,    84,    85,    86,   114,   161,   162,   163,
-     164,    87,    88,   111,   117,    42,    89,    90,   121,   122,
-     123,   167,   168,     4,   135,     9,    10,   136,   137,   138,
-     139,   140,   141,   142,   143,   144,   145,   146
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -113
-static const yytype_int16 yypact[] =
-{
-     -74,   -67,    38,   -69,    23,  -113,  -113,   -44,  -113,   -41,
-     -69,     4,   -26,  -113,  -113,    -3,     1,    10,    52,   -10,
-    -113,  -113,  -113,    45,    13,  -113,  -113,    77,   -35,    15,
-      64,    19,    17,    20,    15,  -113,    85,  -113,    25,  -113,
-      19,  -113,  -113,    15,  -113,  -113,    27,    47,  -113,  -113,
-      26,    29,  -113,  -113,  -113,   -30,  -113,    89,    61,  -113,
-     -57,   -47,  -113,  -113,  -113,  -113,    82,  -113,    -4,   -68,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   -17,  -113,
-    -113,  -113,  -113,   -67,    35,    33,    46,    51,    46,  -113,
-    -113,    69,    44,   -73,    88,    82,   -72,    56,  -113,  -113,
-    -113,    49,    93,     7,  -113,  -113,  -113,    82,  -113,    58,
-      82,   -76,   -13,  -113,    57,    59,  -113,    60,  -113,    68,
-    -113,  -113,  -113,  -113,  -113,  -113,   -75,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,   -63,  -113,  -113,
-    -113,   -62,    82,    56,  -113,   -46,    65,  -113,   141,    82,
-     142,    63,  -113,  -113,  -113,    56,    66,   -38,  -113,    56,
-     -16,  -113,    93,  -113,    76,    -7,  -113,    93,    81,  -113,
-    -113,  -113,    56,  -113,  -113,    72,   -19,    93,  -113,    83,
-      58,  -113,  -113,  -113,  -113,    78,  -113,  -113,    80,    84,
-      87,    62,   162,  -113,    90,  -113,  -113,  -113,  -113,  -113,
-    -113,    93,  -113,  -113
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int16 yypgoto[] =
-{
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   150,   136,
-    -113,   143,  -113,   -65,  -113,  -113,    86,  -113,    91,    16,
-    -113,  -113,  -113,  -113,  -113,  -113,    92,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   -60,  -113,
-      22,  -113,    -5,    97,     2,   184,  -113,  -112,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,    21,  -113,  -113
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -13
-static const yytype_int16 yytable[] =
-{
-     157,   107,   108,     5,   202,    29,   105,   172,   178,   102,
-     115,    15,     1,   120,   120,   170,   112,     7,   179,   171,
-       8,   116,   150,   154,   113,   158,   159,     3,   175,   170,
-     160,    16,   180,   181,    47,    48,    49,   103,     6,    50,
-     153,   173,    17,   151,    11,   170,   155,   106,    12,   183,
-      51,   -12,   165,   190,    13,   169,   109,   191,    52,    53,
-     194,    54,    97,    19,    98,   198,   200,    20,    55,   192,
-     120,    21,   110,   113,    56,   203,    57,    58,   196,   124,
-      22,    23,   128,    25,    26,    28,    59,   182,    37,    60,
-      61,    47,    48,    49,   186,     5,    50,    27,   129,   213,
-     130,    32,    62,    63,    64,    38,    65,    51,    43,    66,
-      44,    67,   128,    93,    94,    52,    53,    46,    54,   120,
-      95,    68,   131,    96,   128,    55,   100,   199,   101,   119,
-     130,    56,   124,    57,    58,   102,    97,   132,   156,   133,
-     134,   152,   130,    59,   166,     3,    60,    61,   113,   174,
-     175,   177,   131,   185,   187,   176,   188,   210,   189,    62,
-      63,    64,   184,    65,   131,   134,   201,   132,    67,   133,
-     134,   206,   204,   207,   211,     3,    91,   208,    68,   132,
-     209,   133,   134,   212,    45,   205,    92,     3,   149,   147,
-     118,   197,   193,   148,    14,   195
-};
-
-static const yytype_uint8 yycheck[] =
-{
-     112,    66,     6,     1,    23,    40,    53,    20,    83,    66,
-      27,     7,    86,    86,    86,    91,    84,    86,    93,    95,
-      89,    38,    95,    95,    92,    18,    19,    94,    91,    91,
-      23,    27,    95,    95,     9,    10,    11,    94,     0,    14,
-     105,    54,    38,   103,    21,    91,   106,    94,    92,    95,
-      25,    86,   117,    91,    95,   120,    60,    95,    33,    34,
-     172,    36,    92,    89,    94,   177,   178,    70,    43,    85,
-      86,    70,    76,    92,    49,   187,    51,    52,    85,    86,
-      70,    29,    31,    93,    39,     8,    61,   152,    24,    64,
-      65,     9,    10,    11,   159,    93,    14,    84,    47,   211,
-      49,    86,    77,    78,    79,    86,    81,    25,    91,    84,
-      90,    86,    31,    86,    67,    33,    34,    32,    36,    86,
-      94,    96,    71,    94,    31,    43,    37,    46,    67,    94,
-      49,    49,    86,    51,    52,    66,    92,    86,    89,    88,
-      89,    53,    49,    61,    86,    94,    64,    65,    92,    92,
-      91,    83,    71,    12,    12,    95,    93,    95,    92,    77,
-      78,    79,    97,    81,    71,    89,    94,    86,    86,    88,
-      89,    93,    89,    93,    12,    94,    40,    93,    96,    86,
-      93,    88,    89,    93,    34,   190,    43,    94,   102,    98,
-      93,   175,   170,   101,    10,   174
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,    86,    99,    94,   151,   152,     0,    86,    89,   153,
-     154,    21,    92,    95,   153,     7,    27,    38,   100,    89,
-      70,    70,    70,    29,   101,    93,    39,    84,     8,    40,
-     102,   103,    86,   104,   105,   106,   109,    24,    86,   107,
-     108,   110,   143,    91,    90,   106,    32,     9,    10,    11,
-      14,    25,    33,    34,    36,    43,    49,    51,    52,    61,
-      64,    65,    77,    78,    79,    81,    84,    86,    96,   111,
-     112,   113,   115,   118,   120,   121,   122,   123,   125,   126,
-     127,   128,   129,   130,   131,   132,   133,   139,   140,   144,
-     145,   107,   109,    86,    67,    94,    94,    92,    94,   114,
-      37,    67,    66,    94,   124,    53,    94,   111,     6,    60,
-      76,   141,    84,    92,   134,    27,    38,   142,   151,    94,
-      86,   146,   147,   148,    86,   116,   117,   119,    31,    47,
-      49,    71,    86,    88,    89,   152,   155,   156,   157,   158,
-     159,   160,   161,   162,   163,   164,   165,   116,   124,   114,
-      95,   146,    53,   111,    95,   146,    89,   155,    18,    19,
-      23,   135,   136,   137,   138,   111,    86,   149,   150,   111,
-      91,    95,    20,    54,    92,    91,    95,    83,    83,    93,
-      95,    95,   111,    95,    97,    12,   111,    12,    93,    92,
-      91,    95,    85,   148,   155,   163,    85,   117,   155,    46,
-     155,    94,    23,   155,    89,   150,    93,    93,    93,    93,
-      95,    12,    93,   155
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 2:
-#line 235 "parse.y"
-    {
-			checkundefined();
-		}
-    break;
-
-  case 4:
-#line 242 "parse.y"
-    { error_message("implicit tagging is not supported"); }
-    break;
-
-  case 5:
-#line 244 "parse.y"
-    { error_message("automatic tagging is not supported"); }
-    break;
-
-  case 7:
-#line 249 "parse.y"
-    { error_message("no extensibility options supported"); }
-    break;
-
-  case 17:
-#line 270 "parse.y"
-    { 
-		    struct string_list *sl;
-		    for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) {
-			Symbol *s = addsym(sl->string);
-			s->stype = Stype;
-		    }
-		    add_import((yyvsp[(3) - (4)].name));
-		}
-    break;
-
-  case 22:
-#line 289 "parse.y"
-    {
-		    (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
-		    (yyval.sl)->string = (yyvsp[(1) - (3)].name);
-		    (yyval.sl)->next = (yyvsp[(3) - (3)].sl);
-		}
-    break;
-
-  case 23:
-#line 295 "parse.y"
-    {
-		    (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
-		    (yyval.sl)->string = (yyvsp[(1) - (1)].name);
-		    (yyval.sl)->next = NULL;
-		}
-    break;
-
-  case 24:
-#line 303 "parse.y"
-    {
-		    Symbol *s = addsym ((yyvsp[(1) - (3)].name));
-		    s->stype = Stype;
-		    s->type = (yyvsp[(3) - (3)].type);
-		    fix_labels(s);
-		    generate_type (s);
-		}
-    break;
-
-  case 42:
-#line 334 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, 
-				     TE_EXPLICIT, new_type(TBoolean));
-		}
-    break;
-
-  case 43:
-#line 341 "parse.y"
-    {
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer used in first part of range");
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
-		}
-    break;
-
-  case 44:
-#line 351 "parse.y"
-    {		
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer in first part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1;
-		}
-    break;
-
-  case 45:
-#line 359 "parse.y"
-    {		
-		    if((yyvsp[(4) - (5)].value)->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2;
-		    (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
-		}
-    break;
-
-  case 46:
-#line 367 "parse.y"
-    {
-		    if((yyvsp[(2) - (3)].value)->type != integervalue)
-			error_message("Non-integer used in limit");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue;
-		}
-    break;
-
-  case 47:
-#line 378 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, 
-				     TE_EXPLICIT, new_type(TInteger));
-		}
-    break;
-
-  case 48:
-#line 383 "parse.y"
-    {
-			(yyval.type) = new_type(TInteger);
-			(yyval.type)->range = (yyvsp[(2) - (2)].range);
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 49:
-#line 389 "parse.y"
-    {
-		  (yyval.type) = new_type(TInteger);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 50:
-#line 397 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 51:
-#line 403 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 52:
-#line 408 "parse.y"
-    { (yyval.members) = (yyvsp[(1) - (3)].members); }
-    break;
-
-  case 53:
-#line 412 "parse.y"
-    {
-			(yyval.member) = emalloc(sizeof(*(yyval.member)));
-			(yyval.member)->name = (yyvsp[(1) - (4)].name);
-			(yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
-			output_name ((yyval.member)->gen_name);
-			(yyval.member)->val = (yyvsp[(3) - (4)].constant);
-			(yyval.member)->optional = 0;
-			(yyval.member)->ellipsis = 0;
-			(yyval.member)->type = NULL;
-		}
-    break;
-
-  case 54:
-#line 425 "parse.y"
-    {
-		  (yyval.type) = new_type(TInteger);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 56:
-#line 436 "parse.y"
-    {
-		  (yyval.type) = new_type(TBitString);
-		  (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
-		  ASN1_TAILQ_INIT((yyval.type)->members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 57:
-#line 443 "parse.y"
-    {
-		  (yyval.type) = new_type(TBitString);
-		  (yyval.type)->members = (yyvsp[(4) - (5)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 58:
-#line 451 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, 
-				     TE_EXPLICIT, new_type(TOID));
-		}
-    break;
-
-  case 59:
-#line 457 "parse.y"
-    {
-		    Type *t = new_type(TOctetString);
-		    t->range = (yyvsp[(3) - (3)].range);
-		    (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, 
-				 TE_EXPLICIT, t);
-		}
-    break;
-
-  case 60:
-#line 466 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, 
-				     TE_EXPLICIT, new_type(TNull));
-		}
-    break;
-
-  case 61:
-#line 473 "parse.y"
-    { (yyval.range) = NULL; }
-    break;
-
-  case 62:
-#line 475 "parse.y"
-    { (yyval.range) = (yyvsp[(2) - (2)].range); }
-    break;
-
-  case 63:
-#line 480 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequence);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 64:
-#line 486 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequence);
-		  (yyval.type)->members = NULL;
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 65:
-#line 494 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequenceOf);
-		  (yyval.type)->range = (yyvsp[(2) - (4)].range);
-		  (yyval.type)->subtype = (yyvsp[(4) - (4)].type);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 66:
-#line 503 "parse.y"
-    {
-		  (yyval.type) = new_type(TSet);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 67:
-#line 509 "parse.y"
-    {
-		  (yyval.type) = new_type(TSet);
-		  (yyval.type)->members = NULL;
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 68:
-#line 517 "parse.y"
-    {
-		  (yyval.type) = new_type(TSetOf);
-		  (yyval.type)->subtype = (yyvsp[(3) - (3)].type);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 69:
-#line 525 "parse.y"
-    {
-		  (yyval.type) = new_type(TChoice);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		}
-    break;
-
-  case 72:
-#line 536 "parse.y"
-    {
-		  Symbol *s = addsym((yyvsp[(1) - (1)].name));
-		  (yyval.type) = new_type(TType);
-		  if(s->stype != Stype && s->stype != SUndefined)
-		    error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name));
-		  else
-		    (yyval.type)->symbol = s;
-		}
-    break;
-
-  case 73:
-#line 547 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, 
-				     TE_EXPLICIT, new_type(TGeneralizedTime));
-		}
-    break;
-
-  case 74:
-#line 552 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, 
-				     TE_EXPLICIT, new_type(TUTCTime));
-		}
-    break;
-
-  case 75:
-#line 559 "parse.y"
-    {
-		    /* if (Constraint.type == contentConstrant) {
-		       assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
-		       if (Constraint.u.constraint.type) {
-		         assert((Constraint.u.constraint.type.length % 8) == 0);
-		       }
-		      }
-		      if (Constraint.u.constraint.encoding) {
-		        type == der-oid|ber-oid
-		      }
-		    */
-		}
-    break;
-
-  case 76:
-#line 575 "parse.y"
-    {
-		    (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec);
-		}
-    break;
-
-  case 80:
-#line 588 "parse.y"
-    {
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type);
-		    (yyval.constraint_spec)->u.content.encoding = NULL;
-		}
-    break;
-
-  case 81:
-#line 594 "parse.y"
-    {
-		    if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = NULL;
-		    (yyval.constraint_spec)->u.content.encoding = (yyvsp[(3) - (3)].value);
-		}
-    break;
-
-  case 82:
-#line 602 "parse.y"
-    {
-		    if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (5)].type);
-		    (yyval.constraint_spec)->u.content.encoding = (yyvsp[(5) - (5)].value);
-		}
-    break;
-
-  case 83:
-#line 612 "parse.y"
-    {
-		    (yyval.constraint_spec) = new_constraint_spec(CT_USER);
-		}
-    break;
-
-  case 84:
-#line 618 "parse.y"
-    {
-			(yyval.type) = new_type(TTag);
-			(yyval.type)->tag = (yyvsp[(1) - (3)].tag);
-			(yyval.type)->tag.tagenv = (yyvsp[(2) - (3)].constant);
-			if((yyvsp[(3) - (3)].type)->type == TTag && (yyvsp[(2) - (3)].constant) == TE_IMPLICIT) {
-				(yyval.type)->subtype = (yyvsp[(3) - (3)].type)->subtype;
-				free((yyvsp[(3) - (3)].type));
-			} else
-				(yyval.type)->subtype = (yyvsp[(3) - (3)].type);
-		}
-    break;
-
-  case 85:
-#line 631 "parse.y"
-    {
-			(yyval.tag).tagclass = (yyvsp[(2) - (4)].constant);
-			(yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant);
-			(yyval.tag).tagenv = TE_EXPLICIT;
-		}
-    break;
-
-  case 86:
-#line 639 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_CONTEXT;
-		}
-    break;
-
-  case 87:
-#line 643 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_UNIV;
-		}
-    break;
-
-  case 88:
-#line 647 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_APPL;
-		}
-    break;
-
-  case 89:
-#line 651 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_PRIVATE;
-		}
-    break;
-
-  case 90:
-#line 657 "parse.y"
-    {
-			(yyval.constant) = TE_EXPLICIT;
-		}
-    break;
-
-  case 91:
-#line 661 "parse.y"
-    {
-			(yyval.constant) = TE_EXPLICIT;
-		}
-    break;
-
-  case 92:
-#line 665 "parse.y"
-    {
-			(yyval.constant) = TE_IMPLICIT;
-		}
-    break;
-
-  case 93:
-#line 672 "parse.y"
-    {
-			Symbol *s;
-			s = addsym ((yyvsp[(1) - (4)].name));
-
-			s->stype = SValue;
-			s->value = (yyvsp[(4) - (4)].value);
-			generate_constant (s);
-		}
-    break;
-
-  case 95:
-#line 686 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, 
-				     TE_EXPLICIT, new_type(TGeneralString));
-		}
-    break;
-
-  case 96:
-#line 691 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, 
-				     TE_EXPLICIT, new_type(TUTF8String));
-		}
-    break;
-
-  case 97:
-#line 696 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, 
-				     TE_EXPLICIT, new_type(TPrintableString));
-		}
-    break;
-
-  case 98:
-#line 701 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, 
-				     TE_EXPLICIT, new_type(TVisibleString));
-		}
-    break;
-
-  case 99:
-#line 706 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, 
-				     TE_EXPLICIT, new_type(TIA5String));
-		}
-    break;
-
-  case 100:
-#line 711 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, 
-				     TE_EXPLICIT, new_type(TBMPString));
-		}
-    break;
-
-  case 101:
-#line 716 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, 
-				     TE_EXPLICIT, new_type(TUniversalString));
-		}
-    break;
-
-  case 102:
-#line 724 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 103:
-#line 730 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 104:
-#line 735 "parse.y"
-    {
-		        struct member *m = ecalloc(1, sizeof(*m));
-			m->name = estrdup("...");
-			m->gen_name = estrdup("asn1_ellipsis");
-			m->ellipsis = 1;
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), m, members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 105:
-#line 746 "parse.y"
-    {
-		  (yyval.member) = emalloc(sizeof(*(yyval.member)));
-		  (yyval.member)->name = (yyvsp[(1) - (2)].name);
-		  (yyval.member)->gen_name = estrdup((yyvsp[(1) - (2)].name));
-		  output_name ((yyval.member)->gen_name);
-		  (yyval.member)->type = (yyvsp[(2) - (2)].type);
-		  (yyval.member)->ellipsis = 0;
-		}
-    break;
-
-  case 106:
-#line 757 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (1)].member);
-			(yyval.member)->optional = 0;
-			(yyval.member)->defval = NULL;
-		}
-    break;
-
-  case 107:
-#line 763 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (2)].member);
-			(yyval.member)->optional = 1;
-			(yyval.member)->defval = NULL;
-		}
-    break;
-
-  case 108:
-#line 769 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (3)].member);
-			(yyval.member)->optional = 0;
-			(yyval.member)->defval = (yyvsp[(3) - (3)].value);
-		}
-    break;
-
-  case 109:
-#line 777 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 110:
-#line 783 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 111:
-#line 790 "parse.y"
-    {
-		  (yyval.member) = emalloc(sizeof(*(yyval.member)));
-		  (yyval.member)->name = (yyvsp[(1) - (4)].name);
-		  (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
-		  output_name ((yyval.member)->gen_name);
-		  (yyval.member)->val = (yyvsp[(3) - (4)].constant);
-		  (yyval.member)->optional = 0;
-		  (yyval.member)->ellipsis = 0;
-		  (yyval.member)->type = NULL;
-		}
-    break;
-
-  case 113:
-#line 803 "parse.y"
-    { (yyval.objid) = NULL; }
-    break;
-
-  case 114:
-#line 807 "parse.y"
-    {
-			(yyval.objid) = (yyvsp[(2) - (3)].objid);
-		}
-    break;
-
-  case 115:
-#line 813 "parse.y"
-    {
-			(yyval.objid) = NULL;
-		}
-    break;
-
-  case 116:
-#line 817 "parse.y"
-    {
-		        if ((yyvsp[(2) - (2)].objid)) {
-				(yyval.objid) = (yyvsp[(2) - (2)].objid);
-				add_oid_to_tail((yyvsp[(2) - (2)].objid), (yyvsp[(1) - (2)].objid));
-			} else {
-				(yyval.objid) = (yyvsp[(1) - (2)].objid);
-			}
-		}
-    break;
-
-  case 117:
-#line 828 "parse.y"
-    {
-			(yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant));
-		}
-    break;
-
-  case 118:
-#line 832 "parse.y"
-    {
-		    Symbol *s = addsym((yyvsp[(1) - (1)].name));
-		    if(s->stype != SValue ||
-		       s->value->type != objectidentifiervalue) {
-			error_message("%s is not an object identifier\n", 
-				      s->name);
-			exit(1);
-		    }
-		    (yyval.objid) = s->value->u.objectidentifiervalue;
-		}
-    break;
-
-  case 119:
-#line 843 "parse.y"
-    {
-		    (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant));
-		}
-    break;
-
-  case 129:
-#line 866 "parse.y"
-    {
-			Symbol *s = addsym((yyvsp[(1) - (1)].name));
-			if(s->stype != SValue)
-				error_message ("%s is not a value\n",
-						s->name);
-			else
-				(yyval.value) = s->value;
-		}
-    break;
-
-  case 130:
-#line 877 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = stringvalue;
-			(yyval.value)->u.stringvalue = (yyvsp[(1) - (1)].name);
-		}
-    break;
-
-  case 131:
-#line 885 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = booleanvalue;
-			(yyval.value)->u.booleanvalue = 0;
-		}
-    break;
-
-  case 132:
-#line 891 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = booleanvalue;
-			(yyval.value)->u.booleanvalue = 0;
-		}
-    break;
-
-  case 133:
-#line 899 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = integervalue;
-			(yyval.value)->u.integervalue = (yyvsp[(1) - (1)].constant);
-		}
-    break;
-
-  case 135:
-#line 910 "parse.y"
-    {
-		}
-    break;
-
-  case 136:
-#line 915 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = objectidentifiervalue;
-			(yyval.value)->u.objectidentifiervalue = (yyvsp[(1) - (1)].objid);
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 2523 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 922 "parse.y"
-
-
-void
-yyerror (const char *s)
-{
-     error_message ("%s\n", s);
-}
-
-static Type *
-new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
-{
-    Type *t;
-    if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
-	t = oldtype;
-	oldtype = oldtype->subtype; /* XXX */
-    } else
-	t = new_type (TTag);
-    
-    t->tag.tagclass = tagclass;
-    t->tag.tagvalue = tagvalue;
-    t->tag.tagenv = tagenv;
-    t->subtype = oldtype;
-    return t;
-}
-
-static struct objid *
-new_objid(const char *label, int value)
-{
-    struct objid *s;
-    s = emalloc(sizeof(*s));
-    s->label = label;
-    s->value = value;
-    s->next = NULL;
-    return s;
-}
-
-static void
-add_oid_to_tail(struct objid *head, struct objid *tail)
-{
-    struct objid *o;
-    o = head;
-    while (o->next)
-	o = o->next;
-    o->next = tail;
-}
-
-static Type *
-new_type (Typetype tt)
-{
-    Type *t = ecalloc(1, sizeof(*t));
-    t->type = tt;
-    return t;
-}
-
-static struct constraint_spec *
-new_constraint_spec(enum ctype ct)
-{
-    struct constraint_spec *c = ecalloc(1, sizeof(*c));
-    c->ctype = ct;
-    return c;
-}
-
-static void fix_labels2(Type *t, const char *prefix);
-static void fix_labels1(struct memhead *members, const char *prefix)
-{
-    Member *m;
-
-    if(members == NULL)
-	return;
-    ASN1_TAILQ_FOREACH(m, members, members) {
-	asprintf(&m->label, "%s_%s", prefix, m->gen_name);
-	if (m->label == NULL)
-	    errx(1, "malloc");
-	if(m->type != NULL)
-	    fix_labels2(m->type, m->label);
-    }
-}
-
-static void fix_labels2(Type *t, const char *prefix)
-{
-    for(; t; t = t->subtype)
-	fix_labels1(t->members, prefix);
-}
-
-static void
-fix_labels(Symbol *s)
-{
-    char *p;
-    asprintf(&p, "choice_%s", s->gen_name);
-    if (p == NULL)
-	errx(1, "malloc");
-    fix_labels2(s->type, p);
-    free(p);
-}
-
diff --git a/crypto/heimdal/lib/asn1/parse.h b/crypto/heimdal/lib/asn1/parse.h
deleted file mode 100644
index 45b06c5..0000000
--- a/crypto/heimdal/lib/asn1/parse.h
+++ /dev/null
@@ -1,249 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     kw_ABSENT = 258,
-     kw_ABSTRACT_SYNTAX = 259,
-     kw_ALL = 260,
-     kw_APPLICATION = 261,
-     kw_AUTOMATIC = 262,
-     kw_BEGIN = 263,
-     kw_BIT = 264,
-     kw_BMPString = 265,
-     kw_BOOLEAN = 266,
-     kw_BY = 267,
-     kw_CHARACTER = 268,
-     kw_CHOICE = 269,
-     kw_CLASS = 270,
-     kw_COMPONENT = 271,
-     kw_COMPONENTS = 272,
-     kw_CONSTRAINED = 273,
-     kw_CONTAINING = 274,
-     kw_DEFAULT = 275,
-     kw_DEFINITIONS = 276,
-     kw_EMBEDDED = 277,
-     kw_ENCODED = 278,
-     kw_END = 279,
-     kw_ENUMERATED = 280,
-     kw_EXCEPT = 281,
-     kw_EXPLICIT = 282,
-     kw_EXPORTS = 283,
-     kw_EXTENSIBILITY = 284,
-     kw_EXTERNAL = 285,
-     kw_FALSE = 286,
-     kw_FROM = 287,
-     kw_GeneralString = 288,
-     kw_GeneralizedTime = 289,
-     kw_GraphicString = 290,
-     kw_IA5String = 291,
-     kw_IDENTIFIER = 292,
-     kw_IMPLICIT = 293,
-     kw_IMPLIED = 294,
-     kw_IMPORTS = 295,
-     kw_INCLUDES = 296,
-     kw_INSTANCE = 297,
-     kw_INTEGER = 298,
-     kw_INTERSECTION = 299,
-     kw_ISO646String = 300,
-     kw_MAX = 301,
-     kw_MIN = 302,
-     kw_MINUS_INFINITY = 303,
-     kw_NULL = 304,
-     kw_NumericString = 305,
-     kw_OBJECT = 306,
-     kw_OCTET = 307,
-     kw_OF = 308,
-     kw_OPTIONAL = 309,
-     kw_ObjectDescriptor = 310,
-     kw_PATTERN = 311,
-     kw_PDV = 312,
-     kw_PLUS_INFINITY = 313,
-     kw_PRESENT = 314,
-     kw_PRIVATE = 315,
-     kw_PrintableString = 316,
-     kw_REAL = 317,
-     kw_RELATIVE_OID = 318,
-     kw_SEQUENCE = 319,
-     kw_SET = 320,
-     kw_SIZE = 321,
-     kw_STRING = 322,
-     kw_SYNTAX = 323,
-     kw_T61String = 324,
-     kw_TAGS = 325,
-     kw_TRUE = 326,
-     kw_TYPE_IDENTIFIER = 327,
-     kw_TeletexString = 328,
-     kw_UNION = 329,
-     kw_UNIQUE = 330,
-     kw_UNIVERSAL = 331,
-     kw_UTCTime = 332,
-     kw_UTF8String = 333,
-     kw_UniversalString = 334,
-     kw_VideotexString = 335,
-     kw_VisibleString = 336,
-     kw_WITH = 337,
-     RANGE = 338,
-     EEQUAL = 339,
-     ELLIPSIS = 340,
-     IDENTIFIER = 341,
-     referencename = 342,
-     STRING = 343,
-     NUMBER = 344
-   };
-#endif
-/* Tokens.  */
-#define kw_ABSENT 258
-#define kw_ABSTRACT_SYNTAX 259
-#define kw_ALL 260
-#define kw_APPLICATION 261
-#define kw_AUTOMATIC 262
-#define kw_BEGIN 263
-#define kw_BIT 264
-#define kw_BMPString 265
-#define kw_BOOLEAN 266
-#define kw_BY 267
-#define kw_CHARACTER 268
-#define kw_CHOICE 269
-#define kw_CLASS 270
-#define kw_COMPONENT 271
-#define kw_COMPONENTS 272
-#define kw_CONSTRAINED 273
-#define kw_CONTAINING 274
-#define kw_DEFAULT 275
-#define kw_DEFINITIONS 276
-#define kw_EMBEDDED 277
-#define kw_ENCODED 278
-#define kw_END 279
-#define kw_ENUMERATED 280
-#define kw_EXCEPT 281
-#define kw_EXPLICIT 282
-#define kw_EXPORTS 283
-#define kw_EXTENSIBILITY 284
-#define kw_EXTERNAL 285
-#define kw_FALSE 286
-#define kw_FROM 287
-#define kw_GeneralString 288
-#define kw_GeneralizedTime 289
-#define kw_GraphicString 290
-#define kw_IA5String 291
-#define kw_IDENTIFIER 292
-#define kw_IMPLICIT 293
-#define kw_IMPLIED 294
-#define kw_IMPORTS 295
-#define kw_INCLUDES 296
-#define kw_INSTANCE 297
-#define kw_INTEGER 298
-#define kw_INTERSECTION 299
-#define kw_ISO646String 300
-#define kw_MAX 301
-#define kw_MIN 302
-#define kw_MINUS_INFINITY 303
-#define kw_NULL 304
-#define kw_NumericString 305
-#define kw_OBJECT 306
-#define kw_OCTET 307
-#define kw_OF 308
-#define kw_OPTIONAL 309
-#define kw_ObjectDescriptor 310
-#define kw_PATTERN 311
-#define kw_PDV 312
-#define kw_PLUS_INFINITY 313
-#define kw_PRESENT 314
-#define kw_PRIVATE 315
-#define kw_PrintableString 316
-#define kw_REAL 317
-#define kw_RELATIVE_OID 318
-#define kw_SEQUENCE 319
-#define kw_SET 320
-#define kw_SIZE 321
-#define kw_STRING 322
-#define kw_SYNTAX 323
-#define kw_T61String 324
-#define kw_TAGS 325
-#define kw_TRUE 326
-#define kw_TYPE_IDENTIFIER 327
-#define kw_TeletexString 328
-#define kw_UNION 329
-#define kw_UNIQUE 330
-#define kw_UNIVERSAL 331
-#define kw_UTCTime 332
-#define kw_UTF8String 333
-#define kw_UniversalString 334
-#define kw_VideotexString 335
-#define kw_VisibleString 336
-#define kw_WITH 337
-#define RANGE 338
-#define EEQUAL 339
-#define ELLIPSIS 340
-#define IDENTIFIER 341
-#define referencename 342
-#define STRING 343
-#define NUMBER 344
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 65 "parse.y"
-{
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-/* Line 1529 of yacc.c.  */
-#line 242 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/asn1/parse.y b/crypto/heimdal/lib/asn1/parse.y
deleted file mode 100644
index 772f2b1..0000000
--- a/crypto/heimdal/lib/asn1/parse.y
+++ /dev/null
@@ -1,1015 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */
-
-%{
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-#include "der.h"
-
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
-
-static Type *new_type (Typetype t);
-static struct constraint_spec *new_constraint_spec(enum ctype);
-static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
-void yyerror (const char *);
-static struct objid *new_objid(const char *label, int value);
-static void add_oid_to_tail(struct objid *, struct objid *);
-static void fix_labels(Symbol *s);
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-};
-
-%}
-
-%union {
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-
-%token kw_ABSENT
-%token kw_ABSTRACT_SYNTAX
-%token kw_ALL
-%token kw_APPLICATION
-%token kw_AUTOMATIC
-%token kw_BEGIN
-%token kw_BIT
-%token kw_BMPString
-%token kw_BOOLEAN
-%token kw_BY
-%token kw_CHARACTER
-%token kw_CHOICE
-%token kw_CLASS
-%token kw_COMPONENT
-%token kw_COMPONENTS
-%token kw_CONSTRAINED
-%token kw_CONTAINING
-%token kw_DEFAULT
-%token kw_DEFINITIONS
-%token kw_EMBEDDED
-%token kw_ENCODED
-%token kw_END
-%token kw_ENUMERATED
-%token kw_EXCEPT
-%token kw_EXPLICIT
-%token kw_EXPORTS
-%token kw_EXTENSIBILITY
-%token kw_EXTERNAL
-%token kw_FALSE
-%token kw_FROM
-%token kw_GeneralString
-%token kw_GeneralizedTime
-%token kw_GraphicString
-%token kw_IA5String
-%token kw_IDENTIFIER
-%token kw_IMPLICIT
-%token kw_IMPLIED
-%token kw_IMPORTS
-%token kw_INCLUDES
-%token kw_INSTANCE
-%token kw_INTEGER
-%token kw_INTERSECTION
-%token kw_ISO646String
-%token kw_MAX
-%token kw_MIN
-%token kw_MINUS_INFINITY
-%token kw_NULL
-%token kw_NumericString
-%token kw_OBJECT
-%token kw_OCTET
-%token kw_OF
-%token kw_OPTIONAL
-%token kw_ObjectDescriptor
-%token kw_PATTERN
-%token kw_PDV
-%token kw_PLUS_INFINITY
-%token kw_PRESENT
-%token kw_PRIVATE
-%token kw_PrintableString
-%token kw_REAL
-%token kw_RELATIVE_OID
-%token kw_SEQUENCE
-%token kw_SET
-%token kw_SIZE
-%token kw_STRING
-%token kw_SYNTAX
-%token kw_T61String
-%token kw_TAGS
-%token kw_TRUE
-%token kw_TYPE_IDENTIFIER
-%token kw_TeletexString
-%token kw_UNION
-%token kw_UNIQUE
-%token kw_UNIVERSAL
-%token kw_UTCTime
-%token kw_UTF8String
-%token kw_UniversalString
-%token kw_VideotexString
-%token kw_VisibleString
-%token kw_WITH
-
-%token RANGE
-%token EEQUAL
-%token ELLIPSIS
-
-%token <name> IDENTIFIER  referencename
-%token <name> STRING
-
-%token <constant> NUMBER
-%type <constant> SignedNumber
-%type <constant> Class tagenv
-
-%type <value> Value
-%type <value> BuiltinValue
-%type <value> IntegerValue
-%type <value> BooleanValue
-%type <value> ObjectIdentifierValue
-%type <value> CharacterStringValue
-%type <value> NullValue
-%type <value> DefinedValue
-%type <value> ReferencedValue
-%type <value> Valuereference
-
-%type <type> Type
-%type <type> BuiltinType
-%type <type> BitStringType
-%type <type> BooleanType
-%type <type> ChoiceType
-%type <type> ConstrainedType
-%type <type> EnumeratedType
-%type <type> IntegerType
-%type <type> NullType
-%type <type> OctetStringType
-%type <type> SequenceType
-%type <type> SequenceOfType
-%type <type> SetType
-%type <type> SetOfType
-%type <type> TaggedType
-%type <type> ReferencedType
-%type <type> DefinedType
-%type <type> UsefulType
-%type <type> ObjectIdentifierType
-%type <type> CharacterStringType
-%type <type> RestrictedCharactedStringType
-
-%type <tag> Tag
-
-%type <member> ComponentType
-%type <member> NamedBit
-%type <member> NamedNumber
-%type <member> NamedType
-%type <members> ComponentTypeList 
-%type <members> Enumerations
-%type <members> NamedBitList
-%type <members> NamedNumberList
-
-%type <objid> objid objid_list objid_element objid_opt
-%type <range> range size
-
-%type <sl> referencenames
-
-%type <constraint_spec> Constraint
-%type <constraint_spec> ConstraintSpec
-%type <constraint_spec> GeneralConstraint
-%type <constraint_spec> ContentsConstraint
-%type <constraint_spec> UserDefinedConstraint
-
-
-
-%start ModuleDefinition
-
-%%
-
-ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault
-			EEQUAL kw_BEGIN ModuleBody kw_END
-		{
-			checkundefined();
-		}
-		;
-
-TagDefault	: kw_EXPLICIT kw_TAGS
-		| kw_IMPLICIT kw_TAGS
-		      { error_message("implicit tagging is not supported"); }
-		| kw_AUTOMATIC kw_TAGS
-		      { error_message("automatic tagging is not supported"); }
-		| /* empty */
-		;
-
-ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
-		      { error_message("no extensibility options supported"); }
-		| /* empty */
-		;
-
-ModuleBody	: /* Exports */ Imports AssignmentList
-		| /* empty */
-		;
-
-Imports		: kw_IMPORTS SymbolsImported ';'
-		| /* empty */
-		;
-
-SymbolsImported	: SymbolsFromModuleList
-		| /* empty */
-		;
-
-SymbolsFromModuleList: SymbolsFromModule
-		| SymbolsFromModuleList SymbolsFromModule
-		;
-
-SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
-		{ 
-		    struct string_list *sl;
-		    for(sl = $1; sl != NULL; sl = sl->next) {
-			Symbol *s = addsym(sl->string);
-			s->stype = Stype;
-		    }
-		    add_import($3);
-		}
-		;
-
-AssignmentList	: Assignment
-		| Assignment AssignmentList
-		;
-
-Assignment	: TypeAssignment
-		| ValueAssignment
-		;
-
-referencenames	: IDENTIFIER ',' referencenames
-		{
-		    $$ = emalloc(sizeof(*$$));
-		    $$->string = $1;
-		    $$->next = $3;
-		}
-		| IDENTIFIER
-		{
-		    $$ = emalloc(sizeof(*$$));
-		    $$->string = $1;
-		    $$->next = NULL;
-		}
-		;
-
-TypeAssignment	: IDENTIFIER EEQUAL Type
-		{
-		    Symbol *s = addsym ($1);
-		    s->stype = Stype;
-		    s->type = $3;
-		    fix_labels(s);
-		    generate_type (s);
-		}
-		;
-
-Type		: BuiltinType
-		| ReferencedType
-		| ConstrainedType
-		;
-
-BuiltinType	: BitStringType
-		| BooleanType
-		| CharacterStringType
-		| ChoiceType
-		| EnumeratedType
-		| IntegerType
-		| NullType
-		| ObjectIdentifierType
-		| OctetStringType
-		| SequenceType
-		| SequenceOfType
-		| SetType
-		| SetOfType
-		| TaggedType
-		;
-
-BooleanType	: kw_BOOLEAN
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Boolean, 
-				     TE_EXPLICIT, new_type(TBoolean));
-		}
-		;
-
-range		: '(' Value RANGE Value ')'
-		{
-		    if($2->type != integervalue)
-			error_message("Non-integer used in first part of range");
-		    if($2->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $4->u.integervalue;
-		}
-		| '(' Value RANGE kw_MAX ')'
-		{		
-		    if($2->type != integervalue)
-			error_message("Non-integer in first part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $2->u.integervalue - 1;
-		}
-		| '(' kw_MIN RANGE Value ')'
-		{		
-		    if($4->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $4->u.integervalue + 2;
-		    $$->max = $4->u.integervalue;
-		}
-		| '(' Value ')'
-		{
-		    if($2->type != integervalue)
-			error_message("Non-integer used in limit");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $2->u.integervalue;
-		}
-		;
-
-
-IntegerType	: kw_INTEGER
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Integer, 
-				     TE_EXPLICIT, new_type(TInteger));
-		}
-		| kw_INTEGER range
-		{
-			$$ = new_type(TInteger);
-			$$->range = $2;
-			$$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
-		}
-		| kw_INTEGER '{' NamedNumberList '}'
-		{
-		  $$ = new_type(TInteger);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
-		}
-		;
-
-NamedNumberList	: NamedNumber
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| NamedNumberList ',' NamedNumber
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		| NamedNumberList ',' ELLIPSIS
-			{ $$ = $1; } /* XXX used for Enumerations */
-		;
-
-NamedNumber	: IDENTIFIER '(' SignedNumber ')'
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->name = $1;
-			$$->gen_name = estrdup($1);
-			output_name ($$->gen_name);
-			$$->val = $3;
-			$$->optional = 0;
-			$$->ellipsis = 0;
-			$$->type = NULL;
-		}
-		;
-
-EnumeratedType	: kw_ENUMERATED '{' Enumerations '}'
-		{
-		  $$ = new_type(TInteger);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$);
-		}
-		;
-
-Enumerations	: NamedNumberList /* XXX */
-		;
-
-BitStringType	: kw_BIT kw_STRING
-		{
-		  $$ = new_type(TBitString);
-		  $$->members = emalloc(sizeof(*$$->members));
-		  ASN1_TAILQ_INIT($$->members);
-		  $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
-		}
-		| kw_BIT kw_STRING '{' NamedBitList '}'
-		{
-		  $$ = new_type(TBitString);
-		  $$->members = $4;
-		  $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
-		}
-		;
-
-ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_OID, 
-				     TE_EXPLICIT, new_type(TOID));
-		}
-		;
-OctetStringType	: kw_OCTET kw_STRING size
-		{
-		    Type *t = new_type(TOctetString);
-		    t->range = $3;
-		    $$ = new_tag(ASN1_C_UNIV, UT_OctetString, 
-				 TE_EXPLICIT, t);
-		}
-		;
-
-NullType	: kw_NULL
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Null, 
-				     TE_EXPLICIT, new_type(TNull));
-		}
-		;
-
-size		:
-		{ $$ = NULL; }
-		| kw_SIZE range
-		{ $$ = $2; }
-		;
-
-
-SequenceType	: kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TSequence);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		| kw_SEQUENCE '{' '}'
-		{
-		  $$ = new_type(TSequence);
-		  $$->members = NULL;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		;
-
-SequenceOfType	: kw_SEQUENCE size kw_OF Type
-		{
-		  $$ = new_type(TSequenceOf);
-		  $$->range = $2;
-		  $$->subtype = $4;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		;
-
-SetType		: kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TSet);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		| kw_SET '{' '}'
-		{
-		  $$ = new_type(TSet);
-		  $$->members = NULL;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		;
-
-SetOfType	: kw_SET kw_OF Type
-		{
-		  $$ = new_type(TSetOf);
-		  $$->subtype = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		;
-
-ChoiceType	: kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TChoice);
-		  $$->members = $3;
-		}
-		;
-
-ReferencedType	: DefinedType
-		| UsefulType
-		;
-
-DefinedType	: IDENTIFIER
-		{
-		  Symbol *s = addsym($1);
-		  $$ = new_type(TType);
-		  if(s->stype != Stype && s->stype != SUndefined)
-		    error_message ("%s is not a type\n", $1);
-		  else
-		    $$->symbol = s;
-		}
-		;
-
-UsefulType	: kw_GeneralizedTime
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, 
-				     TE_EXPLICIT, new_type(TGeneralizedTime));
-		}
-		| kw_UTCTime
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UTCTime, 
-				     TE_EXPLICIT, new_type(TUTCTime));
-		}
-		;
-
-ConstrainedType	: Type Constraint
-		{
-		    /* if (Constraint.type == contentConstrant) {
-		       assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
-		       if (Constraint.u.constraint.type) {
-		         assert((Constraint.u.constraint.type.length % 8) == 0);
-		       }
-		      }
-		      if (Constraint.u.constraint.encoding) {
-		        type == der-oid|ber-oid
-		      }
-		    */
-		}
-		;
-
-
-Constraint	: '(' ConstraintSpec ')'
-		{
-		    $$ = $2;
-		}
-		;
-
-ConstraintSpec	: GeneralConstraint
-		;
-
-GeneralConstraint: ContentsConstraint
-		| UserDefinedConstraint
-		;
-
-ContentsConstraint: kw_CONTAINING Type
-		{
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = $2;
-		    $$->u.content.encoding = NULL;
-		}
-		| kw_ENCODED kw_BY Value
-		{
-		    if ($3->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = NULL;
-		    $$->u.content.encoding = $3;
-		}
-		| kw_CONTAINING Type kw_ENCODED kw_BY Value
-		{
-		    if ($5->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = $2;
-		    $$->u.content.encoding = $5;
-		}
-		;
-
-UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}'
-		{
-		    $$ = new_constraint_spec(CT_USER);
-		}
-		;
-
-TaggedType	: Tag tagenv Type
-		{
-			$$ = new_type(TTag);
-			$$->tag = $1;
-			$$->tag.tagenv = $2;
-			if($3->type == TTag && $2 == TE_IMPLICIT) {
-				$$->subtype = $3->subtype;
-				free($3);
-			} else
-				$$->subtype = $3;
-		}
-		;
-
-Tag		: '[' Class NUMBER ']'
-		{
-			$$.tagclass = $2;
-			$$.tagvalue = $3;
-			$$.tagenv = TE_EXPLICIT;
-		}
-		;
-
-Class		: /* */
-		{
-			$$ = ASN1_C_CONTEXT;
-		}
-		| kw_UNIVERSAL
-		{
-			$$ = ASN1_C_UNIV;
-		}
-		| kw_APPLICATION
-		{
-			$$ = ASN1_C_APPL;
-		}
-		| kw_PRIVATE
-		{
-			$$ = ASN1_C_PRIVATE;
-		}
-		;
-
-tagenv		: /* */
-		{
-			$$ = TE_EXPLICIT;
-		}
-		| kw_EXPLICIT
-		{
-			$$ = TE_EXPLICIT;
-		}
-		| kw_IMPLICIT
-		{
-			$$ = TE_IMPLICIT;
-		}
-		;
-
-
-ValueAssignment	: IDENTIFIER Type EEQUAL Value
-		{
-			Symbol *s;
-			s = addsym ($1);
-
-			s->stype = SValue;
-			s->value = $4;
-			generate_constant (s);
-		}
-		;
-
-CharacterStringType: RestrictedCharactedStringType
-		;
-
-RestrictedCharactedStringType: kw_GeneralString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_GeneralString, 
-				     TE_EXPLICIT, new_type(TGeneralString));
-		}
-		| kw_UTF8String
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UTF8String, 
-				     TE_EXPLICIT, new_type(TUTF8String));
-		}
-		| kw_PrintableString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_PrintableString, 
-				     TE_EXPLICIT, new_type(TPrintableString));
-		}
-		| kw_VisibleString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_VisibleString, 
-				     TE_EXPLICIT, new_type(TVisibleString));
-		}
-		| kw_IA5String
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_IA5String, 
-				     TE_EXPLICIT, new_type(TIA5String));
-		}
-		| kw_BMPString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_BMPString, 
-				     TE_EXPLICIT, new_type(TBMPString));
-		}
-		| kw_UniversalString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UniversalString, 
-				     TE_EXPLICIT, new_type(TUniversalString));
-		}
-
-		;
-
-ComponentTypeList: ComponentType
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| ComponentTypeList ',' ComponentType
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		| ComponentTypeList ',' ELLIPSIS
-		{
-		        struct member *m = ecalloc(1, sizeof(*m));
-			m->name = estrdup("...");
-			m->gen_name = estrdup("asn1_ellipsis");
-			m->ellipsis = 1;
-			ASN1_TAILQ_INSERT_TAIL($1, m, members);
-			$$ = $1;
-		}
-		;
-
-NamedType	: IDENTIFIER Type
-		{
-		  $$ = emalloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = estrdup($1);
-		  output_name ($$->gen_name);
-		  $$->type = $2;
-		  $$->ellipsis = 0;
-		}
-		;
-
-ComponentType	: NamedType
-		{
-			$$ = $1;
-			$$->optional = 0;
-			$$->defval = NULL;
-		}
-		| NamedType kw_OPTIONAL
-		{
-			$$ = $1;
-			$$->optional = 1;
-			$$->defval = NULL;
-		}
-		| NamedType kw_DEFAULT Value
-		{
-			$$ = $1;
-			$$->optional = 0;
-			$$->defval = $3;
-		}
-		;
-
-NamedBitList	: NamedBit
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| NamedBitList ',' NamedBit
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		;
-
-NamedBit	: IDENTIFIER '(' NUMBER ')'
-		{
-		  $$ = emalloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = estrdup($1);
-		  output_name ($$->gen_name);
-		  $$->val = $3;
-		  $$->optional = 0;
-		  $$->ellipsis = 0;
-		  $$->type = NULL;
-		}
-		;
-
-objid_opt	: objid
-		| /* empty */ { $$ = NULL; }
-		;
-
-objid		: '{' objid_list '}'
-		{
-			$$ = $2;
-		}
-		;
-
-objid_list	:  /* empty */
-		{
-			$$ = NULL;
-		}
-		| objid_element objid_list
-		{
-		        if ($2) {
-				$$ = $2;
-				add_oid_to_tail($2, $1);
-			} else {
-				$$ = $1;
-			}
-		}
-		;
-
-objid_element	: IDENTIFIER '(' NUMBER ')'
-		{
-			$$ = new_objid($1, $3);
-		}
-		| IDENTIFIER
-		{
-		    Symbol *s = addsym($1);
-		    if(s->stype != SValue ||
-		       s->value->type != objectidentifiervalue) {
-			error_message("%s is not an object identifier\n", 
-				      s->name);
-			exit(1);
-		    }
-		    $$ = s->value->u.objectidentifiervalue;
-		}
-		| NUMBER
-		{
-		    $$ = new_objid(NULL, $1);
-		}
-		;
-
-Value		: BuiltinValue
-		| ReferencedValue
-		;
-
-BuiltinValue	: BooleanValue
-		| CharacterStringValue
-		| IntegerValue
-		| ObjectIdentifierValue
-		| NullValue
-		;
-
-ReferencedValue	: DefinedValue
-		;
-
-DefinedValue	: Valuereference
-		;
-
-Valuereference	: IDENTIFIER
-		{
-			Symbol *s = addsym($1);
-			if(s->stype != SValue)
-				error_message ("%s is not a value\n",
-						s->name);
-			else
-				$$ = s->value;
-		}
-		;
-
-CharacterStringValue: STRING
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = stringvalue;
-			$$->u.stringvalue = $1;
-		}
-		;
-
-BooleanValue	: kw_TRUE
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = booleanvalue;
-			$$->u.booleanvalue = 0;
-		}
-		| kw_FALSE
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = booleanvalue;
-			$$->u.booleanvalue = 0;
-		}
-		;
-
-IntegerValue	: SignedNumber
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = integervalue;
-			$$->u.integervalue = $1;
-		}
-		;
-
-SignedNumber	: NUMBER
-		;
-
-NullValue	: kw_NULL
-		{
-		}
-		;
-
-ObjectIdentifierValue: objid
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = objectidentifiervalue;
-			$$->u.objectidentifiervalue = $1;
-		}
-		;
-
-%%
-
-void
-yyerror (const char *s)
-{
-     error_message ("%s\n", s);
-}
-
-static Type *
-new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
-{
-    Type *t;
-    if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
-	t = oldtype;
-	oldtype = oldtype->subtype; /* XXX */
-    } else
-	t = new_type (TTag);
-    
-    t->tag.tagclass = tagclass;
-    t->tag.tagvalue = tagvalue;
-    t->tag.tagenv = tagenv;
-    t->subtype = oldtype;
-    return t;
-}
-
-static struct objid *
-new_objid(const char *label, int value)
-{
-    struct objid *s;
-    s = emalloc(sizeof(*s));
-    s->label = label;
-    s->value = value;
-    s->next = NULL;
-    return s;
-}
-
-static void
-add_oid_to_tail(struct objid *head, struct objid *tail)
-{
-    struct objid *o;
-    o = head;
-    while (o->next)
-	o = o->next;
-    o->next = tail;
-}
-
-static Type *
-new_type (Typetype tt)
-{
-    Type *t = ecalloc(1, sizeof(*t));
-    t->type = tt;
-    return t;
-}
-
-static struct constraint_spec *
-new_constraint_spec(enum ctype ct)
-{
-    struct constraint_spec *c = ecalloc(1, sizeof(*c));
-    c->ctype = ct;
-    return c;
-}
-
-static void fix_labels2(Type *t, const char *prefix);
-static void fix_labels1(struct memhead *members, const char *prefix)
-{
-    Member *m;
-
-    if(members == NULL)
-	return;
-    ASN1_TAILQ_FOREACH(m, members, members) {
-	asprintf(&m->label, "%s_%s", prefix, m->gen_name);
-	if (m->label == NULL)
-	    errx(1, "malloc");
-	if(m->type != NULL)
-	    fix_labels2(m->type, m->label);
-    }
-}
-
-static void fix_labels2(Type *t, const char *prefix)
-{
-    for(; t; t = t->subtype)
-	fix_labels1(t->members, prefix);
-}
-
-static void
-fix_labels(Symbol *s)
-{
-    char *p;
-    asprintf(&p, "choice_%s", s->gen_name);
-    if (p == NULL)
-	errx(1, "malloc");
-    fix_labels2(s->type, p);
-    free(p);
-}
diff --git a/crypto/heimdal/lib/asn1/pkcs12.asn1 b/crypto/heimdal/lib/asn1/pkcs12.asn1
deleted file mode 100644
index 37fe03e..0000000
--- a/crypto/heimdal/lib/asn1/pkcs12.asn1
+++ /dev/null
@@ -1,81 +0,0 @@
--- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ --
-
-PKCS12 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS ContentInfo FROM cms
-	DigestInfo FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
--- The PFX PDU
-
-id-pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) pkcs-12(12) }
-
-id-pkcs-12PbeIds                   OBJECT IDENTIFIER ::= { id-pkcs-12 1}
-id-pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 1}
-id-pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 2}
-id-pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 3}
-id-pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 4}
-id-pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 5}
-id-pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 6}
-
-id-pkcs12-bagtypes		OBJECT IDENTIFIER ::= { id-pkcs-12 10 1}
-
-id-pkcs12-keyBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 1 }
-id-pkcs12-pkcs8ShroudedKeyBag	OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 2 }
-id-pkcs12-certBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 3 }
-id-pkcs12-crlBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 4 }
-id-pkcs12-secretBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 5 }
-id-pkcs12-safeContentsBag	OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 6 }
-
-
-PKCS12-MacData ::= SEQUENCE {
-    	mac 		DigestInfo,
-	macSalt	        OCTET STRING,
-	iterations	INTEGER OPTIONAL
-}
-
-PKCS12-PFX ::= SEQUENCE {
-    	version		INTEGER,
-    	authSafe	ContentInfo,
-    	macData    	PKCS12-MacData OPTIONAL
-}
-
-PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-	-- Data if unencrypted
-	-- EncryptedData if password-encrypted
-	-- EnvelopedData if public key-encrypted
-
-PKCS12-Attribute ::= SEQUENCE {
-	attrId	   	OBJECT IDENTIFIER,
-	attrValues 	-- SET OF -- heim_any_set 
-}
-
-PKCS12-Attributes ::= SET OF PKCS12-Attribute
-
-PKCS12-SafeBag ::= SEQUENCE {
-  	bagId	      	OBJECT IDENTIFIER,
-  	bagValue      	[0] heim_any,
-  	bagAttributes 	PKCS12-Attributes OPTIONAL
-}
-
-PKCS12-SafeContents ::= SEQUENCE OF PKCS12-SafeBag
-
-PKCS12-CertBag ::= SEQUENCE {
-	certType	OBJECT IDENTIFIER,
-  	certValue      	[0] heim_any
-}
-
-PKCS12-PBEParams ::= SEQUENCE {
-	salt		OCTET STRING,
-	iterations	INTEGER (0..4294967295) OPTIONAL
-}
-
-PKCS12-OctetString ::= OCTET STRING
-
--- KeyBag ::= PrivateKeyInfo
--- PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
-
-END
diff --git a/crypto/heimdal/lib/asn1/pkcs8.asn1 b/crypto/heimdal/lib/asn1/pkcs8.asn1
deleted file mode 100644
index 911e727..0000000
--- a/crypto/heimdal/lib/asn1/pkcs8.asn1
+++ /dev/null
@@ -1,30 +0,0 @@
--- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ --
-
-PKCS8 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS	Attribute, AlgorithmIdentifier FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
-PKCS8PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
-
-PKCS8PrivateKey ::= OCTET STRING
-
-PKCS8Attributes ::= SET OF Attribute
-
-PKCS8PrivateKeyInfo ::= SEQUENCE {
-  version INTEGER,
-  privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier,
-  privateKey PKCS8PrivateKey,
-  attributes [0] IMPLICIT SET OF Attribute OPTIONAL
-}
-
-PKCS8EncryptedData ::= OCTET STRING
-
-PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE {
-    encryptionAlgorithm AlgorithmIdentifier,
-    encryptedData PKCS8EncryptedData 
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/pkcs9.asn1 b/crypto/heimdal/lib/asn1/pkcs9.asn1
deleted file mode 100644
index d985e91..0000000
--- a/crypto/heimdal/lib/asn1/pkcs9.asn1
+++ /dev/null
@@ -1,28 +0,0 @@
--- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ --
-
-PKCS9 DEFINITIONS ::=
-
-BEGIN
-
--- The PFX PDU
-
-id-pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) pkcs-9(9) }
-
-id-pkcs9-emailAddress		OBJECT IDENTIFIER ::= {id-pkcs-9 1 }
-id-pkcs9-contentType		OBJECT IDENTIFIER ::= {id-pkcs-9 3 }
-id-pkcs9-messageDigest		OBJECT IDENTIFIER ::= {id-pkcs-9 4 }
-id-pkcs9-signingTime		OBJECT IDENTIFIER ::= {id-pkcs-9 5 }
-id-pkcs9-countersignature	OBJECT IDENTIFIER ::= {id-pkcs-9 6 }
-
-id-pkcs-9-at-friendlyName	OBJECT IDENTIFIER ::= {id-pkcs-9 20}
-id-pkcs-9-at-localKeyId		OBJECT IDENTIFIER ::= {id-pkcs-9 21}
-id-pkcs-9-at-certTypes		OBJECT IDENTIFIER ::= {id-pkcs-9 22}
-id-pkcs-9-at-certTypes-x509	OBJECT IDENTIFIER ::= {id-pkcs-9-at-certTypes 1}
-
-PKCS9-BMPString ::= BMPString
-
-PKCS9-friendlyName ::= SET OF PKCS9-BMPString
-
-END
-
diff --git a/crypto/heimdal/lib/asn1/pkinit.asn1 b/crypto/heimdal/lib/asn1/pkinit.asn1
deleted file mode 100644
index 989b265..0000000
--- a/crypto/heimdal/lib/asn1/pkinit.asn1
+++ /dev/null
@@ -1,182 +0,0 @@
--- $Id$ --
-
-PKINIT DEFINITIONS ::= BEGIN
-
-IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
-	IssuerAndSerialNumber, ContentInfo FROM cms
-	SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
-	heim_any FROM heim;
-
-id-pkinit OBJECT IDENTIFIER ::=
-  { iso (1) org (3) dod (6) internet (1) security (5)
-    kerberosv5 (2) pkinit (3) }
-
-id-pkauthdata  OBJECT IDENTIFIER  ::= { id-pkinit 1 }
-id-pkdhkeydata OBJECT IDENTIFIER  ::= { id-pkinit 2 }
-id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
-id-pkekuoid    OBJECT IDENTIFIER  ::= { id-pkinit 4 }
-id-pkkdcekuoid OBJECT IDENTIFIER  ::= { id-pkinit 5 }
-
-id-pkinit-san	OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
-    x509-sanan(2) }
-
-id-pkinit-ms-eku OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) private(4) 
-    enterprise(1) microsoft(311) 20 2 2 }
-
-id-pkinit-ms-san OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) private(4) 
-    enterprise(1) microsoft(311) 20 2 3 }
-
-MS-UPN-SAN ::= UTF8String
-
-pa-pk-as-req INTEGER ::=                  16
-pa-pk-as-rep INTEGER ::=                  17
-
-td-trusted-certifiers INTEGER ::=        104
-td-invalid-certificates INTEGER ::=      105
-td-dh-parameters INTEGER ::=             109
-
-DHNonce ::= OCTET STRING
-
-KDFAlgorithmId ::= SEQUENCE {
-       kdf-id            [0] OBJECT IDENTIFIER,
-       ...
-}
-
-TrustedCA ::= SEQUENCE {
-	caName                  [0] IMPLICIT OCTET STRING,
-	certificateSerialNumber [1] INTEGER OPTIONAL,
-	subjectKeyIdentifier    [2] OCTET STRING OPTIONAL,
-	...
-}
-
-ExternalPrincipalIdentifier ::= SEQUENCE {
-	subjectName		[0] IMPLICIT OCTET STRING OPTIONAL,
-	issuerAndSerialNumber	[1] IMPLICIT OCTET STRING OPTIONAL,
-	subjectKeyIdentifier	[2] IMPLICIT OCTET STRING OPTIONAL,
-	...
-}
-
-ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier
-
-PA-PK-AS-REQ ::= SEQUENCE {
-        signedAuthPack          [0] IMPLICIT OCTET STRING,
-        trustedCertifiers       [1] ExternalPrincipalIdentifiers OPTIONAL,
-	kdcPkId                 [2] IMPLICIT OCTET STRING OPTIONAL,
-	...
-}
-
-PKAuthenticator ::= SEQUENCE {
-	cusec                   [0] INTEGER -- (0..999999) --,
-	ctime                   [1] KerberosTime,
-	nonce                   [2] INTEGER (0..4294967295),
-	paChecksum              [3] OCTET STRING OPTIONAL,
-	...
-}
-
-AuthPack ::= SEQUENCE {
-	pkAuthenticator         [0] PKAuthenticator,
-	clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
-	supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
-	clientDHNonce           [3] DHNonce OPTIONAL,
-	...,
-	supportedKDFs		[4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
-	...
-}
-
-TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers
-TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers
-
-KRB5PrincipalName ::= SEQUENCE {
-	realm                   [0] Realm,
-	principalName           [1] PrincipalName
-}
-
-AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
-
-DHRepInfo ::= SEQUENCE {
-	dhSignedData            [0] IMPLICIT OCTET STRING,
-	serverDHNonce           [1] DHNonce OPTIONAL,
-	...,
-	kdf			[2] KDFAlgorithmId OPTIONAL,
-	...
-}
-
-PA-PK-AS-REP ::= CHOICE {
-	dhInfo                  [0] DHRepInfo,
-	encKeyPack              [1] IMPLICIT OCTET STRING,
-	...
-}
-
-KDCDHKeyInfo ::= SEQUENCE {
-	subjectPublicKey        [0] BIT STRING,
-	nonce                   [1] INTEGER (0..4294967295),
-	dhKeyExpiration         [2] KerberosTime OPTIONAL,
-	...
-}
-
-ReplyKeyPack ::= SEQUENCE {
-	replyKey                [0] EncryptionKey,
-	asChecksum		[1] Checksum,
-	...
-}
-
-TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
-
-
--- Windows compat glue --
-
-PKAuthenticator-Win2k ::= SEQUENCE {
-	kdcName			[0] PrincipalName,
-	kdcRealm		[1] Realm,
-	cusec			[2] INTEGER (0..4294967295),
-	ctime			[3] KerberosTime,
-	nonce                   [4] INTEGER (-2147483648..2147483647)
-}
-
-AuthPack-Win2k ::= SEQUENCE {
-	pkAuthenticator         [0] PKAuthenticator-Win2k,
-	clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL
-}
-
-
-TrustedCA-Win2k ::= CHOICE {
-	caName                  [1] heim_any,
-	issuerAndSerial         [2] IssuerAndSerialNumber
-}
-
-PA-PK-AS-REQ-Win2k ::= SEQUENCE { 
-	signed-auth-pack	[0] IMPLICIT OCTET STRING, 
-	trusted-certifiers	[2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, 
-	kdc-cert		[3] IMPLICIT OCTET STRING OPTIONAL, 
-	encryption-cert		[4] IMPLICIT OCTET STRING OPTIONAL
-}
-
-PA-PK-AS-REP-Win2k ::= CHOICE {
-	dhSignedData		[0] IMPLICIT OCTET STRING, 
-	encKeyPack		[1] IMPLICIT OCTET STRING
-}
-
-
-KDCDHKeyInfo-Win2k ::= SEQUENCE {
-	nonce			[0] INTEGER (-2147483648..2147483647),
-	subjectPublicKey	[2] BIT STRING
-}
-
-ReplyKeyPack-Win2k ::= SEQUENCE {
-        replyKey                [0] EncryptionKey,
-        nonce                   [1] INTEGER (-2147483648..2147483647),
-	...
-}
-
-PkinitSuppPubInfo ::= SEQUENCE {
-       enctype           [0] INTEGER (-2147483648..2147483647),
-       as-REQ            [1] OCTET STRING,
-       pk-as-rep         [2] OCTET STRING,
-       ticket            [3] Ticket,
-       ...
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/rfc2459.asn1 b/crypto/heimdal/lib/asn1/rfc2459.asn1
deleted file mode 100644
index 8e24f07..0000000
--- a/crypto/heimdal/lib/asn1/rfc2459.asn1
+++ /dev/null
@@ -1,506 +0,0 @@
--- $Id$ --
--- Definitions from rfc2459/rfc3280
-
-RFC2459 DEFINITIONS ::= BEGIN
-
-IMPORTS heim_any FROM heim;
-
-Version ::=  INTEGER {
-	rfc3280_version_1(0), 
-	rfc3280_version_2(1),
-	rfc3280_version_3(2)
-}
-
-id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 1 }
-id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
-id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
-id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
-id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
-id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
-id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
-id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
-
-id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
-
-id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 2 }
-id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
-id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
-id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
-
-id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 
-{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
-
-id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
-id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
-id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
-
-id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 3 }
-
-id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
-id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
-id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
-
-id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) 3 }
-
-id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
-id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
-
-id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
-	oiw(14) secsig(3) algorithm(2) 26 }
-
-id-nistAlgorithm OBJECT IDENTIFIER ::= {
-   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
-   
-id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
-
-id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
-id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
-id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
-
-id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
-
-id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
-id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
-id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
-id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
-
-id-dhpublicnumber OBJECT IDENTIFIER ::= {
-        iso(1) member-body(2) us(840) ansi-x942(10046)
-        number-type(2) 1 }
-
-id-x9-57 OBJECT IDENTIFIER ::= {
-        iso(1) member-body(2) us(840) ansi-x942(10046)
-	4 }
-
-id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
-id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
-
--- x.520 names types
-
-id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
-
-id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
-id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
-id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
-id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
-id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
-id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
-id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
-id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
-id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
-id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
-id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
-id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
-id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
-id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
--- RFC 2247
-id-Userid		      	OBJECT IDENTIFIER ::=
-                          { 0 9 2342 19200300 100 1 1 }
-id-domainComponent      	OBJECT IDENTIFIER ::=
-                          { 0 9 2342 19200300 100 1 25 }
-
-
--- rfc3280
-
-id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-
-AlgorithmIdentifier ::= SEQUENCE {
-	algorithm	OBJECT IDENTIFIER,
-	parameters	heim_any OPTIONAL
-}
-
-AttributeType ::=   OBJECT IDENTIFIER
-
-AttributeValue ::=   heim_any
-
-TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
-
-DirectoryString ::= CHOICE {
-	ia5String	IA5String,
-	teletexString	TeletexStringx,
-	printableString	PrintableString,
-	universalString UniversalString,
-	utf8String	UTF8String,
-	bmpString	BMPString
-}
-
-Attribute ::= SEQUENCE {
-        type    AttributeType,
-        value   SET OF -- AttributeValue -- heim_any
-}
-
-AttributeTypeAndValue ::= SEQUENCE {
-        type    AttributeType,
-        value   DirectoryString
-}
-
-RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE {
-	rdnSequence  RDNSequence
-}
-
-CertificateSerialNumber ::= INTEGER
-
-Time ::= CHOICE {
-     utcTime        UTCTime,
-     generalTime    GeneralizedTime
-}
-
-Validity ::= SEQUENCE {
-     notBefore      Time,
-     notAfter       Time
-}
-
-UniqueIdentifier  ::=  BIT STRING
-
-SubjectPublicKeyInfo  ::=  SEQUENCE  {
-     algorithm            AlgorithmIdentifier,
-     subjectPublicKey     BIT STRING
-}
-
-Extension  ::=  SEQUENCE  {
-     extnID      OBJECT IDENTIFIER,
-     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
-     extnValue   OCTET STRING
-}
-
-Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-
-TBSCertificate  ::=  SEQUENCE  {
-     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
-     serialNumber         CertificateSerialNumber,
-     signature            AlgorithmIdentifier,
-     issuer               Name,
-     validity             Validity,
-     subject              Name,
-     subjectPublicKeyInfo SubjectPublicKeyInfo,
-     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
-                          -- If present, version shall be v2 or v3
-     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
-                          -- If present, version shall be v2 or v3
-     extensions      [3]  EXPLICIT Extensions OPTIONAL
-                          -- If present, version shall be v3
-}
-
-Certificate  ::=  SEQUENCE  {
-     tbsCertificate       TBSCertificate,
-     signatureAlgorithm   AlgorithmIdentifier,
-     signatureValue       BIT STRING
-}
-
-Certificates ::= SEQUENCE OF Certificate
-
-ValidationParms ::= SEQUENCE {
-	seed		BIT STRING,
-	pgenCounter	INTEGER
-}
-
-DomainParameters ::= SEQUENCE {
-	p		INTEGER, -- odd prime, p=jq +1
-	g		INTEGER, -- generator, g
-	q		INTEGER, -- factor of p-1
-	j		INTEGER OPTIONAL, -- subgroup factor
-	validationParms	ValidationParms OPTIONAL -- ValidationParms
-}
-
-DHPublicKey ::= INTEGER
-
-OtherName ::= SEQUENCE {
-	type-id    OBJECT IDENTIFIER,
-	value      [0] EXPLICIT heim_any
-}
-
-GeneralName ::= CHOICE {
-	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
-		type-id    OBJECT IDENTIFIER,
-		value      [0] EXPLICIT heim_any
-	},
-	rfc822Name			[1]     IMPLICIT IA5String,
-	dNSName				[2]     IMPLICIT IA5String,
---	x400Address			[3]     IMPLICIT ORAddress,--
-	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
-		rdnSequence  RDNSequence
-	},
---	ediPartyName			[5]     IMPLICIT EDIPartyName, --
-	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
-	iPAddress			[7]     IMPLICIT OCTET STRING,
-	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
-}
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
-
-KeyUsage ::= BIT STRING {
-	digitalSignature	(0),
-	nonRepudiation		(1),
-	keyEncipherment		(2),
-	dataEncipherment	(3),
-	keyAgreement		(4),
-	keyCertSign		(5),
-	cRLSign			(6),
-	encipherOnly		(7),
-	decipherOnly		(8)
-}
-
-id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
-
-KeyIdentifier ::= OCTET STRING
-
-AuthorityKeyIdentifier ::= SEQUENCE {
-	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
-	authorityCertIssuer       [1] IMPLICIT -- GeneralName -- 
-		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 
-	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
-}
-
-id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
-id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
-
-BasicConstraints ::= SEQUENCE {
-	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
-	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL 
-}
-
-id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
-
-BaseDistance ::= INTEGER -- (0..MAX) --
-
-GeneralSubtree ::= SEQUENCE {
-	base			GeneralName,
-	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
-	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
-}
-
-GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
-
-NameConstraints ::= SEQUENCE {
-	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
-	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
-}
-
-id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
-id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
-id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
-id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
-id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
-id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
-id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
-
-id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
-
-ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
-
-id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
-id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
-id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
-id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
-id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
-id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
-id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
-
-DistributionPointReasonFlags ::= BIT STRING {
-	unused                  (0),
-	keyCompromise           (1),
-	cACompromise            (2),
-	affiliationChanged      (3),
-	superseded              (4),
-	cessationOfOperation    (5),
-	certificateHold         (6),
-	privilegeWithdrawn      (7),
-	aACompromise            (8)
-}
-
-DistributionPointName ::= CHOICE {
-	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
-	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
-}
-
-DistributionPoint ::= SEQUENCE {
-	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
-	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
-	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
-}
-
-CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-
--- rfc3279
-
-DSASigValue  ::=  SEQUENCE {
-	r	INTEGER,
-	s	INTEGER
-}
-
-DSAPublicKey ::= INTEGER
-
-DSAParams  ::=  SEQUENCE {
-	p	INTEGER,
-	q	INTEGER,
-	g	INTEGER
-}
-
--- really pkcs1
-
-RSAPublicKey ::= SEQUENCE {
-	modulus INTEGER, -- n
-	publicExponent INTEGER -- e
-}
-
-RSAPrivateKey ::= SEQUENCE {
-	version INTEGER (0..4294967295),
-	modulus INTEGER, -- n
-	publicExponent INTEGER, -- e
-	privateExponent INTEGER, -- d
-	prime1 INTEGER, -- p
-	prime2 INTEGER, -- q
-	exponent1 INTEGER, -- d mod (p-1)
-	exponent2 INTEGER, -- d mod (q-1)
-	coefficient INTEGER -- (inverse of q) mod p
-}
-
-DigestInfo ::= SEQUENCE {
-	digestAlgorithm AlgorithmIdentifier,
-	digest OCTET STRING
-}
-
--- some ms ext
-
--- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
-
--- UNICODESTRING (0x1E tag)
-
--- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
-
--- TemplateVersion ::= INTEGER (0..4294967295) 
-
--- CertificateTemplate ::= SEQUENCE {
---	templateID OBJECT IDENTIFIER,
---	templateMajorVersion TemplateVersion,
---	templateMinorVersion TemplateVersion OPTIONAL
--- }
-
-
---
--- CRL
--- 
-
-TBSCRLCertList ::=  SEQUENCE  {
-	version			Version OPTIONAL, -- if present, MUST be v2
-	signature		AlgorithmIdentifier,
-	issuer			Name,
-	thisUpdate		Time,
-	nextUpdate		Time OPTIONAL,
-	revokedCertificates     SEQUENCE OF SEQUENCE  {
-		userCertificate         CertificateSerialNumber,
-		revocationDate          Time,
-		crlEntryExtensions      Extensions OPTIONAL
-						-- if present, MUST be v2
-	} OPTIONAL,
-	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
-						-- if present, MUST be v2
-}
-
-
-CRLCertificateList ::=  SEQUENCE  {
-	tbsCertList          TBSCRLCertList,
-	signatureAlgorithm   AlgorithmIdentifier,
-	signatureValue       BIT STRING
-}
-
-id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
-id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
-id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
-
-CRLReason ::= ENUMERATED {
-	unspecified             (0),
-	keyCompromise           (1),
-	cACompromise            (2),
-	affiliationChanged      (3),
-	superseded              (4),
-	cessationOfOperation    (5),
-	certificateHold         (6),
-	removeFromCRL           (8),
-	privilegeWithdrawn      (9),
-	aACompromise           (10)
-}
-
-PKIXXmppAddr ::= UTF8String
-
-id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
-            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
-
-id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
-id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
-id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
-
-id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
-id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
-id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
-id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
-id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
-id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
-
-id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-
-id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
-
-AccessDescription  ::=  SEQUENCE {
-	accessMethod          OBJECT IDENTIFIER,
-	accessLocation        GeneralName
-}
-
-AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
-
--- RFC 3820 Proxy Certificate Profile
-
-id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
-
-id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
-
-id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
-id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
-id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
-
-ProxyPolicy ::= SEQUENCE {
-	policyLanguage		OBJECT IDENTIFIER,
-	policy			OCTET STRING OPTIONAL
-}
-
-ProxyCertInfo ::= SEQUENCE {
-	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
-	proxyPolicy		ProxyPolicy
-}
-
---- U.S. Federal PKI Common Policy Framework
--- Card Authentication key
-id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
-id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
-
---- Netscape extentions
-
-id-netscape OBJECT IDENTIFIER ::= 
-    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
-id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
-
---- MS extentions
-
-id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 
-    { 1 3 6 1 4 1 311 20 2 }
-
-id-ms-client-authentication OBJECT IDENTIFIER ::= 
- { 1 3 6 1 5 5 7 3 2 }
-
--- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
-
-END
diff --git a/crypto/heimdal/lib/asn1/setchgpw2.asn1 b/crypto/heimdal/lib/asn1/setchgpw2.asn1
deleted file mode 100644
index 7db3854..0000000
--- a/crypto/heimdal/lib/asn1/setchgpw2.asn1
+++ /dev/null
@@ -1,193 +0,0 @@
--- $Id: setchgpw2.asn1 18010 2006-09-05 12:31:59Z lha $
-
-SETCHGPW2 DEFINITIONS ::=
-BEGIN
-
-IMPORTS PrincipalName, Realm, ENCTYPE FROM krb5;
-
-ProtocolErrorCode ::= ENUMERATED {
-	generic-error(0),
-	unsupported-major-version(1),
-	unsupported-minor-version(2),
-	unsupported-operation(3),
-	authorization-failed(4),
-	initial-ticket-required(5),
-	target-principal-unknown(6),
-	...
-}
-
-Key	::= SEQUENCE {
-	enc-type[0]	INTEGER,
-	key[1]		OCTET STRING,
-	...
-}
-
-Language-Tag	::= UTF8String    -- Constrained by RFC3066
-
-LangTaggedText	::= SEQUENCE {
-	language[0]	Language-Tag OPTIONAL,
-	text[1]		UTF8String,
-	...
-}
-
--- NULL Op
-
-Req-null ::= NULL
-Rep-null ::= NULL
-Err-null ::= NULL
-
--- Change password
-Req-change-pw ::= SEQUENCE {
-	old-pw[0]	UTF8String,
-	new-pw[1]	UTF8String OPTIONAL,
-	etypes[2]	SEQUENCE OF ENCTYPE OPTIONAL,
-	...
-}
-
-Rep-change-pw ::= SEQUENCE {
-	info-text[0]	UTF8String OPTIONAL,
-	new-pw[1]	UTF8String OPTIONAL,
-	etypes[2]	SEQUENCE OF ENCTYPE OPTIONAL
-}
-
-Err-change-pw ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	code[1]			ENUMERATED {
-		generic(0),
-		wont-generate-new-pw(1),
-		old-pw-incorrect(2),
-		new-pw-rejected-geneneric(3),
-		pw-change-too-short(4),
-		...
-	},
-	suggested-new-pw[2]	UTF8String OPTIONAL,
-	...
-}
-
--- Change/Set keys
-Req-set-keys ::= SEQUENCE {
-	etypes[0]	SEQUENCE OF ENCTYPE,
-	entropy[1]	OCTET STRING,
-	...
-}
-
-Rep-set-keys ::= SEQUENCE {
-	info-text[0]		UTF8String OPTIONAL,
-	kvno[1]			INTEGER,
-	keys[2]			SEQUENCE OF Key,
-	aliases[3]	SEQUENCE OF SEQUENCE {
-		name[0] PrincipalName,
-		realm[1] Realm OPTIONAL,
-		...
-	},
-	...
-}
-
-Err-set-keys ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	enctypes[1]		SEQUENCE OF ENCTYPE OPTIONAL,
-	code[1]		ENUMERATED {
-		etype-no-support(0),
-		...
-	},
-	...
-}
-
--- Get password policy
-Req-get-pw-policy ::= NULL
-
-Rep-get-pw-policy ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	policy-name[1]		UTF8String OPTIONAL,
-	description[2]		UTF8String OPTIONAL,
-	...
-}
-
-Err-get-pw-policy ::= NULL
-
--- Get principal aliases
-Req-get-princ-aliases ::= NULL
-
-Rep-get-princ-aliases ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	aliases[1]	SEQUENCE OF SEQUENCE {
-		name[0]		PrincipalName,
-		realm[1]	Realm OPTIONAL,
-		...
-	} OPTIONAL,
-	...
-}
-
-Err-get-princ-aliases ::= NULL
-
--- Get list of encryption types supported by KDC for new types
-Req-get-supported-etypes ::= NULL
-
-Rep-get-supported-etypes ::= SEQUENCE OF ENCTYPE
-
-Err-get-supported-etypes ::= NULL
-
--- Choice switch
-
-Op-req ::= CHOICE {
-	null[0]			Req-null,
-	change-pw[1]		Req-change-pw,
-	set-keys[2]		Req-set-keys,
-	get-pw-policy[3]	Req-get-pw-policy,
-	get-princ-aliases[4]	Req-get-princ-aliases,
-	get-supported-etypes[5]	Req-get-supported-etypes,
-	...
-}
- 
-Op-rep ::= CHOICE {
-	null[0]			Rep-null,
-	change-pw[1]		Rep-change-pw,
-	set-keys[2]		Rep-set-keys,
-	get-pw-policy[3]	Rep-get-pw-policy,
-	get-princ-aliases[4]	Rep-get-princ-aliases,
-	get-supported-etypes[5]	Rep-get-supported-etypes,
-	...
-}
-
-Op-error ::= CHOICE {
-	null[0]			Err-null,
-	change-pw[1]		Err-change-pw,
-	set-keys[2]		Err-set-keys,
-	get-pw-policy[3]	Err-get-pw-policy,
-	get-princ-aliases[4]	Err-get-princ-aliases,
-	get-supported-etypes[5]	Err-get-supported-etypes,
-	...
-}
-
-
-Request ::= [ APPLICATION 0 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	languages[2]	SEQUENCE OF Language-Tag OPTIONAL,
-	targ-name[3]	PrincipalName OPTIONAL,
-	targ-realm[4]	Realm OPTIONAL,
-	operation[5]	Op-Req,
-	...
-}
-
-Response ::= [ APPLICATION 1 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	language[2]	Language-Tag DEFAULT "i-default",
-	result[3]	Op-rep OPTIONAL,
-	...
-}
-
-Error-Response ::= [ APPLICATION 2 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	language[2]	Language-Tag DEFAULT "i-default",
-	error-code[3]	ProtocolErrorCode,
-	help-text[4]	UTF8String OPTIONAL,
-	op-error[5]	Op-error OP-ERROR,
-	...
-}
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' setchgpw2.asn1
diff --git a/crypto/heimdal/lib/asn1/symbol.c b/crypto/heimdal/lib/asn1/symbol.c
deleted file mode 100644
index 9407915..0000000
--- a/crypto/heimdal/lib/asn1/symbol.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gen_locl.h"
-#include "lex.h"
-
-RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $");
-
-static Hashtab *htab;
-
-static int
-cmp(void *a, void *b)
-{
-    Symbol *s1 = (Symbol *) a;
-    Symbol *s2 = (Symbol *) b;
-
-    return strcmp(s1->name, s2->name);
-}
-
-static unsigned
-hash(void *a)
-{
-    Symbol *s = (Symbol *) a;
-
-    return hashjpw(s->name);
-}
-
-void
-initsym(void)
-{
-    htab = hashtabnew(101, cmp, hash);
-}
-
-
-void
-output_name(char *s)
-{
-    char *p;
-
-    for (p = s; *p; ++p)
-	if (*p == '-')
-	    *p = '_';
-}
-
-Symbol *
-addsym(char *name)
-{
-    Symbol key, *s;
-
-    key.name = name;
-    s = (Symbol *) hashtabsearch(htab, (void *) &key);
-    if (s == NULL) {
-	s = (Symbol *) emalloc(sizeof(*s));
-	s->name = name;
-	s->gen_name = estrdup(name);
-	output_name(s->gen_name);
-	s->stype = SUndefined;
-	hashtabadd(htab, s);
-    }
-    return s;
-}
-
-static int
-checkfunc(void *ptr, void *arg)
-{
-    Symbol *s = ptr;
-    if (s->stype == SUndefined) {
-	error_message("%s is still undefined\n", s->name);
-	*(int *) arg = 1;
-    }
-    return 0;
-}
-
-int
-checkundefined(void)
-{
-    int f = 0;
-    hashtabforeach(htab, checkfunc, &f);
-    return f;
-}
diff --git a/crypto/heimdal/lib/asn1/symbol.h b/crypto/heimdal/lib/asn1/symbol.h
deleted file mode 100644
index d07caf5..0000000
--- a/crypto/heimdal/lib/asn1/symbol.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */
-
-#ifndef _SYMBOL_H
-#define _SYMBOL_H
-
-#include "asn1_queue.h"
-
-enum typetype { 
-    TBitString,
-    TBoolean,
-    TChoice, 
-    TEnumerated,
-    TGeneralString, 
-    TGeneralizedTime, 
-    TIA5String,
-    TInteger, 
-    TNull,
-    TOID, 
-    TOctetString, 
-    TPrintableString,
-    TSequence, 
-    TSequenceOf,
-    TSet, 
-    TSetOf,
-    TTag, 
-    TType, 
-    TUTCTime, 
-    TUTF8String,
-    TBMPString,
-    TUniversalString,
-    TVisibleString
-};
-
-typedef enum typetype Typetype;
-
-struct type;
-
-struct value {
-    enum { booleanvalue, 
-	   nullvalue, 
-	   integervalue, 
-	   stringvalue, 
-	   objectidentifiervalue
-    } type;
-    union {
-	int booleanvalue;
-	int integervalue;
-	char *stringvalue;
-	struct objid *objectidentifiervalue;
-    } u;
-};
-
-struct member {
-    char *name;
-    char *gen_name;
-    char *label;
-    int val;
-    int optional;
-    int ellipsis;
-    struct type *type;
-    ASN1_TAILQ_ENTRY(member) members;
-    struct value *defval;
-};
-
-typedef struct member Member;
-
-ASN1_TAILQ_HEAD(memhead, member);
-
-struct symbol;
-
-struct tagtype {
-    int tagclass;
-    int tagvalue;
-    enum { TE_IMPLICIT, TE_EXPLICIT } tagenv;
-};
-
-struct range {
-    int min;
-    int max;
-};
-
-enum ctype { CT_CONTENTS, CT_USER } ;
-
-struct constraint_spec;
-
-struct type {
-    Typetype type;
-    struct memhead *members;
-    struct symbol *symbol;
-    struct type *subtype;
-    struct tagtype tag;
-    struct range *range;
-    struct constraint_spec *constraint;
-};
-
-typedef struct type Type;
-
-struct constraint_spec {
-    enum ctype ctype;
-    union {
-	struct {
-	    Type *type;
-	    struct value *encoding;
-	} content;
-    } u;
-};
-
-struct objid {
-    const char *label;
-    int value;
-    struct objid *next;
-};
-
-struct symbol {
-    char *name;
-    char *gen_name;
-    enum { SUndefined, SValue, Stype } stype;
-    struct value *value;
-    Type *type;
-};
-
-typedef struct symbol Symbol;
-
-void initsym (void);
-Symbol *addsym (char *);
-void output_name (char *);
-int checkundefined(void);
-#endif
diff --git a/crypto/heimdal/lib/asn1/test.asn1 b/crypto/heimdal/lib/asn1/test.asn1
deleted file mode 100644
index b2f58a2..0000000
--- a/crypto/heimdal/lib/asn1/test.asn1
+++ /dev/null
@@ -1,95 +0,0 @@
--- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
-
-TEST DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS heim_any FROM heim;
-
-TESTLargeTag ::= SEQUENCE {
-	foo[127] INTEGER (-2147483648..2147483647)
-}
-
-TESTSeq ::= SEQUENCE {
-	tag0[0] INTEGER (-2147483648..2147483647),
-	tag1[1] TESTLargeTag,
-	tagless INTEGER (-2147483648..2147483647),
-	tag3[2] INTEGER (-2147483648..2147483647)
-}
-
-TESTChoice1 ::= CHOICE {
-	i1[1]	INTEGER (-2147483648..2147483647),
-	i2[2]	INTEGER (-2147483648..2147483647),
-	...	
-}
-
-TESTChoice2 ::= CHOICE {
-	i1[1]	INTEGER (-2147483648..2147483647),
-	...	
-}
-
-TESTInteger ::= INTEGER (-2147483648..2147483647)
-
-TESTInteger2 ::= [4] IMPLICIT TESTInteger
-TESTInteger3 ::= [5] IMPLICIT TESTInteger2
-
-TESTImplicit ::= SEQUENCE {
-	ti1[0] IMPLICIT INTEGER (-2147483648..2147483647),
-	ti2[1] IMPLICIT SEQUENCE { 
-		foo[127] INTEGER (-2147483648..2147483647)
-	},
-	ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647)
-}
-
-TESTImplicit2 ::= SEQUENCE {
-	ti1[0] IMPLICIT TESTInteger,
-	ti2[1] IMPLICIT TESTLargeTag,
-	ti3[2] IMPLICIT TESTInteger3
-}
-
-TESTAllocInner ::= SEQUENCE {
-	ai[0] TESTInteger
-}
-
-TESTAlloc ::= SEQUENCE {
-	  tagless TESTAllocInner OPTIONAL,
-	  three [1] INTEGER (-2147483648..2147483647),
-	  tagless2 heim_any OPTIONAL
-}
-
-
-TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
-TESTENCODEDBY ::= OCTET STRING ( ENCODED BY 
-  { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
-)
-
-TESTDer OBJECT IDENTIFIER ::= { 
-	joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
-}
-
-TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY 
-  { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
-)
-
-TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( 
-	CONTAINING INTEGER ENCODED BY TESTDer
-)
-
-
-TESTValue1 INTEGER ::= 1
-
-TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
--- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger })
--- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER })
--- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 })
-
-TESTSeqOf ::= SEQUENCE OF TESTInteger
-
-TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
-TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
-TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
-TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
-
-TESTOSSize1 ::= OCTET STRING SIZE (1..2)
-
-END
diff --git a/crypto/heimdal/lib/asn1/test.gen b/crypto/heimdal/lib/asn1/test.gen
deleted file mode 100644
index d0fc7d9..0000000
--- a/crypto/heimdal/lib/asn1/test.gen
+++ /dev/null
@@ -1,14 +0,0 @@
-# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $
-# Sample for TESTSeq in test.asn1
-#
-
-UNIV CONS Sequence 23
-  CONTEXT CONS 0 3
-    UNIV PRIM Integer 1 01
-   CONTEXT CONS 1 8
-     UNIV CONS Sequence 6
-       CONTEXT CONS 127 3
-         UNIV PRIM Integer 1 01
-   UNIV PRIM Integer 1 01
-   CONTEXT CONS 2 3
-     UNIV PRIM Integer 1 01
diff --git a/crypto/heimdal/lib/asn1/timegm.c b/crypto/heimdal/lib/asn1/timegm.c
deleted file mode 100644
index 33b9684..0000000
--- a/crypto/heimdal/lib/asn1/timegm.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
-
-static int
-is_leap(unsigned y)
-{
-    y += 1900;
-    return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
-}
-
-/* 
- * This is a simplifed version of timegm(3) that doesn't accept out of
- * bound values that timegm(3) normally accepts but those are not
- * valid in asn1 encodings.
- */
-
-time_t
-_der_timegm (struct tm *tm)
-{
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
-  time_t res = 0;
-  unsigned i;
-
-  if (tm->tm_year < 0) 
-      return -1;
-  if (tm->tm_mon < 0 || tm->tm_mon > 11) 
-      return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
-      return -1;
-  if (tm->tm_hour < 0 || tm->tm_hour > 23) 
-      return -1;
-  if (tm->tm_min < 0 || tm->tm_min > 59) 
-      return -1;
-  if (tm->tm_sec < 0 || tm->tm_sec > 59) 
-      return -1;
-
-  for (i = 70; i < tm->tm_year; ++i)
-    res += is_leap(i) ? 366 : 365;
-
-  for (i = 0; i < tm->tm_mon; ++i)
-    res += ndays[is_leap(tm->tm_year)][i];
-  res += tm->tm_mday - 1;
-  res *= 24;
-  res += tm->tm_hour;
-  res *= 60;
-  res += tm->tm_min;
-  res *= 60;
-  res += tm->tm_sec;
-  return res;
-}
diff --git a/crypto/heimdal/lib/asn1/x509.asn1 b/crypto/heimdal/lib/asn1/x509.asn1
deleted file mode 100644
index 4a15844..0000000
--- a/crypto/heimdal/lib/asn1/x509.asn1
+++ /dev/null
@@ -1,23 +0,0 @@
-X509 DEFINITIONS ::= BEGIN
-
-CertificateSerialNumber ::= INTEGER -- X.509 '97
-
-AttributeType ::= OBJECT-IDENTIFIER
-
-AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
-
-AttributeTypeAndValue ::= SEQUENCE {
-	type AttributeType,
-	value AttributeValue
-}
-
-RelativeDistinguishedName ::= --SET
-SEQUENCE OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE { -- RFC2459
-	x RDNSequence
-}
-
-END
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog
deleted file mode 100644
index 1ef62c0..0000000
--- a/crypto/heimdal/lib/auth/ChangeLog
+++ /dev/null
@@ -1,206 +0,0 @@
-2007-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/Makefile.am: One EXTRA_DIST is enought, from dave love.
-
-	* pam/Makefile.am: Add SRCS to EXTRA_DIST
-
-	* afskauthlib/Makefile.am: SRCS
-
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pam/Makefile.am: use libtool to build binaries
-	
-2005-05-02  Dave Love  <fx@gnu.org>
-	
-	* afskauthlib/Makefile.am (afskauthlib.so): Use libtool.
-	(.c.o): Use CC (like SIA module), not COMPILE.
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/sia.c: fix getpw*_r calls, they return 0 even when the entry
-	isn't found and instead make it with setting return pointer to
-	NULL.  From Luke Mewburn <lukem@NetBSD.org>
-
-2004-09-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/verify.c: use krb5_appdefault_boolean instead of
-	krb5_config_get_bool
-
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/sia.c: Add support for AFS when using Kerberos 5, From:
-	Sergio.Gelato@astro.su.se
-	
-2003-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pam/Makefile.am: XXX inline COMPILE since automake wont add it
-	
-	* afskauthlib/verify.c (verify_krb5): use krb5_cc_clear_mcred
-	
-2003-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/Makefile.am: inline COMPILE since (modern) automake doesn't
-	add it by itself for some reason
-
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskauthlib/Makefile.am: always includes kafs now that its built
-	
-2003-03-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* sia/Makefile.am: libkafs is always built now, lets include it
-	
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.am: set SUFFIXES with +=
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* pam/Makefile.am: actually build the pam module
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: also don't compress krb5 library, at least
-	siacfg fails with compressed libraries
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c: move krb5_error_code inside a ifdef KRB5
-	* sia/sia_locl.h: move roken.h earlier to grab definition of
-	socklen_t
-
-2001-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/krb5_matrix.conf: athena -> heimdal
-
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use make-rpath to sort rpath arguments
-
-2001-07-15  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/Makefile.am: use LIB_des, so that we link with
-	libcrypto/libdes from krb4
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use $(CC) instead of ld for linking
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use LDFLAGS, and conditional libdes
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: make sure of using -rpath and not -R when
-	calling ld
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* pam/pam.c (psyslog): do not log to console
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am (libsia_krb5.so): actually run ld in the case
-	shared library case
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (siad_ses_init): handle krb5_init_context failure
-	consistently
-	* afskauthlib/verify.c (verify_krb5): handle krb5_init_context
-	failure consistently
-
-2000-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/Makefile.am: use libtool
-
-	* afskauthlib/Makefile.am: work with krb4 only
-
-2000-07-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: don't compress library, since 5.0 seems to have
-	a problem with this
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: fixes for pag setting
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: try to link with shared libraries if we don't
- 	find any static ones
-
-1999-12-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/sia.c: don't use string concatenation with TKT_ROOT
-
-1999-11-15  Assar Westerlund  <assar@sics.se>
-
-	* */lib/Makefile.in: set LIBNAME.  From Enrico Scholz
- 	<Enrico.Scholz@informatik.tu-chemnitz.de>
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): update to new
- 	krb524_convert_creds_kdc
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (doauth): use krb5_get_local_realms and
- 	krb5_verify_user_lrealm
-
-	* afskauthlib/verify.c (verify_krb5): remove krb5_kuserok.  use
- 	krb5_verify_user_lrealm
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.in: link with res_search/dn_expand libraries
-
-1999-08-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/verify.c: make this compile w/o krb4
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: incorporate patches from Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-Thu Apr  8 14:35:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-	* sia/Makefile.am: make it build w/o krb4
-
-	* afskauthlib/verify.c: add krb5 support
-
-	* afskauthlib/Makefile.am: build afskauthlib.so
-
-Wed Apr  7 14:06:22 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: make it compile w/o krb4
-
-	* sia/Makefile.am: make it compile w/o krb4
-
-Thu Apr  1 18:09:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
-
-Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/Makefile.in: add posix_getpw.c
-	  
-	* sia/Makefile.am: makefile for sia
-	  
-	* sia/posix_getpw.c: move from sia.c
-	  
-	* sia/sia_locl.h: merge with krb5 version
-	  
-	* sia/sia.c: merge with krb5 version
-	  
-	* sia/sia5.c: remove unused variables
diff --git a/crypto/heimdal/lib/auth/Makefile.am b/crypto/heimdal/lib/auth/Makefile.am
deleted file mode 100644
index c62903c..0000000
--- a/crypto/heimdal/lib/auth/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in
deleted file mode 100644
index d7200ce..0000000
--- a/crypto/heimdal/lib/auth/Makefile.in
+++ /dev/null
@@ -1,815 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = lib/auth
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am b/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
deleted file mode 100644
index 1eec4f5..0000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
+++ /dev/null
@@ -1,51 +0,0 @@
-# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-DEFS = @DEFS@
-
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-
-SUFFIXES += .c .o
-
-SRCS = verify.c
-OBJS = verify.o
-
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-
-afskauthlib.so: $(OBJS)
-	$(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-KAFS = $(top_builddir)/lib/kafs/libkafs.la
-
-if KRB5
-L = \
-	$(KAFS)	\
-	$(top_builddir)/lib/krb5/libkrb5.la	\
-	$(top_builddir)/lib/asn1/libasn1.la	\
-	$(LIB_krb4)				\
-	$(LIB_hcrypto)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-
-else
-
-L = \
-	$(KAFS)	\
-	$(LIB_krb4)				\
-	$(LIB_hcrypto)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-endif
-
-$(OBJS): $(top_builddir)/include/config.h
-
-EXTRA_DIST = $(SRCS)
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
deleted file mode 100644
index 89c966a..0000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
+++ /dev/null
@@ -1,723 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/afskauthlib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-SRCS = verify.c
-OBJS = verify.o
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-KAFS = $(top_builddir)/lib/kafs/libkafs.la
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)	\
-@KRB5_FALSE@	$(LIB_krb4)				\
-@KRB5_FALSE@	$(LIB_hcrypto)				\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)	\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la	\
-@KRB5_TRUE@	$(LIB_krb4)				\
-@KRB5_TRUE@	$(LIB_hcrypto)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_TRUE@	-lc
-
-EXTRA_DIST = $(SRCS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/afskauthlib/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/afskauthlib/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-afskauthlib.so: $(OBJS)
-	$(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-$(OBJS): $(top_builddir)/include/config.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/verify.c b/crypto/heimdal/lib/auth/afskauthlib/verify.c
deleted file mode 100644
index ff0141b..0000000
--- a/crypto/heimdal/lib/auth/afskauthlib/verify.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c 14203 2004-09-08 09:02:59Z joda $");
-#endif
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#include <kafs.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-static char krb5ccname[128];
-#endif
-#ifdef KRB4
-static char krbtkfile[128];
-#endif
-
-/* 
-   In some cases is afs_gettktstring called twice (once before
-   afs_verify and once after afs_verify).
-   In some cases (rlogin with access allowed via .rhosts) 
-   afs_verify is not called!
-   So we can't rely on correct value in krbtkfile in some
-   cases!
-*/
-
-static int correct_tkfilename=0;
-static int pag_set=0;
-
-#ifdef KRB4
-static void
-set_krbtkfile(uid_t uid)
-{
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-    krb_set_tkt_string (krbtkfile);
-    correct_tkfilename = 1;
-}
-#endif
-
-/* XXX this has to be the default cache name, since the KRB5CCNAME
- * environment variable isn't exported by login/xdm
- */
-
-#ifdef KRB5
-static void
-set_krb5ccname(uid_t uid)
-{
-    snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid);
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-#endif
-    correct_tkfilename = 1;
-}
-#endif
-
-static void
-set_spec_krbtkfile(void)
-{
-    int fd;
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(krbtkfile);
-    close(fd);
-    unlink(krbtkfile); 
-    krb_set_tkt_string (krbtkfile);
-#endif
-#ifdef KRB5
-    snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX");
-    fd=mkstemp(krb5ccname+5);
-    close(fd);
-    unlink(krb5ccname+5);
-#endif
-}
-
-#ifdef KRB5
-static int
-verify_krb5(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    
-    ret = krb5_init_context(&context);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret);
-	goto out;
-    }
-
-    ret = krb5_parse_name (context, pwd->pw_name, &principal);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    set_krb5ccname(pwd->pw_uid);
-    ret = krb5_cc_resolve(context, krb5ccname, &ccache);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    ret = krb5_verify_user_lrealm(context,
-				  principal,
-				  ccache,
-				  password,
-				  TRUE,
-				  NULL);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
-	syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", 
-	       krb5_get_err_text(context, errno));
-	goto out;
-    }
-
-#ifdef KRB4
-    {
-	krb5_realm realm = NULL;
-	krb5_boolean get_v4_tgt;
-
-	krb5_get_default_realm(context, &realm);
-	krb5_appdefault_boolean(context, "afskauthlib", 
-				realm,
-				"krb4_get_tickets", FALSE, &get_v4_tgt);
-	if (get_v4_tgt) {
-	    CREDENTIALS c;
-	    krb5_creds mcred, cred;
-
-	    krb5_cc_clear_mcred(&mcred);
-
-	    krb5_make_principal(context, &mcred.server, realm,
-				"krbtgt",
-				realm,
-				NULL);
-	    ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
-	    if(ret == 0) {
-		ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c);
-		if(ret)
-		    krb5_warn(context, ret, "converting creds");
-		else {
-		    set_krbtkfile(pwd->pw_uid);
-		    tf_setup(&c, c.pname, c.pinst); 
-		}
-		memset(&c, 0, sizeof(c));
-		krb5_free_cred_contents(context, &cred);
-	    } else
-		syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", 
-		       krb5_get_err_text(context, ret));
-	    
-	    krb5_free_principal(context, mcred.server);
-	}
-	free (realm);
-	if (!pag_set && k_hasafs()) {
-	    k_setpag();
-	    pag_set = 1;
-	}
-
-	if (pag_set)
-	    krb5_afslog_uid_home(context, ccache, NULL, NULL, 
-				 pwd->pw_uid, pwd->pw_dir);
-    }
-#endif
- out:
-    if(ret && !quiet)
-	printf ("%s\n", krb5_get_err_text (context, ret));
-    return ret;
-}
-#endif
-
-#ifdef KRB4
-static int
-verify_krb4(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    int ret = 1;
-    char lrealm[REALM_SZ];
-    
-    if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
-	set_krbtkfile(pwd->pw_uid);
-	ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
-			       KRB_VERIFY_SECURE, NULL);
-	if (ret == KSUCCESS) {
-	    if (!pag_set && k_hasafs()) {
-		k_setpag ();
-		pag_set = 1;
-            }
-            if (pag_set)
-		krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
-	} else if (!quiet)
-	    printf ("%s\n", krb_get_err_text (ret));
-    }
-    return ret;
-}
-#endif
-
-int
-afs_verify(char *name,
-	   char *password,
-	   int32_t *exp,
-	   int quiet)
-{
-    int ret = 1;
-    struct passwd *pwd = k_getpwnam (name);
-
-    if(pwd == NULL)
-	return 1;
-
-    if (!pag_set && k_hasafs()) {
-        k_setpag();
-        pag_set=1;
-    }
-
-    if (ret)
-	ret = unix_verify_user (name, password);
-#ifdef KRB5
-    if (ret)
-	ret = verify_krb5(pwd, password, exp, quiet);
-#endif
-#ifdef KRB4
-    if(ret)
-	ret = verify_krb4(pwd, password, exp, quiet);
-#endif
-    return ret;
-}
-
-char *
-afs_gettktstring (void)
-{
-    char *ptr;
-    struct passwd *pwd;
-
-    if (!correct_tkfilename) {
-	ptr = getenv("LOGNAME"); 
-	if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) {
-	    set_krb5ccname(pwd->pw_uid);
-#ifdef KRB4
-	    set_krbtkfile(pwd->pw_uid);
-	    if (!pag_set && k_hasafs()) {
-                k_setpag();
-                pag_set=1;
-	    }
-#endif
-	} else {
-	    set_spec_krbtkfile();
-	}
-    }
-#ifdef KRB5
-    esetenv("KRB5CCNAME",krb5ccname,1);
-#endif
-#ifdef KRB4
-    esetenv("KRBTKFILE",krbtkfile,1);
-    return krbtkfile;
-#else
-    return "";
-#endif
-}
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.am b/crypto/heimdal/lib/auth/pam/Makefile.am
deleted file mode 100644
index c4d0eb5..0000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.am
+++ /dev/null
@@ -1,69 +0,0 @@
-# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-if KRB4
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_hcrypto_a)		\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_hcrypto_so)		\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = pam_krb4.so
-
-endif
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@
-
-SRCS = pam.c
-OBJS = pam.o
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-CLEANFILES = $(MOD) $(OBJS)
-
-SUFFIXES += .c .o
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(LIBTOOL) --mode=compile --tag=CC $(CC) \
-	$(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-EXTRA_DIST = pam.conf.add $(SRCS)
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in
deleted file mode 100644
index 0f9e084..0000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.in
+++ /dev/null
@@ -1,733 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/pam
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-@KRB4_TRUE@L = \
-@KRB4_TRUE@	$(KAFS)						\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB4_TRUE@	$(LIB_hcrypto_a)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB4_TRUE@	-lc
-
-@KRB4_TRUE@L_shared = \
-@KRB4_TRUE@	$(KAFS_S)					\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB4_TRUE@	$(LIB_hcrypto_so)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB4_TRUE@	$(LIB_getpwnam_r)				\
-@KRB4_TRUE@	-lc
-
-@KRB4_TRUE@MOD = pam_krb4.so
-foodir = $(libdir)
-foo_DATA = $(MOD)
-SRCS = pam.c
-OBJS = pam.o
-CLEANFILES = $(MOD) $(OBJS)
-EXTRA_DIST = pam.conf.add $(SRCS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/pam/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/pam/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(LIBTOOL) --mode=compile --tag=CC $(CC) \
-	$(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c
deleted file mode 100644
index ed5071b..0000000
--- a/crypto/heimdal/lib/auth/pam/pam.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include<config.h>
-RCSID("$Id: pam.c 11417 2002-09-09 15:57:24Z joda $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <syslog.h>
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
-#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
-#endif
-
-#include <netinet/in.h>
-#include <krb.h>
-#include <kafs.h>
-
-#if 0
-/* Debugging PAM modules is a royal pain, truss helps. */
-#define DEBUG(msg) (access(msg " at line", __LINE__))
-#endif
-
-static void
-psyslog(int level, const char *format, ...)
-{
-  va_list args;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(level, format, args);
-  va_end(args);
-  closelog();
-}
-
-enum {
-  KRB4_DEBUG,
-  KRB4_USE_FIRST_PASS,
-  KRB4_TRY_FIRST_PASS,
-  KRB4_IGNORE_ROOT,
-  KRB4_NO_VERIFY,
-  KRB4_REAFSLOG,
-  KRB4_CTRLS			/* Number of ctrl arguments defined. */
-};
-
-#define KRB4_DEFAULTS  0
-
-static int ctrl_flags = KRB4_DEFAULTS;
-#define ctrl_on(x)  (krb4_args[x].flag & ctrl_flags)
-#define ctrl_off(x) (!ctrl_on(x))
-
-typedef struct
-{
-  const char *token;
-  unsigned int flag;
-} krb4_ctrls_t;
-
-static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
-{
-  /* KRB4_DEBUG          */ { "debug",          0x01 },
-  /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
-  /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
-  /* KRB4_IGNORE_ROOT    */ { "ignore_root",    0x08 },
-  /* KRB4_NO_VERIFY      */ { "no_verify",      0x10 },
-  /* KRB4_REAFSLOG       */ { "reafslog",       0x20 },
-};
-
-static void
-parse_ctrl(int argc, const char **argv)
-{
-  int i, j;
-
-  ctrl_flags = KRB4_DEFAULTS;
-  for (i = 0; i < argc; i++)
-    {
-      for (j = 0; j < KRB4_CTRLS; j++)
-	if (strcmp(argv[i], krb4_args[j].token) == 0)
-	  break;
-    
-      if (j >= KRB4_CTRLS)
-	psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
-      else
-	ctrl_flags |= krb4_args[j].flag;
-    }
-}
-
-static void
-pdeb(const char *format, ...)
-{
-  va_list args;
-  if (ctrl_off(KRB4_DEBUG))
-    return;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(LOG_DEBUG, format, args);
-  va_end(args);
-  closelog();
-}
-
-#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
-
-static void
-set_tkt_string(uid_t uid)
-{
-  char buf[128];
-
-  snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
-  krb_set_tkt_string(buf);
-
-#if 0
-  /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
-  pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
-  if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
-    {
-      pam_putenv(pamh, var);
-    }
-#endif
-
-  /* We don't want to inherit this variable.
-   * If we still do, it must have a sane value. */
-  if (getenv("KRBTKFILE") != 0)
-    {
-      char *var = malloc(sizeof(buf));
-      snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
-      putenv(var);
-      /* free(var); XXX */
-    }
-}
-
-static int
-verify_pass(pam_handle_t *pamh,
-	    const char *name,
-	    const char *inst,
-	    const char *pass)
-{
-  char realm[REALM_SZ];
-  int ret, krb_verify, old_euid, old_ruid;
-
-  krb_get_lrealm(realm, 1);
-  if (ctrl_on(KRB4_NO_VERIFY))
-    krb_verify = KRB_VERIFY_SECURE_FAIL;
-  else
-    krb_verify = KRB_VERIFY_SECURE;
-  old_ruid = getuid();
-  old_euid = geteuid();
-  setreuid(0, 0);
-  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
-  pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
-       name, inst, realm, krb_verify,
-       krb_get_err_text(ret));
-  setreuid(old_ruid, old_euid);
-  if (getuid() != old_ruid || geteuid() != old_euid)
-    {
-      psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-	      old_ruid, old_euid, __LINE__);
-      exit(1);
-    }
-    
-  switch(ret) {
-  case KSUCCESS:
-    return PAM_SUCCESS;
-  case KDC_PR_UNKNOWN:
-    return PAM_USER_UNKNOWN;
-  case SKDC_CANT:
-  case SKDC_RETRY:
-  case RD_AP_TIME:
-    return PAM_AUTHINFO_UNAVAIL;
-  default:
-    return PAM_AUTH_ERR;
-  }
-}
-
-static int
-krb4_auth(pam_handle_t *pamh,
-	  int flags,
-	  const char *name,
-	  const char *inst,
-	  struct pam_conv *conv)
-{
-  struct pam_response *resp;
-  char prompt[128];
-  struct pam_message msg, *pmsg = &msg;
-  int ret;
-
-  if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
-    {
-      char *pass = 0;
-      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-      if (ret != PAM_SUCCESS)
-        {
-          psyslog(LOG_ERR , "pam_get_item returned error to get-password");
-          return ret;
-        }
-      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
-	return PAM_SUCCESS;
-      else if (ctrl_on(KRB4_USE_FIRST_PASS))
-	return PAM_AUTHTOK_RECOVERY_ERR;       /* Wrong password! */
-      else
-	/* We tried the first password but it didn't work, cont. */;
-    }
-
-  msg.msg_style = PAM_PROMPT_ECHO_OFF;
-  if (*inst == 0)
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
-  else
-    snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
-  msg.msg = prompt;
-
-  ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  ret = verify_pass(pamh, name, inst, resp->resp);
-  if (ret == PAM_SUCCESS)
-    {
-      memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
-      free(resp->resp);
-      free(resp);
-    }
-  else
-    {
-      pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
-      /* free(resp->resp); XXX */
-      /* free(resp); XXX */
-    }
-  
-  return ret;
-}
-
-int
-pam_sm_authenticate(pam_handle_t *pamh,
-		    int flags,
-		    int argc,
-		    const char **argv)
-{
-  char *user;
-  int ret;
-  struct pam_conv *conv;
-  struct passwd *pw;
-  uid_t uid = -1;
-  const char *name, *inst;
-  char realm[REALM_SZ];
-  realm[0] = 0;
-
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_authenticate");
-
-  ret = pam_get_user(pamh, &user, "login: ");
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
-    return PAM_AUTHINFO_UNAVAIL;
-
-  ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  pw = getpwnam(user);
-  if (pw != 0)
-    {
-      uid = pw->pw_uid;
-      set_tkt_string(uid);
-    }
-    
-  if (strcmp(user, "root") == 0 && getuid() != 0)
-    {
-      pw = getpwuid(getuid());
-      if (pw != 0)
-	{
-	  name = strdup(pw->pw_name);
-	  inst = "root";
-	}
-    }
-  else
-    {
-      name = user;
-      inst = "";
-    }
-
-  ret = krb4_auth(pamh, flags, name, inst, conv);
-
-  /*
-   * The realm was lost inside krb_verify_user() so we can't simply do
-   * a krb_kuserok() when inst != "".
-   */
-  if (ret == PAM_SUCCESS && inst[0] != 0)
-    {
-      uid_t old_euid = geteuid();
-      uid_t old_ruid = getuid();
-
-      setreuid(0, 0);		/* To read ticket file. */
-      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
-	ret = PAM_SERVICE_ERR;
-      else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	{
-	  setreuid(0, uid);	/*  To read ~/.klogin. */
-	  if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	    ret = PAM_PERM_DENIED;
-	}
-
-      if (ret != PAM_SUCCESS)
-	{
-	  dest_tkt();		/* Passwd known, ok to kill ticket. */
-	  psyslog(LOG_NOTICE,
-		  "%s.%s@%s is not allowed to log in as %s",
-		  name, inst, realm, user);
-	}
-
-      setreuid(old_ruid, old_euid);
-      if (getuid() != old_ruid || geteuid() != old_euid)
-	{
-	  psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-		  old_ruid, old_euid, __LINE__);
-	  exit(1);
-	}
-    }
-
-  if (ret == PAM_SUCCESS)
-    {
-      psyslog(LOG_INFO,
-	      "%s.%s@%s authenticated as user %s",
-	      name, inst, realm, user);
-      if (chown(tkt_string(), uid, -1) == -1)
-	{
-	  dest_tkt();
-	  psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
-	  exit(1);
-	}
-    }
-
-  /*
-   * Kludge alert!!! Sun dtlogin unlock screen fails to call
-   * pam_setcred(3) with PAM_REFRESH_CRED after a successful
-   * authentication attempt, sic.
-   *
-   * This hack is designed as a workaround to that problem.
-   */
-  if (ctrl_on(KRB4_REAFSLOG))
-    if (ret == PAM_SUCCESS)
-      pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
-  
-  return ret;
-}
-
-int 
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_setcred");
-
-  switch (flags & ~PAM_SILENT) {
-  case 0:
-  case PAM_ESTABLISH_CRED:
-    if (k_hasafs())
-      k_setpag();
-    /* Fall through, fill PAG with credentials below. */
-  case PAM_REINITIALIZE_CRED:
-  case PAM_REFRESH_CRED:
-    if (k_hasafs())
-      {
-	void *user = 0;
-
-	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
-	  {
-	    struct passwd *pw = getpwnam((char *)user);
-	    if (pw != 0)
-	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
-				  pw->pw_uid, pw->pw_dir);
-	  }
-      }
-    break;
-  case PAM_DELETE_CRED:
-    dest_tkt();
-    if (k_hasafs())
-      k_unlog();
-    break;
-  default:
-    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
-    break;
-  }
-  
-  return PAM_SUCCESS;
-}
-
-int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_open_session");
-
-  return PAM_SUCCESS;
-}
-
-
-int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_close_session");
-
-  /* This isn't really kosher, but it's handy. */
-  pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
-
-  return PAM_SUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/pam/pam.conf.add b/crypto/heimdal/lib/auth/pam/pam.conf.add
deleted file mode 100644
index 7db3e3d..0000000
--- a/crypto/heimdal/lib/auth/pam/pam.conf.add
+++ /dev/null
@@ -1,97 +0,0 @@
-To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
-
---- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
-+++ /etc/pam.conf	Tue Feb 15 19:39:12 2000
-@@ -4,15 +4,19 @@
- #
- # Authentication management
- #
-+login	auth sufficient	/usr/athena/lib/pam_krb4.so
- login	auth required 	/usr/lib/security/pam_unix.so.1 
- login	auth required 	/usr/lib/security/pam_dial_auth.so.1 
- #
- rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
- rlogin	auth required 	/usr/lib/security/pam_unix.so.1
- #
-+dtlogin	auth sufficient	/usr/athena/lib/pam_krb4.so
- dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
- #
- rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
-+# Reafslog is for dtlogin lock display
-+other	auth sufficient	/usr/athena/lib/pam_krb4.so reafslog
- other	auth required	/usr/lib/security/pam_unix.so.1
- #
- # Account management
-@@ -24,6 +28,8 @@
- #
- # Session management
- #
-+dtlogin	session required	/usr/athena/lib/pam_krb4.so
-+login	session required	/usr/athena/lib/pam_krb4.so
- other	session required	/usr/lib/security/pam_unix.so.1 
- #
- # Password management
----------------------------------------------------------------------------
-To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches:
-
---- /etc/pam.d/login~	Tue Dec  7 12:01:35 1999
-+++ /etc/pam.d/login	Wed May 31 16:27:55 2000
-@@ -1,9 +1,12 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_securetty.so
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so nullok use_authtok md5 shadow
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional	/lib/security/pam_console.so
---- /etc/pam.d/xdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/xdm	Wed May 31 16:28:29 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
---- /etc/pam.d/gdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/gdm	Wed May 31 16:34:28 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
-
---------------------------------------------------------------------------
-
-This stuff may work under some other system.
-
-# To get this to work, you will have to add entries to /etc/pam.conf
-#
-# To make login kerberos-aware, you might change pam.conf to look
-# like:
-
-# login authorization
-login   auth       sufficient   /lib/security/pam_krb4.so
-login   auth       required     /lib/security/pam_securetty.so
-login   auth       required     /lib/security/pam_unix_auth.so
-login   account    required     /lib/security/pam_unix_acct.so
-login   password   required     /lib/security/pam_unix_passwd.so
-login   session    required     /lib/security/pam_krb4.so
-login   session    required     /lib/security/pam_unix_session.so
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am
deleted file mode 100644
index 7b6aedd..0000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.am
+++ /dev/null
@@ -1,116 +0,0 @@
-# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-if KRB5
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-	$(LIB_krb4)					\
-	$(LIB_hcrypto_a)					\
-	$(LIB_com_err_a)				\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-	$(LIB_krb4)					\
-	$(LIB_hcrypto_so)					\
-	$(LIB_com_err_so)				\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb5.so
-
-else
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_hcrypto_a)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_hcrypto_so)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb4.so
-
-endif
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-
-SRCS = sia.c posix_getpw.c sia_locl.h
-OBJS = sia.o posix_getpw.o
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-CLEANFILES = $(MOD) $(OBJS) so_locations
-
-SUFFIXES += .c .o
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
-	krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf \
-	security.patch \
-	make-rpath $(SRCS)
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in
deleted file mode 100644
index 88f6257..0000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.in
+++ /dev/null
@@ -1,778 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/sia
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)						\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB5_FALSE@	$(LIB_hcrypto_a)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)						\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_hcrypto_a)					\
-@KRB5_TRUE@	$(LIB_com_err_a)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@L_shared = \
-@KRB5_FALSE@	$(KAFS_S)					\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB5_FALSE@	$(LIB_hcrypto_so)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L_shared = \
-@KRB5_TRUE@	$(KAFS_S)					\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_hcrypto_so)					\
-@KRB5_TRUE@	$(LIB_com_err_so)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@MOD = libsia_krb4.so
-@KRB5_TRUE@MOD = libsia_krb5.so
-foodir = $(libdir)
-foo_DATA = $(MOD)
-SRCS = sia.c posix_getpw.c sia_locl.h
-OBJS = sia.o posix_getpw.o
-CLEANFILES = $(MOD) $(OBJS) so_locations
-EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
-	krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf \
-	security.patch \
-	make-rpath $(SRCS)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/sia/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/sia/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
deleted file mode 100644
index 47b5cd4..0000000
--- a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4+c2_matrix.conf 7463 1999-12-02 16:58:55Z joda $
-
-# sia matrix configuration file (Kerberos 4 + C2)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
deleted file mode 100644
index 17d6d13..0000000
--- a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4_matrix.conf 7463 1999-12-02 16:58:55Z joda $
-
-# sia matrix configuration file (Kerberos 4 + BSD)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-
diff --git a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
deleted file mode 100644
index ada8ba5..0000000
--- a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5+c2_matrix.conf 5254 1998-11-26 20:58:18Z assar $
-
-# sia matrix configuration file (Kerberos 5 + C2)
-
-siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
deleted file mode 100644
index ab07956..0000000
--- a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5_matrix.conf 10576 2001-08-28 08:49:20Z joda $
-
-# sia matrix configuration file (Kerberos 5 + BSD)
-
-siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)
-siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_reauthent=(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_user=(BSD,libc.so)
diff --git a/crypto/heimdal/lib/auth/sia/make-rpath b/crypto/heimdal/lib/auth/sia/make-rpath
deleted file mode 100755
index 4aa297e..0000000
--- a/crypto/heimdal/lib/auth/sia/make-rpath
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# $Id: make-rpath 10345 2001-07-17 15:15:31Z assar $
-rlist=
-rest=
-while test $# -gt 0; do
-case $1 in
--R|-rpath)
-  if test "$rlist"; then
-    rlist="${rlist}:$2"
-  else
-    rlist="$2"
-  fi
-  shift 2
-  ;;
--R*) 
-  d=`echo $1 | sed 's,^-R,,'`
-  if test "$rlist"; then
-    rlist="${rlist}:${d}"
-  else
-    rlist="${d}"
-  fi
-  shift
-  ;;
-*)
-  rest="${rest} $1"
-  shift
-  ;;
-esac
-done
-rpath=
-if test "$rlist"; then
-  rpath="-rpath $rlist "
-fi
-echo "${rpath}${rest}"
diff --git a/crypto/heimdal/lib/auth/sia/posix_getpw.c b/crypto/heimdal/lib/auth/sia/posix_getpw.c
deleted file mode 100644
index 65d7a2e..0000000
--- a/crypto/heimdal/lib/auth/sia/posix_getpw.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "sia_locl.h"
-
-RCSID("$Id: posix_getpw.c 5680 1999-03-21 17:07:02Z joda $");
-
-#ifndef POSIX_GETPWNAM_R
-/* 
- * These functions translate from the old Digital UNIX 3.x interface
- * to POSIX.1c.
- */
-
-int
-posix_getpwnam_r(const char *name, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwnam_r(name, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-
-int
-posix_getpwuid_r(uid_t uid, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwuid_r(uid, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-#endif /* POSIX_GETPWNAM_R */
diff --git a/crypto/heimdal/lib/auth/sia/security.patch b/crypto/heimdal/lib/auth/sia/security.patch
deleted file mode 100644
index c407876..0000000
--- a/crypto/heimdal/lib/auth/sia/security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- /sbin/init.d/security~      Tue Aug 20 22:44:09 1996
-+++ /sbin/init.d/security       Fri Nov  1 14:52:56 1996
-@@ -49,7 +49,7 @@
-                    SECURITY=BASE
-                fi
-                ;;
--       BASE)
-+       BASE|KRB4)
-                ;;
-        *)
-                echo "security configuration set to default (BASE)."
diff --git a/crypto/heimdal/lib/auth/sia/sia.c b/crypto/heimdal/lib/auth/sia/sia.c
deleted file mode 100644
index 640b868..0000000
--- a/crypto/heimdal/lib/auth/sia/sia.c
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "sia_locl.h"
-
-RCSID("$Id: sia.c 14838 2005-04-19 04:41:07Z lha $");
-
-int 
-siad_init(void)
-{
-    return SIADSUCCESS;
-}
-
-int 
-siad_chk_invoker(void)
-{
-    SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_init(SIAENTITY *entity, int pkgind)
-{
-    struct state *s = malloc(sizeof(*s));
-
-    SIA_DEBUG(("DEBUG", "siad_ses_init"));
-    if(s == NULL)
-	return SIADFAIL;
-    memset(s, 0, sizeof(*s));
-#ifdef SIA_KRB5
-    {
-      krb5_error_code ret;
-      ret = krb5_init_context(&s->context);
-      if (ret)
-	return SIADFAIL;
-    }
-#endif
-    entity->mech[pkgind] = (int*)s;
-    return SIADSUCCESS;
-}
-
-static int
-setup_name(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_name"));
-    e->name = malloc(SIANAMEMIN + 1);
-    if(e->name == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"login: ";
-    p->result = (unsigned char*)e->name;
-    p->min_result_length = 1;
-    p->max_result_length = SIANAMEMIN;
-    p->control_flags = 0;
-    return SIADSUCCESS;
-}
-
-static int
-setup_password(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_password"));
-    e->password = malloc(SIAMXPASSWORD + 1);
-    if(e->password == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"Password: ";
-    p->result = (unsigned char*)e->password;
-    p->min_result_length = 0;
-    p->max_result_length = SIAMXPASSWORD;
-    p->control_flags = SIARESINVIS;
-    return SIADSUCCESS;
-}
-
-
-static int
-doauth(SIAENTITY *entity, int pkgind, char *name)
-{
-    struct passwd pw, *pwd;
-    char pwbuf[1024];
-    struct state *s = (struct state*)entity->mech[pkgind];
-#ifdef SIA_KRB5
-    krb5_realm *realms, *r;
-    krb5_principal principal;
-    krb5_ccache ccache;
-    krb5_error_code ret;
-#endif
-#ifdef SIA_KRB4
-    char realm[REALM_SZ];
-    char *toname, *toinst;
-    int ret;
-    struct passwd fpw, *fpwd;
-    char fpwbuf[1024];
-    int secure;
-#endif
-	
-    if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL){
-	SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
-	return SIADFAIL;
-    }
-
-#ifdef SIA_KRB5
-    ret = krb5_get_default_realms(s->context, &realms);
-
-    for (r = realms; *r != NULL; ++r) {
-	krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
-
-	if(krb5_kuserok(s->context, principal, entity->name))
-	    break;
-    }
-    krb5_free_host_realm (s->context, realms);
-    if (*r == NULL)
-	return SIADFAIL;
-
-    sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
-    ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
-    if(ret)
-	return SIADFAIL;
-#endif
-	
-#ifdef SIA_KRB4
-    snprintf(s->ticket, sizeof(s->ticket),
-	     "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
-    krb_get_lrealm(realm, 1);
-    toname = name;
-    toinst = "";
-    if(entity->authtype == SIA_A_SUAUTH){
-	uid_t ouid;
-#ifdef HAVE_SIAENTITY_OUID
-	ouid = entity->ouid;
-#else
-	ouid = getuid();
-#endif
-	if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0 || fpwd == NULL){
-	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
-	    return SIADFAIL;
-	}
-	snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", 
-		 TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
-	if(strcmp(pwd->pw_name, "root") == 0){
-	    toname = fpwd->pw_name;
-	    toinst = pwd->pw_name;
-	}
-    }
-    if(entity->authtype == SIA_A_REAUTH) 
-	snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
-    
-    krb_set_tkt_string(s->ticket);
-	
-    setuid(0); /* XXX fix for fix in tf_util.c */
-    if(krb_kuserok(toname, toinst, realm, name)){
-	SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", 
-		   toname, toinst, realm, name));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB5
-    ret = krb5_verify_user_lrealm(s->context, principal, ccache,
-				  entity->password, 1, NULL);
-    if(ret){
-	/* if this is most likely a local user (such as
-	   root), just silently return failure when the
-	   principal doesn't exist */
-	if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
-	   ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
-	    SIALOG("WARNING", "krb5_verify_user(%s): %s", 
-		   entity->name, error_message(ret));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB4
-    if (getuid () == 0)
-	secure = KRB_VERIFY_SECURE;
-    else
-	secure = KRB_VERIFY_NOT_SECURE;
-	
-    ret = krb_verify_user(toname, toinst, realm,
-			  entity->password, secure, NULL);
-    if(ret){
-	SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
-	if(ret != KDC_PR_UNKNOWN)
-	    /* since this is most likely a local user (such as
-	       root), just silently return failure when the
-	       principal doesn't exist */
-	    SIALOG("WARNING", "krb_verify_user(%s.%s): %s", 
-		   toname, toinst, krb_get_err_text(ret));
-	return SIADFAIL;
-    }
-#endif
-    if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
-	return SIADFAIL;
-    s->valid = 1;
-    return SIADSUCCESS;
-}
-
-
-static int 
-common_auth(sia_collect_func_t *collect, 
-	    SIAENTITY *entity, 
-	    int siastat,
-	    int pkgind)
-{
-    prompt_t prompts[2], *pr;
-    char *name;
-
-    SIA_DEBUG(("DEBUG", "common_auth"));
-    if((siastat == SIADSUCCESS) && (geteuid() == 0))
-	return SIADSUCCESS;
-    if(entity == NULL) {
-	SIA_DEBUG(("DEBUG", "entity == NULL"));
-	return SIADFAIL | SIADSTOP;
-    }
-    name = entity->name;
-    if(entity->acctname)
-	name = entity->acctname;
-    
-    if((collect != NULL) && entity->colinput) {
-	int num;
-	pr = prompts;
-	if(name == NULL){
-	    if(setup_name(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	if(entity->password == NULL){
-	    if(setup_password(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	num = pr - prompts;
-	if(num == 1){
-	    if((*collect)(240, SIAONELINER, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	} else if(num > 0){
-	    if((*collect)(0, SIAFORM, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	}
-    }
-    if(name == NULL)
-	name = entity->name;
-    if(name == NULL || name[0] == '\0'){
-	SIA_DEBUG(("DEBUG", "name is null"));
-	return SIADFAIL;
-    }
-
-    if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
-	SIA_DEBUG(("DEBUG", "entity->password is null"));
-	return SIADFAIL;
-    }
-    
-    return doauth(entity, pkgind, name);
-}
-
-
-int 
-siad_ses_authent(sia_collect_func_t *collect, 
-		 SIAENTITY *entity, 
-		 int siastat,
-		 int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_authent"));
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int 
-siad_ses_estab(sia_collect_func_t *collect, 
-	       SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_estab"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_launch(sia_collect_func_t *collect,
-		SIAENTITY *entity,
-		int pkgind)
-{
-    static char env[MaxPathLen];
-    struct state *s = (struct state*)entity->mech[pkgind];
-    SIA_DEBUG(("DEBUG", "siad_ses_launch"));
-    if(s->valid){
-#ifdef SIA_KRB5
-	chown(s->ticket + sizeof("FILE:") - 1, 
-	      entity->pwd->pw_uid, 
-	      entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
-#endif
-#ifdef SIA_KRB4
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
-#endif
-	putenv(env);
-    }
-#ifdef SIA_KRB5
-    if (k_hasafs()) {
-	char cell[64];
-	krb5_ccache ccache;
-	if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
-	    k_setpag();
-	    if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
-		krb5_afslog(s->context, ccache, cell, 0);
-	    krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
-	}
-    }
-#endif
-#ifdef SIA_KRB4
-    if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
-	    krb_afslog(cell, 0);
-	krb_afslog_home(0, 0, entity->pwd->pw_dir);
-    }
-#endif
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_release(SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_release"));
-    if(entity->mech[pkgind]){
-#ifdef SIA_KRB5
-	struct state *s = (struct state*)entity->mech[pkgind];
-	krb5_free_context(s->context);
-#endif
-	free(entity->mech[pkgind]);
-    }
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_suauthent(sia_collect_func_t *collect,
-		   SIAENTITY *entity,
-		   int siastat,
-		   int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
-    if(geteuid() != 0)
-	return SIADFAIL;
-    if(entity->name == NULL)
-	return SIADFAIL;
-    if(entity->name[0] == '\0') {
-	free(entity->name);
-	entity->name = strdup("root");
-	if (entity->name == NULL)
-	    return SIADFAIL;
-    }
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int
-siad_ses_reauthent (sia_collect_func_t *collect,
-		    SIAENTITY *entity,
-		    int siastat,
-		    int pkgind)
-{
-    int ret;
-    SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
-    if(entity == NULL || entity->name == NULL)
-	return SIADFAIL;
-    ret = common_auth(collect, entity, siastat, pkgind);
-    if((ret & SIADSUCCESS)){
-	/* launch isn't (always?) called when doing reauth, so we must
-           duplicate some code here... */
-	struct state *s = (struct state*)entity->mech[pkgind];
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-#ifdef SIA_KRB5
-	if (k_hasafs()) {
-	    char cell[64];
-	    krb5_ccache ccache;
-	    if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
-		k_setpag();
-		if(k_afs_cell_of_file(entity->pwd->pw_dir, 
-				      cell, sizeof(cell)) == 0)
-		    krb5_afslog(s->context, ccache, cell, 0);
-		krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
-	    }
-	}
-#endif
-#ifdef SIA_KRB4
-	if(k_hasafs()) {
-	    char cell[64];
-	    if(k_afs_cell_of_file(entity->pwd->pw_dir, 
-				  cell, sizeof(cell)) == 0)
-		krb_afslog(cell, 0);
-	    krb_afslog_home(0, 0, entity->pwd->pw_dir);
-	}
-#endif
-    }
-    return ret;
-}
-
-int
-siad_chg_finger (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    SIA_DEBUG(("DEBUG", "siad_chg_finger"));
-    return SIADFAIL;
-}
-
-#ifdef SIA_KRB5
-int
-siad_chg_password (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-#endif
-
-#ifdef SIA_KRB4
-static void
-sia_message(sia_collect_func_t *collect, int rendition, 
-	    const char *title, const char *message)
-{
-    prompt_t prompt;
-    prompt.prompt = (unsigned char*)message;
-    (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
-}
-
-static int
-init_change(sia_collect_func_t *collect, krb_principal *princ)
-{
-    prompt_t prompt;
-    char old_pw[MAX_KPW_LEN+1];
-    char *msg;
-    char tktstring[128];
-    int ret;
-    
-    SIA_DEBUG(("DEBUG", "init_change"));
-    prompt.prompt = (unsigned char*)"Old password: ";
-    prompt.result = (unsigned char*)old_pw;
-    prompt.min_result_length = 0;
-    prompt.max_result_length = sizeof(old_pw) - 1;
-    prompt.control_flags = SIARESINVIS;
-    asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
-    if(msg == NULL){
-	SIA_DEBUG(("DEBUG", "out of memory"));
-	return SIADFAIL;
-    }
-    ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
-    free(msg);
-    SIA_DEBUG(("DEBUG", "ret = %d", ret));
-    if(ret != SIACOLSUCCESS)
-	return SIADFAIL;
-    snprintf(tktstring, sizeof(tktstring), 
-	     "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
-    krb_set_tkt_string(tktstring);
-    
-    ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
-			    PWSERV_NAME, KADM_SINST, 1, old_pw);
-    if (ret != KSUCCESS) {
-	SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
-	if (ret == INTK_BADPW)
-	    sia_message(collect, SIAWARNING, "", "Incorrect old password.");
-	else
-	    sia_message(collect, SIAWARNING, "", "Kerberos error.");
-	memset(old_pw, 0, sizeof(old_pw));
-	return SIADFAIL;
-    }
-    if(chown(tktstring, getuid(), -1) < 0){
-	dest_tkt();
-	return SIADFAIL;
-    }
-    memset(old_pw, 0, sizeof(old_pw));
-    return SIADSUCCESS;
-}
-
-int
-siad_chg_password (sia_collect_func_t *collect,
-		   const char *username, 
-		   int argc, 
-		   char *argv[])
-{
-    prompt_t prompts[2];
-    krb_principal princ;
-    int ret;
-    char new_pw1[MAX_KPW_LEN+1];
-    char new_pw2[MAX_KPW_LEN+1];
-    static struct et_list *et_list;
-
-    setprogname(argv[0]);
-
-    SIA_DEBUG(("DEBUG", "siad_chg_password"));
-    if(collect == NULL)
-	return SIADFAIL;
-
-    if(username == NULL)
-	username = getlogin();
-
-    ret = krb_parse_name(username, &princ);
-    if(ret)
-	return SIADFAIL;
-    if(princ.realm[0] == '\0')
-	krb_get_lrealm(princ.realm, 1);
-
-    if(et_list == NULL) {
-	initialize_kadm_error_table_r(&et_list);
-	initialize_krb_error_table_r(&et_list);
-    }
-
-    ret = init_change(collect, &princ);
-    if(ret != SIADSUCCESS)
-	return ret;
-
-again:
-    prompts[0].prompt = (unsigned char*)"New password: ";
-    prompts[0].result = (unsigned char*)new_pw1;
-    prompts[0].min_result_length = MIN_KPW_LEN;
-    prompts[0].max_result_length = sizeof(new_pw1) - 1;
-    prompts[0].control_flags = SIARESINVIS;
-    prompts[1].prompt = (unsigned char*)"Verify new password: ";
-    prompts[1].result = (unsigned char*)new_pw2;
-    prompts[1].min_result_length = MIN_KPW_LEN;
-    prompts[1].max_result_length = sizeof(new_pw2) - 1;
-    prompts[1].control_flags = SIARESINVIS;
-    if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != 
-       SIACOLSUCCESS) {
-	dest_tkt();
-	return SIADFAIL;
-    }
-    if(strcmp(new_pw1, new_pw2) != 0){
-	sia_message(collect, SIAWARNING, "", "Password mismatch.");
-	goto again;
-    }
-    ret = kadm_check_pw(new_pw1);
-    if(ret) {
-	sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
-	goto again;
-    }
-    
-    memset(new_pw2, 0, sizeof(new_pw2));
-    ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "Error initing kadmin connection", 
-		    com_right(et_list, ret));
-    else {
-	des_cblock newkey;
-	char *pw_msg; /* message from server */
-
-	des_string_to_key(new_pw1, &newkey);
-	ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
-	memset(newkey, 0, sizeof(newkey));
-      
-	if (ret == KADM_INSECURE_PW)
-	    sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
-	else if (ret != KADM_SUCCESS)
-	    sia_message(collect, SIAWARNING, "Error changing password", 
-			com_right(et_list, ret));
-    }
-    memset(new_pw1, 0, sizeof(new_pw1));
-
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "", "Password NOT changed.");
-    else
-	sia_message(collect, SIAINFO, "", "Password changed.");
-    
-    dest_tkt();
-    if(ret)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
-#endif
-
-int
-siad_chg_shell (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwent(struct passwd *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwuid (uid_t uid, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwnam (const char *name, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrent(struct group *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrgid (gid_t gid, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrnam (const char *name, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_chk_user (const char *logname, int checkflag)
-{
-    if(checkflag != CHGPASSWD)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/sia/sia_locl.h b/crypto/heimdal/lib/auth/sia/sia_locl.h
deleted file mode 100644
index 81e8439..0000000
--- a/crypto/heimdal/lib/auth/sia/sia_locl.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sia_locl.h 10688 2001-09-13 01:15:34Z assar $ */
-
-#ifndef __sia_locl_h__
-#define __sia_locl_h__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <siad.h>
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <roken.h>
-
-#ifdef KRB5
-#define SIA_KRB5
-#elif defined(KRB4)
-#define SIA_KRB4
-#endif
-
-#ifdef SIA_KRB5
-#include <krb5.h>
-#include <com_err.h>
-#endif
-#ifdef SIA_KRB4
-#include <krb.h>
-#include <krb_err.h>
-#include <kadm.h>
-#include <kadm_err.h>
-#endif
-#ifdef KRB4
-#include <kafs.h>
-#endif
-
-#ifndef POSIX_GETPWNAM_R
-
-#define getpwnam_r posix_getpwnam_r
-#define getpwuid_r posix_getpwuid_r
-
-#endif /* POSIX_GETPWNAM_R */
-
-#ifndef DEBUG
-#define SIA_DEBUG(X)
-#else
-#define SIA_DEBUG(X) SIALOG X
-#endif
-
-struct state{
-#ifdef SIA_KRB5
-    krb5_context context;
-    krb5_auth_context auth_context;
-#endif
-    char ticket[MaxPathLen];
-    int valid;
-};
-
-#endif /* __sia_locl_h__ */
diff --git a/crypto/heimdal/lib/com_err/ChangeLog b/crypto/heimdal/lib/com_err/ChangeLog
deleted file mode 100644
index dbeb8fb..0000000
--- a/crypto/heimdal/lib/com_err/ChangeLog
+++ /dev/null
@@ -1,235 +0,0 @@
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: split source files in dist and nodist.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Only do roken rename for the library.
-
-2007-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: use version script.
-	
-	* version-script.map: use version script.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (compile_et_SOURCES): add lex.h
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_err.3: Document the _r functions.
-	
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_err.h: Include <stdarg.h> for va_list to help AIX 5.2.
-	
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: rename base to base_id since flex defines a function
-	with the argument base
-
-	* compile_et.h: rename base to base_id since flex defines a
-	function with the argument base
-
-	* compile_et.c: rename base to base_id since flex defines a
-	function with the argument base
-
-	* parse.y (name2number): rename base to num to avoid shadowing
-	
-	* compile_et.c: rename optind to optidx
-	
-2005-05-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: check allocation errors
-
-	* lex.l: check allocation errors correctly
-	
-	* compile_et.h: include <err.h>
-	
-	* (main): compile_et.c: use strlcpy
-	
-2005-04-29  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (LDADD): Add libcom_err.la
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include strlcpy and *printf and use them
-
-2005-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_right.h: de-__P
-
-	* com_err.h: de-__P
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: don't add comma after last enum member
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: just declare er_list directly instead of including
-	com_right in generated header files
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1
-
-2002-03-10  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (error_message): do not call strerror with a negative error
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h (add_to_error_table): add prototype
-	* com_err.c (add_to_error_table): new function, from Derrick J
-	Brashear <shadow@dementia.org>
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: add printf formats for gcc
-
-2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* error.c (initialize_error_table_r): put table at end of the list
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (default_proc): add printf attributes
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 1:1:0
-
-2000-07-31  Assar Westerlund  <assar@sics.se>
-
-	* com_right.h (initialize_error_table_r): fix prototype
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (_et_lit): explicitly initialize it to NULL to make
-	dyld on Darwin/MacOS X happy
-
-2000-01-16  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: remove __P definition (now in com_right.h).  this
-	file always includes com_right.h so that's where it should reside.
-	* com_right.h: moved __P here and added it to the function
-	prototypes
-	* com_err.h (error_table_name): add __P
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (statement): use asprintf
-
-1999-06-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: make it solaris make vpath-safe
-
-Thu Apr  1 11:13:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: use getargs
-
-Sat Mar 20 00:16:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c: static-ize
-
-Thu Mar 18 11:22:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Mar 16 22:30:05 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: use YYACCEPT instead of return
-
-Sat Mar 13 22:22:56 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c (generate_h): cast when calling is* to get rid of a
- 	warning
-
-Thu Mar 11 15:00:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Sun Nov 22 10:39:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.h: include ctype and roken
-
-	* compile_et.c: include err.h
-	(generate_h): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Fri Nov 20 06:58:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* lex.l: undef ECHO to work around AIX lex bug
-
-Sun Sep 27 02:23:59 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* com_err.c (error_message): try to pass code to strerror, to see
- 	if it might be an errno code (this if broken, but some MIT code
- 	seems to expect this behaviour)
-
-Sat Sep 26 17:42:39 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: <foo_err.h> -> "foo_err.h"
-
-Tue Jun 30 17:17:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add str{cpy,cat}_truncate
-
-Mon May 25 05:24:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:50:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:22:11 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Tue Mar 24 05:13:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: link with snprintf (From Derrick J Brashear
- 	<shadow@dementia.org>)
-
-Fri Feb 27 05:01:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: initialize ec->next
-
-Thu Feb 26 02:22:25 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:54 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Tue Feb 17 22:20:27 1998  Bjoern Groenvall  <bg@sics.se>
-
-	* com_right.h: Change typedefs so that one may mix MIT compile_et
- 	generated code with krb4 dito.
-
-Tue Feb 17 16:30:55 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* compile_et.c (generate): Always return a value.
-
-	* parse.y: Files don't have to end with `end'.
-
-Mon Feb 16 16:09:20 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lex.l (getstring): Replace getc() with input().
-
-	* Makefile.am: Fixes for new compile_et.
diff --git a/crypto/heimdal/lib/com_err/Makefile.am b/crypto/heimdal/lib/com_err/Makefile.am
deleted file mode 100644
index 64d4976..0000000
--- a/crypto/heimdal/lib/com_err/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:3:1
-
-if versionscript
-libcom_err_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-bin_PROGRAMS = compile_et
-
-include_HEADERS = com_err.h com_right.h
-
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
-
-libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
-dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-
-if do_roken_rename
-nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
-endif
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-
-compile_et_LDADD = \
-	libcom_err.la \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-EXTRA_DIST = version-script.map
diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in
deleted file mode 100644
index 2581001..0000000
--- a/crypto/heimdal/lib/com_err/Makefile.in
+++ /dev/null
@@ -1,910 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-bin_PROGRAMS = compile_et$(EXEEXT)
-subdir = lib/com_err
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libcom_err_la_LIBADD =
-dist_libcom_err_la_OBJECTS = libcom_err_la-error.lo \
-	libcom_err_la-com_err.lo
-@do_roken_rename_TRUE@nodist_libcom_err_la_OBJECTS =  \
-@do_roken_rename_TRUE@	libcom_err_la-snprintf.lo \
-@do_roken_rename_TRUE@	libcom_err_la-strlcpy.lo
-libcom_err_la_OBJECTS = $(dist_libcom_err_la_OBJECTS) \
-	$(nodist_libcom_err_la_OBJECTS)
-libcom_err_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libcom_err_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \
-	lex.$(OBJEXT)
-compile_et_OBJECTS = $(am_compile_et_OBJECTS)
-am__DEPENDENCIES_1 =
-compile_et_DEPENDENCIES = libcom_err.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libcom_err_la_SOURCES) \
-	$(nodist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
-DIST_SOURCES = $(dist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:3:1 $(am__append_1)
-include_HEADERS = com_err.h com_right.h
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
-libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
-dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-@do_roken_rename_TRUE@nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
-compile_et_LDADD = \
-	libcom_err.la \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-EXTRA_DIST = version-script.map
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/com_err/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/com_err/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) 
-	$(libcom_err_la_LINK) -rpath $(libdir) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) parse.c; \
-	else :; fi
-compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES) 
-	@rm -f compile_et$(EXEEXT)
-	$(LINK) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libcom_err_la-error.lo: error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
-
-libcom_err_la-com_err.lo: com_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c
-
-libcom_err_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libcom_err_la-strlcpy.lo: strlcpy.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/com_err/com_err.c b/crypto/heimdal/lib/com_err/com_err.c
deleted file mode 100644
index faf4294..0000000
--- a/crypto/heimdal/lib/com_err/com_err.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#include "com_err.h"
-
-struct et_list *_et_list = NULL;
-
-
-const char *
-error_message (long code)
-{
-    static char msg[128];
-    const char *p = com_right(_et_list, code);
-    if (p == NULL) {
-	if (code < 0)
-	    snprintf(msg, sizeof(msg), "Unknown error %ld", code);
-	else
-	    p = strerror(code);
-    }
-    if (p != NULL && *p != '\0') {
-	strlcpy(msg, p, sizeof(msg));
-    } else 
-	snprintf(msg, sizeof(msg), "Unknown error %ld", code);
-    return msg;
-}
-
-int
-init_error_table(const char **msgs, long base, int count)
-{
-    initialize_error_table_r(&_et_list, msgs, count, base);
-    return 0;
-}
-
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-    __attribute__((__format__(__printf__, 3, 0)));
- 
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-{
-    if (whoami)
-      fprintf(stderr, "%s: ", whoami);
-    if (code)
-      fprintf(stderr, "%s ", error_message(code));
-    if (fmt)
-      vfprintf(stderr, fmt, args);
-    fprintf(stderr, "\r\n");	/* ??? */
-}
-
-static errf com_err_hook = default_proc;
-
-void 
-com_err_va (const char *whoami, 
-	    long code, 
-	    const char *fmt, 
-	    va_list args)
-{
-    (*com_err_hook) (whoami, code, fmt, args);
-}
-
-void
-com_err (const char *whoami,
-	 long code,
-	 const char *fmt, 
-	 ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (whoami, code, fmt, ap);
-    va_end(ap);
-}
-
-errf
-set_com_err_hook (errf new)
-{
-    errf old = com_err_hook;
-
-    if (new)
-	com_err_hook = new;
-    else
-	com_err_hook = default_proc;
-    
-    return old;
-}
-
-errf
-reset_com_err_hook (void) 
-{
-    return set_com_err_hook(NULL);
-}
-
-#define ERRCODE_RANGE   8       /* # of bits to shift table number */
-#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
-
-static const char char_set[] =
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
-
-static char buf[6];
-
-const char *
-error_table_name(int num)
-{
-    int ch;
-    int i;
-    char *p;
-
-    /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
-    p = buf;
-    num >>= ERRCODE_RANGE;
-    /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
-    num &= 077777777;
-    /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
-    for (i = 4; i >= 0; i--) {
-        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
-        if (ch != 0)
-            *p++ = char_set[ch-1];
-    }
-    *p = '\0';
-    return(buf);
-}
-
-void
-add_to_error_table(struct et_list *new_table)
-{
-    struct et_list *et;
-
-    for (et = _et_list; et; et = et->next) {
-	if (et->table->base == new_table->table->base)
-	    return;
-    }
-
-    new_table->next = _et_list;
-    _et_list = new_table;
-}
diff --git a/crypto/heimdal/lib/com_err/com_err.h b/crypto/heimdal/lib/com_err/com_err.h
deleted file mode 100644
index bdd764f..0000000
--- a/crypto/heimdal/lib/com_err/com_err.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */
-
-/* MIT compatible com_err library */
-
-#ifndef __COM_ERR_H__
-#define __COM_ERR_H__
-
-#include <com_right.h>
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(X)
-#endif
-
-typedef void (*errf) (const char *, long, const char *, va_list);
-
-const char * error_message (long);
-int init_error_table (const char**, long, int);
-
-void com_err_va (const char *, long, const char *, va_list)
-    __attribute__((format(printf, 3, 0)));
-
-void com_err (const char *, long, const char *, ...)
-    __attribute__((format(printf, 3, 4)));
-
-errf set_com_err_hook (errf);
-errf reset_com_err_hook (void);
-
-const char *error_table_name  (int num);
-
-void add_to_error_table (struct et_list *new_table);
-
-#endif /* __COM_ERR_H__ */
diff --git a/crypto/heimdal/lib/com_err/com_right.h b/crypto/heimdal/lib/com_err/com_right.h
deleted file mode 100644
index 4d929da..0000000
--- a/crypto/heimdal/lib/com_err/com_right.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */
-
-#ifndef __COM_RIGHT_H__
-#define __COM_RIGHT_H__
-
-#ifdef __STDC__
-#include <stdarg.h>
-#endif
-
-struct error_table {
-    char const * const * msgs;
-    long base;
-    int n_msgs;
-};
-struct et_list {
-    struct et_list *next;
-    struct error_table *table;
-};
-extern struct et_list *_et_list;
-
-const char *com_right (struct et_list *list, long code);
-void initialize_error_table_r (struct et_list **, const char **, int, long);
-void free_error_table (struct et_list *);
-
-#endif /* __COM_RIGHT_H__ */
diff --git a/crypto/heimdal/lib/com_err/compile_et.c b/crypto/heimdal/lib/com_err/compile_et.c
deleted file mode 100644
index 1057654..0000000
--- a/crypto/heimdal/lib/com_err/compile_et.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (c) 1998-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ROKEN_RENAME
-#include "compile_et.h"
-#include <getarg.h>
-
-RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-
-extern void yyparse(void);
-
-long base_id;
-int number;
-char *prefix;
-char *id_str;
-
-char name[128];
-char Basename[128];
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char hfn[128];
-char cfn[128];
-
-struct error_code *codes = NULL;
-
-static int
-generate_c(void)
-{
-    int n;
-    struct error_code *ec;
-
-    FILE *c_file = fopen(cfn, "w");
-    if(c_file == NULL)
-	return 1;
-
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(c_file, "/* %s */\n", id_str);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <com_err.h>\n");
-    fprintf(c_file, "#include \"%s\"\n", hfn);
-    fprintf(c_file, "\n");
-
-    fprintf(c_file, "static const char *%s_error_strings[] = {\n", name);
-
-    for(ec = codes, n = 0; ec; ec = ec->next, n++) {
-	while(n < ec->number) {
-	    fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
-		    n, name, n);
-	    n++;
-	    
-	}
-	fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
-    }
-
-    fprintf(c_file, "\tNULL\n");
-    fprintf(c_file, "};\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#define num_errors %d\n", number);
-    fprintf(c_file, "\n");
-    fprintf(c_file, 
-	    "void initialize_%s_error_table_r(struct et_list **list)\n", 
-	    name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file, 
-	    "    initialize_error_table_r(list, %s_error_strings, "
-	    "num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
-    fprintf(c_file, "}\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file,
-	    "    init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, "
-	    "num_errors);\n", name, name);
-    fprintf(c_file, "}\n");
-
-    fclose(c_file);
-    return 0;
-}
-
-static int
-generate_h(void)
-{
-    struct error_code *ec;
-    char fn[128];
-    FILE *h_file = fopen(hfn, "w");
-    char *p;
-
-    if(h_file == NULL)
-	return 1;
-
-    snprintf(fn, sizeof(fn), "__%s__", hfn);
-    for(p = fn; *p; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-    
-    fprintf(h_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(h_file, "/* %s */\n", id_str);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#ifndef %s\n", fn);
-    fprintf(h_file, "#define %s\n", fn);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "struct et_list;\n");
-    fprintf(h_file, "\n");
-    fprintf(h_file, 
-	    "void initialize_%s_error_table_r(struct et_list **);\n",
-	    name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
-    fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", 
-	    name, name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "typedef enum %s_error_number{\n", name);
-
-    for(ec = codes; ec; ec = ec->next) {
-	fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, 
-		(ec->next != NULL) ? "," : "");
-    }
-
-    fprintf(h_file, "} %s_error_number;\n", name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#endif /* %s */\n", fn);
-
-
-    fclose(h_file);
-    return 0;
-}
-
-static int
-generate(void)
-{
-    return generate_c() || generate_h();
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "error-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(optidx == argc) 
-	usage(1);
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-	
-    
-    p = strrchr(filename, '/');
-    if(p)
-	p++;
-    else
-	p = filename;
-    strlcpy(Basename, p, sizeof(Basename));
-    
-    Basename[strcspn(Basename, ".")] = '\0';
-    
-    snprintf(hfn, sizeof(hfn), "%s.h", Basename);
-    snprintf(cfn, sizeof(cfn), "%s.c", Basename);
-    
-    yyparse();
-    if(numerror)
-	return 1;
-
-    return generate();
-}
diff --git a/crypto/heimdal/lib/com_err/compile_et.h b/crypto/heimdal/lib/com_err/compile_et.h
deleted file mode 100644
index 1c7de5a..0000000
--- a/crypto/heimdal/lib/com_err/compile_et.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */
-
-#ifndef __COMPILE_ET_H__
-#define __COMPILE_ET_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <err.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-#include <roken.h>
-
-extern long base_id;
-extern int number;
-extern char *prefix;
-extern char name[128];
-extern char *id_str;
-extern char *filename;
-extern int numerror;
-
-struct error_code {
-    unsigned number;
-    char *name;
-    char *string;
-    struct error_code *next, **tail;
-};
-
-extern struct error_code *codes;
-
-#define APPEND(L, V) 				\
-do {						\
-    if((L) == NULL) {				\
-	(L) = (V);				\
-	(L)->tail = &(V)->next;			\
-	(L)->next = NULL;			\
-    }else{					\
-	*(L)->tail = (V);			\
-	(L)->tail = &(V)->next;			\
-    }						\
-}while(0)
-
-#endif /* __COMPILE_ET_H__ */
diff --git a/crypto/heimdal/lib/com_err/error.c b/crypto/heimdal/lib/com_err/error.c
deleted file mode 100644
index 0510780..0000000
--- a/crypto/heimdal/lib/com_err/error.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <com_right.h>
-
-const char *
-com_right(struct et_list *list, long code)
-{
-    struct et_list *p;
-    for (p = list; p; p = p->next) {
-	if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
-	    return p->table->msgs[code - p->table->base];
-    }
-    return NULL;
-}
-
-struct foobar {
-    struct et_list etl;
-    struct error_table et;
-};
-
-void
-initialize_error_table_r(struct et_list **list, 
-			 const char **messages, 
-			 int num_errors,
-			 long base)
-{
-    struct et_list *et, **end;
-    struct foobar *f;
-    for (end = list, et = *list; et; end = &et->next, et = et->next)
-        if (et->table->msgs == messages)
-            return;
-    f = malloc(sizeof(*f));
-    if (f == NULL)
-        return;
-    et = &f->etl;
-    et->table = &f->et;
-    et->table->msgs = messages;
-    et->table->n_msgs = num_errors;
-    et->table->base = base;
-    et->next = NULL;
-    *end = et;
-}
-			
-
-void
-free_error_table(struct et_list *et)
-{
-    while(et){
-	struct et_list *p = et;
-	et = et->next;
-	free(p);
-    }
-}
diff --git a/crypto/heimdal/lib/com_err/lex.c b/crypto/heimdal/lib/com_err/lex.c
deleted file mode 100644
index 8f756d3..0000000
--- a/crypto/heimdal/lib/com_err/lex.c
+++ /dev/null
@@ -1,1896 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 16
-#define YY_END_OF_BUFFER 17
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[46] =
-    {   0,
-        0,    0,   17,   15,   11,   12,   13,   10,    9,   14,
-       14,   14,   14,   10,    9,   14,    3,   14,   14,    1,
-        7,   14,   14,    8,   14,   14,   14,   14,   14,   14,
-       14,    6,   14,   14,    5,   14,   14,   14,   14,   14,
-       14,    4,   14,    2,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        1,    1,    1,    1,    7,    7,    7,    7,    7,    7,
-        7,    7,    7,    7,    7,    7,    7,    7,    7,    7,
-        7,    7,    7,    7,    7,    7,    7,    7,    7,    7,
-        1,    1,    1,    1,    8,    1,    9,   10,   11,   12,
-
-       13,   14,    7,    7,   15,    7,    7,   16,    7,   17,
-       18,   19,    7,   20,    7,   21,    7,    7,    7,   22,
-        7,    7,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[23] =
-    {   0,
-        1,    1,    2,    1,    1,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3,    3,    3,    3,    3,    3,
-        3,    3
-    } ;
-
-static yyconst flex_int16_t yy_base[48] =
-    {   0,
-        0,    0,   56,   57,   57,   57,   57,    0,   49,    0,
-       12,   13,   34,    0,   47,    0,    0,   40,   31,    0,
-        0,   38,   36,    0,   30,   34,   32,   25,   22,   28,
-       34,    0,   19,   13,    0,   22,   30,   26,   26,   18,
-       12,    0,   14,    0,   57,   34,   23
-    } ;
-
-static yyconst flex_int16_t yy_def[48] =
-    {   0,
-       45,    1,   45,   45,   45,   45,   45,   46,   47,   47,
-       47,   47,   47,   46,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,    0,   45,   45
-    } ;
-
-static yyconst flex_int16_t yy_nxt[80] =
-    {   0,
-        4,    5,    6,    7,    8,    9,   10,   10,   10,   10,
-       10,   10,   11,   10,   12,   10,   10,   10,   13,   10,
-       10,   10,   17,   36,   21,   16,   44,   43,   18,   22,
-       42,   19,   20,   37,   14,   41,   14,   40,   39,   38,
-       35,   34,   33,   32,   31,   30,   29,   28,   27,   26,
-       25,   24,   15,   23,   15,   45,    3,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45
-    } ;
-
-static yyconst flex_int16_t yy_chk[80] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,   11,   34,   12,   47,   43,   41,   11,   12,
-       40,   11,   11,   34,   46,   39,   46,   38,   37,   36,
-       33,   31,   30,   29,   28,   27,   26,   25,   23,   22,
-       19,   18,   15,   13,    9,    3,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * This is to handle the definition of this symbol in some AIX
- * headers, which will conflict with the definition that lex will
- * generate for it.  It's only a problem for AIX lex.
- */
-
-#undef ECHO
-
-#include "compile_et.h"
-#include "parse.h"
-#include "lex.h"
-
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 536 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 59 "lex.l"
-
-#line 691 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 46 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 57 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 60 "lex.l"
-{ return ET; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 61 "lex.l"
-{ return ET; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 62 "lex.l"
-{ return EC; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 63 "lex.l"
-{ return EC; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 64 "lex.l"
-{ return PREFIX; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 65 "lex.l"
-{ return INDEX; }
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 66 "lex.l"
-{ return ID; }
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 67 "lex.l"
-{ return END; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 68 "lex.l"
-{ yylval.number = atoi(yytext); return NUMBER; }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 69 "lex.l"
-;
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 70 "lex.l"
-;
-	YY_BREAK
-case 12:
-/* rule 12 can match eol */
-YY_RULE_SETUP
-#line 71 "lex.l"
-{ lineno++; }
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 72 "lex.l"
-{ return getstring(); }
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 73 "lex.l"
-{ yylval.string = strdup(yytext); return STRING; }
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-#line 74 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 75 "lex.l"
-ECHO;
-	YY_BREAK
-#line 855 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 46 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 46 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 45);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 75 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while(i < sizeof(x) - 1 && (c = input()) != EOF){
-	if(quote) {
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    if (yylval.string == NULL)
-        err(1, "malloc");
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d:", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
-
diff --git a/crypto/heimdal/lib/com_err/lex.h b/crypto/heimdal/lib/com_err/lex.h
deleted file mode 100644
index 89f0387..0000000
--- a/crypto/heimdal/lib/com_err/lex.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/com_err/lex.l b/crypto/heimdal/lib/com_err/lex.l
deleted file mode 100644
index 08aef51..0000000
--- a/crypto/heimdal/lib/com_err/lex.l
+++ /dev/null
@@ -1,128 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * This is to handle the definition of this symbol in some AIX
- * headers, which will conflict with the definition that lex will
- * generate for it.  It's only a problem for AIX lex.
- */
-
-#undef ECHO
-
-#include "compile_et.h"
-#include "parse.h"
-#include "lex.h"
-
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-et			{ return ET; }
-error_table		{ return ET; }
-ec			{ return EC; }
-error_code		{ return EC; }
-prefix			{ return PREFIX; }
-index			{ return INDEX; }
-id			{ return ID; }
-end			{ return END; }
-[0-9]+			{ yylval.number = atoi(yytext); return NUMBER; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while(i < sizeof(x) - 1 && (c = input()) != EOF){
-	if(quote) {
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    if (yylval.string == NULL)
-        err(1, "malloc");
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d:", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/com_err/parse.c b/crypto/heimdal/lib/com_err/parse.c
deleted file mode 100644
index 32cff63..0000000
--- a/crypto/heimdal/lib/com_err/parse.c
+++ /dev/null
@@ -1,1716 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     ET = 258,
-     INDEX = 259,
-     PREFIX = 260,
-     EC = 261,
-     ID = 262,
-     END = 263,
-     STRING = 264,
-     NUMBER = 265
-   };
-#endif
-/* Tokens.  */
-#define ET 258
-#define INDEX 259
-#define PREFIX 260
-#define EC 261
-#define ID 262
-#define END 263
-#define STRING 264
-#define NUMBER 265
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "parse.y"
-
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "compile_et.h"
-#include "lex.h"
-
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
-
-void yyerror (char *s);
-static long name2number(const char *str);
-
-extern char *yytext;
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 53 "parse.y"
-{
-  char *string;
-  int number;
-}
-/* Line 193 of yacc.c.  */
-#line 173 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 186 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  9
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   23
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  12
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  7
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  15
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  24
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   265
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,    11,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     4,     7,    10,    12,    15,    18,    22,
-      24,    27,    30,    33,    35,    40
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-      13,     0,    -1,    -1,    14,    17,    -1,    15,    16,    -1,
-      16,    -1,     7,     9,    -1,     3,     9,    -1,     3,     9,
-       9,    -1,    18,    -1,    17,    18,    -1,     4,    10,    -1,
-       5,     9,    -1,     5,    -1,     6,     9,    11,     9,    -1,
-       8,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    64,    64,    65,    68,    69,    72,    78,    84,    93,
-      94,    97,   101,   109,   116,   136
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID",
-  "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id",
-  "et", "statements", "statement", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,    44
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    12,    13,    13,    14,    14,    15,    16,    16,    17,
-      17,    18,    18,    18,    18,    18
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     0,     2,     2,     1,     2,     2,     3,     1,
-       2,     2,     2,     1,     4,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       2,     0,     0,     0,     0,     0,     5,     7,     6,     1,
-       0,    13,     0,    15,     3,     9,     4,     8,    11,    12,
-       0,    10,     0,    14
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     3,     4,     5,     6,    14,    15
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -5
-static const yytype_int8 yypact[] =
-{
-       0,    -3,    -1,     5,    -4,     6,    -5,     1,    -5,    -5,
-       2,     4,     7,    -5,    -4,    -5,    -5,    -5,    -5,    -5,
-       3,    -5,     8,    -5
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-      -5,    -5,    -5,    -5,    10,    -5,     9
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-      10,    11,    12,     1,    13,     9,     7,     2,     8,     1,
-      17,     0,    18,    19,    22,    16,    20,    23,     0,     0,
-       0,     0,     0,    21
-};
-
-static const yytype_int8 yycheck[] =
-{
-       4,     5,     6,     3,     8,     0,     9,     7,     9,     3,
-       9,    -1,    10,     9,    11,     5,     9,     9,    -1,    -1,
-      -1,    -1,    -1,    14
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     7,    13,    14,    15,    16,     9,     9,     0,
-       4,     5,     6,     8,    17,    18,    16,     9,    10,     9,
-       9,    18,    11,     9
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 6:
-#line 73 "parse.y"
-    {
-		    id_str = (yyvsp[(2) - (2)].string);
-		}
-    break;
-
-  case 7:
-#line 79 "parse.y"
-    {
-		    base_id = name2number((yyvsp[(2) - (2)].string));
-		    strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name));
-		    free((yyvsp[(2) - (2)].string));
-		}
-    break;
-
-  case 8:
-#line 85 "parse.y"
-    {
-		    base_id = name2number((yyvsp[(2) - (3)].string));
-		    strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name));
-		    free((yyvsp[(2) - (3)].string));
-		    free((yyvsp[(3) - (3)].string));
-		}
-    break;
-
-  case 11:
-#line 98 "parse.y"
-    {
-			number = (yyvsp[(2) - (2)].number);
-		}
-    break;
-
-  case 12:
-#line 102 "parse.y"
-    {
-		    free(prefix);
-		    asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string));
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    free((yyvsp[(2) - (2)].string));
-		}
-    break;
-
-  case 13:
-#line 110 "parse.y"
-    {
-		    prefix = realloc(prefix, 1);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    *prefix = '\0';
-		}
-    break;
-
-  case 14:
-#line 117 "parse.y"
-    {
-		    struct error_code *ec = malloc(sizeof(*ec));
-		    
-		    if (ec == NULL)
-			errx(1, "malloc");
-
-		    ec->next = NULL;
-		    ec->number = number;
-		    if(prefix && *prefix != '\0') {
-			asprintf (&ec->name, "%s%s", prefix, (yyvsp[(2) - (4)].string));
-			if (ec->name == NULL)
-			    errx(1, "malloc");
-			free((yyvsp[(2) - (4)].string));
-		    } else
-			ec->name = (yyvsp[(2) - (4)].string);
-		    ec->string = (yyvsp[(4) - (4)].string);
-		    APPEND(codes, ec);
-		    number++;
-		}
-    break;
-
-  case 15:
-#line 137 "parse.y"
-    {
-			YYACCEPT;
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1470 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 142 "parse.y"
-
-
-static long
-name2number(const char *str)
-{
-    const char *p;
-    long num = 0;
-    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	"abcdefghijklmnopqrstuvwxyz0123456789_";
-    if(strlen(str) > 4) {
-	yyerror("table name too long");
-	return 0;
-    }
-    for(p = str; *p; p++){
-	char *q = strchr(x, *p);
-	if(q == NULL) {
-	    yyerror("invalid character in table name");
-	    return 0;
-	}
-	num = (num << 6) + (q - x) + 1;
-    }
-    num <<= 8;
-    if(num > 0x7fffffff)
-	num = -(0xffffffff - num + 1);
-    return num;
-}
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
-
diff --git a/crypto/heimdal/lib/com_err/parse.h b/crypto/heimdal/lib/com_err/parse.h
deleted file mode 100644
index 23d7e0c..0000000
--- a/crypto/heimdal/lib/com_err/parse.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     ET = 258,
-     INDEX = 259,
-     PREFIX = 260,
-     EC = 261,
-     ID = 262,
-     END = 263,
-     STRING = 264,
-     NUMBER = 265
-   };
-#endif
-/* Tokens.  */
-#define ET 258
-#define INDEX 259
-#define PREFIX 260
-#define EC 261
-#define ID 262
-#define END 263
-#define STRING 264
-#define NUMBER 265
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 53 "parse.y"
-{
-  char *string;
-  int number;
-}
-/* Line 1529 of yacc.c.  */
-#line 74 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/com_err/parse.y b/crypto/heimdal/lib/com_err/parse.y
deleted file mode 100644
index 3159313..0000000
--- a/crypto/heimdal/lib/com_err/parse.y
+++ /dev/null
@@ -1,173 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "compile_et.h"
-#include "lex.h"
-
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
-
-void yyerror (char *s);
-static long name2number(const char *str);
-
-extern char *yytext;
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  int number;
-}
-
-%token ET INDEX PREFIX EC ID END
-%token <string> STRING
-%token <number> NUMBER
-
-%%
-
-file		: /* */ 
-		| header statements
-		;
-
-header		: id et
-		| et
-		;
-
-id		: ID STRING
-		{
-		    id_str = $2;
-		}
-		;
-
-et		: ET STRING
-		{
-		    base_id = name2number($2);
-		    strlcpy(name, $2, sizeof(name));
-		    free($2);
-		}
-		| ET STRING STRING
-		{
-		    base_id = name2number($2);
-		    strlcpy(name, $3, sizeof(name));
-		    free($2);
-		    free($3);
-		}
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: INDEX NUMBER 
-		{
-			number = $2;
-		}
-		| PREFIX STRING
-		{
-		    free(prefix);
-		    asprintf (&prefix, "%s_", $2);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    free($2);
-		}
-		| PREFIX
-		{
-		    prefix = realloc(prefix, 1);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    *prefix = '\0';
-		}
-		| EC STRING ',' STRING
-		{
-		    struct error_code *ec = malloc(sizeof(*ec));
-		    
-		    if (ec == NULL)
-			errx(1, "malloc");
-
-		    ec->next = NULL;
-		    ec->number = number;
-		    if(prefix && *prefix != '\0') {
-			asprintf (&ec->name, "%s%s", prefix, $2);
-			if (ec->name == NULL)
-			    errx(1, "malloc");
-			free($2);
-		    } else
-			ec->name = $2;
-		    ec->string = $4;
-		    APPEND(codes, ec);
-		    number++;
-		}
-		| END
-		{
-			YYACCEPT;
-		}
-		;
-
-%%
-
-static long
-name2number(const char *str)
-{
-    const char *p;
-    long num = 0;
-    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	"abcdefghijklmnopqrstuvwxyz0123456789_";
-    if(strlen(str) > 4) {
-	yyerror("table name too long");
-	return 0;
-    }
-    for(p = str; *p; p++){
-	char *q = strchr(x, *p);
-	if(q == NULL) {
-	    yyerror("invalid character in table name");
-	    return 0;
-	}
-	num = (num << 6) + (q - x) + 1;
-    }
-    num <<= 8;
-    if(num > 0x7fffffff)
-	num = -(0xffffffff - num + 1);
-    return num;
-}
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
diff --git a/crypto/heimdal/lib/com_err/roken_rename.h b/crypto/heimdal/lib/com_err/roken_rename.h
deleted file mode 100644
index 7c9b0ee..0000000
--- a/crypto/heimdal/lib/com_err/roken_rename.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 14930 2005-04-24 19:43:06Z lha $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_SNPRINTF
-#define snprintf _com_err_snprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _com_err_vsnprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _com_err_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _com_err_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _com_err_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _com_err_vasnprintf
-#endif
-#ifndef HAVE_STRLCPY
-#define strlcpy _com_err_strlcpy
-#endif
-
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/com_err/version-script.map b/crypto/heimdal/lib/com_err/version-script.map
deleted file mode 100644
index 43e2e02..0000000
--- a/crypto/heimdal/lib/com_err/version-script.map
+++ /dev/null
@@ -1,18 +0,0 @@
-# $Id$
-
-HEIMDAL_COM_ERR_1.0 {
-	global:
-		com_right;
-		free_error_table;
-		initialize_error_table_r;
-		add_to_error_table;
-		com_err;
-		com_err_va;
-		error_message;
-		error_table_name;
-		init_error_table;
-		reset_com_err_hook;
-		set_com_err_hook;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c
deleted file mode 100644
index 3b48182..0000000
--- a/crypto/heimdal/lib/gssapi/8003.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $");
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 24) & 0xFF;
-  p[1] = (n >> 16) & 0xFF;
-  p[2] = (n >> 8)  & 0xFF;
-  p[3] = (n >> 0)  & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *p, OM_uint32 *n)
-{
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-    return 0;
-}
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n)
-{
-    *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
-    return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
-			  u_char *p)
-{
-  u_char num[4];
-  MD5_CTX md5;
-
-  MD5_Init(&md5);
-  gssapi_encode_om_uint32 (b->initiator_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  gssapi_encode_om_uint32 (b->initiator_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->initiator_address.length)
-    MD5_Update (&md5,
-		b->initiator_address.value,
-		b->initiator_address.length);
-  gssapi_encode_om_uint32 (b->acceptor_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  gssapi_encode_om_uint32 (b->acceptor_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->acceptor_address.length)
-    MD5_Update (&md5,
-		b->acceptor_address.value,
-		b->acceptor_address.length);
-  gssapi_encode_om_uint32 (b->application_data.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->application_data.length)
-    MD5_Update (&md5,
-		b->application_data.value,
-		b->application_data.length);
-  MD5_Final (p, &md5);
-  return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-		      const krb5_data *fwd_data,
-		      Checksum *result)
-{
-    u_char *p;
-
-    /* 
-     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value 
-     * field's format) */
-    result->cksumtype = 0x8003;
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
-	result->checksum.length = 24 + 4 + fwd_data->length;
-    else 
-	result->checksum.length = 24;
-    result->checksum.data   = malloc (result->checksum.length);
-    if (result->checksum.data == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-  
-    p = result->checksum.data;
-    gssapi_encode_om_uint32 (16, p);
-    p += 4;
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
-	memset (p, 0, 16);
-    } else {
-	hash_input_chan_bindings (input_chan_bindings, p);
-    }
-    p += 16;
-    gssapi_encode_om_uint32 (flags, p);
-    p += 4;
-
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-#if 0
-	u_char *tmp;
-
-	result->checksum.length = 28 + fwd_data->length;
-	tmp = realloc(result->checksum.data, result->checksum.length);
-	if (tmp == NULL)
-	    return ENOMEM;
-	result->checksum.data = tmp;
-
-	p = (u_char*)result->checksum.data + 24;  
-#endif
-	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
-	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
-	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
-	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
-	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
-	p += fwd_data->length;
-    }
-     
-    return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning  `flags' and `fwd_data'
- */
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum(
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-		      krb5_data *fwd_data)
-{
-    unsigned char hash[16];
-    unsigned char *p;
-    OM_uint32 length;
-    int DlgOpt;
-    static unsigned char zeros[16];
-
-    /* XXX should handle checksums > 24 bytes */
-    if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p = cksum->checksum.data;
-    gssapi_decode_om_uint32(p, &length);
-    if(length != sizeof(hash)) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p += 4;
-    
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
-	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	if(memcmp(hash, p, sizeof(hash)) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    }
-    
-    p += sizeof(hash);
-    
-    gssapi_decode_om_uint32(p, flags);
-    p += 4;
-
-    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
-	if(cksum->checksum.length < 28) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    
-	DlgOpt = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if (DlgOpt != 1) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-
-	fwd_data->length = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if(cksum->checksum.length < 28 + fwd_data->length) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	fwd_data->data = malloc(fwd_data->length);
-	if (fwd_data->data == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(fwd_data->data, p, fwd_data->length);
-    }
-    
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog
deleted file mode 100644
index 3a0c39f..0000000
--- a/crypto/heimdal/lib/gssapi/ChangeLog
+++ /dev/null
@@ -1,2863 +0,0 @@
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Test source name (and make the acceptor in ntlm gss
-	mech useful).
-
-2007-12-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: Don't confuse target name and source
-	name, make regressiont tests pass again.
-	
-2007-12-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm: clean up name handling
-
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: Use credential if it was passed in.
-
-	* ntlm/acquire_cred.c: Check if there is initial creds with
-	_gss_ntlm_get_user_cred().
-
-	* ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
-	return the user info so it can be used by external modules.
-
-	* ntlm/inquire_cred.c: use the right error code.
-
-	* ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
-	credential, ntlm have (not yet) a default credential.
-	
-	* mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
-	Phil Fisher.
-
-2007-12-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_acquire_cred.c: Always try to fetch cred (even with
-	GSS_C_NO_NAME).
-
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
-
-2007-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* spnego/compat.c (_gss_spnego_internal_delete_sec_context):
-	release ctx->target_name too From Rafal Malinowski.
-
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
-	have dlopen. From Rune of Chalmers.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_duplicate_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_init_sec_context.c: New signature of _gss_find_mn.
-
-	* mech/gss_acquire_cred.c: New signature of _gss_find_mn.
-
-	* mech/name.h: New signature of _gss_find_mn.
-
-	* mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_compare_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_add_cred.c: New signature of _gss_find_mn.
-
-	* mech/gss_names.c (_gss_find_mn): Return an error code for
-	caller.
-
-	* spnego/accept_sec_context.c: remove checks that are done by the
-	previous function.
-
-	* Makefile.am: New library version.
-
-2007-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
-	Rafal Malinowski.
-
-	* spnego/spnego.asn1: Indent and make NegTokenInit and
-	NegTokenResp extendable.
-
-2007-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
-
-	* mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
-	
-	* mech/context.c: If the canned string is "", its no use to the
-	user, make it fall back to the default error string.
-	
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_display_name.c (gss_display_name): no name ->
-	fail. From Rafal Malinswski.
-
-	* spnego/accept_sec_context.c: Wrap name in a spnego_name instead
-	of just a copy of the underlaying object. From Rafal Malinswski.
-
-	* spnego/accept_sec_context.c: Handle underlaying mech not
-	returning mn.
-
-	* mech/gss_accept_sec_context.c: Handle underlaying mech not
-	returning mn.
-
-	* spnego/accept_sec_context.c: Make sure src_name is always set to
-	GSS_C_NO_NAME when returning.
-
-	* krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
-	everything is well on failure.  From Phil Fisher.
-
-	* mech/gss_duplicate_name.c: catch error (and ignore it)
-
-	* ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
-
-	* mech/gss_accept_sec_context.c: Only wrap the delegated cred if
-	we got a delegated mech cred.  From Rafal Malinowski.
-
-	* spnego/accept_sec_context.c: Only wrap the delegated cred if we
-	are going to return it to the consumer.  From Rafal Malinowski.
-
-	* spnego/accept_sec_context.c: Fixed memory leak pointed out by
-	Rafal Malinowski, also while here moved to use NegotiationToken
-	for decoding.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
-
-	* krb5/release_name.c: Set *minor_status unconditionallty, its
-	done later anyway.
-
-	* spnego/accept_sec_context.c: Init get_mic to 0.
-
-	* mech/gss_set_cred_option.c: Free memory in failure case, found
-	by beam.
-
-	* mech/gss_inquire_context.c: Handle mech_type being NULL.
-
-	* mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
-
-	* mech/gss_krb5.c: Free memory in error case, found by beam.
-
-2007-06-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/inquire_context.c: Use ctx->gssflags for flags.
-
-	* krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
-	not ment for machine consumption.
-
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
-	by Rafal Malinowski.
-	
-	* ntlm/digest.c (kdc_destroy): free context when done, pointed out
-	by Rafal Malinowski.
-
-	* spnego/context_stubs.c (_gss_spnego_display_name): if input_name
-	is null, fail.  From Rafal Malinowski.
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/digest.c: Free memory when done.
-	
-2007-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Test both with and without keyex.
-
-	* ntlm/digest.c: If we didn't set session key, don't expect one
-	back.
-
-	* test_ntlm.c: Set keyex flag and calculate session key.
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* spnego/accept_sec_context.c: Use the return value before is
-	overwritten by later calls.  From Rafal Malinowski
-
-	* krb5/release_cred.c: Give an minor_status argument to
-	gss_release_oid_set.  From Rafal Malinowski
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Catch errors and return the up the
-	stack.
-
-	* test_kcred.c: more testing of lifetimes
-	
-2007-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Drop the gss oid_set function for the krb5 mech,
-	use the mech glue versions instead. Pointed out by Rafal
-	Malinowski.
-
-	* krb5: Use gss oid_set functions from mechglue
-
-2007-05-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Set session key only if we are
-	returned a session key. Found by David Love.
-	
-2007-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/prf.c: switched MIN to min to make compile on solaris,
-	pointed out by David Love.
-	
-2007-05-09 Love H�rnquist �strand <lha@it.su.se>
-
-	* krb5/inquire_cred_by_mech.c: Fill in all of the variables if
-	they are passed in. Pointed out by Phil Fisher.
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
-	from Phil Fisher.
-
-	* mech: dont keep track of gc_usage, just figure it out at
-	gss_inquire_cred() time
-
-	* mech/gss_mech_switch.c (add_builtin): ok for
-	__gss_mech_initialize() to return NULL
-
-	* test_kcred.c: more correct tests
-
-	* spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
-	spnego_name.
-
-	* ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
-	need to find default cred and friends.
-
-	* krb5/inquire_cred_by_mech.c: reimplement
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/acquire_cred.c: drop unused variable.
-
-	* ntlm/acquire_cred.c: Reimplement.
-
-	* Makefile.am: add ntlm/digest.c
-
-	* ntlm: split out backend ntlm server processing
-
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
-	credcache when done
-	
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
-	
-	* ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
-	creds from the krb5 credential cache.
-	
-2007-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/delete_sec_context.c: free the key stored in the context
-
-	* ntlm/ntlm.h: switch password for a key
-
-	* test_oid.c: Switch oid to one that is exported.
-	
-2007-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: move where hash is calculated to make
-	it easier to add ccache support.
-
-	* Makefile.am: Add version-script.map to EXTRA_DIST.
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Unconfuse newer versions of automake that doesn't
-	know the diffrence between depenences and setting variables. foo:
-	vs foo=.
-
-	* test_ntlm.c: delete sec context when done.
-
-	* version-script.map: export more symbols.
-	
-	* Makefile.am: add version script if ld supports it
-	
-	* version-script.map: add version script if ld supports it
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: test_acquire_cred need test_common.[ch]
-
-	* test_acquire_cred.c: add more test options.
-
-	* krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
-
-	* krb5/set_sec_context_option.c: refactor code, implement
-	GSS_KRB5_CCACHE_NAME_X
-
-	* mech/gss_krb5.c: reimplement gss_krb5_ccache_name
-	
-2007-04-17  Love H�rnquist �strand <lha@it.su.se>
-	
-	* spnego/cred_stubs.c: Need to import spnego name before we can
-	use it as a gss_name_t.
-
-	* test_acquire_cred.c: use this test as part of the regression
-	suite.
-
-	* mech/gss_acquire_cred.c (gss_acquire_cred): dont init
-	cred->gc_mc every time in the loop.
-	
-2007-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add test_common.h
-	
-2007-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Add link for
-	gsskrb5_register_acceptor_identity.
-
-2007-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/copy_ccache.c: Try to leak less memory in the failure case.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_display_status.c: Use right printf formater.
-
-	* test_*.[ch]: split out the error printing function and try to
-	return better errors
-
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
-	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
-	
-	This is because Kerberos always support INT|CONF, matches behavior
-	with MS and MIT. The creates problems for the GSS-SPNEGO mech.
-	
-2007-01-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/prf.c: constrain desired_output_len
-
-	* krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
-
-	* mech/gss_pseudo_random.c: Catch error from underlaying mech on
-	failure.
-
-	* Makefile.am: Add krb5/prf.c
-
-	* krb5/prf.c: gss_pseudo_random for krb5
-
-	* test_context.c: Checks for gss_pseudo_random.
-
-	* krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
-
-	* Makefile.am: Add mech/gss_pseudo_random.c
-
-	* gssapi/gssapi.h: try to load pseudo_random
-
-	* mech/gss_mech_switch.c: try to load pseudo_random
-
-	* mech/gss_pseudo_random.c: Add gss_pseudo_random.
-
-	* gssapi_mech.h: Add hook for gm_pseudo_random.
-	
-2007-01-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Don't assume bufer from gss_display_status is
-	ok.
-
-	* mech/gss_wrap_size_limit.c: Reset out variables.
-
-	* mech/gss_wrap.c: Reset out variables.
-
-	* mech/gss_verify_mic.c: Reset out variables.
-
-	* mech/gss_utils.c: Reset out variables.
-
-	* mech/gss_release_oid_set.c: Reset out variables.
-
-	* mech/gss_release_cred.c: Reset out variables.
-
-	* mech/gss_release_buffer.c: Reset variables.
-
-	* mech/gss_oid_to_str.c: Reset out variables.
-
-	* mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
-
-	* mech/gss_mech_switch.c: Reset out variables.
-
-	* mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_names_for_mech.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_mech.c: Reset out variables.
-
-	* mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
-
-	* mech/gss_inquire_context.c: Reset out variables.
-
-	* mech/gss_init_sec_context.c: Zero out outbuffer on failure.
-
-	* mech/gss_import_name.c: Reset out variables.
-
-	* mech/gss_import_name.c: Reset out variables.
-
-	* mech/gss_get_mic.c: Reset out variables.
-
-	* mech/gss_export_name.c: Reset out variables.
-
-	* mech/gss_encapsulate_token.c: Reset out variables.
-
-	* mech/gss_duplicate_oid.c: Reset out variables.
-
-	* mech/gss_duplicate_oid.c: Reset out variables.
-
-	* mech/gss_duplicate_name.c: Reset out variables.
-
-	* mech/gss_display_status.c: Reset out variables.
-
-	* mech/gss_display_name.c: Reset out variables.
-
-	* mech/gss_delete_sec_context.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_decapsulate_token.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_add_cred.c: Reset out variables.
-
-	* mech/gss_acquire_cred.c: Reset out variables.
-
-	* mech/gss_accept_sec_context.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_init_sec_context.c: Reset out variables.
-
-	* mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
-	gss_buffer_t
-
-2007-01-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech: sprinkel _gss_mg_error
-
-	* mech/gss_display_status.c (gss_display_status): use
-	_gss_mg_get_error to fetch the error from underlaying mech, if it
-	failes, let do the regular dance for GSS-CODE version and a
-	generic print-the-error code for MECH-CODE.
-
-	* mech/gss_oid_to_str.c: Don't include the NUL in the length of
-	the string.
-
-	* mech/context.h: Protoypes for _gss_mg_.
-
-	* mech/context.c: Glue to catch the error from the lower gss-api
-	layer and save that for later so gss_display_status() can show the
-	error.
-
-	* gss.c: Detect NTLM.
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_accept_sec_context.c: spelling
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Include build (private) prototypes header files.
-
-	* Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/accept_sec_context.c: Pass signseal argument to
-	_gss_ntlm_set_key.
-
-	* ntlm/init_sec_context.c: Pass signseal argument to
-	_gss_ntlm_set_key.
-
-	* ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
-
-	* test_ntlm.c: add ntlmv2 test
-
-	* ntlm/ntlm.h: break out struct ntlmv2_key;
-
-	* ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
-
-	* ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
-
-	* ntlm/ntlm.h: NTLMv2 keys.
-
-	* ntlm/crypto.c: NTLMv2 sign and verify.
-	
-2006-12-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Don't send targetinfo now.
-	
-	* ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
-
-	* ntlm/init_sec_context.c: Leak less memory.
-
-	* ntlm/init_sec_context.c: Announce that we support key exchange.
-
-	* ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
-	session security (disable because missing sign and seal).
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/accept_sec_context.c: split RC4 send and recv keystreams
-
-	* ntlm/init_sec_context.c: split RC4 send and recv keystreams
-
-	* ntlm/ntlm.h: split RC4 send and recv keystreams
-
-	* ntlm/crypto.c: Implement SEAL.
-
-	* ntlm/crypto.c: move gss_wrap/gss_unwrap here
-
-	* test_context.c: request INT and CONF from the gss layer, test
-	get and verify MIC.
-
-	* ntlm/ntlm.h: add crypto bits.
-
-	* ntlm/accept_sec_context.c: Save session master key.
-
-	* Makefile.am: Move get and verify mic to the same file (crypto.c)
-	since they share code.
-
-	* ntlm/crypto.c: Move get and verify mic to the same file since
-	they share code, implement NTLM v1 and dummy signatures.
-
-	* ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
-	GSS_C_INTEG_FLAG, save the session master key
-	
-	* spnego/accept_sec_context.c: try using gss_accept_sec_context()
-	on the opportunistic token instead of guessing the acceptor name
-	and do gss_acquire_cred, this make SPNEGO work like before.
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
-	key.
-
-	* spnego/accept_sec_context.c: Resurect negHints for the acceptor
-	sends first packet.
-	
-	* Makefile.am: Add "windows" versions of the NegTokenInitWin and
-	friends.
-
-	* test_context.c: add --wrapunwrap flag
-
-	* spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
-	compat.c, use the sequence types of MechTypeList, make
-	add_mech_type() static.
-
-	* spnego/accept_sec_context.c: move
-	_gss_spnego_indicate_mechtypelist() to compat.c
-
-	* Makefile.am: Generate sequence code for MechTypeList
-
-	* spnego: check that the generated acceptor mechlist is acceptable too
-
-	* spnego/init_sec_context.c: Abstract out the initiator filter
-	function, it will be needed for the acceptor too.
-
-	* spnego/accept_sec_context.c: Abstract out the initiator filter
-	function, it will be needed for the acceptor too. Remove negHints.
-
-	* test_context.c: allow asserting return mech
-
-	* ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
-
-	* ntlm/acquire_cred.c: Check that the KDC seem to there and
-	answering us, we can't do better then that wen checking if we will
-	accept the credential.
-
-	* ntlm/get_mic.c: return GSS_S_UNAVAILABLE
-
-	* mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
-
-	* mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
-
-	* spnego/spnego.asn1: Its very sad, but NegHints its are not part
-	of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
-	
-	* spnego: try harder to handle names better. handle missing
-	acceptor and initator creds better (ie dont propose/accept mech
-	that there are no credentials for) split NegTokenInit and
-	NegTokenResp in acceptor
-
-2006-12-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/import_name.c: Allocate the buffer from the right length.
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c (init_sec_context): Tell the other side
-	what domain we think we are talking to.
-
-	* ntlm/delete_sec_context.c: free username and password
-
-	* ntlm/release_name.c (_gss_ntlm_release_name): free name.
-
-	* ntlm/import_name.c (_gss_ntlm_import_name): add support for
-	GSS_C_NT_HOSTBASED_SERVICE names
-
-	* ntlm/ntlm.h: Add ntlm_name.
-
-	* test_context.c: allow testing of ntlm.
-
-	* gssapi_mech.h: add __gss_ntlm_initialize
-
-	* ntlm/accept_sec_context.c (handle_type3): verify that the kdc
-	approved of the ntlm exchange too
-
-	* mech/gss_mech_switch.c: Add the builtin ntlm mech
-
-	* test_ntlm.c: NTLM test app.
-
-	* mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
-
-	* gssapi/gssapi.h: add ntlm mech oid
-
-	* ntlm/external.c: Switch OID to the ms ntlmssp oid
-
-	* Makefile.am: Add ntlm gss-api module.
-
-	* ntlm/accept_sec_context.c: Catch more error errors.
-
-	* ntlm/accept_sec_context.c: Check after a credential to use.
-	
-2006-12-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
-	don't fail on success.  Bug report from Stefan Metzmacher.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/init_sec_context.c (init_auth): only turn on
-	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
-	From Stefan Metzmacher.
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
-	spnego_asn1.h.
-
-2006-11-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-	
-2006-11-16  Love H�rnquist �strand <lha@it.su.se>
-	
-	* test_context.c: Test that token keys are the same, return
-	actual_mech.
-	
-2006-11-15  Love H�rnquist �strand <lha@it.su.se>
-
-	* spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
-
-	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
-	encode CHOICE structure now that we can handle it.
-
-	* spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
-	CHOICE structure now that we can handle it.
-
-	* spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
-	send back ad accept_completed when the security context is ->open,
-	w/o this the client doesn't know that the server have completed
-	the transaction.
-
-	* test_context.c: Add delegate flag and check that the delegated
-	cred works.
-
-	* spnego/init_sec_context.c: Keep track of the opportunistic token
-	in the inital message, it might be a complete gss-api context, in
-	that case we'll get back accept_completed without any token. With
-	this change, krb5 w/o mutual authentication works.
-
-	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
-	encode CHOICE structure now that we can handle it.
-
-	* spnego/accept_sec_context.c: Filter out SPNEGO from the out
-	supported mechs list and make sure we don't select that for the
-	preferred mechamism.
-	
-2006-11-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
-	cred finding to its own function
-
-	* krb5/wrap.c: Better error strings, from Andrew Bartlet.
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Create our own krb5_context.
-
-	* krb5: Switch from using a specific error message context in the
-	TLS to have a whole krb5_context in TLS. This have some
-	interestion side-effekts for the configruration setting options
-	since they operate on per-thread basis now.
-
-	* mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
-	and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
-	
-2006-11-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Help solaris make even more.
-
-	* Makefile.am: Help solaris make.
-	
-2006-11-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
-
-	* mech/gss_accept_sec_context.c: Try better guessing what is mech
-	we are going to select by looking harder at the input_token, idea
-	from Luke Howard's mechglue branch.
-
-	* Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
-
-	* mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
-
-	* gssapi/gssapi.h: GSS_KRB5_S_
-
-	* krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
-
-	* gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
-
-	* Makefile.am: Build and install gkrb5_err.h
-
-	* krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
-	
-2006-11-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_krb5.c: Add gsskrb5_set_default_realm.
-
-	* krb5/set_sec_context_option.c: Support
-	GSS_KRB5_SET_DEFAULT_REALM_X.
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
-
-	* krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
-	
-2006-11-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: rename krb5_[gs]et_time_wrap to
-	krb5_[gs]et_max_time_skew
-
-	* krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
-	no longer used, bye bye
-
-	* mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
-
-	* mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
-	_gsskrb5_decode_om_uint32. From Andrew Bartlet.
-
-	* mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
-	now.
-
-	* spnego/spnego_locl.h: Include <roken.h> for compatiblity.
-
-	* krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
-	DCE-STYLE, don't try to use to.  From Andrew Bartlett.
-
-	* test_context.c: test wrap/unwrap, add flag for dce-style and
-	mutual auth, also support multi-roundtrip sessions
-
-	* krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
-
-	* krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
-	krb5_rd_req_ctx
-
-	* mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
-	token subkey
-
-	* krb5/inquire_sec_context_by_oid.c: check if there is any key at
-	all
-	
-2006-11-06  Love H�rnquist �strand <lha@it.su.se>
-	
-	* krb5/inquire_sec_context_by_oid.c: Set more error strings, use
-	right enum for acceptor subkey.  From Andrew Bartlett.
-	
-2006-11-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Test gsskrb5_extract_service_keyblock, needed in
-	PAC valication.  From Andrew Bartlett
-
-	* mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
-	and keyblock extraction functions.
-
-	* gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
-	Andrew Bartlett.
-
-	* krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
-	
-2006-11-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-
-	* mech/gss_krb5.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-
-	* krb5/set_sec_context_option.c: Rename various routines and
-	constants from canonize to canonicalize.  From Andrew Bartlett
-
-	* krb5/external.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-	
-	* gssapi/gssapi_krb5.h: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-	
-2006-10-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
-	to free ccache
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c (loop): free target_name
-
-	* mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
-	
-	* mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 
-
-	* krb5/init_sec_context.c: Avoid leaking memory.
-
-	* mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
-	->elements memory.
-
-	* test_context.c: make compile
-
-	* krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
-
-	* krb5/set_cred_option.c (import_cred): free sp
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_add_oid_set_member.c: Use old implementation of
-	gss_add_oid_set_member, it leaks less memory.
-
-	* krb5/test_cfx.c: free krb5_crypto.
-
-	* krb5/test_cfx.c: free krb5_context
-
-	* mech/gss_release_name.c (gss_release_name): free input_name
-	it-self.
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Call setprogname.
-
-	* mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
-
-	* gssapi/gssapi_krb5.h: add
-	gsskrb5_extract_authtime_from_sec_context
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/inquire_sec_context_by_oid.c: Add get_authtime.
-
-	* krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
-
-	* krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
-
-	* mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
-
-	* gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
-	gsskrb5_set_send_to_kdc
-
-	* krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
-
-	* Makefile.am: more files
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
-
-	* test_context.c: Allow specifing mech.
-
-	* krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
-
-	* gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
-	GSS_SASL_DIGEST_MD5_MECHANISM
-	
-2006-10-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
-	except a tag.
-
-	* mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
-
-	* krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
-	GSS_KRB5_GET_SUBKEY_X
-
-	* krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
-	GSS_KRB5_GET_SUBKEY_X
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Support switching on name type oid's
-
-	* test_context.c: add test for dns canon flag
-
-	* mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
-
-	* gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
-
-	* gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
-
-	* krb5/set_sec_context_option.c: implement
-	GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* mech/gss_krb5.c: add bits to make lucid context work
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_oid_to_str.c: Prefix der primitives with der_.
-
-	* krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
-	der_.
-
-	* krb5/encapsulate.c: Prefix der primitives with der_.
-
-	* mech/gss_oid_to_str.c: New der_print_heim_oid signature.
-	
-2006-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add test_context
-
-	* krb5/inquire_sec_context_by_oid.c: Make it work.
-
-	* test_oid.c: Test lucid oid.
-
-	* gssapi/gssapi.h: Add OM_uint64_t.
-
-	* krb5/inquire_sec_context_by_oid.c: Add lucid interface.
-
-	* krb5/external.c: Add lucid interface, renumber oids to my
-	delegated space.
-
-	* mech/gss_krb5.c: Add lucid interface.
-
-	* gssapi/gssapi_krb5.h: Add lucid interface.
-
-	* spnego/spnego_locl.h: Maybe include <netdb.h>.
-	
-2006-10-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
-	
-2006-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
-
-	* gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
-
-	* gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
-
-	* Makefile.am: Drop some -I no longer needed.
-
-	* gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
-
-	* krb5: reference all include files using 'krb5/'
-
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add file inclusion protection.
-
-	* gssapi/gssapi.h: Correct header file inclusion protection.
-
-	* gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
-	lib/gssapi/gssapi/ to please automake.
-	
-	* spnego/spnego_locl.h: Maybe include <sys/types.h>.
-
-	* mech/mech_locl.h: Include <roken.h>.
-
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss.c: #if 0 out unused code.
-
-	* mech/gss_mech_switch.c: Cast argument to ctype(3) functions
-	to (unsigned char).
-	
-2006-10-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/name.h: remove <sys/queue.h>
-
-	* mech/mech_switch.h: remove <sys/queue.h>
-	
-	* mech/cred.h: remove <sys/queue.h>
-
-2006-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/arcfour.c: Thinker more with header lengths.
-
-	* krb5/arcfour.c: Improve the calcucation of header
-	lengths. DCE-STYLE data is also padded so remove if (1 || ...)
-	code.
-
-	* krb5/wrap.c (_gsskrb5_wrap_size_limit): use
-	_gssapi_wrap_size_arcfour for arcfour
-
-	* krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
-
-	* Makefile.am: Split all mech to diffrent mechsrc variables.
-
-	* spnego/context_stubs.c: Make internal function static (and
-	rename).
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
-	Barth.
-
-	* spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
-	
-2006-09-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/arcfour.c: Add wrap support, interrop with itself but not
-	w2k3s-sp1
-
-	* krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
-	arcfour header.
-
-	* krb5/arcfour.c: Support DCE-style unwrap, tested with
-	w2k3server-sp1.
-
-	* mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
-	token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
-	a DCE-style kerberos 5 connection. XXX this needs to be made
-	better in cause we get another GSS-API protocol violating
-	protocol. It should be possible to detach the Kerberos DCE-style
-	since it starts with a AP-REQ PDU, but that have to wait for now.
-	
-2006-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add GSS_C flags from
-	draft-brezak-win2k-krb-rc4-hmac-04.txt.
-
-	* krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
-	indent.
-
-	* krb5/accept_sec_context.c: Merge of the acceptor part from the
-	samba patch by Stefan Metzmacher and Andrew Bartlet.
-
-	* krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
-
-	* krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
-	initiator part from the samba patch by Stefan Metzmacher and
-	Andrew Bartlet (still missing DCE/RPC support)
-
-2006-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss.c (help): use sl_slc_help().
-	
-2006-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss-commands.in: rename command to supported-mechanisms
-
-	* Makefile.am: Make gss objects depend on the slc built
-	gss-commands.h
-	
-2006-07-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss-commands.in: add slc commands for gss
-
-	* krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
-
-	* Makefile.am: Add test_cfx
-
-	* krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
-
-	* krb5/set_sec_context_option.c: catch
-	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
-
-	* krb5/accept_sec_context.c: reimplement
-	gsskrb5_register_acceptor_identity
-
-	* mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
-
-	* mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
-
-	* mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
-
-	* mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
-	only once, this have the side effect that _gss_mechs and
-	_gss_mech_oids is only initialized once, so if just the users of
-	these two global variables calls _gss_load_mech() first, it will
-	act as a barrier and make sure the variables are never changed and
-	we don't need to lock them.
-
-	* mech/utils.h: no need to mark functions extern.
-
-	* mech/name.h: no need to mark _gss_find_mn extern.
-	
-2006-07-19  Love H�rnquist �strand <lha@it.su.se>
-	
-	* krb5/cfx.c: Redo the wrap length calculations.
-
-	* krb5/test_cfx.c: test max_wrap_size in cfx.c
-
-	* mech/gss_display_status.c: Handle more error codes.
-	
-2006-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
-
-	* mech/mechqueue.h: Add SLIST macros.
-
-	* krb5/inquire_context.c: Don't free return values on success.
-
-	* krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
-	is the default cred, acquire the acceptor cred and initator cred
-	in two diffrent steps and then query them for the information,
-	this way, the code wont fail if there are no keytab, but there is
-	a credential cache.
-
-	* mech/gss_inquire_cred.c: move the check if we found any cred
-	where it matter for both cases
-	(default cred and provided cred)
-
-	* mech/gss_init_sec_context.c: If the desired mechanism can't
-	convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
-	NULL de-reference.
-	
-2006-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* spnego/external.c: readd gss_spnego_inquire_names_for_mech
-
-	* spnego/spnego_locl.h: reimplement
-	gss_spnego_inquire_names_for_mech add support function
-	_gss_spnego_supported_mechs
-
-	* spnego/context_stubs.h: reimplement
-	gss_spnego_inquire_names_for_mech add support function
-	_gss_spnego_supported_mechs
-
-	* spnego/context_stubs.c: drop gss_spnego_indicate_mechs
-	
-	* mech/gss_indicate_mechs.c: if the underlaying mech doesn't
-	support gss_indicate_mechs, use the oid in the mechswitch
-	structure
-
-	* spnego/external.c: let the mech glue layer implement
-	gss_indicate_mechs
-
-	* spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
-	desired_mechs, get our own list with indicate_mechs and remove
-	ourself.
-	
-2006-07-05 Love H�rnquist �strand <lha@it.su.se>
-
-	* spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-	
-	* spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-
-	* spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-
-2006-07-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_set_cred_option.c: fix argument to gss_release_cred
-	
-2006-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/init_sec_context.c: Make work on compilers that are
-	somewhat more picky then gcc4 (like gcc2.95)
-
-	* krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
-	convert fwd_flags to an integer, since otherwise int2KDCOptions in
-	krb5_get_forwarded_creds wont do the right thing.
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
-	failure
-
-	* krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
-	init global kerberos context
-
-	* krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
-	kerberos context
-
-	* mech/gss_accept_sec_context.c: Insert the delegated sub cred on
-	the delegated cred handle, not cred handle
-
-	* mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
-	the case where ret_flags == NULL
-
-	* mech/gss_mech_switch.c (add_builtin): set
-	_gss_mech_switch->gm_mech_oid
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
-
-	* test_cred.c (gss_print_errors): don't try to print error when
-	gss_display_status failed
-
-	* Makefile.am: Add mech/gss_release_oid.c
-	
-	* mech/gss_release_oid.c: Add gss_release_oid, reverse of
-	gss_duplicate_oid
-
-	* spnego/compat.c: preferred_mech_type was allocated with
-	gss_duplicate_oid in one place and assigned static varianbles a
-	the second place. change that static assignement to
-	gss_duplicate_oid and bring back gss_release_oid.
-
-	* spnego/compat.c (_gss_spnego_delete_sec_context): don't release
-	preferred_mech_type and negotiated_mech_type, they where never
-	allocated from the begining.
-	
-2006-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_import_name.c (gss_import_name): avoid
-	type-punned/strict aliasing rules
-
-	* mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
-
-	* gssapi.h: Make gss_name_t an opaque type.
-	
-	* krb5: make gss_name_t an opaque type
-
-	* krb5/set_cred_option.c: Add
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): support the
-	case where *cred_handle == NULL
-
-	* mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
-	GSS_C_NO_CREDENTIAL on failure.
-
-	* mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
-	NO_OID_SET, there is a need to load the mechs, so always do that.
-	
-2006-06-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
-	to instead pass a fullname to the credential, then resolve and
-	copy out the content, and then close the cred.
-
-	* mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
-	pass a fullname to the credential, then resolve and copy out the
-	content, and then close the cred.
-	
-	* krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
-	interface needs to be re-done, currently its utterly broken.
-
-	* mech/gss_set_cred_option.c: Make work.
-
-	* krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
-
-	* mech/gss_krb5.c (gss_krb5_import_cred): implement
-
-	* Makefile.am: Add gss_set_{sec_context,cred}_option and sort
-	
-	* mech/gss_set_{sec_context,cred}_option.c: add
-
-	* gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
-
-	* test_*.c: make compile again
-
-	* Makefile.am: Add lib dependencies and test programs
-
-	* spnego: remove dependency on libkrb5
-
-	* mech: Bug fixes, cleanup, compiler warnings, restructure code.
-
-	* spnego: Rename gss_context_id_t and gss_cred_id_t to local names
-
-	* krb5: repro copy the krb5 files here
-
-	* mech: import Doug Rabson mechglue from freebsd
-	
-	* spnego: Import Luke Howard's SPNEGO from the mechglue branch
-
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add oid_to_str.
-
-	* Makefile.am: add oid_to_str and test_oid
-	
-	* oid_to_str.c: Add gss_oid_to_str
-
-	* test_oid.c: Add test for gss_oid_to_str()
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: Less pointer signedness warnings.
-
-	* unwrap.c: Less pointer signedness warnings.
-
-	* arcfour.c: Less pointer signedness warnings.
-
-	* gssapi_locl.h: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* encapsulate.c: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* decapsulate.c: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* decapsulate.c: Less pointer signedness warnings.
-
-	* cfx.c: Less pointer signedness warnings.
-
-	* init_sec_context.c: Less pointer signedness warnings (partly by
-	using the new asn.1 CHOICE decoder)
-
-	* import_sec_context.c: Less pointer signedness warnings.
-
-2006-05-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
-	Andrew Abartlet.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_mic.c (mic_des3): make sure message_buffer doesn't point to
-	free()ed memory on failure. Pointed out by IBM checker.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-	
-2006-05-04 Love H�rnquist �strand <lha@it.su.se>
-
-	* cfx.c: Less pointer signedness warnings.
-
-	* arcfour.c: Avoid pointer signedness warnings.
-
-	* gssapi_locl.h (gssapi_decode_*): make data argument const void *
-	
-	* 8003.c (gssapi_decode_*): make data argument const void *
-	
-2006-04-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* export_sec_context.c: Export sequence order element. From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* import_sec_context.c: Import sequence order element. From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
-	New functions, used by {import,export}_sec_context.  From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* test_sequence.c: Add test for import/export sequence.
-	
-2006-04-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
-	standard conformance failure, but much better then a crash.
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* get_mic.c (get_mic*)_: make sure message_token is cleaned on
-	error, found by IBM checker.
-
-	* wrap.c (wrap*): Reset output_buffer on error, found by IBM
-	checker.
-	
-2006-02-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
-	GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
-	
-2006-01-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* delete_sec_context.c (gss_delete_sec_context): if the context
-	handle is GSS_C_NO_CONTEXT, don't fall over.
-
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Replace gss_krb5_import_ccache with
-	gss_krb5_import_cred and add more references
-	
-2005-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
-	it can handle keytabs too.
-
-	* add_cred.c (gss_add_cred): avoid deadlock
-
-	* context_time.c (gssapi_lifetime_left): define the 0 lifetime as
-	GSS_C_INDEFINITE.
-	
-2005-12-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (acquire_acceptor_cred): only check if principal
-	exists if we got called with principal as an argument.
-
-	* acquire_cred.c (acquire_acceptor_cred): check that the acceptor
-	exists in the keytab before returning ok.
-	
-2005-11-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
-	Bartlett.
-	
-2005-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_kcred.c: Rename gss_krb5_import_ccache to
-	gss_krb5_import_cred.
-	
-	* copy_ccache.c: Rename gss_krb5_import_ccache to
-	gss_krb5_import_cred and let it grow code to handle keytabs too.
-	
-2005-11-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: Change sematics of ok-as-delegate to match
-	windows if
-	[gssapi]realm/ok-as-delegate=true is set, otherwise keep old
-	sematics.
-	
-	* release_cred.c (gss_release_cred): use
-	GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
-	krb5_cc_destroy-ed
-	
-	* acquire_cred.c (acquire_initiator_cred):
-	GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
-
-	* accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
-	to use gss_krb5_import_ccache
-	
-2005-11-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c: Remove signedness warnings.
-	
-2005-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
-	by reference.
-
-	* copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
-	of the ccache, make a reference by getting the name and resolving
-	the name. This way the cache is shared, this flipp side is of
-	course that if someone calls krb5_cc_destroy the cache is lost for
-	everyone.
-	
-	* test_kcred.c: Remove memory leaks.
-	
-2005-10-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: build test_kcred
-	
-	* gss_acquire_cred.3: Document gss_krb5_import_ccache
-
-	* gssapi.3: Sort and add gss_krb5_import_ccache.
-	
-	* acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
-	used to extract lifetime from a credential cache
-
-	* gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
-	lifetime from a credential cache.
-
-	* gssapi.h: add gss_krb5_import_ccache, reverse of
-	gss_krb5_copy_ccache
-
-	* copy_ccache.c: add gss_krb5_import_ccache, reverse of
-	gss_krb5_copy_ccache
-
-	* test_kcred.c: test gss_krb5_import_ccache
-	
-2005-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
-	to find a matching creditial cache, if that failes, fallback to
-	the default cache.
-	
-2005-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: Add gssapi_krb5_set_status and
-	gssapi_krb5_clear_status
-	
-	* init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
-	errors, use GSS-API errors instead. From Michael B Allen.
-
-	* display_status.c: Add gssapi_krb5_clear_status,
-	gssapi_krb5_set_status for handling error messages.
-	
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* external.c: Use rk_UNCONST to avoid const warning.
-	
-	* display_status.c: Constify strings to avoid warnings.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: avoid warnings, update (c)
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (spnego_initial): use NegotiationToken
-	encoder now that we have one with the new asn1. compiler.
-	
-	* Makefile.am: the new asn.1 compiler includes the modules name in
-	the depend file
-
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* decapsulate.c: use rk_UNCONST
-
-	* ccache_name.c: rename to avoid shadowing
-
-	* gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
-	
-	* process_context_token.c: use rk_UNCONST to unconstify
-	
-	* test_cred.c: rename optind to optidx
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (init_auth): honor ok-as-delegate if local
-	configuration approves
-
-	* gssapi_locl.h: prototype for _gss_check_compat
-
-	* compat.c: export check_compat as _gss_check_compat
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
-	problems with system headerfiles that pollute the name space.
-
-	* accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
-	problems with system headerfiles that pollute the name space.
-
-2005-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (init_auth): set
-	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
-	also while here, use krb5_auth_con_addflags
-
-2005-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap
-	length. From: Tom Maher <tmaher@eecs.berkeley.edu>
-
-2005-05-02  Dave Love  <fx@gnu.org>
-
-	* test_cred.c (main): Call setprogname.
-
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* prefix all sequence symbols with _, they are not part of the
-	GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com>
-
-2005-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: break out the processing of the delegated
-	credential to a separate function to make error handling easier,
-	move the credential handling to after other setup is done
-	
-	* test_sequence.c: make less verbose in case of success
-
-	* Makefile.am: add test_sequence to TESTS
-
-2005-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum
-	isn't NULL From: Nicolas Pouvesle <npouvesle@tenablesecurity.com>
-
-2005-03-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: use $(LIB_roken)
-
-2005-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* display_status.c (gssapi_krb5_set_error_string): pass in the
-	krb5_context to krb5_free_error_string
-	
-2005-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* display_status.c (gssapi_krb5_set_error_string): don't misuse
-	the krb5_get_error_string api
-
-2005-03-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* compat.c (_gss_DES3_get_mic_compat): don't unlock mutex
-	here. Bug reported by Stefan Metzmacher <metze@samba.org>
-
-2005-02-21  Luke Howard  <lukeh@padl.com>
-
-	* init_sec_context.c: don't call krb5_get_credentials() with
-	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
-	  growing indefinitely as no key is found with KEYTYPE_NULL
-
-	* compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is
-	  no longer used (however the mechListMIC behaviour is broken,
-	  rfc2478bis support requires the code in the mechglue branch)
-
-	* init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
-
-	* gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
-
-2005-01-05  Luke Howard  <lukeh@padl.com>
-
-	* 8003.c: use symbolic name for checksum type
-
-	* accept_sec_context.c: allow client to indicate
-	  that subkey should be used
-
-	* acquire_cred.c: plug leak
-
-	* get_mic.c: use gss_krb5_get_subkey() instead
-	  of gss_krb5_get_{local,remote}key(), support
-	  KEYTYPE_ARCFOUR_56
-
-	* gssapi_local.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* import_sec_context.c: plug leak
-
-	* unwrap.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* verify_mic.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* wrap.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-2004-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and
-	gss_release_cred to avoid deadlock, from Luke Howard
-	<lukeh@padl.com>.
-
-2004-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context
-	was renamed to gsskrb5_extract_authz_data_from_sec_context
-	
-2004-08-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unwrap.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
-	
-	* arcfour.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
-	
-2004-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: spelling from Josef El-Rayes <josef@FreeBSD.org> while
-	here, write some text about the SPNEGO situation
-	
-2004-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/
-	
-2004-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke
-	Howard <lukeh@padl.com>
-	
-	* init_sec_context.c (spnego_reply): use
-	_gss_spnego_require_mechlist_mic to figure out if we need to check
-	MechListMIC; From: Luke Howard <lukeh@padl.com>
-
-	* accept_sec_context.c (send_accept): use
-	_gss_spnego_require_mechlist_mic to figure out if we need to send
-	MechListMIC; From: Luke Howard <lukeh@padl.com>
-
-	* gssapi_locl.h: add _gss_spnego_require_mechlist_mic
-	From: Luke Howard <lukeh@padl.com>
-
-	* compat.c: add _gss_spnego_require_mechlist_mic for compatibility
-	with MS SPNEGO, From: Luke Howard <lukeh@padl.com>
-	
-2004-04-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is
-	an enctype, not keytype
-
-	* accept_sec_context.c: use ASN1_MALLOC_ENCODE
-	
-	* init_sec_context.c: avoid the malloc loop and just allocate the
-	propper amount of data
-
-	* init_sec_context.c (spnego_initial): handle mech_token better
-	
-2004-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add gss_krb5_get_tkt_flags
-	
-	* Makefile.am: add ticket_flags.c
-	
-	* ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke
-	Howard <lukeh@PADL.COM>
-	
-	* gss_acquire_cred.3: document gss_krb5_get_tkt_flags
-	
-2004-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (gss_acquire_cred): check usage before even
-	bothering to process it, add both keytab and initial tgt if
-	requested
-
-	* wrap.c: support cfx, try to handle acceptor asserted subkey
-	
-	* unwrap.c: support cfx, try to handle acceptor asserted subkey
-	
-	* verify_mic.c: support cfx
-	
-	* get_mic.c: support cfx
-	
-	* test_sequence.c: handle changed signature of
-	gssapi_msg_order_create
-
-	* import_sec_context.c: handle acceptor asserted subkey
-	
-	* init_sec_context.c: handle acceptor asserted subkey
-	
-	* accept_sec_context.c: handle acceptor asserted subkey
-	
-	* sequence.c: add dummy use_64 argument to gssapi_msg_order_create
-	
-	* gssapi_locl.h: add partial support for CFX
-	
-	* Makefile.am (noinst_PROGRAMS) += test_cred
-	
-	* test_cred.c: gssapi credential testing
-
-	* test_acquire_cred.c: fix comment
-	
-2004-03-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.h: drop structures for message formats, no longer used
-	
-	* arcfour.c: comment describing message formats
-
-	* accept_sec_context.c (spnego_accept_sec_context): make sure the
-	length of the choice element doesn't overrun us
-	
-	* init_sec_context.c (spnego_reply): make sure the length of the
-	choice element doesn't overrun us
-	
-	* spnego.asn1: move NegotiationToken to avoid warning
-	
-	* spnego.asn1: uncomment NegotiationToken
-	
-	* Makefile.am: spnego_files += asn1_NegotiationToken.x
-	
-2004-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add gss_krb5_ccache_name
-	
-	* Makefile.am (libgssapi_la_SOURCES): += ccache_name.c
-	
-	* ccache_name.c (gss_krb5_ccache_name): help function enable to
-	set krb5 name, using out_name argument makes function no longer
-	thread-safe
-
-	* gssapi.3: add missing gss_krb5_ references
-	
-	* gss_acquire_cred.3: document gss_krb5_ccache_name
-	
-2003-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: make rrc a modulus operation if its longer then the
-	length of the message, noticed by Sam Hartman
-
-2003-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: use krb5_auth_con_addflags
-	
-2003-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: Wrap token id was in wrong order, found by Sam Hartman
-	
-2003-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: add AcceptorSubkey (but no code understand it yet) ignore
-	unknown token flags
-	
-2003-11-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: Don't require timestamp to be set on
-	delegated token, its already protected by the outer token (and
-	windows doesn't alway send it) Pointed out by Zi-Bin Yang
-	<zbyang@decru.com> on heimdal-discuss
-
-2003-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: fix {} error, pointed out by Liqiang Zhu
-	
-2003-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: Sequence number should be stored in bigendian order From:
-	Luke Howard <lukeh@padl.com>
-	
-2003-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): don't free
-	ticket, krb5_free_ticket does that now
-
-2003-11-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: checksum the header last in MIC token, update to -03
-	From: Luke Howard <lukeh@padl.com>
-	
-2003-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add_cred.c: If its a MEMORY cc, make a copy. We need to do this
-	since now gss_release_cred will destroy the cred. This should be
-	really be solved a better way.
-
-	* acquire_cred.c (gss_release_cred): if its a mcc, destroy it
-	rather the just release it Found by: "Zi-Bin Yang"
-	<zbyang@decru.com>
-
-	* acquire_cred.c (acquire_initiator_cred): use kret instead of ret
-	where appropriate
-
-2003-09-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: spelling
-	From: jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: - EC and RRC are big-endian, not little-endian - The
-	default is now to rotate regardless of GSS_C_DCE_STYLE. There are
-	no longer any references to GSS_C_DCE_STYLE.  - rrc_rotate()
-	avoids allocating memory on the heap if rrc <= 256
-	From: Luke Howard <lukeh@padl.com>
-	
-2003-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: rrc_rotate() was untested and broken, fix it.
-	Set and verify wrap Token->Filler.
-	Correct token ID for wrap tokens, 
-	were accidentally swapped with delete tokens.
-	From: Luke Howard <lukeh@PADL.COM>
-
-2003-09-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: no ASN.1-ish header on per-message tokens
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.h: remove depenency on gss_arcfour_mic_token and
-	gss_arcfour_warp_token
-
-	* arcfour.c: remove depenency on gss_arcfour_mic_token and
-	gss_arcfour_warp_token
-
-2003-09-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* 8003.c: remove #if 0'ed code
-	
-2003-09-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_accept_sec_context): set sequence
-	number when not requesting mutual auth From: Luke Howard
-	<lukeh@PADL.COM>
-
-	* init_sec_context.c (init_auth): set sequence number when not
-	requesting mutual auth From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (*): set minor_status
-	(gss_wrap): set conf_state to conf_req_flags on success
-	From: Luke Howard <lukeh@PADL.COM>
-	
-	* wrap.c (gss_wrap_size_limit): use existing function From: Luke
-	Howard <lukeh@PADL.COM>
-	
-2003-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* indicate_mechs.c (gss_indicate_mechs): in case of error, free
-	mech_set
-
-	* indicate_mechs.c (gss_indicate_mechs): add SPNEGO
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (spnego_initial): catch errors and return
-	them
-
-	* init_sec_context.c (spnego_initial): add #if 0 out version of
-	the CHOICE branch encoding, also where here, free no longer used
-	memory
-
-2003-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM
-	
-	* accept_sec_context.c: SPNEGO doesn't include gss wrapping on
-	SubsequentContextToken like the Kerberos 5 mech does.
-	
-	* init_sec_context.c (spnego_reply): SPNEGO doesn't include gss
-	wrapping on SubsequentContextToken like the Kerberos 5 mech
-	does. Lets check for it anyway.
-	
-	* accept_sec_context.c: Add support for SPNEGO on the initator
-	side.  Implementation initially from Assar Westerlund, passes
-	though quite a lot of hands before I commited it.
-	
-	* init_sec_context.c: Add support for SPNEGO on the initator side.
-	Tested with ldap server on a Windows 2000 DC. Implementation
-	initially from Assar Westerlund, passes though quite a lot of
-	hands before I commited it.
-	
-	* gssapi.h: export GSS_SPNEGO_MECHANISM
-	
-	* gssapi_locl.h: include spnego_as.h add prototype for
-	gssapi_krb5_get_mech
-	
-	* decapsulate.c (gssapi_krb5_get_mech): make non static
-	
-	* Makefile.am: build SPNEGO file
-	
-2003-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* external.c: SPENGO and IAKERB oids
-	
-	* spnego.asn1: SPENGO ASN1
-	
-2003-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: RRC also need to be zero before wraping them
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* encapsulate.c (gssapi_krb5_encap_length): don't return void
-	
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: switch from the des_ to the DES_ api
-	
-	* get_mic.c: switch from the des_ to the DES_ api
-	
-	* unwrap.c: switch from the des_ to the DES_ api
-	
-	* wrap.c: switch from the des_ to the DES_ api
-	
-	* cfx.c: EC is not included in the checksum since the length might
-	change depending on the data.  From: Luke Howard <lukeh@PADL.COM>
-	
-	* acquire_cred.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-2003-09-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* copy_ccache.c: rename
-	gss_krb5_extract_authz_data_from_sec_context to
-	gsskrb5_extract_authz_data_from_sec_context
-
-	* gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to
-	gsskrb5_extract_authz_data_from_sec_context
-	
-2003-08-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
-	check that we have a ticket before we start to use it
-	
-	* gss_acquire_cred.3: document
-	gss_krb5_extract_authz_data_from_sec_context
-	
-	* gssapi.h (gss_krb5_extract_authz_data_from_sec_context):
-	return the kerberos authorizationdata, from idea of Luke Howard
-
-	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
-	return the kerberos authorizationdata, from idea of Luke Howard
-	
-	* verify_mic.c (gss_verify_mic_internal): switch type and key
-	argument
-
-2003-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (arcfour_mic_cksum): use free_Checksum to free the
-	checksum
-
-	* arcfour.h: swap two last arguments to verify_mic for consistency
-	with des3
-
-	* wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h:
-	prefix cfx symbols with _gssapi_
-
-	* arcfour.c: release the right buffer
-	
-	* arcfour.c: rename token structure in consistency with rest of
-	GSS-API From: Luke Howard <lukeh@PADL.COM>
-	
-	* unwrap.c (unwrap_des3): use _gssapi_verify_pad
-	(unwrap_des): use _gssapi_verify_pad
-
-	* arcfour.c (_gssapi_wrap_arcfour): set the correct padding
-	(_gssapi_unwrap_arcfour): verify and strip padding
-
-	* gssapi_locl.h: added _gssapi_verify_pad
-	
-	* decapsulate.c (_gssapi_verify_pad): verify padding of a gss
-	wrapped message and return its length
-	
-	* arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard
-	<lukeh@PADL.COM>
-	
-	* arcfour.c: use right seal alg, inherit keytype from parent key
-	
-	* arcfour.c: include the confounder in the checksum use the right
-	key usage number for warped/unwraped tokens
-	
-	* gssapi.h: add gss_krb5_nt_general_name as an mit compat glue
-	(same as GSS_KRB5_NT_PRINCIPAL_NAME)
-
-	* unwrap.c: hook in arcfour unwrap
-	
-	* wrap.c: hook in arcfour wrap
-	
-	* verify_mic.c: hook in arcfour verify_mic
-	
-	* get_mic.c: hook in arcfour get_mic
-	
-	* arcfour.c: implement wrap/unwarp
-	
-	* gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32
-	
-	* 8003.c: add gssapi_{en,de}code_be_om_uint32
-	
-2003-08-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right
-	area. Swap filler check, it was reversed.
-	
-	* Makefile.am (libgssapi_la_SOURCES): += arcfour.c
-	
-	* gssapi_locl.h: include "arcfour.h"
-	
-	* arcfour.c: arcfour gss-api mech, get_mic/verify_mic working
-
-	* arcfour.h: arcfour gss-api mech, get_mic/verify_mic working
-	
-2003-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: always include cfx.h add prototype for
-	_gssapi_decapsulate
-
-	* cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt
-	from Luke Howard <lukeh@PADL.COM>
-
-	* decapsulate.c: add _gssapi_decapsulate, from Luke Howard
-	<lukeh@PADL.COM>
-	
-2003-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unwrap.c: encap/decap now takes a oid if the enctype/keytype is
-	arcfour, return error add hook for cfx
-	
-	* verify_mic.c: encap/decap now takes a oid if the enctype/keytype
-	is arcfour, return error add hook for cfx
-	
-	* get_mic.c: encap/decap now takes a oid if the enctype/keytype is
-	arcfour, return error add hook for cfx
-	
-	* accept_sec_context.c: encap/decap now takes a oid
-	
-	* init_sec_context.c: encap/decap now takes a oid
-	
-	* gssapi_locl.h: include cfx.h if we need it lifetime is a
-	OM_uint32, depend on gssapi interface add all new encap/decap
-	functions
-	
-	* decapsulate.c: add decap functions that doesn't take the token
-	type also make all decap function take the oid mech that they
-	should use
-
-	* encapsulate.c: add encap functions that doesn't take the token
-	type also make all encap function take the oid mech that they
-	should use
-
-	* sequence.c (elem_insert): fix a off by one index counter
-	
-	* inquire_cred.c (gss_inquire_cred): handle cred_handle being
-	GSS_C_NO_CREDENTIAL and use the default cred then.
-	
-2003-08-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: break out extensions and document
-	gsskrb5_register_acceptor_identity
-
-2003-08-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_acquire_cred.c (print_time): time is returned in seconds
-	from now, not unix time
-
-2003-08-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* compat.c (check_compat): avoid leaking principal when finding a
-	match
-
-	* address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is
-	a krb5_socklen_t
-
-	* acquire_cred.c (gss_acquire_cred): 4th argument to
-	gss_test_oid_set_member is a int
-
-2003-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (repl_mutual): don't set kerberos error where
-	there was no kerberos error
-
-	* gssapi_locl.h: Add destruction/creation prototypes and structure
-	for the thread specific storage.
-
-	* display_status.c: use thread specific storage to set/get the
-	kerberos error message
-
-	* init.c: Provide locking around the creation of the global
-	krb5_context. Add destruction/creation functions for the thread
-	specific storage that the error string handling is using.
-	
-2003-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: add missing prototype and missing .Ft
-	arguments
-
-2003-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: reorder code so sequence numbers can can be used
-	
-	* unwrap.c: reorder code so sequence numbers can can be used
-	
-	* sequence.c: remove unused function, indent, add
-	gssapi_msg_order_f that filter gss flags to gss_msg_order flags
-	
-	* gssapi_locl.h: prototypes for
-	gssapi_{encode_om_uint32,decode_om_uint32} add sequence number
-	verifier prototypes
-
-	* delete_sec_context.c: destroy sequence number verifier
-	
-	* init_sec_context.c: remember to free data use sequence number
-	verifier
-	
-	* accept_sec_context.c: don't clear output_token twice remember to
-	free data use sequence number verifier
-	
-	* 8003.c: export and rename encode_om_uint32/decode_om_uint32 and
-	start to use them
-
-2003-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: can't have sequence.c in two different places
-
-2003-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_sequence.c: check rollover, print summery
-	
-	* wrap.c (sub_wrap_size): gss_wrap_size_limit() has
-	req_output_size and max_input_size around the wrong way -- it
-	returns the output token size for a given input size, rather than
-	the maximum input size for a given output token size.
-	
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-06-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: add prototypes for sequence.c
-	
-	* Makefile.am (libgssapi_la_SOURCES): add sequence.c
-	(test_sequence): build
-
-	* sequence.c: sequence number checks, order and replay
-	* test_sequence.c: sequence number checks, order and replay
-
-2003-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): make sure time is
-	returned in seconds from now, not in kerberos time
-	
-	* acquire_cred.c (gss_aquire_cred): make sure time is returned in
-	seconds from now, not in kerberos time
-	
-	* init_sec_context.c (init_auth): if the cred is expired before we
-	tries to create a token, fail so the peer doesn't need reject us
-	(*): make sure time is returned in seconds from now, 
-	not in kerberos time
-	(repl_mutual): remember to unlock the context mutex
-
-	* context_time.c (gss_context_time): remove unused variable
-	
-	* verify_mic.c: make sure minor_status is always set, pointed out
-	by Luke Howard <lukeh@PADL.COM>
-
-2003-05-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.[ch]: do some basic locking (no reference counting so contexts 
-	  can be removed while still used)
-	- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
-	- make sure all lifetime are returned in seconds left until expired,
-	  not in unix epoch
-
-	* gss_acquire_cred.3: document argument lifetime_rec to function
-	gss_inquire_context
-
-2003-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_acquire_cred.c: test gss_add_cred more then once
-	
-2003-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: if __cplusplus, wrap the extern variable (just to be
-	safe) and functions in extern "C" { }
-	
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: more about the des3 mic mess
-	
-	* verify_mic.c (verify_mic_des3): always check if the mic is the
-	correct mic or the mic that old heimdal would have generated
-	
-2003-04-28  Jacques Vidrine  <nectar@kth.se>
-
-	* verify_mic.c (verify_mic_des3): If MIC verification fails,
-	retry using the `old' MIC computation (with zero IV).
-
-2003-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: more about difference between comparing IN
-	and MN
-
-	* gss_acquire_cred.3: more about name type and access control
-	
-2003-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: document gss_context_time
-	
-	* context_time.c: if lifetime of context have expired, set
-	time_rec to 0 and return GSS_S_CONTEXT_EXPIRED
-	
-	* gssapi.3: document [gssapi]correct_des3_mic
-	[gssapi]broken_des3_mic
-
-	* gss_acquire_cred.3: document gss_krb5_compat_des3_mic
-	
-	* compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3
-	mic compat
-	(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
-
-	* gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off
-	des3 mic compat
-	(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
-	gss_krb5_compat_des3_mic exists
-	
-2003-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am:  (libgssapi_la_LDFLAGS): update major
-	version of gssapi for incompatiblity in 3des getmic support
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not
-	./libgssapi.la (make make -jN work)
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: spelling
-	
-	* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
-	header.h, from Thomas Klausner <wiz@netbsd.org>
-
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: spelling
-	
-	* Makefile.am: remove stuff that sneaked in with last commit
-	
-	* acquire_cred.c (acquire_initiator_cred): if the requested name
-	isn't in the ccache, also check keytab.  Extact the krbtgt for the
-	default realm to check how long the credentials will last.
-	
-	* add_cred.c (gss_add_cred): don't create a new ccache, just open
-	the old one; better check if output handle is compatible with new
-	(copied) handle
-
-	* test_acquire_cred.c: test gss_add_cred too
-	
-2003-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: build test_acquire_cred
-	
-	* test_acquire_cred.c: simple gss_acquire_cred test
-	
-2003-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: s/gssapi/GSS-API/
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: document v1 interface (and that they are
-	obsolete)
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: list supported mechanism and nametypes
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss_acquire_cred.3: text about gss_display_name
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
-	(libgssapi_la_SOURCES): add all new functions
-
-	* gssapi.3: now that we have a functions, uncomment the missing
-	ones
-
-	* gss_acquire_cred.3: now that we have a functions, uncomment the
-	missing ones
-
-	* process_context_token.c: implement gss_process_context_token
-	
-	* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
-	
-	* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
-	
-	* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
-	
-	* add_cred.c: implement gss_add_cred
-	
-	* acquire_cred.c (gss_acquire_cred): more testing of input
-	argument, make sure output arguments are ok, since we don't know
-	the time_rec (for now), set it to time_req
-	
-	* export_sec_context.c: send lifetime, also set minor_status
-	
-	* get_mic.c: set minor_status
-	
-	* import_sec_context.c (gss_import_sec_context): add error
-	checking, pick up lifetime (if there is no lifetime, use
-	GSS_C_INDEFINITE)
-
-	* init_sec_context.c: take care to set export value to something
-	sane before we start so caller will have harmless values in them
-	if then function fails
-
-	* release_buffer.c (gss_release_buffer): set minor_status
-	
-	* wrap.c: make sure minor_status get set
-	
-	* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
-	gss_verify_mic_internal and let it take the type as an argument,
-	(gss_verify_mic): call gss_verify_mic_internal
-	set minor_status
-	
-	* unwrap.c: set minor_status
-	
-	* test_oid_set_member.c (gss_test_oid_set_member): use
-	gss_oid_equal
-
-	* release_oid_set.c (gss_release_oid_set): set minor_status
-	
-	* release_name.c (gss_release_name): set minor_status
-	
-	* release_cred.c (gss_release_cred): set minor_status
-	
-	* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
-	
-	* compare_name.c (gss_compare_name): set minor_status
-	
-	* compat.c (check_compat): make sure ret have a defined value
-	
-	* context_time.c (gss_context_time): set minor_status
-	
-	* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
-	
-	* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
-	minor_status
-
-	* delete_sec_context.c (gss_delete_sec_context): set minor_status
-	
-	* display_name.c (gss_display_name): set minor_status
-	
-	* display_status.c (gss_display_status): use gss_oid_equal, handle
-	supplementary errors
-
-	* duplicate_name.c (gss_duplicate_name): set minor_status
-	
-	* inquire_context.c (gss_inquire_context): set lifetime_rec now
-	when we know it, set minor_status
-
-	* inquire_cred.c (gss_inquire_cred): take care to set export value
-	to something sane before we start so caller will have harmless
-	values in them if the function fails
-	
-	* accept_sec_context.c (gss_accept_sec_context): take care to set
-	export value to something sane before we start so caller will have
-	harmless values in them if then function fails, set lifetime from
-	ticket expiration date
-
-	* indicate_mechs.c (gss_indicate_mechs): use
-	gss_create_empty_oid_set and gss_add_oid_set_member
-
-	* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
-	since there is no ticket transfered in the exported context
-	
-	* export_name.c (gss_export_name): export name with
-	GSS_C_NT_EXPORT_NAME wrapping, not just the principal
-	
-	* import_name.c (import_export_name): new function, parses a
-	GSS_C_NT_EXPORT_NAME
-	(import_krb5_name): factor out common code of parsing krb5 name
-	(gss_oid_equal): rename from oid_equal
-
-	* gssapi_locl.h: add prototypes for gss_oid_equal and
-	gss_verify_mic_internal
-
-	* gssapi.h: comment out the argument names
-	
-2003-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: add LIST OF FUNCTIONS and copyright/license
-
-	* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
-	
-	* Makefile.am: man_MANS += gss_aquire_cred.3
-	
-2003-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_aquire_cred.3: the gssapi api manpage
-	
-2003-03-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* inquire_context.c: (gss_inquire_context): rename argument open
-	to open_context
-
-	* gssapi.h (gss_inquire_context): rename argument open to open_context
-
-2003-02-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (do_delegation): remove unused variable
-	subkey
-
-	* gssapi.3: all 0.5.x version had broken token delegation
-	
-2003-02-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* (init_auth): only generate one subkey
-
-2003-01-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
-	to rfc (and mit kerberos), provide backward compat hook
-	
-	* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
-	mit kerberos), provide backward compat hook
-	
-	* init_sec_context.c (init_auth): check if we need compat for
-	older get_mic/verify_mic
-
-	* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
-	
-	* gssapi.h (more_flags): add COMPAT_OLD_DES3
-	
-	* Makefile.am: add gssapi.3 and compat.c
-	
-	* gssapi.3: add gssapi COMPATIBILITY documentation
-	
-	* accept_sec_context.c (gss_accept_sec_context): check if we need
-	compat for older get_mic/verify_mic
-
-	* compat.c: check for compatiblity with other heimdal's 3des
-	get_mic/verify_mic
-
-2002-10-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check return value from gssapi_krb5_init
-	
-	* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
-
-	* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
-
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_sec_context.c: we need to generate a local subkey here
-
-2002-08-20  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
-	  credential resolution if gss_acquire_cred is called with
-	  GSS_C_NO_NAME.
-
-2002-06-20  Jacques Vidrine <n@nectar.com>
-
-	* import_name.c: Compare name types by value if pointers do
-	  not match.  Reported by: "Douglas E. Engert" <deengert@anl.gov>
-
-2002-05-20  Jacques Vidrine <n@nectar.com>
-
-	* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
-	  the qop_state parameter.  from Doug Rabson <dfr@nlsystems.com>
-
-2002-05-09  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
-
-2002-05-08  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: initialize gssapi; handle null desired_name
-
-2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: remove non-functional stuff accidentally committed
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
-	* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
-	bindings
-
-2001-10-31  Jacques Vidrine <n@nectar.com>
-
-	* get_mic.c (mic_des3): MIC computation using DES3/SHA1
-	was bogusly appending the message buffer to the result,
-	overwriting a heap buffer in the process.
-
-2001-08-29  Assar Westerlund  <assar@sics.se>
-
-	* 8003.c (gssapi_krb5_verify_8003_checksum,
-	gssapi_krb5_create_8003_checksum): make more consistent by always
-	returning an gssapi error and setting minor status.  update
-	callers
-
-2001-08-28  Jacques Vidrine  <n@nectar.com>
-
-	* accept_sec_context.c: Create a cache for delegated credentials
-	  when needed.
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
-
-2001-08-23  Assar Westerlund  <assar@sics.se>
-
-	*  *.c: handle minor_status more consistently
-
-	* display_status.c (gss_display_status): handle krb5_get_err_text
-	failing
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* gssapi_locl.h: fix prototype for gssapi_krb5_init
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
-	context and check return value from kt_resolve
-
-	* init.c: return error code
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LIBADD): add required library
-	dependencies
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
-	the keytab to be used for gss_acquire_cred too'
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* verify_mic.c: update krb5_auth_con function names use
-	gss_krb5_get_remotekey
-	* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
-	add prototypes
-	* get_mic.c: update krb5_auth_con function names. use
-	gss_krb5_get_localkey
-	* accept_sec_context.c: update krb5_auth_con function names
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:2
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c: adapt to new address functions
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* try to return the error string from libkrb5 where applicable
-
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): remember to free
-	the memory used by the ticket itself. from <tmartin@mirapoint.com>
-
-2001-05-04  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add config.h for completeness
-	* gssapi.h: remove config.h, this is an installed header file
-	sys/types.h is not needed either
-	
-2001-03-12  Assar Westerlund  <assar@sics.se>
-
-	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
-	Jason R Thorpe <thorpej@zembu.com>
-
-2001-02-18  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): either return
-	gss_name NULL-ed or set
-
-	* import_name.c: set minor_status in some cases where it was not
-	done
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: use krb5_generate_random_block for the confounders
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
-	* acquire_cred.c, init_sec_context.c, release_cred.c: add support
-	for getting creds from a keytab, from fvdl@netbsd.org
-
-	* copy_ccache.c: add gss_krb5_copy_ccache
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* get_mic.c: cast parameters to des function to non-const pointers
- 	to handle the case where these functions actually take non-const
- 	des_cblock *
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
-	instead of krb5_rd_cred
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
-	sequence number
-	* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
-	the sequence number
-	* init_sec_context.c (init_auth): always zero fwd_data
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (init_auth): update to new
-	krb5_build_authenticator
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c: actually pay attention to `time_req'
-	* init_sec_context.c: re-organize.  leak less memory.
-	* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
-	update prototypes add assert.h
-	* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
-	add
-	* verify_mic.c: re-organize and add 3DES code
-	* wrap.c: re-organize and add 3DES code
-	* unwrap.c: re-organize and add 3DES code
-	* get_mic.c: re-organize and add 3DES code
-	* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
-	let the caller do that.  fix the callers.
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:1:1
-
-2000-07-29  Assar Westerlund  <assar@sics.se>
-
-	* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
-	details from rfc2744
-
-2000-06-29  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
-	`int' instead of `sa_family_t' for the address family.
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* add support for token delegation.  From Daniel Kouril
-	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* release_oid_set.c (gss_release_oid_set): clear set for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_name.c (gss_release_name): reset input_name for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_buffer.c (gss_release_buffer): set value to NULL to be
-	more robust.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* add_oid_set_member.c (gss_add_oid_set_member): actually check if
-	the oid is a member first.  leave the oid_set unchanged if realloc
-	fails.
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add flags for import/export
-	* import_sec_context.c (import_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* export_sec_context.c (export_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* accept_sec_context.c (gss_accept_sec_context): set target in
-	context_handle
-
-2000-02-11  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): set context to
-	GSS_C_NO_CONTEXT
-
-	* Makefile.am: add {export,import}_sec_context.c
-	* export_sec_context.c: new file
-	* import_sec_context.c: new file
-	* accept_sec_context.c (gss_accept_sec_context): set trans flag
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:5:0
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): handle a NULL
-	output_token
-
-	* wrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
-	some changes to libdes calls to make them more portable.
-	* unwrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* get_mic.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:4:0
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): always set
- 	`output_token'
-	* init_sec_context.c (init_auth): always initialize `output_token'
-	* delete_sec_context.c (gss_delete_sec_context): always set
- 	`output_token'
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 0:3:0
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:2:0
-
-1999-09-21  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (gss_init_sec_context): initialize `ticket'
-
-	* gssapi.h (gss_ctx_id_t_desc): add ticket in here.  ick.
-
-	* delete_sec_context.c (gss_delete_sec_context): free ticket
-
-	* accept_sec_context.c (gss_accept_sec_context): stove away
- 	`krb5_ticket' in context so that ugly programs such as
- 	gss_nt_server can get at it.  uck.
-
-1999-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: set minor_status
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* display_status.c (calling_error, routine_error): right shift the
- 	code to make it possible to index into the arrays
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h (GSS_C_AF_INET6): add
-
-	* import_name.c (import_hostbased_name): set minor_status
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:1:0
-
-Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* display_status.c: set minor_status
-
-	* init_sec_context.c: set minor_status
-
-	* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
- 	directly)
-
diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am
deleted file mode 100644
index 2326482..0000000
--- a/crypto/heimdal/lib/gssapi/Makefile.am
+++ /dev/null
@@ -1,313 +0,0 @@
-# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AUTOMAKE_OPTIONS = subdir-objects
-
-AM_CPPFLAGS += -I$(srcdir)/../krb5 \
-	-I$(srcdir) \
-	-I$(srcdir)/mech \
-	$(INCLUDE_hcrypto) \
-	$(INCLUDE_krb4)
-
-lib_LTLIBRARIES = libgssapi.la
-
-krb5src = \
-	krb5/8003.c \
-	krb5/accept_sec_context.c \
-	krb5/acquire_cred.c \
-	krb5/add_cred.c \
-	krb5/address_to_krb5addr.c \
-	krb5/arcfour.c \
-	krb5/canonicalize_name.c \
-	krb5/ccache_name.c \
-	krb5/cfx.c \
-	krb5/cfx.h \
-	krb5/compare_name.c \
-	krb5/compat.c \
-	krb5/context_time.c \
-	krb5/copy_ccache.c \
-	krb5/decapsulate.c \
-	krb5/delete_sec_context.c \
-	krb5/display_name.c \
-	krb5/display_status.c \
-	krb5/duplicate_name.c \
-	krb5/encapsulate.c \
-	krb5/export_name.c \
-	krb5/export_sec_context.c \
-	krb5/external.c \
-	krb5/get_mic.c \
-	krb5/gsskrb5_locl.h \
-	krb5/gsskrb5-private.h \
-	krb5/import_name.c \
-	krb5/import_sec_context.c \
-	krb5/indicate_mechs.c \
-	krb5/init.c \
-	krb5/init_sec_context.c \
-	krb5/inquire_context.c \
-	krb5/inquire_cred.c \
-	krb5/inquire_cred_by_mech.c \
-	krb5/inquire_cred_by_oid.c \
-	krb5/inquire_mechs_for_name.c \
-	krb5/inquire_names_for_mech.c \
-	krb5/inquire_sec_context_by_oid.c \
-	krb5/process_context_token.c \
-	krb5/prf.c \
-	krb5/release_buffer.c \
-	krb5/release_cred.c \
-	krb5/release_name.c \
-	krb5/sequence.c \
-	krb5/set_cred_option.c \
-	krb5/set_sec_context_option.c \
-	krb5/ticket_flags.c \
-	krb5/unwrap.c \
-	krb5/v1.c \
-	krb5/verify_mic.c \
-	krb5/wrap.c
-
-mechsrc = \
-	mech/context.h \
-	mech/context.c \
-	mech/cred.h \
-	mech/gss_accept_sec_context.c \
-	mech/gss_acquire_cred.c \
-	mech/gss_add_cred.c \
-	mech/gss_add_oid_set_member.c \
-	mech/gss_buffer_set.c \
-	mech/gss_canonicalize_name.c \
-	mech/gss_compare_name.c \
-	mech/gss_context_time.c \
-	mech/gss_create_empty_oid_set.c \
-	mech/gss_decapsulate_token.c \
-	mech/gss_delete_sec_context.c \
-	mech/gss_display_name.c \
-	mech/gss_display_status.c \
-	mech/gss_duplicate_name.c \
-	mech/gss_duplicate_oid.c \
-	mech/gss_encapsulate_token.c \
-	mech/gss_export_name.c \
-	mech/gss_export_sec_context.c \
-	mech/gss_get_mic.c \
-	mech/gss_import_name.c \
-	mech/gss_import_sec_context.c \
-	mech/gss_indicate_mechs.c \
-	mech/gss_init_sec_context.c \
-	mech/gss_inquire_context.c \
-	mech/gss_inquire_cred.c \
-	mech/gss_inquire_cred_by_mech.c \
-	mech/gss_inquire_cred_by_oid.c \
-	mech/gss_inquire_mechs_for_name.c \
-	mech/gss_inquire_names_for_mech.c \
-	mech/gss_krb5.c \
-	mech/gss_mech_switch.c \
-	mech/gss_names.c \
-	mech/gss_oid_equal.c \
-	mech/gss_oid_to_str.c \
-	mech/gss_process_context_token.c \
-	mech/gss_pseudo_random.c \
-	mech/gss_release_buffer.c \
-	mech/gss_release_cred.c \
-	mech/gss_release_name.c \
-	mech/gss_release_oid.c \
-	mech/gss_release_oid_set.c \
-	mech/gss_seal.c \
-	mech/gss_set_cred_option.c \
-	mech/gss_set_sec_context_option.c \
-	mech/gss_sign.c \
-	mech/gss_test_oid_set_member.c \
-	mech/gss_unseal.c \
-	mech/gss_unwrap.c \
-	mech/gss_utils.c \
-	mech/gss_verify.c \
-	mech/gss_verify_mic.c \
-	mech/gss_wrap.c \
-	mech/gss_wrap_size_limit.c \
-	mech/gss_inquire_sec_context_by_oid.c \
-	mech/mech_switch.h \
-	mech/mechqueue.h \
-	mech/mech_locl.h \
-	mech/name.h \
-	mech/utils.h
-
-spnegosrc = \
-	spnego/accept_sec_context.c \
-	spnego/compat.c \
-	spnego/context_stubs.c \
-	spnego/cred_stubs.c \
-	spnego/external.c \
-	spnego/init_sec_context.c \
-	spnego/spnego_locl.h \
-	spnego/spnego-private.h
-
-ntlmsrc = \
-	ntlm/accept_sec_context.c \
-	ntlm/acquire_cred.c \
-	ntlm/add_cred.c \
-	ntlm/canonicalize_name.c \
-	ntlm/compare_name.c \
-	ntlm/context_time.c \
-	ntlm/crypto.c \
-	ntlm/delete_sec_context.c \
-	ntlm/display_name.c \
-	ntlm/display_status.c \
-	ntlm/duplicate_name.c \
-	ntlm/export_name.c \
-	ntlm/export_sec_context.c \
-	ntlm/external.c \
-	ntlm/ntlm.h \
-	ntlm/ntlm-private.h \
-	ntlm/import_name.c \
-	ntlm/import_sec_context.c \
-	ntlm/indicate_mechs.c \
-	ntlm/init_sec_context.c \
-	ntlm/inquire_context.c \
-	ntlm/inquire_cred.c \
-	ntlm/inquire_cred_by_mech.c \
-	ntlm/inquire_mechs_for_name.c \
-	ntlm/inquire_names_for_mech.c \
-	ntlm/process_context_token.c \
-	ntlm/release_cred.c \
-	ntlm/release_name.c \
-	ntlm/digest.c
-
-$(srcdir)/ntlm/ntlm-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
-
-dist_libgssapi_la_SOURCES  = \
-	$(krb5src) \
-	$(mechsrc) \
-	$(ntlmsrc) \
-	$(spnegosrc)
-
-nodist_libgssapi_la_SOURCES  = \
-	gkrb5_err.c \
-	gkrb5_err.h \
-	$(BUILT_SOURCES)
-
-libgssapi_la_LDFLAGS = -version-info 2:0:0
-
-if versionscript
-libgssapi_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-libgssapi_la_LIBADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(LIBADD_roken)
-
-man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
-
-include_HEADERS = gssapi.h
-noinst_HEADERS = \
-	gssapi_mech.h \
-	ntlm/ntlm-private.h \
-	spnego/spnego-private.h \
-	krb5/gsskrb5-private.h
-nobase_include_HEADERS = \
-	gssapi/gssapi.h \
-	gssapi/gssapi_krb5.h \
-	gssapi/gssapi_spnego.h
-
-gssapidir = $(includedir)/gssapi
-nodist_gssapi_HEADERS = gkrb5_err.h
-
-gssapi_files = asn1_GSSAPIContextToken.x
-
-spnego_files =					\
-	asn1_ContextFlags.x			\
-	asn1_MechType.x				\
-	asn1_MechTypeList.x			\
-	asn1_NegotiationToken.x			\
-	asn1_NegotiationTokenWin.x		\
-	asn1_NegHints.x				\
-	asn1_NegTokenInit.x			\
-	asn1_NegTokenInitWin.x			\
-	asn1_NegTokenResp.x
-
-$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
-
-BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
-
-CLEANFILES = $(BUILT_SOURCES) \
-	gkrb5_err.h gkrb5_err.c \
-	$(spnego_files) spnego_asn1.h spnego_asn1_files \
-	$(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
-	gss-commands.h gss-commands.c
-
-$(spnego_files) spnego_asn1.h: spnego_asn1_files
-$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
-
-spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
-	../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
-
-gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
-
-$(srcdir)/krb5/gsskrb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
-
-$(srcdir)/spnego/spnego-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
-
-
-TESTS = test_oid test_names test_cfx
-# test_sequence 
-
-test_cfx_SOURCES = krb5/test_cfx.c
-
-check_PROGRAMS = test_acquire_cred $(TESTS)
-
-bin_PROGRAMS = gss
-noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm
-
-test_context_SOURCES = test_context.c test_common.c test_common.h
-test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
-test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
-
-test_ntlm_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LDADD)
-
-LDADD = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_roken)
-
-# gss
-
-dist_gss_SOURCES = gss.c
-nodist_gss_SOURCES = gss-commands.c gss-commands.h
-
-gss_LDADD = libgssapi.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-SLC = $(top_builddir)/lib/sl/slc
-
-gss-commands.c gss-commands.h: gss-commands.in
-	$(SLC) $(srcdir)/gss-commands.in
-
-$(gss_OBJECTS): gss-commands.h
-
-EXTRA_DIST = \
-	$(man_MANS) \
-	krb5/gkrb5_err.et \
-	mech/gssapi.asn1 \
-	spnego/spnego.asn1 \
-	version-script.map \
-	gss-commands.in
-
-# to help stupid solaris make
-
-$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
-
-gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
-	$(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in
deleted file mode 100644
index 9886d49..0000000
--- a/crypto/heimdal/lib/gssapi/Makefile.in
+++ /dev/null
@@ -1,1960 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(nobase_include_HEADERS) \
-	$(noinst_HEADERS) $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-TESTS = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
-check_PROGRAMS = test_acquire_cred$(EXEEXT) $(am__EXEEXT_1)
-bin_PROGRAMS = gss$(EXEEXT)
-noinst_PROGRAMS = test_cred$(EXEEXT) test_kcred$(EXEEXT) \
-	test_context$(EXEEXT) test_ntlm$(EXEEXT)
-subdir = lib/gssapi
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(gssapidir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libgssapi_la_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am__dirstamp = $(am__leading_dot)dirstamp
-am__objects_1 = krb5/8003.lo krb5/accept_sec_context.lo \
-	krb5/acquire_cred.lo krb5/add_cred.lo \
-	krb5/address_to_krb5addr.lo krb5/arcfour.lo \
-	krb5/canonicalize_name.lo krb5/ccache_name.lo krb5/cfx.lo \
-	krb5/compare_name.lo krb5/compat.lo krb5/context_time.lo \
-	krb5/copy_ccache.lo krb5/decapsulate.lo \
-	krb5/delete_sec_context.lo krb5/display_name.lo \
-	krb5/display_status.lo krb5/duplicate_name.lo \
-	krb5/encapsulate.lo krb5/export_name.lo \
-	krb5/export_sec_context.lo krb5/external.lo krb5/get_mic.lo \
-	krb5/import_name.lo krb5/import_sec_context.lo \
-	krb5/indicate_mechs.lo krb5/init.lo krb5/init_sec_context.lo \
-	krb5/inquire_context.lo krb5/inquire_cred.lo \
-	krb5/inquire_cred_by_mech.lo krb5/inquire_cred_by_oid.lo \
-	krb5/inquire_mechs_for_name.lo krb5/inquire_names_for_mech.lo \
-	krb5/inquire_sec_context_by_oid.lo \
-	krb5/process_context_token.lo krb5/prf.lo \
-	krb5/release_buffer.lo krb5/release_cred.lo \
-	krb5/release_name.lo krb5/sequence.lo krb5/set_cred_option.lo \
-	krb5/set_sec_context_option.lo krb5/ticket_flags.lo \
-	krb5/unwrap.lo krb5/v1.lo krb5/verify_mic.lo krb5/wrap.lo
-am__objects_2 = mech/context.lo mech/gss_accept_sec_context.lo \
-	mech/gss_acquire_cred.lo mech/gss_add_cred.lo \
-	mech/gss_add_oid_set_member.lo mech/gss_buffer_set.lo \
-	mech/gss_canonicalize_name.lo mech/gss_compare_name.lo \
-	mech/gss_context_time.lo mech/gss_create_empty_oid_set.lo \
-	mech/gss_decapsulate_token.lo mech/gss_delete_sec_context.lo \
-	mech/gss_display_name.lo mech/gss_display_status.lo \
-	mech/gss_duplicate_name.lo mech/gss_duplicate_oid.lo \
-	mech/gss_encapsulate_token.lo mech/gss_export_name.lo \
-	mech/gss_export_sec_context.lo mech/gss_get_mic.lo \
-	mech/gss_import_name.lo mech/gss_import_sec_context.lo \
-	mech/gss_indicate_mechs.lo mech/gss_init_sec_context.lo \
-	mech/gss_inquire_context.lo mech/gss_inquire_cred.lo \
-	mech/gss_inquire_cred_by_mech.lo \
-	mech/gss_inquire_cred_by_oid.lo \
-	mech/gss_inquire_mechs_for_name.lo \
-	mech/gss_inquire_names_for_mech.lo mech/gss_krb5.lo \
-	mech/gss_mech_switch.lo mech/gss_names.lo \
-	mech/gss_oid_equal.lo mech/gss_oid_to_str.lo \
-	mech/gss_process_context_token.lo mech/gss_pseudo_random.lo \
-	mech/gss_release_buffer.lo mech/gss_release_cred.lo \
-	mech/gss_release_name.lo mech/gss_release_oid.lo \
-	mech/gss_release_oid_set.lo mech/gss_seal.lo \
-	mech/gss_set_cred_option.lo mech/gss_set_sec_context_option.lo \
-	mech/gss_sign.lo mech/gss_test_oid_set_member.lo \
-	mech/gss_unseal.lo mech/gss_unwrap.lo mech/gss_utils.lo \
-	mech/gss_verify.lo mech/gss_verify_mic.lo mech/gss_wrap.lo \
-	mech/gss_wrap_size_limit.lo \
-	mech/gss_inquire_sec_context_by_oid.lo
-am__objects_3 = ntlm/accept_sec_context.lo ntlm/acquire_cred.lo \
-	ntlm/add_cred.lo ntlm/canonicalize_name.lo \
-	ntlm/compare_name.lo ntlm/context_time.lo ntlm/crypto.lo \
-	ntlm/delete_sec_context.lo ntlm/display_name.lo \
-	ntlm/display_status.lo ntlm/duplicate_name.lo \
-	ntlm/export_name.lo ntlm/export_sec_context.lo \
-	ntlm/external.lo ntlm/import_name.lo \
-	ntlm/import_sec_context.lo ntlm/indicate_mechs.lo \
-	ntlm/init_sec_context.lo ntlm/inquire_context.lo \
-	ntlm/inquire_cred.lo ntlm/inquire_cred_by_mech.lo \
-	ntlm/inquire_mechs_for_name.lo ntlm/inquire_names_for_mech.lo \
-	ntlm/process_context_token.lo ntlm/release_cred.lo \
-	ntlm/release_name.lo ntlm/digest.lo
-am__objects_4 = spnego/accept_sec_context.lo spnego/compat.lo \
-	spnego/context_stubs.lo spnego/cred_stubs.lo \
-	spnego/external.lo spnego/init_sec_context.lo
-dist_libgssapi_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
-	$(am__objects_3) $(am__objects_4)
-am__objects_5 = asn1_ContextFlags.lo asn1_MechType.lo \
-	asn1_MechTypeList.lo asn1_NegotiationToken.lo \
-	asn1_NegotiationTokenWin.lo asn1_NegHints.lo \
-	asn1_NegTokenInit.lo asn1_NegTokenInitWin.lo \
-	asn1_NegTokenResp.lo
-am__objects_6 = asn1_GSSAPIContextToken.lo
-am__objects_7 = $(am__objects_5) $(am__objects_6)
-nodist_libgssapi_la_OBJECTS = gkrb5_err.lo $(am__objects_7)
-libgssapi_la_OBJECTS = $(dist_libgssapi_la_OBJECTS) \
-	$(nodist_libgssapi_la_OBJECTS)
-libgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libgssapi_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-dist_gss_OBJECTS = gss.$(OBJEXT)
-nodist_gss_OBJECTS = gss-commands.$(OBJEXT)
-gss_OBJECTS = $(dist_gss_OBJECTS) $(nodist_gss_OBJECTS)
-gss_DEPENDENCIES = libgssapi.la $(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_test_acquire_cred_OBJECTS = test_acquire_cred.$(OBJEXT) \
-	test_common.$(OBJEXT)
-test_acquire_cred_OBJECTS = $(am_test_acquire_cred_OBJECTS)
-test_acquire_cred_LDADD = $(LDADD)
-test_acquire_cred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_cfx_OBJECTS = krb5/test_cfx.$(OBJEXT)
-test_cfx_OBJECTS = $(am_test_cfx_OBJECTS)
-test_cfx_LDADD = $(LDADD)
-test_cfx_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_context_OBJECTS = test_context.$(OBJEXT) test_common.$(OBJEXT)
-test_context_OBJECTS = $(am_test_context_OBJECTS)
-test_context_LDADD = $(LDADD)
-test_context_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_cred_SOURCES = test_cred.c
-test_cred_OBJECTS = test_cred.$(OBJEXT)
-test_cred_LDADD = $(LDADD)
-test_cred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_kcred_SOURCES = test_kcred.c
-test_kcred_OBJECTS = test_kcred.$(OBJEXT)
-test_kcred_LDADD = $(LDADD)
-test_kcred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_names_SOURCES = test_names.c
-test_names_OBJECTS = test_names.$(OBJEXT)
-test_names_LDADD = $(LDADD)
-test_names_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_ntlm_OBJECTS = test_ntlm.$(OBJEXT) test_common.$(OBJEXT)
-test_ntlm_OBJECTS = $(am_test_ntlm_OBJECTS)
-am__DEPENDENCIES_2 = libgssapi.la $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1)
-test_ntlm_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(am__DEPENDENCIES_2)
-test_oid_SOURCES = test_oid.c
-test_oid_OBJECTS = test_oid.$(OBJEXT)
-test_oid_LDADD = $(LDADD)
-test_oid_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libgssapi_la_SOURCES) $(nodist_libgssapi_la_SOURCES) \
-	$(dist_gss_SOURCES) $(nodist_gss_SOURCES) \
-	$(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
-	$(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
-	$(test_ntlm_SOURCES) test_oid.c
-DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gss_SOURCES) \
-	$(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
-	$(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
-	$(test_ntlm_SOURCES) test_oid.c
-man3dir = $(mandir)/man3
-man5dir = $(mandir)/man5
-MANS = $(man_MANS)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
-nodist_gssapiHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
-	$(nodist_gssapi_HEADERS) $(noinst_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/../krb5 -I$(srcdir) -I$(srcdir)/mech \
-	$(INCLUDE_hcrypto) $(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-AUTOMAKE_OPTIONS = subdir-objects
-lib_LTLIBRARIES = libgssapi.la
-krb5src = \
-	krb5/8003.c \
-	krb5/accept_sec_context.c \
-	krb5/acquire_cred.c \
-	krb5/add_cred.c \
-	krb5/address_to_krb5addr.c \
-	krb5/arcfour.c \
-	krb5/canonicalize_name.c \
-	krb5/ccache_name.c \
-	krb5/cfx.c \
-	krb5/cfx.h \
-	krb5/compare_name.c \
-	krb5/compat.c \
-	krb5/context_time.c \
-	krb5/copy_ccache.c \
-	krb5/decapsulate.c \
-	krb5/delete_sec_context.c \
-	krb5/display_name.c \
-	krb5/display_status.c \
-	krb5/duplicate_name.c \
-	krb5/encapsulate.c \
-	krb5/export_name.c \
-	krb5/export_sec_context.c \
-	krb5/external.c \
-	krb5/get_mic.c \
-	krb5/gsskrb5_locl.h \
-	krb5/gsskrb5-private.h \
-	krb5/import_name.c \
-	krb5/import_sec_context.c \
-	krb5/indicate_mechs.c \
-	krb5/init.c \
-	krb5/init_sec_context.c \
-	krb5/inquire_context.c \
-	krb5/inquire_cred.c \
-	krb5/inquire_cred_by_mech.c \
-	krb5/inquire_cred_by_oid.c \
-	krb5/inquire_mechs_for_name.c \
-	krb5/inquire_names_for_mech.c \
-	krb5/inquire_sec_context_by_oid.c \
-	krb5/process_context_token.c \
-	krb5/prf.c \
-	krb5/release_buffer.c \
-	krb5/release_cred.c \
-	krb5/release_name.c \
-	krb5/sequence.c \
-	krb5/set_cred_option.c \
-	krb5/set_sec_context_option.c \
-	krb5/ticket_flags.c \
-	krb5/unwrap.c \
-	krb5/v1.c \
-	krb5/verify_mic.c \
-	krb5/wrap.c
-
-mechsrc = \
-	mech/context.h \
-	mech/context.c \
-	mech/cred.h \
-	mech/gss_accept_sec_context.c \
-	mech/gss_acquire_cred.c \
-	mech/gss_add_cred.c \
-	mech/gss_add_oid_set_member.c \
-	mech/gss_buffer_set.c \
-	mech/gss_canonicalize_name.c \
-	mech/gss_compare_name.c \
-	mech/gss_context_time.c \
-	mech/gss_create_empty_oid_set.c \
-	mech/gss_decapsulate_token.c \
-	mech/gss_delete_sec_context.c \
-	mech/gss_display_name.c \
-	mech/gss_display_status.c \
-	mech/gss_duplicate_name.c \
-	mech/gss_duplicate_oid.c \
-	mech/gss_encapsulate_token.c \
-	mech/gss_export_name.c \
-	mech/gss_export_sec_context.c \
-	mech/gss_get_mic.c \
-	mech/gss_import_name.c \
-	mech/gss_import_sec_context.c \
-	mech/gss_indicate_mechs.c \
-	mech/gss_init_sec_context.c \
-	mech/gss_inquire_context.c \
-	mech/gss_inquire_cred.c \
-	mech/gss_inquire_cred_by_mech.c \
-	mech/gss_inquire_cred_by_oid.c \
-	mech/gss_inquire_mechs_for_name.c \
-	mech/gss_inquire_names_for_mech.c \
-	mech/gss_krb5.c \
-	mech/gss_mech_switch.c \
-	mech/gss_names.c \
-	mech/gss_oid_equal.c \
-	mech/gss_oid_to_str.c \
-	mech/gss_process_context_token.c \
-	mech/gss_pseudo_random.c \
-	mech/gss_release_buffer.c \
-	mech/gss_release_cred.c \
-	mech/gss_release_name.c \
-	mech/gss_release_oid.c \
-	mech/gss_release_oid_set.c \
-	mech/gss_seal.c \
-	mech/gss_set_cred_option.c \
-	mech/gss_set_sec_context_option.c \
-	mech/gss_sign.c \
-	mech/gss_test_oid_set_member.c \
-	mech/gss_unseal.c \
-	mech/gss_unwrap.c \
-	mech/gss_utils.c \
-	mech/gss_verify.c \
-	mech/gss_verify_mic.c \
-	mech/gss_wrap.c \
-	mech/gss_wrap_size_limit.c \
-	mech/gss_inquire_sec_context_by_oid.c \
-	mech/mech_switch.h \
-	mech/mechqueue.h \
-	mech/mech_locl.h \
-	mech/name.h \
-	mech/utils.h
-
-spnegosrc = \
-	spnego/accept_sec_context.c \
-	spnego/compat.c \
-	spnego/context_stubs.c \
-	spnego/cred_stubs.c \
-	spnego/external.c \
-	spnego/init_sec_context.c \
-	spnego/spnego_locl.h \
-	spnego/spnego-private.h
-
-ntlmsrc = \
-	ntlm/accept_sec_context.c \
-	ntlm/acquire_cred.c \
-	ntlm/add_cred.c \
-	ntlm/canonicalize_name.c \
-	ntlm/compare_name.c \
-	ntlm/context_time.c \
-	ntlm/crypto.c \
-	ntlm/delete_sec_context.c \
-	ntlm/display_name.c \
-	ntlm/display_status.c \
-	ntlm/duplicate_name.c \
-	ntlm/export_name.c \
-	ntlm/export_sec_context.c \
-	ntlm/external.c \
-	ntlm/ntlm.h \
-	ntlm/ntlm-private.h \
-	ntlm/import_name.c \
-	ntlm/import_sec_context.c \
-	ntlm/indicate_mechs.c \
-	ntlm/init_sec_context.c \
-	ntlm/inquire_context.c \
-	ntlm/inquire_cred.c \
-	ntlm/inquire_cred_by_mech.c \
-	ntlm/inquire_mechs_for_name.c \
-	ntlm/inquire_names_for_mech.c \
-	ntlm/process_context_token.c \
-	ntlm/release_cred.c \
-	ntlm/release_name.c \
-	ntlm/digest.c
-
-dist_libgssapi_la_SOURCES = \
-	$(krb5src) \
-	$(mechsrc) \
-	$(ntlmsrc) \
-	$(spnegosrc)
-
-nodist_libgssapi_la_SOURCES = \
-	gkrb5_err.c \
-	gkrb5_err.h \
-	$(BUILT_SOURCES)
-
-libgssapi_la_LDFLAGS = -version-info 2:0:0 $(am__append_1)
-libgssapi_la_LIBADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(LIBADD_roken)
-
-man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
-include_HEADERS = gssapi.h
-noinst_HEADERS = \
-	gssapi_mech.h \
-	ntlm/ntlm-private.h \
-	spnego/spnego-private.h \
-	krb5/gsskrb5-private.h
-
-nobase_include_HEADERS = \
-	gssapi/gssapi.h \
-	gssapi/gssapi_krb5.h \
-	gssapi/gssapi_spnego.h
-
-gssapidir = $(includedir)/gssapi
-nodist_gssapi_HEADERS = gkrb5_err.h
-gssapi_files = asn1_GSSAPIContextToken.x
-spnego_files = \
-	asn1_ContextFlags.x			\
-	asn1_MechType.x				\
-	asn1_MechTypeList.x			\
-	asn1_NegotiationToken.x			\
-	asn1_NegotiationTokenWin.x		\
-	asn1_NegHints.x				\
-	asn1_NegTokenInit.x			\
-	asn1_NegTokenInitWin.x			\
-	asn1_NegTokenResp.x
-
-BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
-CLEANFILES = $(BUILT_SOURCES) \
-	gkrb5_err.h gkrb5_err.c \
-	$(spnego_files) spnego_asn1.h spnego_asn1_files \
-	$(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
-	gss-commands.h gss-commands.c
-
-# test_sequence 
-test_cfx_SOURCES = krb5/test_cfx.c
-test_context_SOURCES = test_context.c test_common.c test_common.h
-test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
-test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
-test_ntlm_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LDADD)
-
-LDADD = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_roken)
-
-
-# gss
-dist_gss_SOURCES = gss.c
-nodist_gss_SOURCES = gss-commands.c gss-commands.h
-gss_LDADD = libgssapi.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-SLC = $(top_builddir)/lib/sl/slc
-EXTRA_DIST = \
-	$(man_MANS) \
-	krb5/gkrb5_err.et \
-	mech/gssapi.asn1 \
-	spnego/spnego.asn1 \
-	version-script.map \
-	gss-commands.in
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/gssapi/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/gssapi/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-krb5/$(am__dirstamp):
-	@$(MKDIR_P) krb5
-	@: > krb5/$(am__dirstamp)
-krb5/8003.lo: krb5/$(am__dirstamp)
-krb5/accept_sec_context.lo: krb5/$(am__dirstamp)
-krb5/acquire_cred.lo: krb5/$(am__dirstamp)
-krb5/add_cred.lo: krb5/$(am__dirstamp)
-krb5/address_to_krb5addr.lo: krb5/$(am__dirstamp)
-krb5/arcfour.lo: krb5/$(am__dirstamp)
-krb5/canonicalize_name.lo: krb5/$(am__dirstamp)
-krb5/ccache_name.lo: krb5/$(am__dirstamp)
-krb5/cfx.lo: krb5/$(am__dirstamp)
-krb5/compare_name.lo: krb5/$(am__dirstamp)
-krb5/compat.lo: krb5/$(am__dirstamp)
-krb5/context_time.lo: krb5/$(am__dirstamp)
-krb5/copy_ccache.lo: krb5/$(am__dirstamp)
-krb5/decapsulate.lo: krb5/$(am__dirstamp)
-krb5/delete_sec_context.lo: krb5/$(am__dirstamp)
-krb5/display_name.lo: krb5/$(am__dirstamp)
-krb5/display_status.lo: krb5/$(am__dirstamp)
-krb5/duplicate_name.lo: krb5/$(am__dirstamp)
-krb5/encapsulate.lo: krb5/$(am__dirstamp)
-krb5/export_name.lo: krb5/$(am__dirstamp)
-krb5/export_sec_context.lo: krb5/$(am__dirstamp)
-krb5/external.lo: krb5/$(am__dirstamp)
-krb5/get_mic.lo: krb5/$(am__dirstamp)
-krb5/import_name.lo: krb5/$(am__dirstamp)
-krb5/import_sec_context.lo: krb5/$(am__dirstamp)
-krb5/indicate_mechs.lo: krb5/$(am__dirstamp)
-krb5/init.lo: krb5/$(am__dirstamp)
-krb5/init_sec_context.lo: krb5/$(am__dirstamp)
-krb5/inquire_context.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred_by_mech.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred_by_oid.lo: krb5/$(am__dirstamp)
-krb5/inquire_mechs_for_name.lo: krb5/$(am__dirstamp)
-krb5/inquire_names_for_mech.lo: krb5/$(am__dirstamp)
-krb5/inquire_sec_context_by_oid.lo: krb5/$(am__dirstamp)
-krb5/process_context_token.lo: krb5/$(am__dirstamp)
-krb5/prf.lo: krb5/$(am__dirstamp)
-krb5/release_buffer.lo: krb5/$(am__dirstamp)
-krb5/release_cred.lo: krb5/$(am__dirstamp)
-krb5/release_name.lo: krb5/$(am__dirstamp)
-krb5/sequence.lo: krb5/$(am__dirstamp)
-krb5/set_cred_option.lo: krb5/$(am__dirstamp)
-krb5/set_sec_context_option.lo: krb5/$(am__dirstamp)
-krb5/ticket_flags.lo: krb5/$(am__dirstamp)
-krb5/unwrap.lo: krb5/$(am__dirstamp)
-krb5/v1.lo: krb5/$(am__dirstamp)
-krb5/verify_mic.lo: krb5/$(am__dirstamp)
-krb5/wrap.lo: krb5/$(am__dirstamp)
-mech/$(am__dirstamp):
-	@$(MKDIR_P) mech
-	@: > mech/$(am__dirstamp)
-mech/context.lo: mech/$(am__dirstamp)
-mech/gss_accept_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_acquire_cred.lo: mech/$(am__dirstamp)
-mech/gss_add_cred.lo: mech/$(am__dirstamp)
-mech/gss_add_oid_set_member.lo: mech/$(am__dirstamp)
-mech/gss_buffer_set.lo: mech/$(am__dirstamp)
-mech/gss_canonicalize_name.lo: mech/$(am__dirstamp)
-mech/gss_compare_name.lo: mech/$(am__dirstamp)
-mech/gss_context_time.lo: mech/$(am__dirstamp)
-mech/gss_create_empty_oid_set.lo: mech/$(am__dirstamp)
-mech/gss_decapsulate_token.lo: mech/$(am__dirstamp)
-mech/gss_delete_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_display_name.lo: mech/$(am__dirstamp)
-mech/gss_display_status.lo: mech/$(am__dirstamp)
-mech/gss_duplicate_name.lo: mech/$(am__dirstamp)
-mech/gss_duplicate_oid.lo: mech/$(am__dirstamp)
-mech/gss_encapsulate_token.lo: mech/$(am__dirstamp)
-mech/gss_export_name.lo: mech/$(am__dirstamp)
-mech/gss_export_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_get_mic.lo: mech/$(am__dirstamp)
-mech/gss_import_name.lo: mech/$(am__dirstamp)
-mech/gss_import_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_indicate_mechs.lo: mech/$(am__dirstamp)
-mech/gss_init_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_inquire_context.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred_by_mech.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred_by_oid.lo: mech/$(am__dirstamp)
-mech/gss_inquire_mechs_for_name.lo: mech/$(am__dirstamp)
-mech/gss_inquire_names_for_mech.lo: mech/$(am__dirstamp)
-mech/gss_krb5.lo: mech/$(am__dirstamp)
-mech/gss_mech_switch.lo: mech/$(am__dirstamp)
-mech/gss_names.lo: mech/$(am__dirstamp)
-mech/gss_oid_equal.lo: mech/$(am__dirstamp)
-mech/gss_oid_to_str.lo: mech/$(am__dirstamp)
-mech/gss_process_context_token.lo: mech/$(am__dirstamp)
-mech/gss_pseudo_random.lo: mech/$(am__dirstamp)
-mech/gss_release_buffer.lo: mech/$(am__dirstamp)
-mech/gss_release_cred.lo: mech/$(am__dirstamp)
-mech/gss_release_name.lo: mech/$(am__dirstamp)
-mech/gss_release_oid.lo: mech/$(am__dirstamp)
-mech/gss_release_oid_set.lo: mech/$(am__dirstamp)
-mech/gss_seal.lo: mech/$(am__dirstamp)
-mech/gss_set_cred_option.lo: mech/$(am__dirstamp)
-mech/gss_set_sec_context_option.lo: mech/$(am__dirstamp)
-mech/gss_sign.lo: mech/$(am__dirstamp)
-mech/gss_test_oid_set_member.lo: mech/$(am__dirstamp)
-mech/gss_unseal.lo: mech/$(am__dirstamp)
-mech/gss_unwrap.lo: mech/$(am__dirstamp)
-mech/gss_utils.lo: mech/$(am__dirstamp)
-mech/gss_verify.lo: mech/$(am__dirstamp)
-mech/gss_verify_mic.lo: mech/$(am__dirstamp)
-mech/gss_wrap.lo: mech/$(am__dirstamp)
-mech/gss_wrap_size_limit.lo: mech/$(am__dirstamp)
-mech/gss_inquire_sec_context_by_oid.lo: mech/$(am__dirstamp)
-ntlm/$(am__dirstamp):
-	@$(MKDIR_P) ntlm
-	@: > ntlm/$(am__dirstamp)
-ntlm/accept_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/acquire_cred.lo: ntlm/$(am__dirstamp)
-ntlm/add_cred.lo: ntlm/$(am__dirstamp)
-ntlm/canonicalize_name.lo: ntlm/$(am__dirstamp)
-ntlm/compare_name.lo: ntlm/$(am__dirstamp)
-ntlm/context_time.lo: ntlm/$(am__dirstamp)
-ntlm/crypto.lo: ntlm/$(am__dirstamp)
-ntlm/delete_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/display_name.lo: ntlm/$(am__dirstamp)
-ntlm/display_status.lo: ntlm/$(am__dirstamp)
-ntlm/duplicate_name.lo: ntlm/$(am__dirstamp)
-ntlm/export_name.lo: ntlm/$(am__dirstamp)
-ntlm/export_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/external.lo: ntlm/$(am__dirstamp)
-ntlm/import_name.lo: ntlm/$(am__dirstamp)
-ntlm/import_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/indicate_mechs.lo: ntlm/$(am__dirstamp)
-ntlm/init_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_context.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_cred.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_cred_by_mech.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_mechs_for_name.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_names_for_mech.lo: ntlm/$(am__dirstamp)
-ntlm/process_context_token.lo: ntlm/$(am__dirstamp)
-ntlm/release_cred.lo: ntlm/$(am__dirstamp)
-ntlm/release_name.lo: ntlm/$(am__dirstamp)
-ntlm/digest.lo: ntlm/$(am__dirstamp)
-spnego/$(am__dirstamp):
-	@$(MKDIR_P) spnego
-	@: > spnego/$(am__dirstamp)
-spnego/accept_sec_context.lo: spnego/$(am__dirstamp)
-spnego/compat.lo: spnego/$(am__dirstamp)
-spnego/context_stubs.lo: spnego/$(am__dirstamp)
-spnego/cred_stubs.lo: spnego/$(am__dirstamp)
-spnego/external.lo: spnego/$(am__dirstamp)
-spnego/init_sec_context.lo: spnego/$(am__dirstamp)
-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) 
-	$(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-gss$(EXEEXT): $(gss_OBJECTS) $(gss_DEPENDENCIES) 
-	@rm -f gss$(EXEEXT)
-	$(LINK) $(gss_OBJECTS) $(gss_LDADD) $(LIBS)
-test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES) 
-	@rm -f test_acquire_cred$(EXEEXT)
-	$(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS)
-krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp)
-test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES) 
-	@rm -f test_cfx$(EXEEXT)
-	$(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS)
-test_context$(EXEEXT): $(test_context_OBJECTS) $(test_context_DEPENDENCIES) 
-	@rm -f test_context$(EXEEXT)
-	$(LINK) $(test_context_OBJECTS) $(test_context_LDADD) $(LIBS)
-test_cred$(EXEEXT): $(test_cred_OBJECTS) $(test_cred_DEPENDENCIES) 
-	@rm -f test_cred$(EXEEXT)
-	$(LINK) $(test_cred_OBJECTS) $(test_cred_LDADD) $(LIBS)
-test_kcred$(EXEEXT): $(test_kcred_OBJECTS) $(test_kcred_DEPENDENCIES) 
-	@rm -f test_kcred$(EXEEXT)
-	$(LINK) $(test_kcred_OBJECTS) $(test_kcred_LDADD) $(LIBS)
-test_names$(EXEEXT): $(test_names_OBJECTS) $(test_names_DEPENDENCIES) 
-	@rm -f test_names$(EXEEXT)
-	$(LINK) $(test_names_OBJECTS) $(test_names_LDADD) $(LIBS)
-test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) 
-	@rm -f test_ntlm$(EXEEXT)
-	$(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
-test_oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES) 
-	@rm -f test_oid$(EXEEXT)
-	$(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-	-rm -f krb5/8003.$(OBJEXT)
-	-rm -f krb5/8003.lo
-	-rm -f krb5/accept_sec_context.$(OBJEXT)
-	-rm -f krb5/accept_sec_context.lo
-	-rm -f krb5/acquire_cred.$(OBJEXT)
-	-rm -f krb5/acquire_cred.lo
-	-rm -f krb5/add_cred.$(OBJEXT)
-	-rm -f krb5/add_cred.lo
-	-rm -f krb5/address_to_krb5addr.$(OBJEXT)
-	-rm -f krb5/address_to_krb5addr.lo
-	-rm -f krb5/arcfour.$(OBJEXT)
-	-rm -f krb5/arcfour.lo
-	-rm -f krb5/canonicalize_name.$(OBJEXT)
-	-rm -f krb5/canonicalize_name.lo
-	-rm -f krb5/ccache_name.$(OBJEXT)
-	-rm -f krb5/ccache_name.lo
-	-rm -f krb5/cfx.$(OBJEXT)
-	-rm -f krb5/cfx.lo
-	-rm -f krb5/compare_name.$(OBJEXT)
-	-rm -f krb5/compare_name.lo
-	-rm -f krb5/compat.$(OBJEXT)
-	-rm -f krb5/compat.lo
-	-rm -f krb5/context_time.$(OBJEXT)
-	-rm -f krb5/context_time.lo
-	-rm -f krb5/copy_ccache.$(OBJEXT)
-	-rm -f krb5/copy_ccache.lo
-	-rm -f krb5/decapsulate.$(OBJEXT)
-	-rm -f krb5/decapsulate.lo
-	-rm -f krb5/delete_sec_context.$(OBJEXT)
-	-rm -f krb5/delete_sec_context.lo
-	-rm -f krb5/display_name.$(OBJEXT)
-	-rm -f krb5/display_name.lo
-	-rm -f krb5/display_status.$(OBJEXT)
-	-rm -f krb5/display_status.lo
-	-rm -f krb5/duplicate_name.$(OBJEXT)
-	-rm -f krb5/duplicate_name.lo
-	-rm -f krb5/encapsulate.$(OBJEXT)
-	-rm -f krb5/encapsulate.lo
-	-rm -f krb5/export_name.$(OBJEXT)
-	-rm -f krb5/export_name.lo
-	-rm -f krb5/export_sec_context.$(OBJEXT)
-	-rm -f krb5/export_sec_context.lo
-	-rm -f krb5/external.$(OBJEXT)
-	-rm -f krb5/external.lo
-	-rm -f krb5/get_mic.$(OBJEXT)
-	-rm -f krb5/get_mic.lo
-	-rm -f krb5/import_name.$(OBJEXT)
-	-rm -f krb5/import_name.lo
-	-rm -f krb5/import_sec_context.$(OBJEXT)
-	-rm -f krb5/import_sec_context.lo
-	-rm -f krb5/indicate_mechs.$(OBJEXT)
-	-rm -f krb5/indicate_mechs.lo
-	-rm -f krb5/init.$(OBJEXT)
-	-rm -f krb5/init.lo
-	-rm -f krb5/init_sec_context.$(OBJEXT)
-	-rm -f krb5/init_sec_context.lo
-	-rm -f krb5/inquire_context.$(OBJEXT)
-	-rm -f krb5/inquire_context.lo
-	-rm -f krb5/inquire_cred.$(OBJEXT)
-	-rm -f krb5/inquire_cred.lo
-	-rm -f krb5/inquire_cred_by_mech.$(OBJEXT)
-	-rm -f krb5/inquire_cred_by_mech.lo
-	-rm -f krb5/inquire_cred_by_oid.$(OBJEXT)
-	-rm -f krb5/inquire_cred_by_oid.lo
-	-rm -f krb5/inquire_mechs_for_name.$(OBJEXT)
-	-rm -f krb5/inquire_mechs_for_name.lo
-	-rm -f krb5/inquire_names_for_mech.$(OBJEXT)
-	-rm -f krb5/inquire_names_for_mech.lo
-	-rm -f krb5/inquire_sec_context_by_oid.$(OBJEXT)
-	-rm -f krb5/inquire_sec_context_by_oid.lo
-	-rm -f krb5/prf.$(OBJEXT)
-	-rm -f krb5/prf.lo
-	-rm -f krb5/process_context_token.$(OBJEXT)
-	-rm -f krb5/process_context_token.lo
-	-rm -f krb5/release_buffer.$(OBJEXT)
-	-rm -f krb5/release_buffer.lo
-	-rm -f krb5/release_cred.$(OBJEXT)
-	-rm -f krb5/release_cred.lo
-	-rm -f krb5/release_name.$(OBJEXT)
-	-rm -f krb5/release_name.lo
-	-rm -f krb5/sequence.$(OBJEXT)
-	-rm -f krb5/sequence.lo
-	-rm -f krb5/set_cred_option.$(OBJEXT)
-	-rm -f krb5/set_cred_option.lo
-	-rm -f krb5/set_sec_context_option.$(OBJEXT)
-	-rm -f krb5/set_sec_context_option.lo
-	-rm -f krb5/test_cfx.$(OBJEXT)
-	-rm -f krb5/ticket_flags.$(OBJEXT)
-	-rm -f krb5/ticket_flags.lo
-	-rm -f krb5/unwrap.$(OBJEXT)
-	-rm -f krb5/unwrap.lo
-	-rm -f krb5/v1.$(OBJEXT)
-	-rm -f krb5/v1.lo
-	-rm -f krb5/verify_mic.$(OBJEXT)
-	-rm -f krb5/verify_mic.lo
-	-rm -f krb5/wrap.$(OBJEXT)
-	-rm -f krb5/wrap.lo
-	-rm -f mech/context.$(OBJEXT)
-	-rm -f mech/context.lo
-	-rm -f mech/gss_accept_sec_context.$(OBJEXT)
-	-rm -f mech/gss_accept_sec_context.lo
-	-rm -f mech/gss_acquire_cred.$(OBJEXT)
-	-rm -f mech/gss_acquire_cred.lo
-	-rm -f mech/gss_add_cred.$(OBJEXT)
-	-rm -f mech/gss_add_cred.lo
-	-rm -f mech/gss_add_oid_set_member.$(OBJEXT)
-	-rm -f mech/gss_add_oid_set_member.lo
-	-rm -f mech/gss_buffer_set.$(OBJEXT)
-	-rm -f mech/gss_buffer_set.lo
-	-rm -f mech/gss_canonicalize_name.$(OBJEXT)
-	-rm -f mech/gss_canonicalize_name.lo
-	-rm -f mech/gss_compare_name.$(OBJEXT)
-	-rm -f mech/gss_compare_name.lo
-	-rm -f mech/gss_context_time.$(OBJEXT)
-	-rm -f mech/gss_context_time.lo
-	-rm -f mech/gss_create_empty_oid_set.$(OBJEXT)
-	-rm -f mech/gss_create_empty_oid_set.lo
-	-rm -f mech/gss_decapsulate_token.$(OBJEXT)
-	-rm -f mech/gss_decapsulate_token.lo
-	-rm -f mech/gss_delete_sec_context.$(OBJEXT)
-	-rm -f mech/gss_delete_sec_context.lo
-	-rm -f mech/gss_display_name.$(OBJEXT)
-	-rm -f mech/gss_display_name.lo
-	-rm -f mech/gss_display_status.$(OBJEXT)
-	-rm -f mech/gss_display_status.lo
-	-rm -f mech/gss_duplicate_name.$(OBJEXT)
-	-rm -f mech/gss_duplicate_name.lo
-	-rm -f mech/gss_duplicate_oid.$(OBJEXT)
-	-rm -f mech/gss_duplicate_oid.lo
-	-rm -f mech/gss_encapsulate_token.$(OBJEXT)
-	-rm -f mech/gss_encapsulate_token.lo
-	-rm -f mech/gss_export_name.$(OBJEXT)
-	-rm -f mech/gss_export_name.lo
-	-rm -f mech/gss_export_sec_context.$(OBJEXT)
-	-rm -f mech/gss_export_sec_context.lo
-	-rm -f mech/gss_get_mic.$(OBJEXT)
-	-rm -f mech/gss_get_mic.lo
-	-rm -f mech/gss_import_name.$(OBJEXT)
-	-rm -f mech/gss_import_name.lo
-	-rm -f mech/gss_import_sec_context.$(OBJEXT)
-	-rm -f mech/gss_import_sec_context.lo
-	-rm -f mech/gss_indicate_mechs.$(OBJEXT)
-	-rm -f mech/gss_indicate_mechs.lo
-	-rm -f mech/gss_init_sec_context.$(OBJEXT)
-	-rm -f mech/gss_init_sec_context.lo
-	-rm -f mech/gss_inquire_context.$(OBJEXT)
-	-rm -f mech/gss_inquire_context.lo
-	-rm -f mech/gss_inquire_cred.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred.lo
-	-rm -f mech/gss_inquire_cred_by_mech.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred_by_mech.lo
-	-rm -f mech/gss_inquire_cred_by_oid.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred_by_oid.lo
-	-rm -f mech/gss_inquire_mechs_for_name.$(OBJEXT)
-	-rm -f mech/gss_inquire_mechs_for_name.lo
-	-rm -f mech/gss_inquire_names_for_mech.$(OBJEXT)
-	-rm -f mech/gss_inquire_names_for_mech.lo
-	-rm -f mech/gss_inquire_sec_context_by_oid.$(OBJEXT)
-	-rm -f mech/gss_inquire_sec_context_by_oid.lo
-	-rm -f mech/gss_krb5.$(OBJEXT)
-	-rm -f mech/gss_krb5.lo
-	-rm -f mech/gss_mech_switch.$(OBJEXT)
-	-rm -f mech/gss_mech_switch.lo
-	-rm -f mech/gss_names.$(OBJEXT)
-	-rm -f mech/gss_names.lo
-	-rm -f mech/gss_oid_equal.$(OBJEXT)
-	-rm -f mech/gss_oid_equal.lo
-	-rm -f mech/gss_oid_to_str.$(OBJEXT)
-	-rm -f mech/gss_oid_to_str.lo
-	-rm -f mech/gss_process_context_token.$(OBJEXT)
-	-rm -f mech/gss_process_context_token.lo
-	-rm -f mech/gss_pseudo_random.$(OBJEXT)
-	-rm -f mech/gss_pseudo_random.lo
-	-rm -f mech/gss_release_buffer.$(OBJEXT)
-	-rm -f mech/gss_release_buffer.lo
-	-rm -f mech/gss_release_cred.$(OBJEXT)
-	-rm -f mech/gss_release_cred.lo
-	-rm -f mech/gss_release_name.$(OBJEXT)
-	-rm -f mech/gss_release_name.lo
-	-rm -f mech/gss_release_oid.$(OBJEXT)
-	-rm -f mech/gss_release_oid.lo
-	-rm -f mech/gss_release_oid_set.$(OBJEXT)
-	-rm -f mech/gss_release_oid_set.lo
-	-rm -f mech/gss_seal.$(OBJEXT)
-	-rm -f mech/gss_seal.lo
-	-rm -f mech/gss_set_cred_option.$(OBJEXT)
-	-rm -f mech/gss_set_cred_option.lo
-	-rm -f mech/gss_set_sec_context_option.$(OBJEXT)
-	-rm -f mech/gss_set_sec_context_option.lo
-	-rm -f mech/gss_sign.$(OBJEXT)
-	-rm -f mech/gss_sign.lo
-	-rm -f mech/gss_test_oid_set_member.$(OBJEXT)
-	-rm -f mech/gss_test_oid_set_member.lo
-	-rm -f mech/gss_unseal.$(OBJEXT)
-	-rm -f mech/gss_unseal.lo
-	-rm -f mech/gss_unwrap.$(OBJEXT)
-	-rm -f mech/gss_unwrap.lo
-	-rm -f mech/gss_utils.$(OBJEXT)
-	-rm -f mech/gss_utils.lo
-	-rm -f mech/gss_verify.$(OBJEXT)
-	-rm -f mech/gss_verify.lo
-	-rm -f mech/gss_verify_mic.$(OBJEXT)
-	-rm -f mech/gss_verify_mic.lo
-	-rm -f mech/gss_wrap.$(OBJEXT)
-	-rm -f mech/gss_wrap.lo
-	-rm -f mech/gss_wrap_size_limit.$(OBJEXT)
-	-rm -f mech/gss_wrap_size_limit.lo
-	-rm -f ntlm/accept_sec_context.$(OBJEXT)
-	-rm -f ntlm/accept_sec_context.lo
-	-rm -f ntlm/acquire_cred.$(OBJEXT)
-	-rm -f ntlm/acquire_cred.lo
-	-rm -f ntlm/add_cred.$(OBJEXT)
-	-rm -f ntlm/add_cred.lo
-	-rm -f ntlm/canonicalize_name.$(OBJEXT)
-	-rm -f ntlm/canonicalize_name.lo
-	-rm -f ntlm/compare_name.$(OBJEXT)
-	-rm -f ntlm/compare_name.lo
-	-rm -f ntlm/context_time.$(OBJEXT)
-	-rm -f ntlm/context_time.lo
-	-rm -f ntlm/crypto.$(OBJEXT)
-	-rm -f ntlm/crypto.lo
-	-rm -f ntlm/delete_sec_context.$(OBJEXT)
-	-rm -f ntlm/delete_sec_context.lo
-	-rm -f ntlm/digest.$(OBJEXT)
-	-rm -f ntlm/digest.lo
-	-rm -f ntlm/display_name.$(OBJEXT)
-	-rm -f ntlm/display_name.lo
-	-rm -f ntlm/display_status.$(OBJEXT)
-	-rm -f ntlm/display_status.lo
-	-rm -f ntlm/duplicate_name.$(OBJEXT)
-	-rm -f ntlm/duplicate_name.lo
-	-rm -f ntlm/export_name.$(OBJEXT)
-	-rm -f ntlm/export_name.lo
-	-rm -f ntlm/export_sec_context.$(OBJEXT)
-	-rm -f ntlm/export_sec_context.lo
-	-rm -f ntlm/external.$(OBJEXT)
-	-rm -f ntlm/external.lo
-	-rm -f ntlm/import_name.$(OBJEXT)
-	-rm -f ntlm/import_name.lo
-	-rm -f ntlm/import_sec_context.$(OBJEXT)
-	-rm -f ntlm/import_sec_context.lo
-	-rm -f ntlm/indicate_mechs.$(OBJEXT)
-	-rm -f ntlm/indicate_mechs.lo
-	-rm -f ntlm/init_sec_context.$(OBJEXT)
-	-rm -f ntlm/init_sec_context.lo
-	-rm -f ntlm/inquire_context.$(OBJEXT)
-	-rm -f ntlm/inquire_context.lo
-	-rm -f ntlm/inquire_cred.$(OBJEXT)
-	-rm -f ntlm/inquire_cred.lo
-	-rm -f ntlm/inquire_cred_by_mech.$(OBJEXT)
-	-rm -f ntlm/inquire_cred_by_mech.lo
-	-rm -f ntlm/inquire_mechs_for_name.$(OBJEXT)
-	-rm -f ntlm/inquire_mechs_for_name.lo
-	-rm -f ntlm/inquire_names_for_mech.$(OBJEXT)
-	-rm -f ntlm/inquire_names_for_mech.lo
-	-rm -f ntlm/process_context_token.$(OBJEXT)
-	-rm -f ntlm/process_context_token.lo
-	-rm -f ntlm/release_cred.$(OBJEXT)
-	-rm -f ntlm/release_cred.lo
-	-rm -f ntlm/release_name.$(OBJEXT)
-	-rm -f ntlm/release_name.lo
-	-rm -f spnego/accept_sec_context.$(OBJEXT)
-	-rm -f spnego/accept_sec_context.lo
-	-rm -f spnego/compat.$(OBJEXT)
-	-rm -f spnego/compat.lo
-	-rm -f spnego/context_stubs.$(OBJEXT)
-	-rm -f spnego/context_stubs.lo
-	-rm -f spnego/cred_stubs.$(OBJEXT)
-	-rm -f spnego/cred_stubs.lo
-	-rm -f spnego/external.$(OBJEXT)
-	-rm -f spnego/external.lo
-	-rm -f spnego/init_sec_context.$(OBJEXT)
-	-rm -f spnego/init_sec_context.lo
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c -o $@ $<
-
-.c.obj:
-	$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-	-rm -rf krb5/.libs krb5/_libs
-	-rm -rf mech/.libs mech/_libs
-	-rm -rf ntlm/.libs ntlm/_libs
-	-rm -rf spnego/.libs spnego/_libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nobase_includeHEADERS: $(nobase_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@$(am__vpath_adj_setup) \
-	list='$(nobase_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  $(am__vpath_adj) \
-	  echo " $(nobase_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nobase_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nobase_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@$(am__vpath_adj_setup) \
-	list='$(nobase_include_HEADERS)'; for p in $$list; do \
-	  $(am__vpath_adj) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_gssapiHEADERS: $(nodist_gssapi_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(gssapidir)" || $(MKDIR_P) "$(DESTDIR)$(gssapidir)"
-	@list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_gssapiHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(gssapidir)/$$f'"; \
-	  $(nodist_gssapiHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(gssapidir)/$$f"; \
-	done
-
-uninstall-nodist_gssapiHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(gssapidir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(gssapidir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(gssapidir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-rm -f krb5/$(am__dirstamp)
-	-rm -f mech/$(am__dirstamp)
-	-rm -f ntlm/$(am__dirstamp)
-	-rm -f spnego/$(am__dirstamp)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man \
-	install-nobase_includeHEADERS install-nodist_gssapiHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nobase_includeHEADERS uninstall-nodist_gssapiHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man5
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man \
-	install-man3 install-man5 install-nobase_includeHEADERS \
-	install-nodist_gssapiHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
-	uninstall-man5 uninstall-nobase_includeHEADERS \
-	uninstall-nodist_gssapiHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(srcdir)/ntlm/ntlm-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
-
-$(spnego_files) spnego_asn1.h: spnego_asn1_files
-$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
-
-spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
-	../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
-
-gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
-
-$(srcdir)/krb5/gsskrb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
-
-$(srcdir)/spnego/spnego-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
-
-gss-commands.c gss-commands.h: gss-commands.in
-	$(SLC) $(srcdir)/gss-commands.in
-
-$(gss_OBJECTS): gss-commands.h
-
-# to help stupid solaris make
-
-$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
-
-gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
-	$(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
deleted file mode 100644
index d923c36..0000000
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $");
-
-krb5_keytab gssapi_krb5_keytab;
-
-OM_uint32
-gsskrb5_register_acceptor_identity (const char *identity)
-{
-    krb5_error_code ret;
-    char *p;
-
-    ret = gssapi_krb5_init();
-    if(ret)
-	return GSS_S_FAILURE;
-    
-    if(gssapi_krb5_keytab != NULL) {
-	krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
-	gssapi_krb5_keytab = NULL;
-    }
-    asprintf(&p, "FILE:%s", identity);
-    if(p == NULL)
-	return GSS_S_FAILURE;
-    ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
-    free(p);
-    if(ret)
-	return GSS_S_FAILURE;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_accept_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            const gss_cred_id_t acceptor_cred_handle,
-            const gss_buffer_t input_token_buffer,
-            const gss_channel_bindings_t input_chan_bindings,
-            gss_name_t * src_name,
-            gss_OID * mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec,
-            gss_cred_id_t * delegated_cred_handle
-           )
-{
-    krb5_error_code kret;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data indata;
-    krb5_flags ap_options;
-    OM_uint32 flags;
-    krb5_ticket *ticket = NULL;
-    krb5_keytab keytab = NULL;
-    krb5_data fwd_data;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT();
-
-    krb5_data_zero (&fwd_data);
-    output_token->length = 0;
-    output_token->value   = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	*context_handle = malloc(sizeof(**context_handle));
-	if (*context_handle == GSS_C_NO_CONTEXT) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    (*context_handle)->auth_context =  NULL;
-    (*context_handle)->source = NULL;
-    (*context_handle)->target = NULL;
-    (*context_handle)->flags = 0;
-    (*context_handle)->more_flags = 0;
-    (*context_handle)->ticket = NULL;
-    (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& input_chan_bindings->application_data.length ==
-	2 * sizeof((*context_handle)->auth_context->local_port)
-	) {
-     
-	/* Port numbers are expected to be in application_data.value,
-	 * initator's port first */
-     
-	krb5_address initiator_addr, acceptor_addr;
-     
-	memset(&initiator_addr, 0, sizeof(initiator_addr));
-	memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
-	(*context_handle)->auth_context->remote_port = 
-	    *(int16_t *) input_chan_bindings->application_data.value; 
-     
-	(*context_handle)->auth_context->local_port =
-	    *((int16_t *) input_chan_bindings->application_data.value + 1);
-
-     
-	kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				       &input_chan_bindings->acceptor_address,
-				       (*context_handle)->auth_context->local_port,
-				       &acceptor_addr); 
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-                             
-	kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				       &input_chan_bindings->initiator_address, 
-				       (*context_handle)->auth_context->remote_port,
-				       &initiator_addr); 
-	if (kret) {
-	    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-     
-	kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				      (*context_handle)->auth_context,
-				      &acceptor_addr,    /* local address */
-				      &initiator_addr);  /* remote address */
-     
-	krb5_free_address (gssapi_krb5_context, &initiator_addr);
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-     
-#if 0
-	free(input_chan_bindings->application_data.value);
-	input_chan_bindings->application_data.value = NULL;
-	input_chan_bindings->application_data.length = 0;
-#endif
-     
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-  
-
-
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    ret = gssapi_krb5_decapsulate (minor_status,
-				   input_token_buffer,
-				   &indata,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
-	if (gssapi_krb5_keytab != NULL) {
-	    keytab = gssapi_krb5_keytab;
-	}
-    } else if (acceptor_cred_handle->keytab != NULL) {
-	keytab = acceptor_cred_handle->keytab;
-    }
-
-    kret = krb5_rd_req (gssapi_krb5_context,
-			&(*context_handle)->auth_context,
-			&indata,
-			(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL 
-			: acceptor_cred_handle->principal,
-			keytab,
-			&ap_options,
-			&ticket);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->client,
-				&(*context_handle)->source);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->server,
-				&(*context_handle)->target);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-    if (src_name != NULL) {
-	kret = krb5_copy_principal (gssapi_krb5_context,
-				    ticket->client,
-				    src_name);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-    }
-
-    {
-	krb5_authenticator authenticator;
-      
-	kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
-					      (*context_handle)->auth_context,
-					      &authenticator);
-	if(kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-
-	ret = gssapi_krb5_verify_8003_checksum(minor_status,
-					       input_chan_bindings,
-					       authenticator->cksum,
-					       &flags,
-					       &fwd_data);
-	krb5_free_authenticator(gssapi_krb5_context, &authenticator);
-	if (ret)
-	    goto failure;
-    }
-
-    if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-	krb5_ccache ccache;
-	int32_t ac_flags;
-      
-	if (delegated_cred_handle == NULL)
-	    /* XXX Create a new delegated_cred_handle? */
-	    kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	else if (*delegated_cred_handle == NULL) {
-	    if ((*delegated_cred_handle =
-		 calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
-		ret = GSS_S_FAILURE;
-		*minor_status = ENOMEM;
-		krb5_set_error_string(gssapi_krb5_context, "out of memory");
-		gssapi_krb5_set_error_string();
-		goto failure;
-	    }
-	    if ((ret = gss_duplicate_name(minor_status, ticket->client,
-					  &(*delegated_cred_handle)->principal)) != 0) {
-		flags &= ~GSS_C_DELEG_FLAG;
-		free(*delegated_cred_handle);
-		*delegated_cred_handle = NULL;
-		goto end_fwd;
-	    }
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->ccache == NULL) {
-            kret = krb5_cc_gen_new (gssapi_krb5_context,
-                                    &krb5_mcc_ops,
-                                    &(*delegated_cred_handle)->ccache);
-	    ccache = (*delegated_cred_handle)->ccache;
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->mechanisms == NULL) {
-	    ret = gss_create_empty_oid_set(minor_status, 
-					   &(*delegated_cred_handle)->mechanisms);
-            if (ret)
-		goto failure;
-	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-					 &(*delegated_cred_handle)->mechanisms);
-	    if (ret)
-		goto failure;
-	}
-
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	kret = krb5_cc_initialize(gssapi_krb5_context,
-				  ccache,
-				  *src_name);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &ac_flags);
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
-	kret = krb5_rd_cred2(gssapi_krb5_context,
-			     (*context_handle)->auth_context,
-			     ccache,
-			     &fwd_data);
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       ac_flags);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-
-      end_fwd:
-	free(fwd_data.data);
-    }
-         
-
-    flags |= GSS_C_TRANS_FLAG;
-
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->lifetime = ticket->ticket.endtime;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= OPEN;
-
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   (*context_handle)->lifetime,
-				   time_rec);
-	if (ret)
-	    goto failure;
-    }
-
-    if(flags & GSS_C_MUTUAL_FLAG) {
-	krb5_data outbuf;
-
-	kret = krb5_mk_rep (gssapi_krb5_context,
-			    (*context_handle)->auth_context,
-			    &outbuf);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-	ret = gssapi_krb5_encapsulate (minor_status,
-				       &outbuf,
-				       output_token,
-				       "\x02\x00");
-	krb5_data_free (&outbuf);
-	if (ret)
-	    goto failure;
-    } else {
-	output_token->length = 0;
-	output_token->value = NULL;
-    }
-
-    (*context_handle)->ticket = ticket;
-    ticket = NULL;
-
-#if 0
-    krb5_free_ticket (context, ticket);
-#endif
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-
-  failure:
-    if (fwd_data.length > 0)
-	free(fwd_data.data);
-    if (ticket != NULL)
-	krb5_free_ticket (gssapi_krb5_context, ticket);
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    if (src_name != NULL) {
-	gss_release_name (&minor, src_name);
-	*src_name = NULL;
-    }
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
deleted file mode 100644
index dfe2b4c..0000000
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $");
-
-static krb5_error_code
-get_keytab(krb5_keytab *keytab)
-{
-    char kt_name[256];
-    krb5_error_code kret;
-
-    if (gssapi_krb5_keytab != NULL) {
-	kret = krb5_kt_get_name(gssapi_krb5_context,
-				gssapi_krb5_keytab,
-				kt_name, sizeof(kt_name));
-	if (kret == 0)
-	    kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
-    } else
-	kret = krb5_kt_default(gssapi_krb5_context, keytab);
-    return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_creds cred;
-    krb5_principal def_princ;
-    krb5_get_init_creds_opt opt;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_error_code kret;
-
-    keytab = NULL;
-    ccache = NULL;
-    def_princ = NULL;
-    ret = GSS_S_FAILURE;
-    memset(&cred, 0, sizeof(cred));
-
-    kret = krb5_cc_default(gssapi_krb5_context, &ccache);
-    if (kret)
-	goto end;
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
-	&def_princ);
-    if (kret != 0) {
-	/* we'll try to use a keytab below */
-	krb5_cc_destroy(gssapi_krb5_context, ccache);
-	ccache = NULL;
-	kret = 0;
-    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
-	    &handle->principal);
-	if (kret)
-	    goto end;
-    } else if (handle->principal != NULL &&
-	krb5_principal_compare(gssapi_krb5_context, handle->principal,
-	def_princ) == FALSE) {
-	/* Before failing, lets check the keytab */
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-	def_princ = NULL;
-    }
-    if (def_princ == NULL) {
-	/* We have no existing credentials cache,
-	 * so attempt to get a TGT using a keytab.
-	 */
-	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(gssapi_krb5_context,
-		&handle->principal);
-	    if (kret)
-		goto end;
-	}
-	kret = get_keytab(&keytab);
-	if (kret)
-	    goto end;
-	krb5_get_init_creds_opt_init(&opt);
-	kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
-	    handle->principal, keytab, 0, NULL, &opt);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
-		&ccache);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
-	if (kret)
-	    goto end;
-	handle->lifetime = cred.times.endtime;
-    } else {
-	krb5_creds in_cred, *out_cred;
-	krb5_const_realm realm;
-
-	memset(&in_cred, 0, sizeof(in_cred));
-	in_cred.client = handle->principal;
-	
-	realm = krb5_principal_get_realm(gssapi_krb5_context, 
-					 handle->principal);
-	if (realm == NULL) {
-	    kret = KRB5_PRINC_NOMATCH; /* XXX */
-	    goto end;
-	}
-
-	kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, 
-				   realm, KRB5_TGS_NAME, realm, NULL);
-	if (kret)
-	    goto end;
-
-	kret = krb5_get_credentials(gssapi_krb5_context, 0, 
-				    ccache, &in_cred, &out_cred);
-	krb5_free_principal(gssapi_krb5_context, in_cred.server);
-	if (kret)
-	    goto end;
-
-	handle->lifetime = out_cred->times.endtime;
-	krb5_free_creds(gssapi_krb5_context, out_cred);
-    }
-
-    handle->ccache = ccache;
-    ret = GSS_S_COMPLETE;
-
-end:
-    if (cred.client != NULL)
-	krb5_free_creds_contents(gssapi_krb5_context, &cred);
-    if (def_princ != NULL)
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-    if (keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, keytab);
-    if (ret != GSS_S_COMPLETE) {
-	if (ccache != NULL)
-	    krb5_cc_close(gssapi_krb5_context, ccache);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-
-    kret = 0;
-    ret = GSS_S_FAILURE;
-    kret = get_keytab(&handle->keytab);
-    if (kret)
-	goto end;
-    ret = GSS_S_COMPLETE;
- 
-end:
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->keytab != NULL)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * minor_status,
-            const gss_name_t desired_name,
-            OM_uint32 time_req,
-            const gss_OID_set desired_mechs,
-            gss_cred_usage_t cred_usage,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * time_rec
-           )
-{
-    gss_cred_id_t handle;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT ();
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-
-    if (desired_mechs) {
-	OM_uint32 present = 0;
-
-	ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				      desired_mechs, &present); 
-	if (ret)
-	    return ret;
-	if (!present) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_MECH;
-	}
-    }
-
-    handle = (gss_cred_id_t)malloc(sizeof(*handle));
-    if (handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-
-    memset(handle, 0, sizeof (*handle));
-
-    if (desired_name != GSS_C_NO_NAME) {
-	ret = gss_duplicate_name(minor_status, desired_name,
-	    &handle->principal);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    }
-    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-    	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else {
-	free(handle);
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return GSS_S_FAILURE;
-    }
-    ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				 &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
-			   actual_mechs);
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->mechanisms != NULL)
-		gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-	return (ret);
-    } 
-    *minor_status = 0;
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   handle->lifetime,
-				   time_rec);
-
-	if (ret)
-	    return ret;
-    }
-    handle->usage = cred_usage;
-    *output_cred_handle = handle;
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c
deleted file mode 100644
index 53d4f33..0000000
--- a/crypto/heimdal/lib/gssapi/add_cred.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $");
-
-OM_uint32 gss_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    OM_uint32 ret, lifetime;
-    gss_cred_id_t cred, handle;
-
-    handle = NULL;
-    cred = input_cred_handle;
-
-    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    /* check if requested output usage is compatible with output usage */ 
-    if (output_cred_handle != NULL &&
-	(cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return(GSS_S_FAILURE);
-    }
-	
-    /* check that we have the same name */
-    if (desired_name != GSS_C_NO_NAME &&
-	krb5_principal_compare(gssapi_krb5_context, desired_name,
-			       cred->principal) != FALSE) {
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    /* make a copy */
-    if (output_cred_handle) {
-
-	handle = (gss_cred_id_t)malloc(sizeof(*handle));
-	if (handle == GSS_C_NO_CREDENTIAL) {
-	    *minor_status = ENOMEM;
-	    return (GSS_S_FAILURE);
-	}
-
-	memset(handle, 0, sizeof (*handle));
-
-	handle->usage = cred_usage;
-	handle->lifetime = cred->lifetime;
-	handle->principal = NULL;
-	handle->keytab = NULL;
-	handle->ccache = NULL;
-	handle->mechanisms = NULL;
-	
-	ret = GSS_S_FAILURE;
-
-	ret = gss_duplicate_name(minor_status, cred->principal,
-				 &handle->principal);
-	if (ret) {
-	    free(handle);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-
-	if (cred->keytab) {
-	    krb5_error_code kret;
-	    char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-	    int len;
-	    
-	    ret = GSS_S_FAILURE;
-
-	    kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
-				    name, KRB5_KT_PREFIX_MAX_LEN);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-	    len = strlen(name);
-	    name[len++] = ':';
-
-	    kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
-				    name + len, 
-				    sizeof(name) - len);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-
-	    kret = krb5_kt_resolve(gssapi_krb5_context, name,
-				   &handle->keytab);
-	    if (kret){
-		*minor_status = kret;
-		goto failure;
-	    }
-	}
-
-	if (cred->ccache) {
-	    krb5_error_code kret;
-	    const char *type, *name;
-	    char *type_name;
-
-	    ret = GSS_S_FAILURE;
-
-	    type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
-	    if (type == NULL){
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    if (strcmp(type, "MEMORY") == 0) {
-		ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
-				      &handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-		ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache,
-					 handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-	    } else {
-
-		name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
-		if (name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		asprintf(&type_name, "%s:%s", type, name);
-		if (type_name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
-				       &handle->ccache);
-		free(type_name);
-		if (kret) {
-		    *minor_status = kret;
-		    goto failure;
-		}	    
-	    }
-	}
-
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret)
-	    goto failure;
-
-	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-	if (ret)
-	    goto failure;
-    }
-
-    ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
-			   NULL, actual_mechs);
-    if (ret)
-	goto failure;
-
-    if (initiator_time_rec)
-	*initiator_time_rec = lifetime;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = lifetime;
-
-    if (output_cred_handle)
-	*output_cred_handle = handle;
-
-    *minor_status = 0;
-    return ret;
-
- failure:
-
-    if (handle) {
-	if (handle->principal)
-	    gss_release_name(NULL, &handle->principal);
-	if (handle->keytab)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (handle->ccache)
-	    krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
-	if (handle->mechanisms)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
deleted file mode 100644
index ed654fc..0000000
--- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member_oid,
-            gss_OID_set * oid_set
-           )
-{
-  gss_OID tmp;
-  size_t n;
-  OM_uint32 res;
-  int present;
-
-  res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
-  if (res != GSS_S_COMPLETE)
-    return res;
-
-  if (present) {
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-  }
-
-  n = (*oid_set)->count + 1;
-  tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
-  if (tmp == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->elements = tmp;
-  (*oid_set)->count = n;
-  (*oid_set)->elements[n-1] = *member_oid;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
deleted file mode 100644
index c8041aa..0000000
--- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address)
-{
-   int addr_type;
-   struct sockaddr sa;
-   int sa_size = sizeof(sa);
-   krb5_error_code problem;
-   
-   if (gss_addr == NULL)
-      return GSS_S_FAILURE; 
-   
-   switch (gss_addr_type) {
-#ifdef HAVE_IPV6
-      case GSS_C_AF_INET6: addr_type = AF_INET6;
-                           break;
-#endif /* HAVE_IPV6 */
-                           
-      case GSS_C_AF_INET:  addr_type = AF_INET;
-                           break;
-      default:
-                           return GSS_S_FAILURE;
-   }
-                      
-   problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
-				   addr_type,
-                                   gss_addr->value, 
-                                   &sa, 
-                                   &sa_size, 
-                                   port);
-   if (problem)
-      return GSS_S_FAILURE;
-
-   problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
-
-   return problem;  
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.c b/crypto/heimdal/lib/gssapi/arcfour.c
deleted file mode 100644
index 66d688c..0000000
--- a/crypto/heimdal/lib/gssapi/arcfour.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-/*
- * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- */
-
-RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
-
-static krb5_error_code
-arcfour_mic_key(krb5_context context, krb5_keyblock *key,
-		void *cksum_data, size_t cksum_size,
-		void *key6_data, size_t key6_size)
-{
-    krb5_error_code ret;
-    
-    Checksum cksum_k5;
-    krb5_keyblock key5;
-    char k5_data[16];
-    
-    Checksum cksum_k6;
-    
-    char T[4];
-
-    memset(T, 0, 4);
-    cksum_k5.checksum.data = k5_data;
-    cksum_k5.checksum.length = sizeof(k5_data);
-
-    if (key->keytype == KEYTYPE_ARCFOUR_56) {
-	char L40[14] = "fortybits";
-
-	memcpy(L40 + 10, T, sizeof(T));
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			L40, 14, 0, key, &cksum_k5);
-	memset(&k5_data[7], 0xAB, 9);
-    } else {
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			T, 4, 0, key, &cksum_k5);
-    }
-    if (ret)
-	return ret;
-
-    key5.keytype = KEYTYPE_ARCFOUR;
-    key5.keyvalue = cksum_k5.checksum;
-
-    cksum_k6.checksum.data = key6_data;
-    cksum_k6.checksum.length = key6_size;
-
-    return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-		     cksum_data, cksum_size, 0, &key5, &cksum_k6);
-}
-
-
-static krb5_error_code
-arcfour_mic_cksum(krb5_keyblock *key, unsigned usage,
-		  u_char *sgn_cksum, size_t sgn_cksum_sz,
-		  const char *v1, size_t l1,
-		  const void *v2, size_t l2,
-		  const void *v3, size_t l3)
-{
-    Checksum CKSUM;
-    u_char *ptr;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    
-    assert(sgn_cksum_sz == 8);
-
-    len = l1 + l2 + l3;
-
-    ptr = malloc(len);
-    if (ptr == NULL)
-	return ENOMEM;
-
-    memcpy(ptr, v1, l1);
-    memcpy(ptr + l1, v2, l2);
-    memcpy(ptr + l1 + l2, v3, l3);
-    
-    ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-    if (ret) {
-	free(ptr);
-	return ret;
-    }
-    
-    ret = krb5_create_checksum(gssapi_krb5_context,
-			       crypto,
-			       usage,
-			       0,
-			       ptr, len,
-			       &CKSUM);
-    free(ptr);
-    if (ret == 0) {
-	memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
-	free_Checksum(&CKSUM);
-    }
-    krb5_crypto_destroy(gssapi_krb5_context, crypto);
-
-    return ret;
-}
-
-
-OM_uint32
-_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
-			const gss_ctx_id_t context_handle,
-			gss_qop_t qop_req,
-			const gss_buffer_t message_buffer,
-			gss_buffer_t message_token,
-			krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    int32_t seq_number;
-    size_t len, total_len;
-    u_char k6_data[16], *p0, *p;
-    RC4_KEY rc4_key;
-    
-    gssapi_krb5_encap_length (22, &len, &total_len);
-    
-    message_token->length = total_len;
-    message_token->value  = malloc (total_len);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(message_token->value,
-				  len);
-    p = p0;
-    
-    *p++ = 0x01; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-    *p++ = 0xff;
-    *p++ = 0xff;
-
-    p = NULL;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
-			    p0 + 16, 8,  /* SGN_CKSUM */
-			    p0, 8, /* TOK_ID, SGN_ALG, Filer */
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	gss_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	gss_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     &seq_number);
-    p = p0 + 8; /* SND_SEQ */
-    gssapi_encode_be_om_uint32(seq_number, p);
-    
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    
-    memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
-
-    RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-    RC4 (&rc4_key, 8, p, p);
-	
-    memset(&rc4_key, 0, sizeof(rc4_key));
-    memset(k6_data, 0, sizeof(k6_data));
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32
-_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
-			   const gss_ctx_id_t context_handle,
-			   const gss_buffer_t message_buffer,
-			   const gss_buffer_t token_buffer,
-			   gss_qop_t * qop_state,
-			   krb5_keyblock *key,
-			   char *type)
-{
-    krb5_error_code ret;
-    int32_t seq_number, seq_number2;
-    OM_uint32 omret;
-    char cksum_data[8], k6_data[16], SND_SEQ[8];
-    u_char *p;
-    int cmp;
-    
-    if (qop_state)
-	*qop_state = 0;
-
-    p = token_buffer->value;
-    omret = gssapi_krb5_verify_header (&p,
-				       token_buffer->length,
-				       type);
-    if (omret)
-	return omret;
-    
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-	return GSS_S_BAD_MIC;
-    p += 4;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
-			    cksum_data, sizeof(cksum_data),
-			    p - 8, 8,
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  cksum_data, sizeof(cksum_data),
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p + 8, 8);
-    if (cmp) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p, SND_SEQ);
-	
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    memset(SND_SEQ, 0, sizeof(SND_SEQ));
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-    
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      &seq_number2);
-
-    if (seq_number != seq_number2) {
-	*minor_status = 0;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      ++seq_number2);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_arcfour(OM_uint32 * minor_status,
-		     const gss_ctx_id_t context_handle,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     const gss_buffer_t input_message_buffer,
-		     int * conf_state,
-		     gss_buffer_t output_message_buffer,
-		     krb5_keyblock *key)
-{
-    u_char Klocaldata[16], k6_data[16], *p, *p0;
-    size_t len, total_len, datalen;
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number;
-
-    if (conf_state)
-	*conf_state = 0;
-
-    datalen = input_message_buffer->length + 1 /* padding */;
-    len = datalen + 30;
-    gssapi_krb5_encap_length (len, &len, &total_len);
-
-    output_message_buffer->length = total_len;
-    output_message_buffer->value  = malloc (total_len);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(output_message_buffer->value,
-				  len);
-    p = p0;
-
-    *p++ = 0x02; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    if (conf_req_flag) {
-	*p++ = 0x10; /* SEAL_ALG */
-	*p++ = 0x00;
-    } else {
-	*p++ = 0xff; /* SEAL_ALG */
-	*p++ = 0xff;
-    }
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-
-    p = NULL;
-
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     &seq_number);
-
-    gssapi_encode_be_om_uint32(seq_number, p0 + 8);
-
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     ++seq_number);
-
-    memset (p0 + 8 + 4,
-	    (context_handle->more_flags & LOCAL) ? 0 : 0xff,
-	    4);
-
-    krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
-    
-    /* p points to data */
-    p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-    memcpy(p, input_message_buffer->value, input_message_buffer->length);
-    p[input_message_buffer->length] = 1; /* PADDING */
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
-			    p0 + 16, 8, /* SGN_CKSUM */ 
-			    p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
-			    p0 + 24, 8, /* Confounder */
-			    p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, 
-			    datalen);
-    if (ret) {
-	*minor_status = ret;
-	gss_release_buffer(minor_status, output_message_buffer);
-	return GSS_S_FAILURE;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
-			  p0 + 8, 4, /* SND_SEQ */
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-
-    if(conf_req_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	/* XXX ? */
-	RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    if (conf_state)
-	*conf_state = conf_req_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gss_ctx_id_t context_handle,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    u_char Klocaldata[16];
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number, seq_number2;
-    size_t datalen;
-    OM_uint32 omret;
-    char k6_data[16], SND_SEQ[8], Confounder[8];
-    char cksum_data[8];
-    u_char *p, *p0;
-    int cmp;
-    int conf_flag;
-    size_t padlen;
-    
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    p0 = input_message_buffer->value;
-    omret = _gssapi_verify_mech_header(&p0,
-				       input_message_buffer->length);
-    if (omret)
-	return omret;
-    p = p0;
-
-    datalen = input_message_buffer->length -
-	(p - ((u_char *)input_message_buffer->value)) - 
-	GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-
-    if (memcmp(p, "\x02\x01", 2) != 0)
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-
-    if (memcmp (p, "\x10\x00", 2) == 0)
-	conf_flag = 1;
-    else if (memcmp (p, "\xff\xff", 2) == 0)
-	conf_flag = 0;
-    else
-	return GSS_S_BAD_SIG;
-
-    p += 2;
-    if (memcmp (p, "\xff\xff", 2) != 0)
-	return GSS_S_BAD_MIC;
-    p = NULL;
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
-			  SND_SEQ, 4,
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    output_message_buffer->value = malloc(datalen);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    output_message_buffer->length = datalen;
-
-    if(conf_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
-	RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	     output_message_buffer->value);
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    } else {
-	memcpy(Confounder, p0 + 24, 8); /* Confounder */
-	memcpy(output_message_buffer->value, 
-	       p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	       datalen);
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return ret;
-    }
-    output_message_buffer->length -= padlen;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
-			    cksum_data, sizeof(cksum_data),
-			    p0, 8, 
-			    Confounder, sizeof(Confounder),
-			    output_message_buffer->value, 
-			    output_message_buffer->length + padlen);
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
-    if (cmp) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				  context_handle->auth_context,
-				  &seq_number2);
-
-    if (seq_number != seq_number2) {
-	*minor_status = 0;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      ++seq_number2);
-
-    if (conf_state)
-	*conf_state = conf_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.h b/crypto/heimdal/lib/gssapi/arcfour.h
deleted file mode 100644
index 88bdfb1..0000000
--- a/crypto/heimdal/lib/gssapi/arcfour.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
-
-#ifndef GSSAPI_ARCFOUR_H_
-#define GSSAPI_ARCFOUR_H_ 1
-
-/*
- * The arcfour message have the following formats, these are only here
- * for reference and is not used.
- */
-
-#if 0
-typedef struct gss_arcfour_mic_token {
-    u_char TOK_ID[2]; /* 01 01 */
-    u_char SGN_ALG[2]; /* 11 00 */
-    u_char Filler[4];
-    u_char SND_SEQ[8];
-    u_char SGN_CKSUM[8];
-} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
-
-typedef struct gss_arcfour_wrap_token {
-    u_char TOK_ID[2]; /* 02 01 */
-    u_char SGN_ALG[2];
-    u_char SEAL_ALG[2];
-    u_char Filler[2];
-    u_char SND_SEQ[8];
-    u_char SGN_CKSUM[8];
-    u_char Confounder[8];
-} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
-#endif
-
-#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-
-OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
-			       const gss_ctx_id_t context_handle,
-			       int conf_req_flag,
-			       gss_qop_t qop_req,
-			       const gss_buffer_t input_message_buffer,
-			       int *conf_state,
-			       gss_buffer_t output_message_buffer,
-			       krb5_keyblock *key);
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gss_ctx_id_t context_handle,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key);
-
-OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status,
-				  const gss_ctx_id_t context_handle,
-				  gss_qop_t qop_req,
-				  const gss_buffer_t message_buffer,
-				  gss_buffer_t message_token,
-				  krb5_keyblock *key);
-
-OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
-				     const gss_ctx_id_t context_handle,
-				     const gss_buffer_t message_buffer,
-				     const gss_buffer_t token_buffer,
-				     gss_qop_t *qop_state,
-				     krb5_keyblock *key,
-				     char *type);
-
-#endif /* GSSAPI_ARCFOUR_H_ */
diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c
deleted file mode 100644
index afa39f3..0000000
--- a/crypto/heimdal/lib/gssapi/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c
deleted file mode 100644
index da494b0..0000000
--- a/crypto/heimdal/lib/gssapi/compare_name.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $");
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    GSSAPI_KRB5_INIT();
-
-    *name_equal = krb5_principal_compare (gssapi_krb5_context,
-					  name1, name2);
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c
deleted file mode 100644
index 311b1cb..0000000
--- a/crypto/heimdal/lib/gssapi/compat.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, gss_name_t name, 
-	     const char *option, krb5_boolean *compat, 
-	     krb5_boolean match_val)
-{
-    krb5_error_code ret = 0;
-    char **p, **q;
-    krb5_principal match;
-
-
-    p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
-				option, NULL);
-    if(p == NULL)
-	return 0;
-
-    for(q = p; *q; q++) {
-
-	ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
-	if (ret)
-	    break;
-
-	if (krb5_principal_match(gssapi_krb5_context, name, match)) {
-	    *compat = match_val;
-	    break;
-	}
-	
-	krb5_free_principal(gssapi_krb5_context, match);
-    }
-    krb5_config_free_strings(p);
-
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    return 0;
-}
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
-{
-    krb5_boolean use_compat = TRUE;
-    OM_uint32 ret;
-
-    if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
-	ret = check_compat(minor_status, ctx->target, 
-			   "broken_des3_mic", &use_compat, TRUE);
-	if (ret)
-	    return ret;
-	ret = check_compat(minor_status, ctx->target, 
-			   "correct_des3_mic", &use_compat, FALSE);
-	if (ret)
-	    return ret;
-
-	if (use_compat)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    }
-    return 0;
-}
-
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
-    *minor_status = 0;
-
-    if (on) {
-	ctx->more_flags |= COMPAT_OLD_DES3;
-    } else {
-	ctx->more_flags &= ~COMPAT_OLD_DES3;
-    }
-    ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c
deleted file mode 100644
index daeb25f..0000000
--- a/crypto/heimdal/lib/gssapi/context_time.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $");
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *minor_status, 
-		     OM_uint32 lifetime,
-		     OM_uint32 *lifetime_rec)
-{
-    krb5_timestamp timeret;
-    krb5_error_code kret;
-
-    kret = krb5_timeofday(gssapi_krb5_context, &timeret);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-
-    if (lifetime < timeret) 
-	*lifetime_rec = 0;
-    else
-	*lifetime_rec = lifetime - timeret;
-
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32 gss_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 lifetime;
-    OM_uint32 major_status;
-
-    GSSAPI_KRB5_INIT ();
-
-    lifetime = context_handle->lifetime;
-
-    major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec);
-    if (major_status != GSS_S_COMPLETE)
-	return major_status;
-
-    *minor_status = 0;
-
-    if (*time_rec == 0)
-	return GSS_S_CONTEXT_EXPIRED;
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c
deleted file mode 100644
index 2ffe065..0000000
--- a/crypto/heimdal/lib/gssapi/copy_ccache.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $");
-
-OM_uint32
-gss_krb5_copy_ccache(OM_uint32 *minor_status,
-		     gss_cred_id_t cred,
-		     krb5_ccache out)
-{
-    krb5_error_code kret;
-
-    if (cred->ccache == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
deleted file mode 100644
index 1a25e0d..0000000
--- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * minor_status,
-            gss_OID_set * oid_set
-           )
-{
-  *oid_set = malloc(sizeof(**oid_set));
-  if (*oid_set == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->count = 0;
-  (*oid_set)->elements = NULL;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
deleted file mode 100644
index 2425453..0000000
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type)
-{
-    size_t len, len_len, mech_len, foo;
-    int e;
-    u_char *p = *str;
-
-    if (total_len < 1)
-	return GSS_S_DEFECTIVE_TOKEN;
-    if (*p++ != 0x60)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += len_len;
-    if (*p++ != 0x06)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += foo;
-    if (mech_len != GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       GSS_KRB5_MECHANISM->elements,
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    if (memcmp (p, type, 2) != 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += 2;
-    *str = p;
-    return GSS_S_COMPLETE;
-}
-
-static ssize_t
-gssapi_krb5_get_mech (const u_char *ptr,
-		      size_t total_len,
-		      const u_char **mech_ret)
-{
-    size_t len, len_len, mech_len, foo;
-    const u_char *p = ptr;
-    int e;
-
-    if (total_len < 1)
-	return -1;
-    if (*p++ != 0x60)
-	return -1;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return -1;
-    p += len_len;
-    if (*p++ != 0x06)
-	return -1;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return -1;
-    p += foo;
-    *mech_ret = p;
-    return mech_len;
-}
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len)
-{
-    const u_char *p;
-    ssize_t mech_len;
-
-    mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
-    if (mech_len < 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (mech_len != GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       GSS_KRB5_MECHANISM->elements,
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    *str = (char *)p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,    
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type
-)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = gssapi_krb5_verify_header(&p,
-				    input_token_buffer->length,
-				    type);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Verify padding of a gss wrapped message and return its length.
- */
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t wrapped_token, 
-		   size_t datalen,
-		   size_t *padlen)
-{
-    u_char *pad;
-    size_t padlength;
-    int i;
-
-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
-    padlength = *pad;
-
-    if (padlength > datalen)
-	return GSS_S_BAD_MECH;
-
-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-	;
-    if (i != 0)
-	return GSS_S_BAD_MIC;
-
-    *padlen = padlength;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c
deleted file mode 100644
index 2df1f39..0000000
--- a/crypto/heimdal/lib/gssapi/delete_sec_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t output_token
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    if ((*context_handle)->ticket) {
-	krb5_free_ticket (gssapi_krb5_context,
-			  (*context_handle)->ticket);
-	free((*context_handle)->ticket);
-    }
-
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c
deleted file mode 100644
index 27a232f..0000000
--- a/crypto/heimdal/lib/gssapi/display_name.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
-
-OM_uint32 gss_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    krb5_error_code kret;
-    char *buf;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &buf);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (buf);
-    output_name_buffer->length = len;
-    output_name_buffer->value  = malloc(len + 1);
-    if (output_name_buffer->value == NULL) {
-	free (buf);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (output_name_buffer->value, buf, len);
-    ((char *)output_name_buffer->value)[len] = '\0';
-    free (buf);
-    if (output_name_type)
-	*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
deleted file mode 100644
index d266fa4..0000000
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
-
-static char *krb5_error_string;
-
-static char *
-calling_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"A required input parameter could not be read.", /*  */
-	"A required output parameter could not be written.", /*  */
-	"A parameter was malformed"
-    };
-
-    v >>= GSS_C_CALLING_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown calling error";
-    else
-	return msgs[v];
-}
-
-static char *
-routine_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"An unsupported mechanism was requested",
-	"An invalid name was supplied",
-	"A supplied name was of an unsupported type",
-	"Incorrect channel bindings were supplied",
-	"An invalid status code was supplied",
-	"A token had an invalid MIC",
-	"No credentials were supplied, "
-	"or the credentials were unavailable or inaccessible.",
-	"No context has been established",
-	"A token was invalid",
-	"A credential was invalid",
-	"The referenced credentials have expired",
-	"The context has expired",
-	"Miscellaneous failure (see text)",
-	"The quality-of-protection requested could not be provide",
-	"The operation is forbidden by local security policy",
-	"The operation or option is not available",
-	"The requested credential element already exists",
-	"The provided name was not a mechanism name.",
-    };
-
-    v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-static char *
-supplementary_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	"normal completion",
-	"continuation call to routine required",
-	"duplicate per-message token detected",
-	"timed-out per-message token detected",
-	"reordered (early) per-message token detected",
-	"skipped predecessor token(s) detected"
-    };
-
-    v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
-    if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-void
-gssapi_krb5_set_error_string (void)
-{
-    krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
-}
-
-char *
-gssapi_krb5_get_error_string (void)
-{
-    char *ret = krb5_error_string;
-    krb5_error_string = NULL;
-    return ret;
-}
-
-OM_uint32 gss_display_status
-           (OM_uint32		*minor_status,
-	    OM_uint32		 status_value,
-	    int			 status_type,
-	    const gss_OID	 mech_type,
-	    OM_uint32		*message_context,
-	    gss_buffer_t	 status_string)
-{
-  char *buf;
-
-  GSSAPI_KRB5_INIT ();
-
-  status_string->length = 0;
-  status_string->value = NULL;
-
-  if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-      gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-      *minor_status = 0;
-      return GSS_C_GSS_CODE;
-  }
-
-  if (status_type == GSS_C_GSS_CODE) {
-      if (GSS_SUPPLEMENTARY_INFO(status_value))
-	  asprintf(&buf, "%s", 
-		   supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
-      else
-	  asprintf (&buf, "%s %s",
-		    calling_error(GSS_CALLING_ERROR(status_value)),
-		    routine_error(GSS_ROUTINE_ERROR(status_value)));
-  } else if (status_type == GSS_C_MECH_CODE) {
-      buf = gssapi_krb5_get_error_string ();
-      if (buf == NULL) {
-	  const char *tmp = krb5_get_err_text (gssapi_krb5_context,
-					       status_value);
-	  if (tmp == NULL)
-	      asprintf(&buf, "unknown mech error-code %u",
-		       (unsigned)status_value);
-	  else
-	      buf = strdup(tmp);
-      }
-  } else {
-      *minor_status = EINVAL;
-      return GSS_S_BAD_STATUS;
-  }
-
-  if (buf == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  *message_context = 0;
-  *minor_status = 0;
-
-  status_string->length = strlen(buf);
-  status_string->value  = buf;
-  
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c
deleted file mode 100644
index 2b54e90..0000000
--- a/crypto/heimdal/lib/gssapi/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				src_name,
-				dest_name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    } else {
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c
deleted file mode 100644
index f3cd1e4..0000000
--- a/crypto/heimdal/lib/gssapi/encapsulate.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $");
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len)
-{
-    size_t len_len;
-
-    *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
-
-    len_len = length_len(*len);
-
-    *total_len = 1 + len_len + *len;
-}
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type)
-{
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = GSS_KRB5_MECHANISM->length;
-    memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    p += GSS_KRB5_MECHANISM->length;
-    memcpy (p, type, 2);
-    p += 2;
-    return p;
-}
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
-			 size_t len)
-{
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = GSS_KRB5_MECHANISM->length;
-    memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    p += GSS_KRB5_MECHANISM->length;
-    return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,    
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type
-)
-{
-    size_t len, outer_len;
-    u_char *p;
-
-    gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = gssapi_krb5_make_header (output_token->value, len, type);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c
deleted file mode 100644
index c5fcbd4..0000000
--- a/crypto/heimdal/lib/gssapi/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
-
-OM_uint32 gss_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    krb5_error_code kret;
-    char *buf, *name;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (name);
-
-    exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
-    exported_name->value  = malloc(exported_name->length);
-    if (exported_name->value == NULL) {
-	free (name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    buf = exported_name->value;
-    memcpy(buf, "\x04\x01", 2);
-    buf += 2;
-    buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
-    buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
-    buf+= 2;
-    buf[0] = 0x06;
-    buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
-    buf+= 2;
-
-    memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    buf += GSS_KRB5_MECHANISM->length;
-
-    buf[0] = (len >> 24) & 0xff;
-    buf[1] = (len >> 16) & 0xff;
-    buf[2] = (len >> 8) & 0xff;
-    buf[3] = (len) & 0xff;
-    buf += 4;
-
-    memcpy (buf, name, len);
-
-    free (name);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c
deleted file mode 100644
index c7e6265..0000000
--- a/crypto/heimdal/lib/gssapi/export_sec_context.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
-
-OM_uint32
-gss_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    int flags;
-    OM_uint32 minor;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-    if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
-	*minor_status = 0;
-	return GSS_S_UNAVAILABLE;
-    }
-
-    sp = krb5_storage_emem ();
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ac = (*context_handle)->auth_context;
-
-    /* flagging included fields */
-
-    flags = 0;
-    if (ac->local_address)
-	flags |= SC_LOCAL_ADDRESS;
-    if (ac->remote_address)
-	flags |= SC_REMOTE_ADDRESS;
-    if (ac->keyblock)
-	flags |= SC_KEYBLOCK;
-    if (ac->local_subkey)
-	flags |= SC_LOCAL_SUBKEY;
-    if (ac->remote_subkey)
-	flags |= SC_REMOTE_SUBKEY;
-
-    kret = krb5_store_int32 (sp, flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* marshall auth context */
-
-    kret = krb5_store_int32 (sp, ac->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->local_address) {
-	kret = krb5_store_address (sp, *ac->local_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_address) {
-	kret = krb5_store_address (sp, *ac->remote_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int16 (sp, ac->local_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int16 (sp, ac->remote_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->keyblock) {
-	kret = krb5_store_keyblock (sp, *ac->keyblock);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->local_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->local_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int32 (sp, ac->local_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-
-    kret = krb5_store_int32 (sp, ac->keytype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ac->cksumtype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* names */
-
-    ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-
-    ret = GSS_S_FAILURE;
-
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_store_int32 (sp, (*context_handle)->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_storage_to_data (sp, &data);
-    krb5_storage_free (sp);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    interprocess_token->length = data.length;
-    interprocess_token->value  = data.data;
-    ret = gss_delete_sec_context (minor_status, context_handle,
-				  GSS_C_NO_BUFFER);
-    if (ret != GSS_S_COMPLETE)
-	gss_release_buffer (NULL, interprocess_token);
-    *minor_status = 0;
-    return ret;
- failure:
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c
deleted file mode 100644
index dca35ea..0000000
--- a/crypto/heimdal/lib/gssapi/external.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x01"};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x02"};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x03"};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, (void *)"\x2b\x06\01\x05\x06\x03"};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, (void *)"\x2b\x05\x01\x05\x02"};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-krb5_context gssapi_krb5_context;
diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
deleted file mode 100644
index 7f5b37e..0000000
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
-
-static OM_uint32
-mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int32_t seq_number;
-  size_t len, total_len;
-
-  gssapi_krb5_encap_length (22, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK_ID */
-
-  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
-  p += 4;
-
-  /* Fill in later (SND-SEQ) */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value, message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;			/* SND_SEQ */
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-  
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  Checksum cksum;
-  u_char seq[8];
-
-  int32_t seq_number;
-  size_t len, total_len;
-
-  krb5_crypto crypto;
-  krb5_error_code kret;
-  krb5_data encdata;
-  char *tmp;
-  char ivec[8];
-
-  gssapi_krb5_encap_length (36, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK-ID */
-
-  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
-  p += 4;
-
-  /* this should be done in parts */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      free (message_token->value);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (kret) {
-      free (message_token->value);
-      free (tmp);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  kret = krb5_create_checksum (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SIGN,
-			       0,
-			       tmp,
-			       message_buffer->length + 8,
-			       &cksum);
-  free (tmp);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key,
-			  ETYPE_DES3_CBC_NONE, &crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  if (context_handle->more_flags & COMPAT_OLD_DES3)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  kret = krb5_encrypt_ivec (gssapi_krb5_context,
-			    crypto,
-			    KRB5_KU_USAGE_SEQ,
-			    seq, 8, &encdata, ivec);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  free_Checksum (&cksum);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = mic_des (minor_status, context_handle, qop_req,
-		     message_buffer, message_token, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = mic_des3 (minor_status, context_handle, qop_req,
-		      message_buffer, message_token, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
-				     message_buffer, message_token, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/gss-commands.in b/crypto/heimdal/lib/gssapi/gss-commands.in
deleted file mode 100644
index 2204f2a..0000000
--- a/crypto/heimdal/lib/gssapi/gss-commands.in
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: gss-commands.in 17870 2006-07-22 14:48:58Z lha $ */
-
-command = {
-	name = "supported-mechanisms"
-	help = "Print the supported mechanisms"
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody."
-}
diff --git a/crypto/heimdal/lib/gssapi/gss.c b/crypto/heimdal/lib/gssapi/gss.c
deleted file mode 100644
index 739e830..0000000
--- a/crypto/heimdal/lib/gssapi/gss.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <rtbl.h>
-#include <gss-commands.h>
-#include <krb5.h>
-
-RCSID("$Id: gss.c 19922 2007-01-16 09:32:03Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-#define COL_OID		"OID"
-#define COL_NAME	"Name"
-
-int
-supported_mechanisms(void *argptr, int argc, char **argv)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_OID_set mechs;
-    rtbl_t ct;
-    size_t i;
-
-    maj_stat = gss_indicate_mechs(&min_stat, &mechs);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_indicate_mechs failed");
-
-    printf("Supported mechanisms:\n");
-
-    ct = rtbl_create();
-    if (ct == NULL)
-	errx(1, "rtbl_create");
-
-    rtbl_set_separator(ct, "  ");
-    rtbl_add_column(ct, COL_OID, 0);
-    rtbl_add_column(ct, COL_NAME, 0);
-
-    for (i = 0; i < mechs->count; i++) {
-	gss_buffer_desc name;
-
-	maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &name);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_oid_to_str failed");
-
-	rtbl_add_column_entryv(ct, COL_OID, "%.*s",
-			       (int)name.length, (char *)name.value);
-	gss_release_buffer(&min_stat, &name);
-
-	if (gss_oid_equal(&mechs->elements[i], GSS_KRB5_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "Kerberos 5");
-	else if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "SPNEGO");
-	else if (gss_oid_equal(&mechs->elements[i], GSS_NTLM_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "NTLM");
-    }
-    gss_release_oid_set(&min_stat, &mechs);
-
-    rtbl_format(ct, stdout);
-    rtbl_destroy(ct);
-
-    return 0;
-}
-
-#if 0
-/*
- *
- */
-
-#define DOVEDOT_MAJOR_VERSION 1
-#define DOVEDOT_MINOR_VERSION 0
-
-/*
-	S: MECH mech mech-parameters
-	S: MECH mech mech-parameters
-	S: VERSION major minor
-	S: CPID pid
-	S: CUID pid
-	S: ...
-	S: DONE
-	C: VERSION major minor
-	C: CPID pid
-
-	C: AUTH id method service= resp=
-	C: CONT id message
-
-	S: OK id user=
-	S: FAIL id reason=
-	S: CONTINUE id message
-*/
-
-int
-dovecot_server(void *argptr, int argc, char **argv)
-{
-    krb5_storage *sp;
-    int fd = 0;
-
-    sp = krb5_storage_from_fd(fd);
-    if (sp == NULL)
-	errx(1, "krb5_storage_from_fd");
-
-    krb5_store_stringnl(sp, "MECH\tGSSAPI");
-    krb5_store_stringnl(sp, "VERSION\t1\t0");
-    krb5_store_stringnl(sp, "DONE");
-
-    while (1) {
-	char *cmd;
-	if (krb5_ret_stringnl(sp, &cmd) != 0)
-	    break;
-	printf("cmd: %s\n", cmd);
-	free(cmd);
-    }
-    return 0;
-}
-#endif
-
-/*
- *
- */
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc == 0) {
-	help(NULL, argc, argv);
-	return 1;
-    }
-
-    return sl_command (commands, argc, argv);
-}
diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
deleted file mode 100644
index d2a04d9..0000000
--- a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
+++ /dev/null
@@ -1,688 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: gss_acquire_cred.3 20235 2007-02-16 11:19:03Z lha $
-.\"
-.Dd October 26, 2005
-.Dt GSS_ACQUIRE_CRED 3
-.Os HEIMDAL
-.Sh NAME
-.Nm gss_accept_sec_context ,
-.Nm gss_acquire_cred ,
-.Nm gss_add_cred ,
-.Nm gss_add_oid_set_member ,
-.Nm gss_canonicalize_name ,
-.Nm gss_compare_name ,
-.Nm gss_context_time ,
-.Nm gss_create_empty_oid_set ,
-.Nm gss_delete_sec_context ,
-.Nm gss_display_name ,
-.Nm gss_display_status ,
-.Nm gss_duplicate_name ,
-.Nm gss_export_name ,
-.Nm gss_export_sec_context ,
-.Nm gss_get_mic ,
-.Nm gss_import_name ,
-.Nm gss_import_sec_context ,
-.Nm gss_indicate_mechs ,
-.Nm gss_init_sec_context ,
-.Nm gss_inquire_context ,
-.Nm gss_inquire_cred ,
-.Nm gss_inquire_cred_by_mech ,
-.Nm gss_inquire_mechs_for_name ,
-.Nm gss_inquire_names_for_mech ,
-.Nm gss_krb5_ccache_name ,
-.Nm gss_krb5_compat_des3_mic ,
-.Nm gss_krb5_copy_ccache ,
-.Nm gss_krb5_import_cred
-.Nm gsskrb5_extract_authz_data_from_sec_context ,
-.Nm gsskrb5_register_acceptor_identity ,
-.Nm gss_krb5_import_ccache ,
-.Nm gss_krb5_get_tkt_flags ,
-.Nm gss_process_context_token ,
-.Nm gss_release_buffer ,
-.Nm gss_release_cred ,
-.Nm gss_release_name ,
-.Nm gss_release_oid_set ,
-.Nm gss_seal ,
-.Nm gss_sign ,
-.Nm gss_test_oid_set_member ,
-.Nm gss_unseal ,
-.Nm gss_unwrap ,
-.Nm gss_verify ,
-.Nm gss_verify_mic ,
-.Nm gss_wrap ,
-.Nm gss_wrap_size_limit
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API library (libgssapi, -lgssapi)
-.Sh SYNOPSIS
-.In gssapi.h
-.Pp
-.Ft OM_uint32
-.Fo gss_accept_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_cred_id_t acceptor_cred_handle"
-.Fa "const gss_buffer_t input_token_buffer"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "gss_name_t * src_name"
-.Fa "gss_OID * mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fa "gss_cred_id_t * delegated_cred_handle"
-.Fc
-.Pp
-.Ft OM_uint32
-.Fo gss_acquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t desired_name"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_OID_set desired_mechs"
-.Fa "gss_cred_usage_t cred_usage"
-.Fa "gss_cred_id_t * output_cred_handle"
-.Fa "gss_OID_set * actual_mechs"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_add_cred
-.Fa "OM_uint32 *minor_status"
-.Fa "const gss_cred_id_t input_cred_handle"
-.Fa "const gss_name_t desired_name"
-.Fa "const gss_OID desired_mech"
-.Fa "gss_cred_usage_t cred_usage"
-.Fa "OM_uint32 initiator_time_req"
-.Fa "OM_uint32 acceptor_time_req"
-.Fa "gss_cred_id_t *output_cred_handle"
-.Fa "gss_OID_set *actual_mechs"
-.Fa "OM_uint32 *initiator_time_rec"
-.Fa "OM_uint32 *acceptor_time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_add_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member_oid"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_canonicalize_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "const gss_OID mech_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_compare_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t name1"
-.Fa "const gss_name_t name2"
-.Fa "int * name_equal"
-.Fc
-.Ft OM_uint32
-.Fo gss_context_time
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_create_empty_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_delete_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t output_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t output_name_buffer"
-.Fa "gss_OID * output_name_type"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_status
-.Fa "OM_uint32 *minor_status"
-.Fa "OM_uint32 status_value"
-.Fa "int status_type"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 *message_context"
-.Fa "gss_buffer_t status_string"
-.Fc
-.Ft OM_uint32
-.Fo gss_duplicate_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t src_name"
-.Fa "gss_name_t * dest_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t exported_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t interprocess_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_get_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_buffer_t input_name_buffer"
-.Fa "const gss_OID input_name_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_buffer_t interprocess_token"
-.Fa "gss_ctx_id_t * context_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_indicate_mechs
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * mech_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_init_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t initiator_cred_handle"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_name_t target_name"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 req_flags"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "const gss_buffer_t input_token"
-.Fa "gss_OID * actual_mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_name_t * src_name"
-.Fa "gss_name_t * targ_name"
-.Fa "OM_uint32 * lifetime_rec"
-.Fa "gss_OID * mech_type"
-.Fa "OM_uint32 * ctx_flags"
-.Fa "int * locally_initiated"
-.Fa "int * open_context"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
-.Fa "gss_name_t * name"
-.Fa "OM_uint32 * lifetime"
-.Fa "gss_cred_usage_t * cred_usage"
-.Fa "gss_OID_set * mechanisms"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred_by_mech
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
-.Fa "const gss_OID mech_type"
-.Fa "gss_name_t * name"
-.Fa "OM_uint32 * initiator_lifetime"
-.Fa "OM_uint32 * acceptor_lifetime"
-.Fa "gss_cred_usage_t * cred_usage"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_mechs_for_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_OID_set * mech_types"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_names_for_mech
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID mechanism"
-.Fa "gss_OID_set * name_types"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_ccache_name
-.Fa "OM_uint32 *minor"
-.Fa "const char *name"
-.Fa "const char **old_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_copy_ccache
-.Fa "OM_uint32 *minor"
-.Fa "gss_cred_id_t cred"
-.Fa "krb5_ccache out"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_import_cred
-.Fa "OM_uint32 *minor_status"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal keytab_principal"
-.Fa "krb5_keytab keytab"
-.Fa "gss_cred_id_t *cred"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_compat_des3_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int onoff"
-.Fc
-.Ft OM_uint32
-.Fo gsskrb5_extract_authz_data_from_sec_context
-.Fa "OM_uint32 *minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int ad_type"
-.Fa "gss_buffer_t ad_data"
-.Fc
-.Ft OM_uint32
-.Fo gsskrb5_register_acceptor_identity
-.Fa "const char *identity"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_import_cache
-.Fa "OM_uint32 *minor"
-.Fa "krb5_ccache id"
-.Fa "krb5_keytab keytab"
-.Fa "gss_cred_id_t *cred"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_get_tkt_flags
-.Fa "OM_uint32 *minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "OM_uint32 *tkt_flags"
-.Fc
-.Ft OM_uint32
-.Fo gss_process_context_token
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t token_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_buffer
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_buffer_t buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_cred_id_t * cred_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_name
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_name_t * input_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * set"
-.Fc
-.Ft OM_uint32
-.Fo gss_seal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "int qop_req"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_sign
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int qop_req"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_test_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member"
-.Fa "const gss_OID_set set"
-.Fa "int * present"
-.Fc
-.Ft OM_uint32
-.Fo gss_unseal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_unwrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t token_buffer"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "const gss_buffer_t token_buffer"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_wrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_wrap_size_limit
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "OM_uint32 req_output_size"
-.Fa "OM_uint32 * max_input_size"
-.Fc
-.Sh DESCRIPTION
-Generic Security Service API (GSS-API) version 2, and its C binding,
-is described in
-.Li RFC2743
-and
-.Li RFC2744 .
-Version 1 (deprecated) of the C binding is described in
-.Li RFC1509 .
-.Pp
-Heimdals GSS-API implementation supports the following mechanisms
-.Bl -bullet
-.It
-.Li GSS_KRB5_MECHANISM
-.It
-.Li GSS_SPNEGO_MECHANISM
-.El
-.Pp
-GSS-API have generic name types that all mechanism are supposed to
-implement (if possible):
-.Bl -bullet
-.It
-.Li GSS_C_NT_USER_NAME
-.It
-.Li GSS_C_NT_MACHINE_UID_NAME
-.It
-.Li GSS_C_NT_STRING_UID_NAME
-.It
-.Li GSS_C_NT_HOSTBASED_SERVICE
-.It
-.Li GSS_C_NT_ANONYMOUS
-.It
-.Li GSS_C_NT_EXPORT_NAME
-.El
-.Pp
-GSS-API implementations that supports Kerberos 5 have some additional
-name types:
-.Bl -bullet
-.It
-.Li GSS_KRB5_NT_PRINCIPAL_NAME
-.It
-.Li GSS_KRB5_NT_USER_NAME
-.It
-.Li GSS_KRB5_NT_MACHINE_UID_NAME
-.It
-.Li GSS_KRB5_NT_STRING_UID_NAME
-.El
-.Pp
-In GSS-API, names have two forms, internal names and contiguous string
-names.
-.Bl -bullet
-.It
-.Li Internal name and mechanism name
-.Pp
-Internal names are implementation specific representation of
-a GSS-API name.
-.Li Mechanism names
-special form of internal names corresponds to one and only one mechanism.
-.Pp
-In GSS-API an internal name is stored in a
-.Dv gss_name_t .
-.It
-.Li Contiguous string name and exported name
-.Pp
-Contiguous string names are gssapi names stored in a
-.Dv OCTET STRING
-that together with a name type identifier (OID) uniquely specifies a
-gss-name.
-A special form of the contiguous string name is the exported name that
-have a OID embedded in the string to make it unique.
-Exported name have the nametype
-.Dv GSS_C_NT_EXPORT_NAME .
-.Pp
-In GSS-API an contiguous string name is stored in a
-.Dv gss_buffer_t .
-.Pp
-Exported names also have the property that they are specified by the
-mechanism itself and compatible between diffrent GSS-API
-implementations.
-.El
-.Sh ACCESS CONTROL
-There are two ways of comparing GSS-API names, either comparing two
-internal names with each other or two contiguous string names with
-either other.
-.Pp
-To compare two internal names with each other, import (if needed) the
-names with
-.Fn gss_import_name
-into the GSS-API implementation and the compare the imported name with
-.Fn gss_compare_name .
-.Pp
-Importing names can be slow, so when its possible to store exported
-names in the access control list, comparing contiguous string name
-might be better.
-.Pp
-when comparing contiguous string name, first export them into a
-.Dv GSS_C_NT_EXPORT_NAME
-name with
-.Fn gss_export_name
-and then compare with
-.Xr memcmp 3 .
-.Pp
-Note that there are might be a difference between the two methods of
-comparing names.
-The first (using
-.Fn gss_compare_name )
-will compare to (unauthenticated) names are the same.
-The second will compare if a mechanism will authenticate them as the
-same principal.
-.Pp
-For example, if
-.Fn gss_import_name
-name was used with
-.Dv GSS_C_NO_OID
-the default syntax is used for all mechanism the GSS-API
-implementation supports.
-When compare the imported name of
-.Dv GSS_C_NO_OID
-it may match serveral mechanism names (MN).
-.Pp
-The resulting name from
-.Fn gss_display_name
-must not be used for acccess control.
-.Sh FUNCTIONS
-.Fn gss_display_name
-takes the gss name in
-.Fa input_name
-and puts a printable form in
-.Fa output_name_buffer .
-.Fa output_name_buffer
-should be freed when done using
-.Fn gss_release_buffer .
-.Fa output_name_type
-can either be
-.Dv NULL
-or a pointer to a
-.Li gss_OID
-and will in the latter case contain the OID type of the name.
-The name must only be used for printing.
-If access control is needed, see section
-.Sx ACCESS CONTROL .
-.Pp
-.Fn gss_inquire_context
-returns information about the context.
-Information is available even after the context have expired.
-.Fa lifetime_rec
-argument is set to
-.Dv GSS_C_INDEFINITE
-(dont expire) or the number of seconds that the context is still valid.
-A value of 0 means that the context is expired.
-.Fa mech_type
-argument should be considered readonly and must not be released.
-.Fa src_name
-and
-.Fn dest_name
-are both mechanims names and must be released with
-.Fn gss_release_name
-when no longer used.
-.Pp
-.Nm gss_context_time
-will return the amount of time (in seconds) of the context is still
-valid.
-If its expired
-.Fa time_rec
-will be set to 0 and
-.Dv GSS_S_CONTEXT_EXPIRED
-returned.
-.Pp
-.Fn gss_sign ,
-.Fn gss_verify ,
-.Fn gss_seal ,
-and
-.Fn gss_unseal
-are part of the GSS-API V1 interface and are obsolete.
-The functions should not be used for new applications.
-They are provided so that version 1 applications can link against the
-library.
-.Sh EXTENSIONS
-.Fn gss_krb5_ccache_name
-sets the internal kerberos 5 credential cache name to
-.Fa name .
-The old name is returned in
-.Fa old_name ,
-and must not be freed.
-The data allocated for
-.Fa old_name
-is free upon next call to
-.Fn gss_krb5_ccache_name .
-This function is not threadsafe if
-.Fa old_name
-argument is used.
-.Pp
-.Fn gss_krb5_copy_ccache
-will extract the krb5 credentials that are transferred from the
-initiator to the acceptor when using token delegation in the Kerberos
-mechanism.
-The acceptor receives the delegated token in the last argument to
-.Fn gss_accept_sec_context .
-.Pp
-.Fn gss_krb5_import_cred
-will import the krb5 credentials (both keytab and/or credential cache)
-into gss credential so it can be used withing GSS-API.
-The
-.Fa ccache
-is copied by reference and thus shared, so if the credential is destroyed
-with
-.Fa krb5_cc_destroy ,
-all users of thep
-.Fa gss_cred_id_t
-returned by
-.Fn gss_krb5_import_ccache
-will fail.
-.Pp
-.Fn gsskrb5_register_acceptor_identity
-sets the Kerberos 5 filebased keytab that the acceptor will use.  The
-.Fa identifier
-is the file name.
-.Pp
-.Fn gsskrb5_extract_authz_data_from_sec_context
-extracts the Kerberos authorizationdata that may be stored within the
-context.
-Tha caller must free the returned buffer
-.Fa ad_data
-with
-.Fn gss_release_buffer
-upon success.
-.Pp
-.Fn gss_krb5_get_tkt_flags
-return the ticket flags for the kerberos ticket receive when
-authenticating the initiator.
-Only valid on the acceptor context.
-.Pp
-.Fn gss_krb5_compat_des3_mic
-turns on or off the compatibility with older version of Heimdal using
-des3 get and verify mic, this is way to programmatically set the
-[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see
-COMPATIBILITY section in
-.Xr gssapi 3 ) .
-If the CPP symbol
-.Dv GSS_C_KRB5_COMPAT_DES3_MIC
-is present,
-.Fn gss_krb5_compat_des3_mic
-exists.
-.Fn gss_krb5_compat_des3_mic
-will be removed in a later version of the GSS-API library.
-.Sh SEE ALSO
-.Xr gssapi 3 ,
-.Xr krb5 3 ,
-.Xr krb5_ccache 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3
deleted file mode 100644
index 0241ee7..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi.3
+++ /dev/null
@@ -1,177 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: gssapi.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd April 20, 2005
-.Dt GSSAPI 3
-.Os
-.Sh NAME
-.Nm gssapi
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API Library (libgssapi, -lgssapi)
-.Sh DESCRIPTION
-The Generic Security Service Application Program Interface (GSS-API)
-provides security services to callers in a generic fashion,
-supportable with a range of underlying mechanisms and technologies and
-hence allowing source-level portability of applications to different
-environments.
-.Pp
-The GSS-API implementation in Heimdal implements the Kerberos 5 and
-the SPNEGO GSS-API security mechanisms.
-.Sh LIST OF FUNCTIONS
-These functions constitute the gssapi library,
-.Em libgssapi .
-Declarations for these functions may be obtained from the include file
-.Pa gssapi.h .
-.sp 2
-.nf
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-gss_accept_sec_context.3
-gss_acquire_cred.3
-gss_add_cred.3
-gss_add_oid_set_member.3
-gss_canonicalize_name.3
-gss_compare_name.3
-gss_context_time.3
-gss_create_empty_oid_set.3
-gss_delete_sec_context.3
-gss_display_name.3
-gss_display_status.3
-gss_duplicate_name.3
-gss_export_name.3
-gss_export_sec_context.3
-gss_get_mic.3
-gss_import_name.3
-gss_import_sec_context.3
-gss_indicate_mechs.3
-gss_init_sec_context.3
-gss_inquire_context.3
-gss_inquire_cred.3
-gss_inquire_cred_by_mech.3
-gss_inquire_mechs_for_name.3
-gss_inquire_names_for_mech.3
-gss_krb5_ccache_name.3
-gss_krb5_compat_des3_mic.3
-gss_krb5_copy_ccache.3
-gss_krb5_extract_authz_data_from_sec_context.3
-gss_krb5_import_ccache.3
-gss_process_context_token.3
-gss_release_buffer.3
-gss_release_cred.3
-gss_release_name.3
-gss_release_oid_set.3
-gss_seal.3
-gss_sign.3
-gss_test_oid_set_member.3
-gss_unseal.3
-gss_unwrap.3
-gss_verify.3
-gss_verify_mic.3
-gss_wrap.3
-gss_wrap_size_limit.3
-.ta
-.Fi
-.Sh COMPATIBILITY
-The
-.Nm Heimdal
-GSS-API implementation had a bug in releases before 0.6 that made it
-fail to inter-operate when using DES3 with other GSS-API
-implementations when using
-.Fn gss_get_mic
-/
-.Fn gss_verify_mic .
-It is possible to modify the behavior of the generator of the MIC with
-the
-.Pa krb5.conf
-configuration file so that old clients/servers will still
-work.
-.Pp
-New clients/servers will try both the old and new MIC in Heimdal 0.6.
-In 0.7 it will check only if configured - the compatibility code will
-be removed in 0.8.
-.Pp
-Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
-this will change in 0.7 to generate correct des3 mic.
-.Pp
-To turn on compatibility with older clients and servers, change the
-.Nm [gssapi]
-.Ar broken_des3_mic
-in
-.Pa krb5.conf
-that contains a list of globbing expressions that will be matched
-against the server name.
-To turn off generation of the old (incompatible) mic of the MIC use
-.Nm [gssapi]
-.Ar correct_des3_mic .
-.Pp
-If a match for a entry is in both
-.Nm [gssapi]
-.Ar correct_des3_mic
-and
-.Nm [gssapi]
-.Ar broken_des3_mic ,
-the later will override.
-.Pp
-This config option modifies behaviour for both clients and servers.
-.Pp
-Microsoft implemented SPNEGO to Windows2000, however, they manage to
-get it wrong, their implementation didn't fill in the MechListMIC in
-the reply token with the right content.
-There is a work around for this problem, but not all implementation
-support it.
-.Pp
-Heimdal defaults to correct SPNEGO when the the kerberos
-implementation uses CFX, or when it is configured by the user.
-To turn on compatibility with peers, use option
-.Nm [gssapi]
-.Ar require_mechlist_mic .
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[gssapi]
-	broken_des3_mic = cvs/*@SU.SE
-	broken_des3_mic = host/*@E.KTH.SE
-	correct_des3_mic = host/*@SU.SE
-	require_mechlist_mic = host/*@SU.SE
-.Ed
-.Sh BUGS
-All of 0.5.x versions of
-.Nm heimdal
-had broken token delegations in the client side, the server side was
-correct.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h
deleted file mode 100644
index ae0274f..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi.h 18332 2006-10-07 20:57:15Z lha $ */
-
-#ifndef GSSAPI_H_
-#define GSSAPI_H_
-
-#include <gssapi/gssapi.h>
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi.h
deleted file mode 100644
index fbc638c..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h
+++ /dev/null
@@ -1,809 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */
-
-#ifndef GSSAPI_GSSAPI_H_
-#define GSSAPI_GSSAPI_H_
-
-/*
- * First, include stddef.h to get size_t defined.
- */
-#include <stddef.h>
-
-#include <krb5-types.h>
-
-/*
- * Now define the three implementation-dependent types.
- */
-
-typedef uint32_t OM_uint32;
-typedef uint64_t OM_uint64;
-
-typedef uint32_t gss_uint32;
-
-struct gss_name_t_desc_struct;
-typedef struct gss_name_t_desc_struct *gss_name_t;
-
-struct gss_ctx_id_t_desc_struct;
-typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
-
-typedef struct gss_OID_desc_struct {
-      OM_uint32 length;
-      void      *elements;
-} gss_OID_desc, *gss_OID;
-
-typedef struct gss_OID_set_desc_struct  {
-      size_t     count;
-      gss_OID    elements;
-} gss_OID_set_desc, *gss_OID_set;
-
-typedef int gss_cred_usage_t;
-
-struct gss_cred_id_t_desc_struct;
-typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
-
-typedef struct gss_buffer_desc_struct {
-      size_t length;
-      void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-typedef struct gss_channel_bindings_struct {
-      OM_uint32 initiator_addrtype;
-      gss_buffer_desc initiator_address;
-      OM_uint32 acceptor_addrtype;
-      gss_buffer_desc acceptor_address;
-      gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-/* GGF extension data types */
-typedef struct gss_buffer_set_desc_struct {
-      size_t count;
-      gss_buffer_desc *elements;
-} gss_buffer_set_desc, *gss_buffer_set_t;
-
-/*
- * For now, define a QOP-type as an OM_uint32
- */
-typedef OM_uint32 gss_qop_t;
-
-/*
- * Flag bits for context-level services.
- */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
-
-#define GSS_C_DCE_STYLE 4096
-#define GSS_C_IDENTIFY_FLAG 8192
-#define GSS_C_EXTENDED_ERROR_FLAG 16384
-
-/*
- * Credential usage options
- */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
-
-/*
- * Status code types for gss_display_status
- */
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-/*
- * The constant definitions for channel-bindings address families
- */
-#define GSS_C_AF_UNSPEC     0
-#define GSS_C_AF_LOCAL      1
-#define GSS_C_AF_INET       2
-#define GSS_C_AF_IMPLINK    3
-#define GSS_C_AF_PUP        4
-#define GSS_C_AF_CHAOS      5
-#define GSS_C_AF_NS         6
-#define GSS_C_AF_NBS        7
-#define GSS_C_AF_ECMA       8
-#define GSS_C_AF_DATAKIT    9
-#define GSS_C_AF_CCITT      10
-#define GSS_C_AF_SNA        11
-#define GSS_C_AF_DECnet     12
-#define GSS_C_AF_DLI        13
-#define GSS_C_AF_LAT        14
-#define GSS_C_AF_HYLINK     15
-#define GSS_C_AF_APPLETALK  16
-#define GSS_C_AF_BSC        17
-#define GSS_C_AF_DSS        18
-#define GSS_C_AF_OSI        19
-#define GSS_C_AF_X25        21
-#define GSS_C_AF_INET6	    24
-
-#define GSS_C_AF_NULLADDR   255
-
-/*
- * Various Null values
- */
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-/*
- * Some alternate names for a couple of the above
- * values.  These are defined for V1 compatibility.
- */
-#define GSS_C_NULL_OID GSS_C_NO_OID
-#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-/*
- * Define the default Quality of Protection for per-message
- * services.  Note that an implementation that offers multiple
- * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
- * (as done here) to mean "default protection", or to a specific
- * explicit QOP value.  However, a value of 0 should always be
- * interpreted by a GSSAPI implementation as a request for the
- * default protection level.
- */
-#define GSS_C_QOP_DEFAULT 0
-
-#define GSS_KRB5_CONF_C_QOP_DES		0x0100
-#define GSS_KRB5_CONF_C_QOP_DES3_KD	0x0200
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_USER_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_ANONYMOUS;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-/*
- * Digest mechanism
- */
-
-extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
-
-/*
- * NTLM mechanism
- */
-
-extern gss_OID GSS_NTLM_MECHANISM;
-
-/* Major status codes */
-
-#define GSS_S_COMPLETE 0
-
-/*
- * Some "helper" definitions to make the status code macros obvious.
- */
-#define GSS_C_CALLING_ERROR_OFFSET 24
-#define GSS_C_ROUTINE_ERROR_OFFSET 16
-#define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377ul
-#define GSS_C_ROUTINE_ERROR_MASK 0377ul
-#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-/*
- * The macros that test status codes for error conditions.
- * Note that the GSS_ERROR() macro has changed slightly from
- * the V1 GSSAPI so that it now evaluates its argument
- * only once.
- */
-#define GSS_CALLING_ERROR(x) \
-  (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-#define GSS_ROUTINE_ERROR(x) \
-  (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-#define GSS_SUPPLEMENTARY_INFO(x) \
-  (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-#define GSS_ERROR(x) \
-  (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-        (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-/*
- * Now the actual status code definitions
- */
-
-/*
- * Calling errors:
- */
-#define GSS_S_CALL_INACCESSIBLE_READ \
-                             (1ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_INACCESSIBLE_WRITE \
-                             (2ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_BAD_STRUCTURE \
-                             (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-/*
- * Routine errors:
- */
-#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_MIC GSS_S_BAD_SIG
-#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-/*
- * Supplementary info bits:
- */
-#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-/*
- * Finally, function prototypes for the GSS-API routines.
- */
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*desired_name*/,
-            OM_uint32 /*time_req*/,
-            const gss_OID_set /*desired_mechs*/,
-            gss_cred_usage_t /*cred_usage*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * /*minor_status*/,
-            gss_cred_id_t * /*cred_handle*/
-           );
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*initiator_cred_handle*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_name_t /*target_name*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 /*req_flags*/,
-            OM_uint32 /*time_req*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            const gss_buffer_t /*input_token*/,
-            gss_OID * /*actual_mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_accept_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_cred_id_t /*acceptor_cred_handle*/,
-            const gss_buffer_t /*input_token_buffer*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            gss_name_t * /*src_name*/,
-            gss_OID * /*mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/,
-            gss_cred_id_t * /*delegated_cred_handle*/
-           );
-
-OM_uint32 gss_process_context_token
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*token_buffer*/
-           );
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*output_token*/
-           );
-
-OM_uint32 gss_context_time
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*message_buffer*/,
-            const gss_buffer_t /*token_buffer*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_wrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_display_status
-           (OM_uint32 * /*minor_status*/,
-            OM_uint32 /*status_value*/,
-            int /*status_type*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 * /*message_context*/,
-            gss_buffer_t /*status_string*/
-           );
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*mech_set*/
-           );
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*name1*/,
-            const gss_name_t /*name2*/,
-            int * /*name_equal*/
-           );
-
-OM_uint32 gss_display_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*output_name_buffer*/,
-            gss_OID * /*output_name_type*/
-           );
-
-OM_uint32 gss_import_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*input_name_buffer*/,
-            const gss_OID /*input_name_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_export_name
-           (OM_uint32  * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*exported_name*/
-           );
-
-OM_uint32 gss_release_name
-           (OM_uint32 * /*minor_status*/,
-            gss_name_t * /*input_name*/
-           );
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * /*minor_status*/,
-            gss_buffer_t /*buffer*/
-           );
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*set*/
-           );
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/,
-            gss_OID_set * /*mechanisms*/
-           );
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_name_t * /*src_name*/,
-            gss_name_t * /*targ_name*/,
-            OM_uint32 * /*lifetime_rec*/,
-            gss_OID * /*mech_type*/,
-            OM_uint32 * /*ctx_flags*/,
-            int * /*locally_initiated*/,
-            int * /*open_context*/
-           );
-
-OM_uint32 gss_wrap_size_limit (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            OM_uint32 /*req_output_size*/,
-            OM_uint32 * /*max_input_size*/
-           );
-
-OM_uint32 gss_add_cred (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*input_cred_handle*/,
-            const gss_name_t /*desired_name*/,
-            const gss_OID /*desired_mech*/,
-            gss_cred_usage_t /*cred_usage*/,
-            OM_uint32 /*initiator_time_req*/,
-            OM_uint32 /*acceptor_time_req*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*initiator_time_rec*/,
-            OM_uint32 * /*acceptor_time_rec*/
-           );
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*initiator_lifetime*/,
-            OM_uint32 * /*acceptor_lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/
-           );
-
-OM_uint32 gss_export_sec_context (
-            OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*interprocess_token*/
-           );
-
-OM_uint32 gss_import_sec_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*interprocess_token*/,
-            gss_ctx_id_t * /*context_handle*/
-           );
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member_oid*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member*/,
-            const gss_OID_set /*set*/,
-            int * /*present*/
-           );
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*mechanism*/,
-            gss_OID_set * /*name_types*/
-           );
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_OID_set * /*mech_types*/
-           );
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*src_name*/,
-            gss_name_t * /*dest_name*/
-           );
-
-OM_uint32 gss_duplicate_oid (
-	    OM_uint32 * /* minor_status */,
-	    gss_OID /* src_oid */,
-	    gss_OID * /* dest_oid */
-           );
-OM_uint32
-gss_release_oid
-	(OM_uint32 * /*minor_status*/,
-	 gss_OID * /* oid */
-	);
-
-OM_uint32
-gss_oid_to_str(
-	    OM_uint32 * /*minor_status*/,
-	    gss_OID /* oid */,
-	    gss_buffer_t /* str */
-           );
-
-OM_uint32
-gss_inquire_sec_context_by_oid(
-	    OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set
-           );
-
-OM_uint32
-gss_set_sec_context_option (OM_uint32 *minor_status,
-			    gss_ctx_id_t *context_handle,
-			    const gss_OID desired_object,
-			    const gss_buffer_t value);
-
-OM_uint32
-gss_set_cred_option (OM_uint32 *minor_status,
-		     gss_cred_id_t *cred_handle,
-		     const gss_OID object,
-		     const gss_buffer_t value);
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-OM_uint32 
-gss_create_empty_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_add_buffer_set_member
-	   (OM_uint32 * minor_status,
-	    const gss_buffer_t member_buffer,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_release_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_inquire_cred_by_oid(OM_uint32 *minor_status,
-	                const gss_cred_id_t cred_handle,
-	                const gss_OID desired_object,
-	                gss_buffer_set_t *data_set);
-
-/*
- * RFC 4401
- */
-
-#define GSS_C_PRF_KEY_FULL 0
-#define GSS_C_PRF_KEY_PARTIAL 1
-
-OM_uint32
-gss_pseudo_random
-	(OM_uint32 *minor_status,
-	 gss_ctx_id_t context,
-	 int prf_key,
-	 const gss_buffer_t prf_in,
-	 ssize_t desired_output_len,
-	 gss_buffer_t prf_out
-	);
-
-/*
- * The following routines are obsolete variants of gss_get_mic,
- * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
- * provided by GSSAPI V2 implementations for backwards
- * compatibility with V1 applications.  Distinct entrypoints
- * (as opposed to #defines) should be provided, both to allow
- * GSSAPI V1 applications to link against GSSAPI V2 implementations,
- * and to retain the slight parameter type differences between the
- * obsolete versions of these routines and their current forms.
- */
-
-OM_uint32 gss_sign
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*qop_req*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*token_buffer*/,
-            int * /*qop_state*/
-           );
-
-OM_uint32 gss_seal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            int /*qop_req*/,
-            gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unseal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            int * /*qop_state*/
-           );
-
-/*
- *
- */
-
-OM_uint32
-gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
-	                        const gss_ctx_id_t context_handle,
-	                        const gss_OID desired_object,
-	                        gss_buffer_set_t *data_set);
-
-OM_uint32
-gss_encapsulate_token(gss_buffer_t /* input_token */,
-		      gss_OID /* oid */,
-		      gss_buffer_t /* output_token */);
-
-OM_uint32
-gss_decapsulate_token(gss_buffer_t /* input_token */,
-		      gss_OID /* oid */,
-		      gss_buffer_t /* output_token */);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <gssapi/gssapi_krb5.h>
-#include <gssapi/gssapi_spnego.h>
-
-#endif /* GSSAPI_GSSAPI_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
deleted file mode 100644
index cca529f..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */
-
-#ifndef GSSAPI_KRB5_H_
-#define GSSAPI_KRB5_H_
-
-#include <gssapi/gssapi.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * This is for kerberos5 names.
- */
-
-extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
-extern gss_OID GSS_KRB5_NT_USER_NAME;
-extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
-extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
-
-extern gss_OID GSS_KRB5_MECHANISM;
-
-/* for compatibility with MIT api */
-
-#define gss_mech_krb5 GSS_KRB5_MECHANISM
-#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
-
-/* Extensions set contexts options */
-extern gss_OID GSS_KRB5_COPY_CCACHE_X;
-extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
-extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
-extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
-extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
-extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
-extern gss_OID GSS_KRB5_CCACHE_NAME_X;
-/* Extensions inquire context */
-extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
-extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
-extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
-extern gss_OID GSS_KRB5_GET_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_AUTHTIME_X;
-extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
-/* Extensions creds */
-extern gss_OID GSS_KRB5_IMPORT_CRED_X;
-extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
-
-/*
- * kerberos mechanism specific functions
- */
-
-struct krb5_keytab_data;
-struct krb5_ccache_data;
-struct Principal;
-
-OM_uint32
-gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 
-		     const char * /*name */,
-		     const char ** /*out_name */);
-
-OM_uint32 gsskrb5_register_acceptor_identity
-        (const char */*identity*/);
-
-OM_uint32 gss_krb5_copy_ccache
-	(OM_uint32 */*minor*/,
-	 gss_cred_id_t /*cred*/,
-	 struct krb5_ccache_data */*out*/);
-
-OM_uint32
-gss_krb5_import_cred(OM_uint32 */*minor*/,
-		     struct krb5_ccache_data * /*in*/,
-		     struct Principal * /*keytab_principal*/,
-		     struct krb5_keytab_data * /*keytab*/,
-		     gss_cred_id_t */*out*/);
-
-OM_uint32 gss_krb5_get_tkt_flags
-	(OM_uint32 */*minor*/,
-	 gss_ctx_id_t /*context_handle*/,
-	 OM_uint32 */*tkt_flags*/);
-
-OM_uint32
-gsskrb5_extract_authz_data_from_sec_context
-	(OM_uint32 * /*minor_status*/,
-	 gss_ctx_id_t /*context_handle*/,
-	 int /*ad_type*/,
-	 gss_buffer_t /*ad_data*/);
-
-OM_uint32
-gsskrb5_set_dns_canonicalize(int);
-
-struct gsskrb5_send_to_kdc {
-    void *func;
-    void *ptr;
-};
-
-OM_uint32
-gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
-
-OM_uint32
-gsskrb5_set_default_realm(const char *);
-
-OM_uint32
-gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
-
-struct EncryptionKey;
-
-OM_uint32 
-gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
-				 gss_ctx_id_t context_handle,
-				 struct EncryptionKey **out);
-OM_uint32 
-gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
-				 gss_ctx_id_t context_handle,
-				 struct EncryptionKey **out);
-OM_uint32 
-gsskrb5_get_subkey(OM_uint32 *minor_status,
-		   gss_ctx_id_t context_handle,
-		   struct EncryptionKey **out);
-
-/*
- * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
- * do GSS content token handling in-kernel.
- */
-
-typedef struct gss_krb5_lucid_key {
-	OM_uint32	type;
-	OM_uint32	length;
-	void *		data;
-} gss_krb5_lucid_key_t;
-
-typedef struct gss_krb5_rfc1964_keydata {
-	OM_uint32		sign_alg;
-	OM_uint32		seal_alg;
-	gss_krb5_lucid_key_t	ctx_key;
-} gss_krb5_rfc1964_keydata_t;
-
-typedef struct gss_krb5_cfx_keydata {
-	OM_uint32		have_acceptor_subkey;
-	gss_krb5_lucid_key_t	ctx_key;
-	gss_krb5_lucid_key_t	acceptor_subkey;
-} gss_krb5_cfx_keydata_t;
-
-typedef struct gss_krb5_lucid_context_v1 {
-	OM_uint32	version;
-	OM_uint32	initiate;
-	OM_uint32	endtime;
-	OM_uint64	send_seq;
-	OM_uint64	recv_seq;
-	OM_uint32	protocol;
-	gss_krb5_rfc1964_keydata_t rfc1964_kd;
-	gss_krb5_cfx_keydata_t	   cfx_kd;
-} gss_krb5_lucid_context_v1_t;
-
-typedef struct gss_krb5_lucid_context_version {
-	OM_uint32	version;	/* Structure version number */
-} gss_krb5_lucid_context_version_t;
-
-/*
- * Function declarations
- */
-
-OM_uint32
-gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
-				  gss_ctx_id_t *context_handle,
-				  OM_uint32 version,
-				  void **kctx);
-
-
-OM_uint32
-gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
-				void *kctx);
-
-
-OM_uint32
-gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 
-				gss_cred_id_t cred,
-				OM_uint32 num_enctypes,
-				int32_t *enctypes);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GSSAPI_SPNEGO_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
deleted file mode 100644
index fbb7906..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */
-
-#ifndef GSSAPI_SPNEGO_H_
-#define GSSAPI_SPNEGO_H_
-
-#include <gssapi.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * RFC2478, SPNEGO:
- *  The security mechanism of the initial
- *  negotiation token is identified by the Object Identifier
- *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
- */
-extern gss_OID GSS_SPNEGO_MECHANISM;
-#define gss_mech_spnego GSS_SPNEGO_MECHANISM
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GSSAPI_SPNEGO_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
deleted file mode 100644
index 154c4b1..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */
-
-#ifndef GSSAPI_LOCL_H
-#define GSSAPI_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include <gssapi.h>
-#include <assert.h>
-
-#include "arcfour.h"
-
-extern krb5_context gssapi_krb5_context;
-
-extern krb5_keytab gssapi_krb5_keytab;
-
-krb5_error_code gssapi_krb5_init (void);
-
-#define GSSAPI_KRB5_INIT() do {					\
-    krb5_error_code kret;					\
-    if((kret = gssapi_krb5_init ()) != 0) {	\
-	*minor_status = kret;					\
-	return GSS_S_FAILURE;					\
-    }								\
-} while (0)
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-                      const krb5_data *fwd_data,
-		      Checksum *result);
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-                      krb5_data *fwd_data);
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type);
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
-			 size_t len);
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type);
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len);
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type);
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type);
-
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len);
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
-
-OM_uint32
-gss_verify_mic_internal(OM_uint32 * minor_status,
-			const gss_ctx_id_t context_handle,
-			const gss_buffer_t message_buffer,
-			const gss_buffer_t token_buffer,
-			gss_qop_t * qop_state,
-			char * type);
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key);
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		      krb5_keyblock **key);
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address);
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS  0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK	  0x04
-#define SC_LOCAL_SUBKEY	  0x08
-#define SC_REMOTE_SUBKEY  0x10
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-void
-gssapi_krb5_set_error_string (void);
-
-char *
-gssapi_krb5_get_error_string (void);
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
-
-/* 8003 */
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *, OM_uint32 *);
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/gssapi_mech.h b/crypto/heimdal/lib/gssapi/gssapi_mech.h
deleted file mode 100644
index 3704099..0000000
--- a/crypto/heimdal/lib/gssapi/gssapi_mech.h
+++ /dev/null
@@ -1,359 +0,0 @@
-/*-
- * Copyright (c) 2005 Doug Rabson
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#ifndef GSSAPI_MECH_H
-#define GSSAPI_MECH_H 1
-
-#include <gssapi.h>
-
-typedef OM_uint32 _gss_acquire_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* desired_name */
-	       OM_uint32,              /* time_req */
-	       const gss_OID_set,      /* desired_mechs */
-	       gss_cred_usage_t,       /* cred_usage */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_release_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_cred_id_t *         /* cred_handle */
-	      );
-
-typedef OM_uint32 _gss_init_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* initiator_cred_handle */
-	       gss_ctx_id_t *,         /* context_handle */
-	       const gss_name_t,       /* target_name */
-	       const gss_OID,          /* mech_type */
-	       OM_uint32,              /* req_flags */
-	       OM_uint32,              /* time_req */
-	       const gss_channel_bindings_t,
-				       /* input_chan_bindings */
-	       const gss_buffer_t,     /* input_token */
-	       gss_OID *,              /* actual_mech_type */
-	       gss_buffer_t,           /* output_token */
-	       OM_uint32 *,            /* ret_flags */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_accept_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       const gss_cred_id_t,    /* acceptor_cred_handle */
-	       const gss_buffer_t,     /* input_token_buffer */
-	       const gss_channel_bindings_t,
-				       /* input_chan_bindings */
-	       gss_name_t *,           /* src_name */
-	       gss_OID *,              /* mech_type */
-	       gss_buffer_t,           /* output_token */
-	       OM_uint32 *,            /* ret_flags */
-	       OM_uint32 *,            /* time_rec */
-	       gss_cred_id_t *         /* delegated_cred_handle */
-	      );
-
-typedef OM_uint32 _gss_process_context_token_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t      /* token_buffer */
-	      );
-
-typedef OM_uint32 _gss_delete_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       gss_buffer_t            /* output_token */
-	      );
-
-typedef OM_uint32 _gss_context_time_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_get_mic_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       gss_qop_t,              /* qop_req */
-	       const gss_buffer_t,     /* message_buffer */
-	       gss_buffer_t            /* message_token */
-	      );
-
-typedef OM_uint32 _gss_verify_mic_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t,     /* message_buffer */
-	       const gss_buffer_t,     /* token_buffer */
-	       gss_qop_t *             /* qop_state */
-	      );
-
-typedef OM_uint32 _gss_wrap_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       int,                    /* conf_req_flag */
-	       gss_qop_t,              /* qop_req */
-	       const gss_buffer_t,     /* input_message_buffer */
-	       int *,                  /* conf_state */
-	       gss_buffer_t            /* output_message_buffer */
-	      );
-
-typedef OM_uint32 _gss_unwrap_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t,     /* input_message_buffer */
-	       gss_buffer_t,           /* output_message_buffer */
-	       int *,                  /* conf_state */
-	       gss_qop_t *             /* qop_state */
-	      );
-
-typedef OM_uint32 _gss_display_status_t
-	      (OM_uint32 *,            /* minor_status */
-	       OM_uint32,              /* status_value */
-	       int,                    /* status_type */
-	       const gss_OID,          /* mech_type */
-	       OM_uint32 *,            /* message_context */
-	       gss_buffer_t            /* status_string */
-	      );
-
-typedef OM_uint32 _gss_indicate_mechs_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_OID_set *           /* mech_set */
-	      );
-
-typedef OM_uint32 _gss_compare_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* name1 */
-	       const gss_name_t,       /* name2 */
-	       int *                   /* name_equal */
-	      );
-
-typedef OM_uint32 _gss_display_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_buffer_t,           /* output_name_buffer */
-	       gss_OID *               /* output_name_type */
-	      );
-
-typedef OM_uint32 _gss_import_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_buffer_t,     /* input_name_buffer */
-	       const gss_OID,          /* input_name_type */
-	       gss_name_t *            /* output_name */
-	      );
-
-typedef OM_uint32 _gss_export_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_buffer_t            /* exported_name */
-	      );
-
-typedef OM_uint32 _gss_release_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_name_t *            /* input_name */
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* cred_handle */
-	       gss_name_t *,           /* name */
-	       OM_uint32 *,            /* lifetime */
-	       gss_cred_usage_t *,     /* cred_usage */
-	       gss_OID_set *           /* mechanisms */
-	      );
-
-typedef OM_uint32 _gss_inquire_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       gss_name_t *,           /* src_name */
-	       gss_name_t *,           /* targ_name */
-	       OM_uint32 *,            /* lifetime_rec */
-	       gss_OID *,              /* mech_type */
-	       OM_uint32 *,            /* ctx_flags */
-	       int *,                  /* locally_initiated */
-	       int *                   /* open */
-	      );
-
-typedef OM_uint32 _gss_wrap_size_limit_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       int,                    /* conf_req_flag */
-	       gss_qop_t,              /* qop_req */
-	       OM_uint32,              /* req_output_size */
-	       OM_uint32 *             /* max_input_size */
-	      );
-
-typedef OM_uint32 _gss_add_cred_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* input_cred_handle */
-	       const gss_name_t,       /* desired_name */
-	       const gss_OID,          /* desired_mech */
-	       gss_cred_usage_t,       /* cred_usage */
-	       OM_uint32,              /* initiator_time_req */
-	       OM_uint32,              /* acceptor_time_req */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *,            /* initiator_time_rec */
-	       OM_uint32 *             /* acceptor_time_rec */
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_by_mech_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* cred_handle */
-	       const gss_OID,          /* mech_type */
-	       gss_name_t *,           /* name */
-	       OM_uint32 *,            /* initiator_lifetime */
-	       OM_uint32 *,            /* acceptor_lifetime */
-	       gss_cred_usage_t *      /* cred_usage */
-	      );
-
-typedef OM_uint32 _gss_export_sec_context_t (
-	       OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       gss_buffer_t            /* interprocess_token */
-	      );
-
-typedef OM_uint32 _gss_import_sec_context_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_buffer_t,     /* interprocess_token */
-	       gss_ctx_id_t *          /* context_handle */
-	      );
-
-typedef OM_uint32 _gss_inquire_names_for_mech_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_OID,          /* mechanism */
-	       gss_OID_set *           /* name_types */
-	      );
-
-typedef OM_uint32 _gss_inquire_mechs_for_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_OID_set *           /* mech_types */
-	      );
-
-typedef OM_uint32 _gss_canonicalize_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       const gss_OID,          /* mech_type */
-	       gss_name_t *            /* output_name */
-	      );
-
-typedef OM_uint32 _gss_duplicate_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* src_name */
-	       gss_name_t *            /* dest_name */
-	      );
-
-typedef OM_uint32 _gss_inquire_sec_context_by_oid (
-	       OM_uint32 *minor_status,
-	       const gss_ctx_id_t context_handle,
-	       const gss_OID desired_object,
-	       gss_buffer_set_t *data_set
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_by_oid (
-	       OM_uint32 *minor_status,
-	       const gss_cred_id_t cred,
-	       const gss_OID desired_object,
-	       gss_buffer_set_t *data_set
-	      );
-
-typedef OM_uint32 _gss_set_sec_context_option (
-	       OM_uint32 *minor_status,
-	       gss_ctx_id_t *cred_handle,
-	       const gss_OID desired_object,
-	       const gss_buffer_t value
- 	      );
-
-typedef OM_uint32 _gss_set_cred_option (
-	       OM_uint32 *minor_status,
-	       gss_cred_id_t *cred_handle,
-	       const gss_OID desired_object,
-	       const gss_buffer_t value
- 	      );
-
-
-typedef OM_uint32 _gss_pseudo_random(
-    	       OM_uint32 *minor_status,
-	       gss_ctx_id_t context,
-	       int prf_key,
-	       const gss_buffer_t prf_in,
-	       ssize_t desired_output_len,
-	       gss_buffer_t prf_out
-              );
-
-#define GMI_VERSION 1
-
-typedef struct gssapi_mech_interface_desc {
-	unsigned			gm_version;
-	const char			*gm_name;
-	gss_OID_desc			gm_mech_oid;
-	_gss_acquire_cred_t		*gm_acquire_cred;
-	_gss_release_cred_t		*gm_release_cred;
-	_gss_init_sec_context_t		*gm_init_sec_context;
-	_gss_accept_sec_context_t	*gm_accept_sec_context;
-	_gss_process_context_token_t	*gm_process_context_token;
-	_gss_delete_sec_context_t	*gm_delete_sec_context;
-	_gss_context_time_t		*gm_context_time;
-	_gss_get_mic_t			*gm_get_mic;
-	_gss_verify_mic_t		*gm_verify_mic;
-	_gss_wrap_t			*gm_wrap;
-	_gss_unwrap_t			*gm_unwrap;
-	_gss_display_status_t		*gm_display_status;
-	_gss_indicate_mechs_t		*gm_indicate_mechs;
-	_gss_compare_name_t		*gm_compare_name;
-	_gss_display_name_t		*gm_display_name;
-	_gss_import_name_t		*gm_import_name;
-	_gss_export_name_t		*gm_export_name;
-	_gss_release_name_t		*gm_release_name;
-	_gss_inquire_cred_t		*gm_inquire_cred;
-	_gss_inquire_context_t		*gm_inquire_context;
-	_gss_wrap_size_limit_t		*gm_wrap_size_limit;
-	_gss_add_cred_t			*gm_add_cred;
-	_gss_inquire_cred_by_mech_t	*gm_inquire_cred_by_mech;
-	_gss_export_sec_context_t	*gm_export_sec_context;
-	_gss_import_sec_context_t	*gm_import_sec_context;
-	_gss_inquire_names_for_mech_t	*gm_inquire_names_for_mech;
-	_gss_inquire_mechs_for_name_t	*gm_inquire_mechs_for_name;
-	_gss_canonicalize_name_t	*gm_canonicalize_name;
-	_gss_duplicate_name_t		*gm_duplicate_name;
-	_gss_inquire_sec_context_by_oid	*gm_inquire_sec_context_by_oid;
-	_gss_inquire_cred_by_oid	*gm_inquire_cred_by_oid;
-	_gss_set_sec_context_option	*gm_set_sec_context_option;
-	_gss_set_cred_option		*gm_set_cred_option;
-	_gss_pseudo_random		*gm_pseudo_random;
-} gssapi_mech_interface_desc, *gssapi_mech_interface;
-
-gssapi_mech_interface
-__gss_get_mechanism(gss_OID /* oid */);
-
-gssapi_mech_interface __gss_spnego_initialize(void);
-gssapi_mech_interface __gss_krb5_initialize(void);
-gssapi_mech_interface __gss_ntlm_initialize(void);
-
-#endif /* GSSAPI_MECH_H */
diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c
deleted file mode 100644
index 423e757..0000000
--- a/crypto/heimdal/lib/gssapi/import_name.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
-		 const char *name,
-		 gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-
-    kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
-
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
-		  const gss_buffer_t input_name_buffer,
-		  gss_name_t *output_name)
-{
-    OM_uint32 ret;
-    char *tmp;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    ret = parse_krb5_name(minor_status, tmp, output_name);
-    free(tmp);
-
-    return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
-		       const gss_buffer_t input_name_buffer,
-		       gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-    char *tmp;
-    char *p;
-    char *host;
-    char local_hostname[MAXHOSTNAMELEN];
-
-    *output_name = NULL;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    p = strchr (tmp, '@');
-    if (p != NULL) {
-	*p = '\0';
-	host = p + 1;
-    } else {
-	if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
-	    *minor_status = errno;
-	    free (tmp);
-	    return GSS_S_FAILURE;
-	}
-	host = local_hostname;
-    }
-
-    kerr = krb5_sname_to_principal (gssapi_krb5_context,
-				    host,
-				    tmp,
-				    KRB5_NT_SRV_HST,
-				    output_name);
-    free (tmp);
-    *minor_status = kerr;
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
-		    const gss_buffer_t input_name_buffer,
-		    gss_name_t *output_name)
-{
-    unsigned char *p;
-    uint32_t length;
-    OM_uint32 ret;
-    char *name;
-
-    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    p = input_name_buffer->value;
-
-    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
-	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
-	p[4] != 0x06 ||
-	p[5] != GSS_KRB5_MECHANISM->length ||
-	memcmp(&p[6], GSS_KRB5_MECHANISM->elements, 
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_NAME;
-
-    p += 6 + GSS_KRB5_MECHANISM->length;
-
-    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
-    p += 4;
-
-    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    name = malloc(length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, p, length);
-    name[length] = '\0';
-
-    ret = parse_krb5_name(minor_status, name, output_name);
-    free(name);
-
-    return ret;
-}
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b)
-{
-	if (a == b)
-		return 1;
-	else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
-		return 0;
-	else
-		return memcmp(a->elements, b->elements, a->length) == 0;
-}
-
-OM_uint32 gss_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    *minor_status = 0;
-    *output_name = GSS_C_NO_NAME;
-    
-    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
-	return import_hostbased_name (minor_status,
-				      input_name_buffer,
-				      output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
-	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
-	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- 	/* default printable syntax */
-	return import_krb5_name (minor_status,
-				 input_name_buffer,
-				 output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
-	return import_export_name(minor_status,
-				  input_name_buffer, 
-				  output_name);
-    } else {
-	*minor_status = 0;
-	return GSS_S_BAD_NAMETYPE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c
deleted file mode 100644
index 2daa573..0000000
--- a/crypto/heimdal/lib/gssapi/import_sec_context.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
-
-OM_uint32
-gss_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    krb5_address local, remote;
-    krb5_address *localp, *remotep;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    krb5_keyblock keyblock;
-    int32_t tmp;
-    int32_t flags;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT ();
-
-    localp = remotep = NULL;
-
-    sp = krb5_storage_from_mem (interprocess_token->value,
-				interprocess_token->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	krb5_storage_free (sp);
-	return GSS_S_FAILURE;
-    }
-    memset (*context_handle, 0, sizeof(**context_handle));
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    /* flags */
-
-    *minor_status = 0;
-
-    if (krb5_ret_int32 (sp, &flags) != 0)
-	goto failure;
-
-    /* retrieve the auth context */
-
-    ac = (*context_handle)->auth_context;
-    krb5_ret_int32 (sp, &ac->flags);
-    if (flags & SC_LOCAL_ADDRESS) {
-	if (krb5_ret_address (sp, localp = &local) != 0)
-	    goto failure;
-    }
-
-    if (flags & SC_REMOTE_ADDRESS) {
-	if (krb5_ret_address (sp, remotep = &remote) != 0)
-	    goto failure;
-    }
-
-    krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    localp = remotep = NULL;
-
-    if (krb5_ret_int16 (sp, &ac->local_port) != 0)
-	goto failure;
-
-    if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
-	goto failure;
-    if (flags & SC_KEYBLOCK) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_LOCAL_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_REMOTE_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (krb5_ret_int32 (sp, &ac->local_seqnumber))
-	goto failure;
-    if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
-	goto failure;
-
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->keytype = tmp;
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->cksumtype = tmp;
-
-    /* names */
-
-    if (krb5_ret_data (sp, &data))
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->source);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->source);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }
-    krb5_data_free (&data);
-
-    if (krb5_ret_data (sp, &data) != 0)
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->target);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->target);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }    
-    krb5_data_free (&data);
-
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->more_flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp) == 0)
-	(*context_handle)->lifetime = tmp;
-    else
-	(*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    return GSS_S_COMPLETE;
-
-failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if ((*context_handle)->source != NULL)
-	gss_release_name(&minor, &(*context_handle)->source);
-    if ((*context_handle)->target != NULL)
-	gss_release_name(&minor, &(*context_handle)->target);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c
deleted file mode 100644
index 89191bb..0000000
--- a/crypto/heimdal/lib/gssapi/indicate_mechs.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * minor_status,
-            gss_OID_set * mech_set
-           )
-{
-  OM_uint32 ret;
-
-  ret = gss_create_empty_oid_set(minor_status, mech_set);
-  if (ret)
-      return ret;
-
-  ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
-  if (ret)
-      return ret;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c
deleted file mode 100644
index ddc0d70..0000000
--- a/crypto/heimdal/lib/gssapi/init.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
-
-krb5_error_code
-gssapi_krb5_init (void)
-{
-    if(gssapi_krb5_context == NULL)
-	return krb5_init_context (&gssapi_krb5_context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
deleted file mode 100644
index 72286a3..0000000
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ /dev/null
@@ -1,578 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_auth_context ac,
-	       const gss_channel_bindings_t input_chan_bindings)	       
-{
-    /* Port numbers are expected to be in application_data.value, 
-     * initator's port first */ 
-
-    krb5_address initiator_addr, acceptor_addr;
-    krb5_error_code kret;
-       
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
-	|| input_chan_bindings->application_data.length !=
-	2 * sizeof(ac->local_port))
-	return 0;
-
-    memset(&initiator_addr, 0, sizeof(initiator_addr));
-    memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-       
-    ac->local_port =
-	*(int16_t *) input_chan_bindings->application_data.value;
-       
-    ac->remote_port =
-	*((int16_t *) input_chan_bindings->application_data.value + 1);
-       
-    kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				   &input_chan_bindings->acceptor_address,
-				   ac->remote_port,
-				   &acceptor_addr);
-    if (kret)
-	return kret;
-           
-    kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				   &input_chan_bindings->initiator_address,
-				   ac->local_port,
-				   &initiator_addr);
-    if (kret) {
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	return kret;
-    }
-       
-    kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				  ac,
-				  &initiator_addr,  /* local address */
-				  &acceptor_addr);  /* remote address */
-       
-    krb5_free_address (gssapi_krb5_context, &initiator_addr);
-    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-       
-#if 0
-    free(input_chan_bindings->application_data.value);
-    input_chan_bindings->application_data.value = NULL;
-    input_chan_bindings->application_data.length = 0;
-#endif
-
-    return kret;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_auth_context ac,
-	       krb5_ccache ccache,
-	       krb5_creds *cred,
-	       const gss_name_t target_name,
-	       krb5_data *fwd_data,
-	       int *flags)
-{
-    krb5_creds creds;
-    krb5_kdc_flags fwd_flags;
-    krb5_error_code kret;
-       
-    memset (&creds, 0, sizeof(creds));
-    krb5_data_zero (fwd_data);
-       
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
-    if (kret) 
-	goto out;
-       
-    kret = krb5_build_principal(gssapi_krb5_context,
-				&creds.server,
-				strlen(creds.client->realm),
-				creds.client->realm,
-				KRB5_TGS_NAME,
-				creds.client->realm,
-				NULL);
-    if (kret)
-	goto out; 
-       
-    creds.times.endtime = 0;
-       
-    fwd_flags.i = 0;
-    fwd_flags.b.forwarded = 1;
-    fwd_flags.b.forwardable = 1;
-       
-    if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
-	target_name->name.name_string.len < 2) 
-	goto out;
-       
-    kret = krb5_get_forwarded_creds(gssapi_krb5_context,
-				    ac,
-				    ccache,
-				    fwd_flags.i,
-				    target_name->name.name_string.val[1],
-				    &creds,
-				    fwd_data);
-       
- out:
-    if (kret)
-	*flags &= ~GSS_C_DELEG_FLAG;
-    else
-	*flags |= GSS_C_DELEG_FLAG;
-       
-    if (creds.client)
-	krb5_free_principal(gssapi_krb5_context, creds.client);
-    if (creds.server)
-	krb5_free_principal(gssapi_krb5_context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_flags ap_options;
-    krb5_creds this_cred, *cred;
-    krb5_data outbuf;
-    krb5_ccache ccache;
-    u_int32_t flags;
-    Authenticator *auth;
-    krb5_data authenticator;
-    Checksum cksum;
-    krb5_enctype enctype;
-    krb5_data fwd_data;
-    OM_uint32 lifetime_rec;
-
-    krb5_data_zero(&outbuf);
-    krb5_data_zero(&fwd_data);
-
-    *minor_status = 0;
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    (*context_handle)->auth_context = NULL;
-    (*context_handle)->source       = NULL;
-    (*context_handle)->target       = NULL;
-    (*context_handle)->flags        = 0;
-    (*context_handle)->more_flags   = 0;
-    (*context_handle)->ticket       = NULL;
-    (*context_handle)->lifetime     = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = set_addresses ((*context_handle)->auth_context,
-			  input_chan_bindings);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_BAD_BINDINGS;
-	goto failure;
-    }
-       
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
-	kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    *minor_status = kret;
-	    ret = GSS_S_FAILURE;
-	    goto failure;
-	}
-    } else
-	ccache = initiator_cred_handle->ccache;
-
-    kret = krb5_cc_get_principal (gssapi_krb5_context,
-				  ccache,
-				  &(*context_handle)->source);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				target_name,
-				&(*context_handle)->target);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-
-    memset(&this_cred, 0, sizeof(this_cred));
-    this_cred.client          = (*context_handle)->source;
-    this_cred.server          = (*context_handle)->target;
-    if (time_req && time_req != GSS_C_INDEFINITE) {
-	krb5_timestamp ts;
-
-	krb5_timeofday (gssapi_krb5_context, &ts);
-	this_cred.times.endtime = ts + time_req;
-    } else
-	this_cred.times.endtime   = 0;
-    this_cred.session.keytype = 0;
-
-    kret = krb5_get_credentials (gssapi_krb5_context,
-				 KRB5_TC_MATCH_KEYTYPE,
-				 ccache,
-				 &this_cred,
-				 &cred);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    (*context_handle)->lifetime = cred->times.endtime;
-
-    ret = gssapi_lifetime_left(minor_status,
-			       (*context_handle)->lifetime,
-			       &lifetime_rec);
-    if (ret) {
-	goto failure;
-    }
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	ret = GSS_S_CONTEXT_EXPIRED;
-	goto failure;
-    }
-
-    krb5_auth_con_setkey(gssapi_krb5_context, 
-			 (*context_handle)->auth_context, 
-			 &cred->session);
-
-    kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, 
-					     (*context_handle)->auth_context,
-					     &cred->session);
-    if(kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-    
-    flags = 0;
-    ap_options = 0;
-    if (req_flags & GSS_C_DELEG_FLAG)
-	do_delegation ((*context_handle)->auth_context,
-		       ccache, cred, target_name, &fwd_data, &flags);
-    
-    if (req_flags & GSS_C_MUTUAL_FLAG) {
-	flags |= GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    
-    if (req_flags & GSS_C_REPLAY_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_SEQUENCE_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_ANON_FLAG)
-	;                               /* XXX */
-    flags |= GSS_C_CONF_FLAG;
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_SEQUENCE_FLAG;
-    flags |= GSS_C_TRANS_FLAG;
-    
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= LOCAL;
-    
-    ret = gssapi_krb5_create_8003_checksum (minor_status,
-					    input_chan_bindings,
-					    flags,
-					    &fwd_data,
-					    &cksum);
-    krb5_data_free (&fwd_data);
-    if (ret)
-	goto failure;
-
-#if 1
-    enctype = (*context_handle)->auth_context->keyblock->keytype;
-#else
-    if ((*context_handle)->auth_context->enctype)
-	enctype = (*context_handle)->auth_context->enctype;
-    else {
-	kret = krb5_keytype_to_enctype(gssapi_krb5_context,
-				       (*context_handle)->auth_context->keyblock->keytype,
-				       &enctype);
-	if (kret)
-	    return kret;
-    }
-#endif
-
-    kret = krb5_build_authenticator (gssapi_krb5_context,
-				     (*context_handle)->auth_context,
-				     enctype,
-				     cred,
-				     &cksum,
-				     &auth,
-				     &authenticator,
-				     KRB5_KU_AP_REQ_AUTH);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_build_ap_req (gssapi_krb5_context,
-			      enctype,
-			      cred,
-			      ap_options,
-			      authenticator,
-			      &outbuf);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    krb5_data_free (&outbuf);
-
-    if (flags & GSS_C_MUTUAL_FLAG) {
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	if (time_rec)
-	    *time_rec = lifetime_rec;
-
-	(*context_handle)->more_flags |= OPEN;
-	return GSS_S_COMPLETE;
-    }
-
- failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    krb5_data_free (&outbuf);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
-
-static OM_uint32
-repl_mutual
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data indata;
-    krb5_ap_rep_enc_part *repl;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
-				   "\x02\x00");
-    if (ret)
-				/* XXX - Handle AP_ERROR */
-	return ret;
-
-    kret = krb5_rd_rep (gssapi_krb5_context,
-			(*context_handle)->auth_context,
-			&indata,
-			&repl);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    krb5_free_ap_rep_enc_part (gssapi_krb5_context,
-			       repl);
-    
-    (*context_handle)->more_flags |= OPEN;
-
-    *minor_status = 0;
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   (*context_handle)->lifetime,
-				   time_rec);
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-    if (ret_flags)
-	*ret_flags = (*context_handle)->flags;
-
-    return ret;
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-
-    if (target_name == GSS_C_NO_NAME) {
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_C_NO_OID;
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
-	return init_auth (minor_status,
-			  initiator_cred_handle,
-			  context_handle,
-			  target_name,
-			  mech_type,
-			  req_flags,
-			  time_req,
-			  input_chan_bindings,
-			  input_token,
-			  actual_mech_type,
-			  output_token,
-			  ret_flags,
-			  time_rec);
-    else
-	return repl_mutual(minor_status,
-			   initiator_cred_handle,
-			   context_handle,
-			   target_name,
-			   mech_type,
-			   req_flags,
-			   time_req,
-			   input_chan_bindings,
-			   input_token,
-			   actual_mech_type,
-			   output_token,
-			   ret_flags,
-			   time_rec);
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c
deleted file mode 100644
index 95cd2c5..0000000
--- a/crypto/heimdal/lib/gssapi/inquire_context.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-  OM_uint32 ret;
-
-  if (src_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->source,
-			      src_name);
-    if (ret)
-      return ret;
-  }
-
-  if (targ_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->target,
-			      targ_name);
-    if (ret)
-      return ret;
-  }
-
-  if (lifetime_rec)
-    *lifetime_rec = context_handle->lifetime;
-
-  if (mech_type)
-    *mech_type = GSS_KRB5_MECHANISM;
-
-  if (ctx_flags)
-    *ctx_flags = context_handle->flags;
-
-  if (locally_initiated)
-    *locally_initiated = context_handle->more_flags & LOCAL;
-
-  if (open_context)
-    *open_context = context_handle->more_flags & OPEN;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c
deleted file mode 100644
index 4938d56..0000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (name)
-	*name = NULL;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_FAILURE;
-    }
-
-    if (name != NULL) {
-	if (cred_handle->principal != NULL) {
-            ret = gss_duplicate_name(minor_status, cred_handle->principal,
-		name);
-            if (ret)
-        	return ret;
-	} else if (cred_handle->usage == GSS_C_ACCEPT) {
-	    *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
-		NULL, KRB5_NT_SRV_HST, name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	} else {
-	    *minor_status = krb5_get_default_principal(gssapi_krb5_context,
-		name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	}
-    }
-    if (lifetime != NULL) {
-        *lifetime = cred_handle->lifetime;
-    }
-    if (cred_usage != NULL) {
-        *cred_usage = cred_handle->usage;
-    }
-    if (mechanisms != NULL) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret) {
-            return ret;
-        }
-        ret = gss_add_oid_set_member(minor_status,
-				     &cred_handle->mechanisms->elements[0],
-				     mechanisms);
-        if (ret) {
-            return ret;
-        }
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
deleted file mode 100644
index b09d1e1..0000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-    )
-{
-    OM_uint32 ret;
-    OM_uint32 lifetime;
-
-    if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-	gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }    
-
-    ret = gss_inquire_cred (minor_status,
-			    cred_handle,
-			    name,
-			    &lifetime,
-			    cred_usage,
-			    NULL);
-    
-    if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
-	gss_cred_usage_t usage;
-
-	usage = cred_handle->usage;
-
-	if (initiator_lifetime) {
-	    if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
-		*initiator_lifetime = lifetime;
-	}
-	if (acceptor_lifetime) {
-	    if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
-		*acceptor_lifetime = lifetime;
-	}
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
deleted file mode 100644
index 67ebb04..0000000
--- a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_KRB5_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(NULL, mech_types);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
deleted file mode 100644
index 0e93de6..0000000
--- a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
-
-
-static gss_OID *name_list[] = {
-    &GSS_C_NT_HOSTBASED_SERVICE,
-    &GSS_C_NT_USER_NAME,
-    &GSS_KRB5_NT_PRINCIPAL_NAME,
-    &GSS_C_NT_EXPORT_NAME,
-    NULL
-};
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-    int i;
-
-    *minor_status = 0;
-
-    if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
-	gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
-	*name_types = GSS_C_NO_OID_SET;
-	return GSS_S_BAD_MECH;
-    }
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    
-    for (i = 0; name_list[i] != NULL; i++) {
-	ret = gss_add_oid_set_member(minor_status, 
-				     *(name_list[i]),
-				     name_types);
-	if (ret != GSS_S_COMPLETE)
-	    break;
-    }
-
-    if (ret != GSS_S_COMPLETE)
-	gss_release_oid_set(NULL, name_types);
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/8003.c b/crypto/heimdal/lib/gssapi/krb5/8003.c
deleted file mode 100644
index 619cbf9..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/8003.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $");
-
-krb5_error_code
-_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-_gsskrb5_encode_be_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 24) & 0xFF;
-  p[1] = (n >> 16) & 0xFF;
-  p[2] = (n >> 8)  & 0xFF;
-  p[3] = (n >> 0)  & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-_gsskrb5_decode_om_uint32(const void *ptr, OM_uint32 *n)
-{
-    const u_char *p = ptr;
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-    return 0;
-}
-
-krb5_error_code
-_gsskrb5_decode_be_om_uint32(const void *ptr, OM_uint32 *n)
-{
-    const u_char *p = ptr;
-    *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
-    return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
-			  u_char *p)
-{
-  u_char num[4];
-  MD5_CTX md5;
-
-  MD5_Init(&md5);
-  _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  _gsskrb5_encode_om_uint32 (b->initiator_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->initiator_address.length)
-    MD5_Update (&md5,
-		b->initiator_address.value,
-		b->initiator_address.length);
-  _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->acceptor_address.length)
-    MD5_Update (&md5,
-		b->acceptor_address.value,
-		b->acceptor_address.length);
-  _gsskrb5_encode_om_uint32 (b->application_data.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->application_data.length)
-    MD5_Update (&md5,
-		b->application_data.value,
-		b->application_data.length);
-  MD5_Final (p, &md5);
-  return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-_gsskrb5_create_8003_checksum (
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-		      const krb5_data *fwd_data,
-		      Checksum *result)
-{
-    u_char *p;
-
-    /* 
-     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value 
-     * field's format) */
-    result->cksumtype = CKSUMTYPE_GSSAPI;
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
-	result->checksum.length = 24 + 4 + fwd_data->length;
-    else 
-	result->checksum.length = 24;
-    result->checksum.data   = malloc (result->checksum.length);
-    if (result->checksum.data == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-  
-    p = result->checksum.data;
-    _gsskrb5_encode_om_uint32 (16, p);
-    p += 4;
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
-	memset (p, 0, 16);
-    } else {
-	hash_input_chan_bindings (input_chan_bindings, p);
-    }
-    p += 16;
-    _gsskrb5_encode_om_uint32 (flags, p);
-    p += 4;
-
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-
-	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
-	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
-	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
-	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
-	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
-	p += fwd_data->length;
-    }
-     
-    return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning  `flags' and `fwd_data'
- */
-
-OM_uint32
-_gsskrb5_verify_8003_checksum(
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-		      krb5_data *fwd_data)
-{
-    unsigned char hash[16];
-    unsigned char *p;
-    OM_uint32 length;
-    int DlgOpt;
-    static unsigned char zeros[16];
-
-    if (cksum == NULL) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-
-    /* XXX should handle checksums > 24 bytes */
-    if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p = cksum->checksum.data;
-    _gsskrb5_decode_om_uint32(p, &length);
-    if(length != sizeof(hash)) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p += 4;
-    
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
-	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	if(memcmp(hash, p, sizeof(hash)) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    }
-    
-    p += sizeof(hash);
-    
-    _gsskrb5_decode_om_uint32(p, flags);
-    p += 4;
-
-    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
-	if(cksum->checksum.length < 28) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    
-	DlgOpt = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if (DlgOpt != 1) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-
-	fwd_data->length = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if(cksum->checksum.length < 28 + fwd_data->length) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	fwd_data->data = malloc(fwd_data->length);
-	if (fwd_data->data == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(fwd_data->data, p, fwd_data->length);
-    }
-    
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c
deleted file mode 100644
index 73b93ce..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ /dev/null
@@ -1,801 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $");
-
-HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
-krb5_keytab _gsskrb5_keytab;
-
-OM_uint32
-_gsskrb5_register_acceptor_identity (const char *identity)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    ret = _gsskrb5_init(&context);
-    if(ret)
-	return GSS_S_FAILURE;
-    
-    HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
-
-    if(_gsskrb5_keytab != NULL) {
-	krb5_kt_close(context, _gsskrb5_keytab);
-	_gsskrb5_keytab = NULL;
-    }
-    if (identity == NULL) {
-	ret = krb5_kt_default(context, &_gsskrb5_keytab);
-    } else {
-	char *p;
-
-	asprintf(&p, "FILE:%s", identity);
-	if(p == NULL) {
-	    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-	    return GSS_S_FAILURE;
-	}
-	ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
-	free(p);
-    }
-    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-    if(ret)
-	return GSS_S_FAILURE;
-    return GSS_S_COMPLETE;
-}
-
-void
-_gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx)
-{
-    krb5_keyblock *key;
-    int acceptor = (ctx->more_flags & LOCAL) == 0;
-
-    *is_cfx = 0;
-
-    if (acceptor) {
-	if (ctx->auth_context->local_subkey)
-	    key = ctx->auth_context->local_subkey;
-	else
-	    key = ctx->auth_context->remote_subkey;
-    } else {
-	if (ctx->auth_context->remote_subkey)
-	    key = ctx->auth_context->remote_subkey;
-	else
-	    key = ctx->auth_context->local_subkey;
-    }
-    if (key == NULL)
-	key = ctx->auth_context->keyblock;
-
-    if (key == NULL)
-	return;
-	    
-    switch (key->keytype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-    case ETYPE_DES3_CBC_MD5:
-    case ETYPE_DES3_CBC_SHA1:
-    case ETYPE_ARCFOUR_HMAC_MD5:
-    case ETYPE_ARCFOUR_HMAC_MD5_56:
-	break;
-    default :
-	*is_cfx = 1;
-	if ((acceptor && ctx->auth_context->local_subkey) ||
-	    (!acceptor && ctx->auth_context->remote_subkey))
-	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	break;
-    }
-}
-
-
-static OM_uint32
-gsskrb5_accept_delegated_token
-(OM_uint32 * minor_status,
- gsskrb5_ctx ctx,
- krb5_context context,
- gss_cred_id_t * delegated_cred_handle
-    )
-{
-    krb5_ccache ccache = NULL;
-    krb5_error_code kret;
-    int32_t ac_flags, ret = GSS_S_COMPLETE;
-      
-    *minor_status = 0;
-
-    /* XXX Create a new delegated_cred_handle? */
-    if (delegated_cred_handle == NULL) {
-	kret = krb5_cc_default (context, &ccache);
-    } else {
-	*delegated_cred_handle = NULL;
-	kret = krb5_cc_gen_new (context, &krb5_mcc_ops, &ccache);
-    }
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	goto out;
-    }
-
-    kret = krb5_cc_initialize(context, ccache, ctx->source);
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	goto out;
-    }
-      
-    krb5_auth_con_removeflags(context,
-			      ctx->auth_context,
-			      KRB5_AUTH_CONTEXT_DO_TIME,
-			      &ac_flags);
-    kret = krb5_rd_cred2(context,
-			 ctx->auth_context,
-			 ccache,
-			 &ctx->fwd_data);
-    krb5_auth_con_setflags(context,
-			   ctx->auth_context,
-			   ac_flags);
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	goto out;
-    }
-
-    if (delegated_cred_handle) {
-	gsskrb5_cred handle;
-
-	ret = _gsskrb5_import_cred(minor_status,
-				   ccache,
-				   NULL,
-				   NULL,
-				   delegated_cred_handle);
-	if (ret != GSS_S_COMPLETE)
-	    goto out;
-
-	handle = (gsskrb5_cred) *delegated_cred_handle;
-    
-	handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
-	krb5_cc_close(context, ccache);
-	ccache = NULL;
-    }
-
-out:
-    if (ccache) {
-	/* Don't destroy the default cred cache */
-	if (delegated_cred_handle == NULL)
-	    krb5_cc_close(context, ccache);
-	else
-	    krb5_cc_destroy(context, ccache);
-    }
-    return ret;
-}
-
-static OM_uint32
-gsskrb5_acceptor_ready(OM_uint32 * minor_status,
-		       gsskrb5_ctx ctx,
-		       krb5_context context,
-		       gss_cred_id_t *delegated_cred_handle)
-{
-    OM_uint32 ret;
-    int32_t seq_number;
-    int is_cfx = 0;
-
-    krb5_auth_getremoteseqnumber (context,
-				  ctx->auth_context,
-				  &seq_number);
-
-    _gsskrb5i_is_cfx(ctx, &is_cfx);
-
-    ret = _gssapi_msg_order_create(minor_status,
-				   &ctx->order,
-				   _gssapi_msg_order_f(ctx->flags),
-				   seq_number, 0, is_cfx);
-    if (ret)
-	return ret;
-
-    /* 
-     * If requested, set local sequence num to remote sequence if this
-     * isn't a mutual authentication context
-     */
-    if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) {
-	krb5_auth_con_setlocalseqnumber(context,
-					ctx->auth_context,
-					seq_number);
-    }
-
-    /*
-     * We should handle the delegation ticket, in case it's there
-     */
-    if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) {
-	ret = gsskrb5_accept_delegated_token(minor_status,
-					     ctx,
-					     context,
-					     delegated_cred_handle);
-	if (ret)
-	    return ret;
-    } else {
-	/* Well, looks like it wasn't there after all */
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-    }
-
-    ctx->state = ACCEPTOR_READY;
-    ctx->more_flags |= OPEN;
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-gsskrb5_acceptor_start(OM_uint32 * minor_status,
-		       gsskrb5_ctx ctx,
-		       krb5_context context,
-		       const gss_cred_id_t acceptor_cred_handle,
-		       const gss_buffer_t input_token_buffer,
-		       const gss_channel_bindings_t input_chan_bindings,
-		       gss_name_t * src_name,
-		       gss_OID * mech_type,
-		       gss_buffer_t output_token,
-		       OM_uint32 * ret_flags,
-		       OM_uint32 * time_rec,
-		       gss_cred_id_t * delegated_cred_handle)
-{
-    krb5_error_code kret;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data indata;
-    krb5_flags ap_options;
-    krb5_keytab keytab = NULL;
-    int is_cfx = 0;
-    const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle;
-
-    /*
-     * We may, or may not, have an escapsulation.
-     */
-    ret = _gsskrb5_decapsulate (minor_status,
-				input_token_buffer,
-				&indata,
-				"\x01\x00",
-				GSS_KRB5_MECHANISM);
-
-    if (ret) {
-	/* Assume that there is no OID wrapping. */
-	indata.length	= input_token_buffer->length;
-	indata.data	= input_token_buffer->value;
-    }
-
-    /*
-     * We need to get our keytab
-     */
-    if (acceptor_cred == NULL) {
-	if (_gsskrb5_keytab != NULL)
-	    keytab = _gsskrb5_keytab;
-    } else if (acceptor_cred->keytab != NULL) {
-	keytab = acceptor_cred->keytab;
-    }
-    
-    /*
-     * We need to check the ticket and create the AP-REP packet
-     */
-
-    {
-	krb5_rd_req_in_ctx in = NULL;
-	krb5_rd_req_out_ctx out = NULL;
-
-	kret = krb5_rd_req_in_ctx_alloc(context, &in);
-	if (kret == 0)
-	    kret = krb5_rd_req_in_set_keytab(context, in, keytab);
-	if (kret) {
-	    if (in)
-		krb5_rd_req_in_ctx_free(context, in);
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-	kret = krb5_rd_req_ctx(context,
-			       &ctx->auth_context,
-			       &indata,
-			       (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal,
-			       in, &out);
-	krb5_rd_req_in_ctx_free(context, in);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-	/*
-	 * We need to remember some data on the context_handle.
-	 */
-	kret = krb5_rd_req_out_get_ap_req_options(context, out,
-						  &ap_options);
-	if (kret == 0)
-	    kret = krb5_rd_req_out_get_ticket(context, out, 
-					      &ctx->ticket);
-	if (kret == 0)
-	    kret = krb5_rd_req_out_get_keyblock(context, out,
-						&ctx->service_keyblock);
-	ctx->lifetime = ctx->ticket->ticket.endtime;
-
-	krb5_rd_req_out_ctx_free(context, out);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-    }
-    
-    
-    /*
-     * We need to copy the principal names to the context and the
-     * calling layer.
-     */
-    kret = krb5_copy_principal(context,
-			       ctx->ticket->client,
-			       &ctx->source);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-    }
-
-    kret = krb5_copy_principal(context, 
-			       ctx->ticket->server,
-			       &ctx->target);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	return ret;
-    }
-    
-    /*
-     * We need to setup some compat stuff, this assumes that
-     * context_handle->target is already set.
-     */
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-	return ret;
-
-    if (src_name != NULL) {
-	kret = krb5_copy_principal (context,
-				    ctx->ticket->client,
-				    (gsskrb5_name*)src_name);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-    }
-
-    /*
-     * We need to get the flags out of the 8003 checksum.
-     */
-    {
-	krb5_authenticator authenticator;
-      
-	kret = krb5_auth_con_getauthenticator(context,
-					      ctx->auth_context,
-					      &authenticator);
-	if(kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-        if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
-            ret = _gsskrb5_verify_8003_checksum(minor_status,
-						input_chan_bindings,
-						authenticator->cksum,
-						&ctx->flags,
-						&ctx->fwd_data);
-
-	    krb5_free_authenticator(context, &authenticator);
-	    if (ret) {
-		return ret;
-	    }
-        } else {
-	    krb5_crypto crypto;
-
-	    kret = krb5_crypto_init(context, 
-				    ctx->auth_context->keyblock, 
-				    0, &crypto);
-	    if(kret) {
-		krb5_free_authenticator(context, &authenticator);
-
-		ret = GSS_S_FAILURE;
-		*minor_status = kret;
-		return ret;
-	    }
-
-	    /* 
-	     * Windows accepts Samba3's use of a kerberos, rather than
-	     * GSSAPI checksum here 
-	     */
-
-	    kret = krb5_verify_checksum(context,
-					crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
-					authenticator->cksum);
-	    krb5_free_authenticator(context, &authenticator);
-	    krb5_crypto_destroy(context, crypto);
-
-	    if(kret) {
-		ret = GSS_S_BAD_SIG;
-		*minor_status = kret;
-		return ret;
-	    }
-
-	    /* 
-	     * Samba style get some flags (but not DCE-STYLE)
-	     */
-	    ctx->flags = 
-		GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
-        }
-    }
-    
-    if(ctx->flags & GSS_C_MUTUAL_FLAG) {
-	krb5_data outbuf;
-	    
-	_gsskrb5i_is_cfx(ctx, &is_cfx);
-	    
-	if (is_cfx != 0 
-	    || (ap_options & AP_OPTS_USE_SUBKEY)) {
-	    kret = krb5_auth_con_addflags(context,
-					  ctx->auth_context,
-					  KRB5_AUTH_CONTEXT_USE_SUBKEY,
-					  NULL);
-	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	}
-	    
-	kret = krb5_mk_rep(context,
-			   ctx->auth_context,
-			   &outbuf);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	    
-	if (IS_DCE_STYLE(ctx)) {
-	    output_token->length = outbuf.length;
-	    output_token->value = outbuf.data;
-	} else {
-	    ret = _gsskrb5_encapsulate(minor_status,
-				       &outbuf,
-				       output_token,
-				       "\x02\x00",
-				       GSS_KRB5_MECHANISM);
-	    krb5_data_free (&outbuf);
-	    if (ret)
-		return ret;
-	}
-    }
-    
-    ctx->flags |= GSS_C_TRANS_FLAG;
-
-    /* Remember the flags */
-    
-    ctx->lifetime = ctx->ticket->ticket.endtime;
-    ctx->more_flags |= OPEN;
-    
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-    
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     time_rec);
-	if (ret) {
-	    return ret;
-	}
-    }
-
-    /*
-     * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from
-     * the client.
-     */
-    if (IS_DCE_STYLE(ctx)) {
-	/*
-	 * Return flags to caller, but we haven't processed
-	 * delgations yet
-	 */
-	if (ret_flags)
-	    *ret_flags = (ctx->flags & ~GSS_C_DELEG_FLAG);
-
-	ctx->state = ACCEPTOR_WAIT_FOR_DCESTYLE;
-	return GSS_S_CONTINUE_NEEDED;
-    }
-
-    ret = gsskrb5_acceptor_ready(minor_status, ctx, context, 
-				 delegated_cred_handle);
-
-    if (ret_flags)
-	*ret_flags = ctx->flags;
-
-    return ret;
-}
-
-static OM_uint32
-acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
-			   gsskrb5_ctx ctx,
-			   krb5_context context,
-			   const gss_cred_id_t acceptor_cred_handle,
-			   const gss_buffer_t input_token_buffer,
-			   const gss_channel_bindings_t input_chan_bindings,
-			   gss_name_t * src_name,
-			   gss_OID * mech_type,
-			   gss_buffer_t output_token,
-			   OM_uint32 * ret_flags,
-			   OM_uint32 * time_rec,
-			   gss_cred_id_t * delegated_cred_handle)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data inbuf;
-    int32_t r_seq_number, l_seq_number;
-	
-    /* 
-     * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
-     */
-
-    inbuf.length = input_token_buffer->length;
-    inbuf.data = input_token_buffer->value;
-
-    /* 
-     * We need to remeber the old remote seq_number, then check if the
-     * client has replied with our local seq_number, and then reset
-     * the remote seq_number to the old value
-     */
-    {
-	kret = krb5_auth_con_getlocalseqnumber(context,
-					       ctx->auth_context,
-					       &l_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_getremoteseqnumber(context,
-					    ctx->auth_context,
-					    &r_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_con_setremoteseqnumber(context,
-						ctx->auth_context,
-						l_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    /* 
-     * We need to verify the AP_REP, but we need to flag that this is
-     * DCE_STYLE, so don't check the timestamps this time, but put the
-     * flag DO_TIME back afterward.
-    */ 
-    {
-	krb5_ap_rep_enc_part *repl;
-	int32_t auth_flags;
-		
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_TIME,
-				  &auth_flags);
-
-	kret = krb5_rd_rep(context, ctx->auth_context, &inbuf, &repl);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	krb5_free_ap_rep_enc_part(context, repl);
-	krb5_auth_con_setflags(context, ctx->auth_context, auth_flags);
-    }
-
-    /* We need to check the liftime */
-    {
-	OM_uint32 lifetime_rec;
-
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     &lifetime_rec);
-	if (ret) {
-	    return ret;
-	}
-	if (lifetime_rec == 0) {
-	    return GSS_S_CONTEXT_EXPIRED;
-	}
-	
-	if (time_rec) *time_rec = lifetime_rec;
-    }
-
-    /* We need to give the caller the flags which are in use */
-    if (ret_flags) *ret_flags = ctx->flags;
-
-    if (src_name) {
-	kret = krb5_copy_principal(context,
-				   ctx->source,
-				   (gsskrb5_name*)src_name);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    /*
-     * After the krb5_rd_rep() the remote and local seq_number should
-     * be the same, because the client just replies the seq_number
-     * from our AP-REP in its AP-REP, but then the client uses the
-     * seq_number from its AP-REQ for GSS_wrap()
-     */
-    {
-	int32_t tmp_r_seq_number, tmp_l_seq_number;
-
-	kret = krb5_auth_getremoteseqnumber(context,
-					    ctx->auth_context,
-					    &tmp_r_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_con_getlocalseqnumber(context,
-					       ctx->auth_context,
-					       &tmp_l_seq_number);
-	if (kret) {
-
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	/*
-	 * Here we check if the client has responsed with our local seq_number,
-	 */
-	if (tmp_r_seq_number != tmp_l_seq_number) {
-	    return GSS_S_UNSEQ_TOKEN;
-	}
-    }
-
-    /*
-     * We need to reset the remote seq_number, because the client will use,
-     * the old one for the GSS_wrap() calls
-     */
-    {
-	kret = krb5_auth_con_setremoteseqnumber(context,
-						ctx->auth_context,
-						r_seq_number);	
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    return gsskrb5_acceptor_ready(minor_status, ctx, context, 
-				  delegated_cred_handle);
-}
-
-
-OM_uint32
-_gsskrb5_accept_sec_context(OM_uint32 * minor_status,
-			    gss_ctx_id_t * context_handle,
-			    const gss_cred_id_t acceptor_cred_handle,
-			    const gss_buffer_t input_token_buffer,
-			    const gss_channel_bindings_t input_chan_bindings,
-			    gss_name_t * src_name,
-			    gss_OID * mech_type,
-			    gss_buffer_t output_token,
-			    OM_uint32 * ret_flags,
-			    OM_uint32 * time_rec,
-			    gss_cred_id_t * delegated_cred_handle)
-{
-    krb5_context context;
-    OM_uint32 ret;
-    gsskrb5_ctx ctx;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	ret = _gsskrb5_create_ctx(minor_status,
-				  context_handle,
-				  context,
-				  input_chan_bindings,
-				  ACCEPTOR_START);
-	if (ret)
-	    return ret;
-    }
-    
-    ctx = (gsskrb5_ctx)*context_handle;
-
-    
-    /*
-     * TODO: check the channel_bindings 
-     * (above just sets them to krb5 layer)
-     */
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    
-    switch (ctx->state) {
-    case ACCEPTOR_START:
-	ret = gsskrb5_acceptor_start(minor_status,
-				     ctx,
-				     context,
-				     acceptor_cred_handle,
-				     input_token_buffer,
-				     input_chan_bindings,
-				     src_name,
-				     mech_type,
-				     output_token,
-				     ret_flags,
-				     time_rec,
-				     delegated_cred_handle);
-	break;
-    case ACCEPTOR_WAIT_FOR_DCESTYLE:
-	ret = acceptor_wait_for_dcestyle(minor_status,
-					 ctx,
-					 context,
-					 acceptor_cred_handle,
-					 input_token_buffer,
-					 input_chan_bindings,
-					 src_name,
-					 mech_type,
-					 output_token,
-					 ret_flags,
-					 time_rec,
-					 delegated_cred_handle);
-	break;
-    case ACCEPTOR_READY:
-	/* 
-	 * If we get there, the caller have called
-	 * gss_accept_sec_context() one time too many.
-	 */
-	ret =  GSS_S_BAD_STATUS;
-	break;
-    default:
-	/* TODO: is this correct here? --metze */
-	ret =  GSS_S_BAD_STATUS;
-	break;
-    }
-    
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    
-    if (GSS_ERROR(ret)) {
-	OM_uint32 min2;
-	_gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c
deleted file mode 100644
index 6e13a42..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: acquire_cred.c 22124 2007-12-04 00:03:52Z lha $");
-
-OM_uint32
-__gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
-			  krb5_context context,
-			  krb5_ccache id,
-			  krb5_principal principal,
-			  OM_uint32 *lifetime)
-{
-    krb5_creds in_cred, *out_cred;
-    krb5_const_realm realm;
-    krb5_error_code kret;
-
-    memset(&in_cred, 0, sizeof(in_cred));
-    in_cred.client = principal;
-	
-    realm = krb5_principal_get_realm(context,  principal);
-    if (realm == NULL) {
-	_gsskrb5_clear_status ();
-	*minor_status = KRB5_PRINC_NOMATCH; /* XXX */
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_make_principal(context, &in_cred.server, 
-			       realm, KRB5_TGS_NAME, realm, NULL);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_get_credentials(context, 0, 
-				id, &in_cred, &out_cred);
-    krb5_free_principal(context, in_cred.server);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    *lifetime = out_cred->times.endtime;
-    krb5_free_creds(context, out_cred);
-
-    return GSS_S_COMPLETE;
-}
-
-
-
-
-static krb5_error_code
-get_keytab(krb5_context context, krb5_keytab *keytab)
-{
-    char kt_name[256];
-    krb5_error_code kret;
-
-    HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
-
-    if (_gsskrb5_keytab != NULL) {
-	kret = krb5_kt_get_name(context,
-				_gsskrb5_keytab,
-				kt_name, sizeof(kt_name));
-	if (kret == 0)
-	    kret = krb5_kt_resolve(context, kt_name, keytab);
-    } else
-	kret = krb5_kt_default(context, keytab);
-
-    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-
-    return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
-		  (OM_uint32 * minor_status,
-		   krb5_context context,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gsskrb5_cred handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_creds cred;
-    krb5_principal def_princ;
-    krb5_get_init_creds_opt *opt;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_error_code kret;
-
-    keytab = NULL;
-    ccache = NULL;
-    def_princ = NULL;
-    ret = GSS_S_FAILURE;
-    memset(&cred, 0, sizeof(cred));
-
-    /* If we have a preferred principal, lets try to find it in all
-     * caches, otherwise, fall back to default cache.  Ignore
-     * errors. */
-    if (handle->principal)
-	kret = krb5_cc_cache_match (context,
-				    handle->principal,
-				    NULL,
-				    &ccache);
-    
-    if (ccache == NULL) {
-	kret = krb5_cc_default(context, &ccache);
-	if (kret)
-	    goto end;
-    }
-    kret = krb5_cc_get_principal(context, ccache,
-	&def_princ);
-    if (kret != 0) {
-	/* we'll try to use a keytab below */
-	krb5_cc_destroy(context, ccache);
-	ccache = NULL;
-	kret = 0;
-    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(context, def_princ,
-	    &handle->principal);
-	if (kret)
-	    goto end;
-    } else if (handle->principal != NULL &&
-	krb5_principal_compare(context, handle->principal,
-	def_princ) == FALSE) {
-	/* Before failing, lets check the keytab */
-	krb5_free_principal(context, def_princ);
-	def_princ = NULL;
-    }
-    if (def_princ == NULL) {
-	/* We have no existing credentials cache,
-	 * so attempt to get a TGT using a keytab.
-	 */
-	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(context,
-		&handle->principal);
-	    if (kret)
-		goto end;
-	}
-	kret = get_keytab(context, &keytab);
-	if (kret)
-	    goto end;
-	kret = krb5_get_init_creds_opt_alloc(context, &opt);
-	if (kret)
-	    goto end;
-	kret = krb5_get_init_creds_keytab(context, &cred,
-	    handle->principal, keytab, 0, NULL, opt);
-	krb5_get_init_creds_opt_free(context, opt);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
-		&ccache);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_initialize(context, ccache, cred.client);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_store_cred(context, ccache, &cred);
-	if (kret)
-	    goto end;
-	handle->lifetime = cred.times.endtime;
-	handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
-    } else {
-
-	ret = __gsskrb5_ccache_lifetime(minor_status,
-					context,
-					ccache,
-					handle->principal,
-					&handle->lifetime);
-	if (ret != GSS_S_COMPLETE)
-	    goto end;
-	kret = 0;
-    }
-
-    handle->ccache = ccache;
-    ret = GSS_S_COMPLETE;
-
-end:
-    if (cred.client != NULL)
-	krb5_free_cred_contents(context, &cred);
-    if (def_princ != NULL)
-	krb5_free_principal(context, def_princ);
-    if (keytab != NULL)
-	krb5_kt_close(context, keytab);
-    if (ret != GSS_S_COMPLETE) {
-	if (ccache != NULL)
-	    krb5_cc_close(context, ccache);
-	if (kret != 0) {
-	    *minor_status = kret;
-	}
-    }
-    return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
-		  (OM_uint32 * minor_status,
-		   krb5_context context,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gsskrb5_cred handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-
-    kret = 0;
-    ret = GSS_S_FAILURE;
-    kret = get_keytab(context, &handle->keytab);
-    if (kret)
-	goto end;
-    
-    /* check that the requested principal exists in the keytab */
-    if (handle->principal) {
-	krb5_keytab_entry entry;
-
-	kret = krb5_kt_get_entry(context, handle->keytab, 
-				 handle->principal, 0, 0, &entry);
-	if (kret)
-	    goto end;
-	krb5_kt_free_entry(context, &entry);
-	ret = GSS_S_COMPLETE;
-    } else {
-	/* 
-	 * Check if there is at least one entry in the keytab before
-	 * declaring it as an useful keytab.
-	 */
-	krb5_keytab_entry tmp;
-	krb5_kt_cursor c;
-
-	kret = krb5_kt_start_seq_get (context, handle->keytab, &c);
-	if (kret)
-	    goto end;
-	if (krb5_kt_next_entry(context, handle->keytab, &tmp, &c) == 0) {
-	    krb5_kt_free_entry(context, &tmp);
-	    ret = GSS_S_COMPLETE; /* ok found one entry */
-	}
-	krb5_kt_end_seq_get (context, handle->keytab, &c);
-    } 
-end:
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->keytab != NULL)
-	    krb5_kt_close(context, handle->keytab);
-	if (kret != 0) {
-	    *minor_status = kret;
-	}
-    }
-    return (ret);
-}
-
-OM_uint32 _gsskrb5_acquire_cred
-(OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
-    )
-{
-    krb5_context context;
-    gsskrb5_cred handle;
-    OM_uint32 ret;
-
-    if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return GSS_S_FAILURE;
-    }
-
-    GSSAPI_KRB5_INIT(&context);
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-
-    if (desired_mechs) {
-	int present = 0;
-
-	ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				      desired_mechs, &present); 
-	if (ret)
-	    return ret;
-	if (!present) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_MECH;
-	}
-    }
-
-    handle = calloc(1, sizeof(*handle));
-    if (handle == NULL) {
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-
-    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-
-    if (desired_name != GSS_C_NO_NAME) {
-	krb5_principal name = (krb5_principal)desired_name;
-	ret = krb5_copy_principal(context, name, &handle->principal);
-	if (ret) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    *minor_status = ret;
-	    free(handle);
-	    return GSS_S_FAILURE;
-	}
-    }
-    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, context,
-				     desired_name, time_req,
-				     desired_mechs, cred_usage, handle,
-				     actual_mechs, time_rec);
-    	if (ret != GSS_S_COMPLETE) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return (ret);
-	}
-    }
-    if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, context,
-				    desired_name, time_req,
-				    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-	if (ret != GSS_S_COMPLETE) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return (ret);
-	}
-    }
-    ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, 
-				    NULL, time_rec, NULL, actual_mechs);
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->mechanisms != NULL)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	krb5_free_principal(context, handle->principal);
-	free(handle);
-	return (ret);
-    } 
-    *minor_status = 0;
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     handle->lifetime,
-				     time_rec);
-
-	if (ret)
-	    return ret;
-    }
-    handle->usage = cred_usage;
-    *output_cred_handle = (gss_cred_id_t)handle;
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/add_cred.c b/crypto/heimdal/lib/gssapi/krb5/add_cred.c
deleted file mode 100644
index 9a1045a..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/add_cred.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    krb5_context context;
-    OM_uint32 ret, lifetime;
-    gsskrb5_cred cred, handle;
-    krb5_const_principal dname;
-
-    handle = NULL;
-    cred = (gsskrb5_cred)input_cred_handle;
-    dname = (krb5_const_principal)desired_name;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (cred == NULL && output_cred_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (cred == NULL) { /* XXX standard conformance failure */
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    /* check if requested output usage is compatible with output usage */ 
-    if (output_cred_handle != NULL) {
-	HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-	if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    *minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	    return(GSS_S_FAILURE);
-	}
-    }
-	
-    /* check that we have the same name */
-    if (dname != NULL &&
-	krb5_principal_compare(context, dname, 
-			       cred->principal) != FALSE) {
-	if (output_cred_handle)
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    /* make a copy */
-    if (output_cred_handle) {
-	krb5_error_code kret;
-
-	handle = calloc(1, sizeof(*handle));
-	if (handle == NULL) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    *minor_status = ENOMEM;
-	    return (GSS_S_FAILURE);
-	}
-
-	handle->usage = cred_usage;
-	handle->lifetime = cred->lifetime;
-	handle->principal = NULL;
-	handle->keytab = NULL;
-	handle->ccache = NULL;
-	handle->mechanisms = NULL;
-	HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-	
-	ret = GSS_S_FAILURE;
-
-	kret = krb5_copy_principal(context, cred->principal,
-				  &handle->principal);
-	if (kret) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    free(handle);
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	if (cred->keytab) {
-	    char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-	    int len;
-	    
-	    ret = GSS_S_FAILURE;
-
-	    kret = krb5_kt_get_type(context, cred->keytab,
-				    name, KRB5_KT_PREFIX_MAX_LEN);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-	    len = strlen(name);
-	    name[len++] = ':';
-
-	    kret = krb5_kt_get_name(context, cred->keytab,
-				    name + len, 
-				    sizeof(name) - len);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-
-	    kret = krb5_kt_resolve(context, name,
-				   &handle->keytab);
-	    if (kret){
-		*minor_status = kret;
-		goto failure;
-	    }
-	}
-
-	if (cred->ccache) {
-	    const char *type, *name;
-	    char *type_name;
-
-	    ret = GSS_S_FAILURE;
-
-	    type = krb5_cc_get_type(context, cred->ccache);
-	    if (type == NULL){
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    if (strcmp(type, "MEMORY") == 0) {
-		ret = krb5_cc_gen_new(context, &krb5_mcc_ops,
-				      &handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-		ret = krb5_cc_copy_cache(context, cred->ccache,
-					 handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-	    } else {
-		name = krb5_cc_get_name(context, cred->ccache);
-		if (name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		asprintf(&type_name, "%s:%s", type, name);
-		if (type_name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		kret = krb5_cc_resolve(context, type_name,
-				       &handle->ccache);
-		free(type_name);
-		if (kret) {
-		    *minor_status = kret;
-		    goto failure;
-		}	    
-	    }
-	}
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret)
-	    goto failure;
-
-	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-	if (ret)
-	    goto failure;
-    }
-
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-
-    ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred, 
-				NULL, &lifetime, NULL, actual_mechs);
-    if (ret)
-	goto failure;
-
-    if (initiator_time_rec)
-	*initiator_time_rec = lifetime;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = lifetime;
-
-    if (output_cred_handle) {
-	*output_cred_handle = (gss_cred_id_t)handle;
-    }
-
-    *minor_status = 0;
-    return ret;
-
- failure:
-
-    if (handle) {
-	if (handle->principal)
-	    krb5_free_principal(context, handle->principal);
-	if (handle->keytab)
-	    krb5_kt_close(context, handle->keytab);
-	if (handle->ccache)
-	    krb5_cc_destroy(context, handle->ccache);
-	if (handle->mechanisms)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-    }
-    if (output_cred_handle)
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c
deleted file mode 100644
index 18a90fe..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-_gsskrb5i_address_to_krb5addr(krb5_context context,
-			      OM_uint32 gss_addr_type,
-			      gss_buffer_desc *gss_addr,
-			      int16_t port,
-			      krb5_address *address)
-{
-   int addr_type;
-   struct sockaddr sa;
-   krb5_socklen_t sa_size = sizeof(sa);
-   krb5_error_code problem;
-   
-   if (gss_addr == NULL)
-      return GSS_S_FAILURE; 
-   
-   switch (gss_addr_type) {
-#ifdef HAVE_IPV6
-      case GSS_C_AF_INET6: addr_type = AF_INET6;
-                           break;
-#endif /* HAVE_IPV6 */
-                           
-      case GSS_C_AF_INET:  addr_type = AF_INET;
-                           break;
-      default:
-                           return GSS_S_FAILURE;
-   }
-                      
-   problem = krb5_h_addr2sockaddr (context,
-				   addr_type,
-                                   gss_addr->value, 
-                                   &sa, 
-                                   &sa_size, 
-                                   port);
-   if (problem)
-      return GSS_S_FAILURE;
-
-   problem = krb5_sockaddr2address (context, &sa, address);
-
-   return problem;  
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/arcfour.c b/crypto/heimdal/lib/gssapi/krb5/arcfour.c
deleted file mode 100644
index 032da36..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/arcfour.c
+++ /dev/null
@@ -1,760 +0,0 @@
-/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $");
-
-/*
- * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- *
- * The arcfour message have the following formats:
- *
- * MIC token
- * 	TOK_ID[2] = 01 01
- *	SGN_ALG[2] = 11 00
- *	Filler[4]
- *	SND_SEQ[8]
- *	SGN_CKSUM[8]
- *
- * WRAP token
- *	TOK_ID[2] = 02 01
- *	SGN_ALG[2];
- *	SEAL_ALG[2]
- *	Filler[2]
- *	SND_SEQ[2]
- *	SGN_CKSUM[8]
- *	Confounder[8]
- */
-
-/*
- * WRAP in DCE-style have a fixed size header, the oid and length over
- * the WRAP header is a total of
- * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE +
- * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead,
- * remember the 2 bytes from APPL [0] SEQ).
- */
-
-#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-#define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13
-
-
-static krb5_error_code
-arcfour_mic_key(krb5_context context, krb5_keyblock *key,
-		void *cksum_data, size_t cksum_size,
-		void *key6_data, size_t key6_size)
-{
-    krb5_error_code ret;
-    
-    Checksum cksum_k5;
-    krb5_keyblock key5;
-    char k5_data[16];
-    
-    Checksum cksum_k6;
-    
-    char T[4];
-
-    memset(T, 0, 4);
-    cksum_k5.checksum.data = k5_data;
-    cksum_k5.checksum.length = sizeof(k5_data);
-
-    if (key->keytype == KEYTYPE_ARCFOUR_56) {
-	char L40[14] = "fortybits";
-
-	memcpy(L40 + 10, T, sizeof(T));
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			L40, 14, 0, key, &cksum_k5);
-	memset(&k5_data[7], 0xAB, 9);
-    } else {
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			T, 4, 0, key, &cksum_k5);
-    }
-    if (ret)
-	return ret;
-
-    key5.keytype = KEYTYPE_ARCFOUR;
-    key5.keyvalue = cksum_k5.checksum;
-
-    cksum_k6.checksum.data = key6_data;
-    cksum_k6.checksum.length = key6_size;
-
-    return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-		     cksum_data, cksum_size, 0, &key5, &cksum_k6);
-}
-
-
-static krb5_error_code
-arcfour_mic_cksum(krb5_context context,
-		  krb5_keyblock *key, unsigned usage,
-		  u_char *sgn_cksum, size_t sgn_cksum_sz,
-		  const u_char *v1, size_t l1,
-		  const void *v2, size_t l2,
-		  const void *v3, size_t l3)
-{
-    Checksum CKSUM;
-    u_char *ptr;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    
-    assert(sgn_cksum_sz == 8);
-
-    len = l1 + l2 + l3;
-
-    ptr = malloc(len);
-    if (ptr == NULL)
-	return ENOMEM;
-
-    memcpy(ptr, v1, l1);
-    memcpy(ptr + l1, v2, l2);
-    memcpy(ptr + l1 + l2, v3, l3);
-    
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(ptr);
-	return ret;
-    }
-    
-    ret = krb5_create_checksum(context,
-			       crypto,
-			       usage,
-			       0,
-			       ptr, len,
-			       &CKSUM);
-    free(ptr);
-    if (ret == 0) {
-	memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
-	free_Checksum(&CKSUM);
-    }
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-
-OM_uint32
-_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
-			const gsskrb5_ctx context_handle,
-			krb5_context context,
-			gss_qop_t qop_req,
-			const gss_buffer_t message_buffer,
-			gss_buffer_t message_token,
-			krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    int32_t seq_number;
-    size_t len, total_len;
-    u_char k6_data[16], *p0, *p;
-    RC4_KEY rc4_key;
-    
-    _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
-    
-    message_token->length = total_len;
-    message_token->value  = malloc (total_len);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(message_token->value,
-				  len,
-				  GSS_KRB5_MECHANISM);
-    p = p0;
-    
-    *p++ = 0x01; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-    *p++ = 0xff;
-    *p++ = 0xff;
-
-    p = NULL;
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SIGN,
-			    p0 + 16, 8,  /* SGN_CKSUM */
-			    p0, 8, /* TOK_ID, SGN_ALG, Filer */
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &seq_number);
-    p = p0 + 8; /* SND_SEQ */
-    _gsskrb5_encode_be_om_uint32(seq_number, p);
-    
-    krb5_auth_con_setlocalseqnumber (context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    
-    memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
-
-    RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-    RC4 (&rc4_key, 8, p, p);
-	
-    memset(&rc4_key, 0, sizeof(rc4_key));
-    memset(k6_data, 0, sizeof(k6_data));
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32
-_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
-			   const gsskrb5_ctx context_handle,
-			   krb5_context context,
-			   const gss_buffer_t message_buffer,
-			   const gss_buffer_t token_buffer,
-			   gss_qop_t * qop_state,
-			   krb5_keyblock *key,
-			   char *type)
-{
-    krb5_error_code ret;
-    uint32_t seq_number;
-    OM_uint32 omret;
-    u_char SND_SEQ[8], cksum_data[8], *p;
-    char k6_data[16];
-    int cmp;
-    
-    if (qop_state)
-	*qop_state = 0;
-
-    p = token_buffer->value;
-    omret = _gsskrb5_verify_header (&p,
-				       token_buffer->length,
-				       (u_char *)type,
-				       GSS_KRB5_MECHANISM);
-    if (omret)
-	return omret;
-    
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-	return GSS_S_BAD_MIC;
-    p += 4;
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SIGN,
-			    cksum_data, sizeof(cksum_data),
-			    p - 8, 8,
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(context, key,
-			  cksum_data, sizeof(cksum_data),
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p + 8, 8);
-    if (cmp) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data);
-	RC4 (&rc4_key, 8, p, SND_SEQ);
-	
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    memset(SND_SEQ, 0, sizeof(SND_SEQ));
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-    
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    omret = _gssapi_msg_order_check(context_handle->order, seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (omret)
-	return omret;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_arcfour(OM_uint32 * minor_status,
-		     const gsskrb5_ctx context_handle,
-		     krb5_context context,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     const gss_buffer_t input_message_buffer,
-		     int * conf_state,
-		     gss_buffer_t output_message_buffer,
-		     krb5_keyblock *key)
-{
-    u_char Klocaldata[16], k6_data[16], *p, *p0;
-    size_t len, total_len, datalen;
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number;
-
-    if (conf_state)
-	*conf_state = 0;
-
-    datalen = input_message_buffer->length;
-
-    if (IS_DCE_STYLE(context_handle)) {
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-	total_len += datalen;
-    } else {
-	datalen += 1; /* padding */
-	len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-    }
-
-    output_message_buffer->length = total_len;
-    output_message_buffer->value  = malloc (total_len);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(output_message_buffer->value,
-				  len,
-				  GSS_KRB5_MECHANISM);
-    p = p0;
-
-    *p++ = 0x02; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    if (conf_req_flag) {
-	*p++ = 0x10; /* SEAL_ALG */
-	*p++ = 0x00;
-    } else {
-	*p++ = 0xff; /* SEAL_ALG */
-	*p++ = 0xff;
-    }
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-
-    p = NULL;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &seq_number);
-
-    _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
-
-    krb5_auth_con_setlocalseqnumber (context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    memset (p0 + 8 + 4,
-	    (context_handle->more_flags & LOCAL) ? 0 : 0xff,
-	    4);
-
-    krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
-    
-    /* p points to data */
-    p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-    memcpy(p, input_message_buffer->value, input_message_buffer->length);
-
-    if (!IS_DCE_STYLE(context_handle))
-	p[input_message_buffer->length] = 1; /* padding */
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SEAL,
-			    p0 + 16, 8, /* SGN_CKSUM */ 
-			    p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
-			    p0 + 24, 8, /* Confounder */
-			    p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, 
-			    datalen);
-    if (ret) {
-	*minor_status = ret;
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	return GSS_S_FAILURE;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(context, &Klocal,
-			  p0 + 8, 4, /* SND_SEQ */
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-
-    if(conf_req_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data);
-	/* XXX ? */
-	RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    if (conf_state)
-	*conf_state = conf_req_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gsskrb5_ctx context_handle,
-				 krb5_context context,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    u_char Klocaldata[16];
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    uint32_t seq_number;
-    size_t datalen;
-    OM_uint32 omret;
-    u_char k6_data[16], SND_SEQ[8], Confounder[8];
-    u_char cksum_data[8];
-    u_char *p, *p0;
-    int cmp;
-    int conf_flag;
-    size_t padlen = 0, len;
-    
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    p0 = input_message_buffer->value;
-
-    if (IS_DCE_STYLE(context_handle)) {
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + 
-	    GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
-	if (input_message_buffer->length < len)
-	    return GSS_S_BAD_MECH;
-    } else {
-	len = input_message_buffer->length;
-    }
-
-    omret = _gssapi_verify_mech_header(&p0,
-				       len,
-				       GSS_KRB5_MECHANISM);
-    if (omret)
-	return omret;
-
-    /* length of mech header */
-    len = (p0 - (u_char *)input_message_buffer->value) + 
-	GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-
-    if (len > input_message_buffer->length)
-	return GSS_S_BAD_MECH;
-
-    /* length of data */
-    datalen = input_message_buffer->length - len;
-
-    p = p0;
-
-    if (memcmp(p, "\x02\x01", 2) != 0)
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-
-    if (memcmp (p, "\x10\x00", 2) == 0)
-	conf_flag = 1;
-    else if (memcmp (p, "\xff\xff", 2) == 0)
-	conf_flag = 0;
-    else
-	return GSS_S_BAD_SIG;
-
-    p += 2;
-    if (memcmp (p, "\xff\xff", 2) != 0)
-	return GSS_S_BAD_MIC;
-    p = NULL;
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(context, &Klocal,
-			  SND_SEQ, 4,
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    output_message_buffer->value = malloc(datalen);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    output_message_buffer->length = datalen;
-
-    if(conf_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
-	RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	     output_message_buffer->value);
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    } else {
-	memcpy(Confounder, p0 + 24, 8); /* Confounder */
-	memcpy(output_message_buffer->value, 
-	       p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	       datalen);
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    if (!IS_DCE_STYLE(context_handle)) {
-	ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
-	if (ret) {
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    *minor_status = 0;
-	    return ret;
-	}
-	output_message_buffer->length -= padlen;
-    }
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SEAL,
-			    cksum_data, sizeof(cksum_data),
-			    p0, 8, 
-			    Confounder, sizeof(Confounder),
-			    output_message_buffer->value, 
-			    output_message_buffer->length + padlen);
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
-    if (cmp) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    omret = _gssapi_msg_order_check(context_handle->order, seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (omret)
-	return omret;
-
-    if (conf_state)
-	*conf_state = conf_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-max_wrap_length_arcfour(const gsskrb5_ctx ctx,
-			krb5_crypto crypto,
-			size_t input_length,
-			OM_uint32 *max_input_size)
-{
-    /* 
-     * if GSS_C_DCE_STYLE is in use:
-     *  - we only need to encapsulate the WRAP token
-     * However, since this is a fixed since, we just 
-     */
-    if (IS_DCE_STYLE(ctx)) {
-	size_t len, total_len;
-
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-	if (input_length < len)
-	    *max_input_size = 0;
-	else
-	    *max_input_size = input_length - len;
-
-    } else {
-	size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	size_t blocksize = 8;
-	size_t len, total_len;
-
-	len = 8 + input_length + blocksize + extrasize;
-
-	_gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-	total_len -= input_length; /* token length */
-	if (total_len < input_length) {
-	    *max_input_size = (input_length - total_len);
-	    (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
-	} else {
-	    *max_input_size = 0;
-	}
-    }
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
-			  const gsskrb5_ctx ctx,
-			  krb5_context context,
-			  int conf_req_flag,
-			  gss_qop_t qop_req,
-			  OM_uint32 req_output_size,
-			  OM_uint32 *max_input_size,
-			  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = max_wrap_length_arcfour(ctx, crypto,
-				  req_output_size, max_input_size);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c b/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c
deleted file mode 100644
index c1744ab..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32 _gsskrb5_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return _gsskrb5_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c b/crypto/heimdal/lib/gssapi/krb5/ccache_name.c
deleted file mode 100644
index 6f33246..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: ccache_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-char *last_out_name;
-
-OM_uint32
-_gsskrb5_krb5_ccache_name(OM_uint32 *minor_status, 
-			  const char *name,
-			  const char **out_name)
-{
-    krb5_context context;
-    krb5_error_code kret;
-
-    *minor_status = 0;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    if (out_name) {
-	const char *n;
-
-	if (last_out_name) {
-	    free(last_out_name);
-	    last_out_name = NULL;
-	}
-
-	n = krb5_cc_default_name(context);
-	if (n == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	last_out_name = strdup(n);
-	if (last_out_name == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	*out_name = last_out_name;
-    }
-
-    kret = krb5_cc_set_default_name(context, name);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.c b/crypto/heimdal/lib/gssapi/krb5/cfx.c
deleted file mode 100644
index 6452f80..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/cfx.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/*
- * Copyright (c) 2003, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $");
-
-/*
- * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
- */
-
-#define CFXSentByAcceptor	(1 << 0)
-#define CFXSealed		(1 << 1)
-#define CFXAcceptorSubkey	(1 << 2)
-
-krb5_error_code
-_gsskrb5cfx_wrap_length_cfx(krb5_context context,
-			    krb5_crypto crypto,
-			    int conf_req_flag,
-			    size_t input_length,
-			    size_t *output_length,
-			    size_t *cksumsize,
-			    uint16_t *padlength)
-{
-    krb5_error_code ret;
-    krb5_cksumtype type;
-
-    /* 16-byte header is always first */
-    *output_length = sizeof(gss_cfx_wrap_token_desc);
-    *padlength = 0;
-
-    ret = krb5_crypto_get_checksum_type(context, crypto, &type);
-    if (ret)
-	return ret;
-
-    ret = krb5_checksumsize(context, type, cksumsize);
-    if (ret)
-	return ret;
-
-    if (conf_req_flag) {
-	size_t padsize;
-
-	/* Header is concatenated with data before encryption */
-	input_length += sizeof(gss_cfx_wrap_token_desc);
-
-	ret = krb5_crypto_getpadsize(context, crypto, &padsize);
-	if (ret) {
-	    return ret;
-	}
-	if (padsize > 1) {
-	    /* XXX check this */
-	    *padlength = padsize - (input_length % padsize);
-
-	    /* We add the pad ourselves (noted here for completeness only) */
-	    input_length += *padlength;
-	}
-
-	*output_length += krb5_get_wrapped_length(context,
-						  crypto, input_length);
-    } else {
-	/* Checksum is concatenated with data */
-	*output_length += input_length + *cksumsize;
-    }
-
-    assert(*output_length > input_length);
-
-    return 0;
-}
-
-krb5_error_code
-_gsskrb5cfx_max_wrap_length_cfx(krb5_context context,
-				krb5_crypto crypto,
-				int conf_req_flag,
-				size_t input_length,
-				OM_uint32 *output_length)
-{
-    krb5_error_code ret;
-
-    *output_length = 0;
-
-    /* 16-byte header is always first */
-    if (input_length < 16)
-	return 0;
-    input_length -= 16;
-
-    if (conf_req_flag) {
-	size_t wrapped_size, sz;
-
-	wrapped_size = input_length + 1;
-	do {
-	    wrapped_size--;
-	    sz = krb5_get_wrapped_length(context, 
-					 crypto, wrapped_size);
-	} while (wrapped_size && sz > input_length);
-	if (wrapped_size == 0) {
-	    *output_length = 0;
-	    return 0;
-	}
-
-	/* inner header */
-	if (wrapped_size < 16) {
-	    *output_length = 0;
-	    return 0;
-	}
-	wrapped_size -= 16;
-
-	*output_length = wrapped_size;
-    } else {
-	krb5_cksumtype type;
-	size_t cksumsize;
-
-	ret = krb5_crypto_get_checksum_type(context, crypto, &type);
-	if (ret)
-	    return ret;
-
-	ret = krb5_checksumsize(context, type, &cksumsize);
-	if (ret)
-	    return ret;
-
-	if (input_length < cksumsize)
-	    return 0;
-
-	/* Checksum is concatenated with data */
-	*output_length = input_length - cksumsize;
-    }
-
-    return 0;
-}
-
-
-OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
-				const gsskrb5_ctx context_handle,
-				krb5_context context,
-				int conf_req_flag,
-				gss_qop_t qop_req,
-				OM_uint32 req_output_size,
-				OM_uint32 *max_input_size,
-				krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag, 
-					  req_output_size, max_input_size);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Rotate "rrc" bytes to the front or back
- */
-
-static krb5_error_code
-rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
-{
-    u_char *tmp, buf[256];
-    size_t left;
-
-    if (len == 0)
-	return 0;
-
-    rrc %= len;
-
-    if (rrc == 0)
-	return 0;
-
-    left = len - rrc;
-
-    if (rrc <= sizeof(buf)) {
-	tmp = buf;
-    } else {
-	tmp = malloc(rrc);
-	if (tmp == NULL) 
-	    return ENOMEM;
-    }
- 
-    if (unrotate) {
-	memcpy(tmp, data, rrc);
-	memmove(data, (u_char *)data + rrc, left);
-	memcpy((u_char *)data + left, tmp, rrc);
-    } else {
-	memcpy(tmp, (u_char *)data + left, rrc);
-	memmove((u_char *)data + rrc, data, left);
-	memcpy(data, tmp, rrc);
-    }
-
-    if (rrc > sizeof(buf)) 
-	free(tmp);
-
-    return 0;
-}
-
-OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
-			   const gsskrb5_ctx context_handle,
-			   krb5_context context,
-			   int conf_req_flag,
-			   gss_qop_t qop_req,
-			   const gss_buffer_t input_message_buffer,
-			   int *conf_state,
-			   gss_buffer_t output_message_buffer,
-			   krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_wrap_token token;
-    krb5_error_code ret;
-    unsigned usage;
-    krb5_data cipher;
-    size_t wrapped_len, cksumsize;
-    uint16_t padlength, rrc = 0;
-    int32_t seq_number;
-    u_char *p;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = _gsskrb5cfx_wrap_length_cfx(context,
-				      crypto, conf_req_flag, 
-				      input_message_buffer->length,
-				      &wrapped_len, &cksumsize, &padlength);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    /* Always rotate encrypted token (if any) and checksum to header */
-    rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize;
-
-    output_message_buffer->length = wrapped_len;
-    output_message_buffer->value = malloc(output_message_buffer->length);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    p = output_message_buffer->value;
-    token = (gss_cfx_wrap_token)p;
-    token->TOK_ID[0] = 0x05;
-    token->TOK_ID[1] = 0x04;
-    token->Flags     = 0;
-    token->Filler    = 0xFF;
-    if ((context_handle->more_flags & LOCAL) == 0)
-	token->Flags |= CFXSentByAcceptor;
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY)
-	token->Flags |= CFXAcceptorSubkey;
-    if (conf_req_flag) {
-	/*
-	 * In Wrap tokens with confidentiality, the EC field is
-	 * used to encode the size (in bytes) of the random filler.
-	 */
-	token->Flags |= CFXSealed;
-	token->EC[0] = (padlength >> 8) & 0xFF;
-	token->EC[1] = (padlength >> 0) & 0xFF;
-    } else {
-	/*
-	 * In Wrap tokens without confidentiality, the EC field is
-	 * used to encode the size (in bytes) of the trailing
-	 * checksum.
-	 *
-	 * This is not used in the checksum calcuation itself,
-	 * because the checksum length could potentially vary
-	 * depending on the data length.
-	 */
-	token->EC[0] = 0;
-	token->EC[1] = 0;
-    }
-
-    /*
-     * In Wrap tokens that provide for confidentiality, the RRC
-     * field in the header contains the hex value 00 00 before
-     * encryption.
-     *
-     * In Wrap tokens that do not provide for confidentiality,
-     * both the EC and RRC fields in the appended checksum
-     * contain the hex value 00 00 for the purpose of calculating
-     * the checksum.
-     */
-    token->RRC[0] = 0;
-    token->RRC[1] = 0;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber(context,
-				    context_handle->auth_context,
-				    &seq_number);
-    _gsskrb5_encode_be_om_uint32(0,          &token->SND_SEQ[0]);
-    _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
-    krb5_auth_con_setlocalseqnumber(context,
-				    context_handle->auth_context,
-				    ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * If confidentiality is requested, the token header is
-     * appended to the plaintext before encryption; the resulting
-     * token is {"header" | encrypt(plaintext | pad | "header")}.
-     *
-     * If no confidentiality is requested, the checksum is
-     * calculated over the plaintext concatenated with the
-     * token header.
-     */
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_INITIATOR_SEAL;
-    } else {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
-    }
-
-    if (conf_req_flag) {
-	/*
-	 * Any necessary padding is added here to ensure that the
-	 * encrypted token header is always at the end of the
-	 * ciphertext.
-	 *
-	 * The specification does not require that the padding
-	 * bytes are initialized.
-	 */
-	p += sizeof(*token);
-	memcpy(p, input_message_buffer->value, input_message_buffer->length);
-	memset(p + input_message_buffer->length, 0xFF, padlength);
-	memcpy(p + input_message_buffer->length + padlength,
-	       token, sizeof(*token));
-
-	ret = krb5_encrypt(context, crypto,
-			   usage, p,
-			   input_message_buffer->length + padlength +
-				sizeof(*token),
-			   &cipher);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	assert(sizeof(*token) + cipher.length == wrapped_len);
-	token->RRC[0] = (rrc >> 8) & 0xFF;  
-	token->RRC[1] = (rrc >> 0) & 0xFF;
-
-	ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(p, cipher.data, cipher.length);
-	krb5_data_free(&cipher);
-    } else {
-	char *buf;
-	Checksum cksum;
-
-	buf = malloc(input_message_buffer->length + sizeof(*token));
-	if (buf == NULL) {
-	    *minor_status = ENOMEM;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(buf, input_message_buffer->value, input_message_buffer->length);
-	memcpy(buf + input_message_buffer->length, token, sizeof(*token));
-
-	ret = krb5_create_checksum(context, crypto,
-				   usage, 0, buf, 
-				   input_message_buffer->length +
-					sizeof(*token), 
-				   &cksum);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    free(buf);
-	    return GSS_S_FAILURE;
-	}
-
-	free(buf);
-
-	assert(cksum.checksum.length == cksumsize);
-	token->EC[0] =  (cksum.checksum.length >> 8) & 0xFF;
-	token->EC[1] =  (cksum.checksum.length >> 0) & 0xFF;
-	token->RRC[0] = (rrc >> 8) & 0xFF;  
-	token->RRC[1] = (rrc >> 0) & 0xFF;
-
-	p += sizeof(*token);
-	memcpy(p, input_message_buffer->value, input_message_buffer->length);
-	memcpy(p + input_message_buffer->length,
-	       cksum.checksum.data, cksum.checksum.length);
-
-	ret = rrc_rotate(p,
-	    input_message_buffer->length + cksum.checksum.length, rrc, FALSE);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    free_Checksum(&cksum);
-	    return GSS_S_FAILURE;
-	}
-	free_Checksum(&cksum);
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    if (conf_state != NULL) {
-	*conf_state = conf_req_flag;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
-			     const gsskrb5_ctx context_handle,
-			     krb5_context context,
-			     const gss_buffer_t input_message_buffer,
-			     gss_buffer_t output_message_buffer,
-			     int *conf_state,
-			     gss_qop_t *qop_state,
-			     krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_wrap_token token;
-    u_char token_flags;
-    krb5_error_code ret;
-    unsigned usage;
-    krb5_data data;
-    uint16_t ec, rrc;
-    OM_uint32 seq_number_lo, seq_number_hi;
-    size_t len;
-    u_char *p;
-
-    *minor_status = 0;
-
-    if (input_message_buffer->length < sizeof(*token)) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    p = input_message_buffer->value;
-
-    token = (gss_cfx_wrap_token)p;
-
-    if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /* Ignore unknown flags */
-    token_flags = token->Flags &
-	(CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey);
-
-    if (token_flags & CFXSentByAcceptor) {
-	if ((context_handle->more_flags & LOCAL) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
-	if ((token_flags & CFXAcceptorSubkey) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    } else {
-	if (token_flags & CFXAcceptorSubkey)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (token->Filler != 0xFF) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (conf_state != NULL) {
-	*conf_state = (token_flags & CFXSealed) ? 1 : 0;
-    }
-
-    ec  = (token->EC[0]  << 8) | token->EC[1];
-    rrc = (token->RRC[0] << 8) | token->RRC[1];
-
-    /*
-     * Check sequence number
-     */
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
-    if (seq_number_hi) {
-	/* no support for 64-bit sequence numbers */
-	*minor_status = ERANGE;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
-    if (ret != 0) {
-	*minor_status = 0;
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	return ret;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * Decrypt and/or verify checksum
-     */
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
-    } else {
-	usage = KRB5_KU_USAGE_INITIATOR_SEAL;
-    }
-
-    p += sizeof(*token);
-    len = input_message_buffer->length;
-    len -= (p - (u_char *)input_message_buffer->value);
-
-    /* Rotate by RRC; bogus to do this in-place XXX */
-    *minor_status = rrc_rotate(p, len, rrc, TRUE);
-    if (*minor_status != 0) {
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    if (token_flags & CFXSealed) {
-	ret = krb5_decrypt(context, crypto, usage,
-	    p, len, &data);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_BAD_MIC;
-	}
-
-	/* Check that there is room for the pad and token header */
-	if (data.length < ec + sizeof(*token)) {
-	    krb5_crypto_destroy(context, crypto);
-	    krb5_data_free(&data);
-	    return GSS_S_DEFECTIVE_TOKEN;
-	}
-	p = data.data;
-	p += data.length - sizeof(*token);
-
-	/* RRC is unprotected; don't modify input buffer */
-	((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0];
-	((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1];
-
-	/* Check the integrity of the header */
-	if (memcmp(p, token, sizeof(*token)) != 0) {
-	    krb5_crypto_destroy(context, crypto);
-	    krb5_data_free(&data);
-	    return GSS_S_BAD_MIC;
-	}
-
-	output_message_buffer->value = data.data;
-	output_message_buffer->length = data.length - ec - sizeof(*token);
-    } else {
-	Checksum cksum;
-
-	/* Determine checksum type */
-	ret = krb5_crypto_get_checksum_type(context,
-					    crypto, &cksum.cksumtype);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_FAILURE;
-	}
-
-	cksum.checksum.length = ec;
-
-	/* Check we have at least as much data as the checksum */
-	if (len < cksum.checksum.length) {
-	    *minor_status = ERANGE;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_BAD_MIC;
-	}
-
-	/* Length now is of the plaintext only, no checksum */
-	len -= cksum.checksum.length;
-	cksum.checksum.data = p + len;
-
-	output_message_buffer->length = len; /* for later */
-	output_message_buffer->value = malloc(len + sizeof(*token));
-	if (output_message_buffer->value == NULL) {
-	    *minor_status = ENOMEM;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_FAILURE;
-	}
-
-	/* Checksum is over (plaintext-data | "header") */
-	memcpy(output_message_buffer->value, p, len);
-	memcpy((u_char *)output_message_buffer->value + len, 
-	       token, sizeof(*token));
-
-	/* EC is not included in checksum calculation */
-	token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
-				     len);
-	token->EC[0]  = 0;
-	token->EC[1]  = 0;
-	token->RRC[0] = 0;
-	token->RRC[1] = 0;
-
-	ret = krb5_verify_checksum(context, crypto,
-				   usage,
-				   output_message_buffer->value,
-				   len + sizeof(*token),
-				   &cksum);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_BAD_MIC;
-	}
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    if (qop_state != NULL) {
-	*qop_state = GSS_C_QOP_DEFAULT;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
-			  const gsskrb5_ctx context_handle,
-			  krb5_context context,
-			  gss_qop_t qop_req,
-			  const gss_buffer_t message_buffer,
-			  gss_buffer_t message_token,
-			  krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_mic_token token;
-    krb5_error_code ret;
-    unsigned usage;
-    Checksum cksum;
-    u_char *buf;
-    size_t len;
-    int32_t seq_number;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    len = message_buffer->length + sizeof(*token);
-    buf = malloc(len);
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    memcpy(buf, message_buffer->value, message_buffer->length);
-
-    token = (gss_cfx_mic_token)(buf + message_buffer->length);
-    token->TOK_ID[0] = 0x04;
-    token->TOK_ID[1] = 0x04;
-    token->Flags = 0;
-    if ((context_handle->more_flags & LOCAL) == 0)
-	token->Flags |= CFXSentByAcceptor;
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY)
-	token->Flags |= CFXAcceptorSubkey;
-    memset(token->Filler, 0xFF, 5);
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber(context,
-				    context_handle->auth_context,
-				    &seq_number);
-    _gsskrb5_encode_be_om_uint32(0,          &token->SND_SEQ[0]);
-    _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
-    krb5_auth_con_setlocalseqnumber(context,
-				    context_handle->auth_context,
-				    ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_INITIATOR_SIGN;
-    } else {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
-    }
-
-    ret = krb5_create_checksum(context, crypto,
-	usage, 0, buf, len, &cksum);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	free(buf);
-	return GSS_S_FAILURE;
-    }
-    krb5_crypto_destroy(context, crypto);
-
-    /* Determine MIC length */
-    message_token->length = sizeof(*token) + cksum.checksum.length;
-    message_token->value = malloc(message_token->length);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	free_Checksum(&cksum);
-	free(buf);
-	return GSS_S_FAILURE;
-    }
-
-    /* Token is { "header" | get_mic("header" | plaintext-data) } */
-    memcpy(message_token->value, token, sizeof(*token));
-    memcpy((u_char *)message_token->value + sizeof(*token),
-	   cksum.checksum.data, cksum.checksum.length);
-
-    free_Checksum(&cksum);
-    free(buf);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
-				 const gsskrb5_ctx context_handle,
-				 krb5_context context,
-				 const gss_buffer_t message_buffer,
-				 const gss_buffer_t token_buffer,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_mic_token token;
-    u_char token_flags;
-    krb5_error_code ret;
-    unsigned usage;
-    OM_uint32 seq_number_lo, seq_number_hi;
-    u_char *buf, *p;
-    Checksum cksum;
-
-    *minor_status = 0;
-
-    if (token_buffer->length < sizeof(*token)) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    p = token_buffer->value;
-
-    token = (gss_cfx_mic_token)p;
-
-    if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /* Ignore unknown flags */
-    token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey);
-
-    if (token_flags & CFXSentByAcceptor) {
-	if ((context_handle->more_flags & LOCAL) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
-	if ((token_flags & CFXAcceptorSubkey) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    } else {
-	if (token_flags & CFXAcceptorSubkey)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /*
-     * Check sequence number
-     */
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
-    if (seq_number_hi) {
-	*minor_status = ERANGE;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
-    if (ret != 0) {
-	*minor_status = 0;
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	return ret;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * Verify checksum
-     */
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_crypto_get_checksum_type(context, crypto,
-					&cksum.cksumtype);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    cksum.checksum.data = p + sizeof(*token);
-    cksum.checksum.length = token_buffer->length - sizeof(*token);
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
-    } else {
-	usage = KRB5_KU_USAGE_INITIATOR_SIGN;
-    }
-
-    buf = malloc(message_buffer->length + sizeof(*token));
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-    memcpy(buf, message_buffer->value, message_buffer->length);
-    memcpy(buf + message_buffer->length, token, sizeof(*token));
-
-    ret = krb5_verify_checksum(context, crypto,
-			       usage,
-			       buf,
-			       sizeof(*token) + message_buffer->length,
-			       &cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	free(buf);
-	return GSS_S_BAD_MIC;
-    }
-
-    free(buf);
-
-    if (qop_state != NULL) {
-	*qop_state = GSS_C_QOP_DEFAULT;
-    }
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.h b/crypto/heimdal/lib/gssapi/krb5/cfx.h
deleted file mode 100644
index 672704a..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/cfx.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */
-
-#ifndef GSSAPI_CFX_H_
-#define GSSAPI_CFX_H_ 1
-
-/*
- * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt
- */
-
-typedef struct gss_cfx_mic_token_desc_struct {
-	u_char TOK_ID[2]; /* 04 04 */
-	u_char Flags;
-	u_char Filler[5];
-	u_char SND_SEQ[8];
-} gss_cfx_mic_token_desc, *gss_cfx_mic_token;
-
-typedef struct gss_cfx_wrap_token_desc_struct {
-	u_char TOK_ID[2]; /* 04 05 */
-	u_char Flags;
-	u_char Filler;
-	u_char EC[2];
-	u_char RRC[2];
-	u_char SND_SEQ[8];
-} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token;
-
-typedef struct gss_cfx_delete_token_desc_struct {
-	u_char TOK_ID[2]; /* 05 04 */
-	u_char Flags;
-	u_char Filler[5];
-	u_char SND_SEQ[8];
-} gss_cfx_delete_token_desc, *gss_cfx_delete_token;
-
-#endif /* GSSAPI_CFX_H_ */
diff --git a/crypto/heimdal/lib/gssapi/krb5/compare_name.c b/crypto/heimdal/lib/gssapi/krb5/compare_name.c
deleted file mode 100644
index 3f3b59d..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/compare_name.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    krb5_const_principal princ1 = (krb5_const_principal)name1;
-    krb5_const_principal princ2 = (krb5_const_principal)name2;
-    krb5_context context;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    *name_equal = krb5_principal_compare (context,
-					  princ1, princ2);
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/compat.c b/crypto/heimdal/lib/gssapi/krb5/compat.c
deleted file mode 100644
index a0f0756..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/compat.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, 
-	     krb5_context context, krb5_const_principal name, 
-	     const char *option, krb5_boolean *compat, 
-	     krb5_boolean match_val)
-{
-    krb5_error_code ret = 0;
-    char **p, **q;
-    krb5_principal match;
-
-
-    p = krb5_config_get_strings(context, NULL, "gssapi",
-				option, NULL);
-    if(p == NULL)
-	return 0;
-
-    match = NULL;
-    for(q = p; *q; q++) {
-	ret = krb5_parse_name(context, *q, &match);
-	if (ret)
-	    break;
-
-	if (krb5_principal_match(context, name, match)) {
-	    *compat = match_val;
-	    break;
-	}
-	
-	krb5_free_principal(context, match);
-	match = NULL;
-    }
-    if (match)
-	krb5_free_principal(context, match);
-    krb5_config_free_strings(p);
-
-    if (ret) {
-	if (minor_status)
-	    *minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    return 0;
-}
-
-/*
- * ctx->ctx_id_mutex is assumed to be locked
- */
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status,
-			 gsskrb5_ctx ctx,
-			 krb5_context context)
-{
-    krb5_boolean use_compat = FALSE;
-    OM_uint32 ret;
-
-    if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
-	ret = check_compat(minor_status, context, ctx->target, 
-			   "broken_des3_mic", &use_compat, TRUE);
-	if (ret)
-	    return ret;
-	ret = check_compat(minor_status, context, ctx->target, 
-			   "correct_des3_mic", &use_compat, FALSE);
-	if (ret)
-	    return ret;
-
-	if (use_compat)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    }
-    return 0;
-}
-
-#if 0
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (on) {
-	ctx->more_flags |= COMPAT_OLD_DES3;
-    } else {
-	ctx->more_flags &= ~COMPAT_OLD_DES3;
-    }
-    ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/gssapi/krb5/context_time.c b/crypto/heimdal/lib/gssapi/krb5/context_time.c
deleted file mode 100644
index b57ac78..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/context_time.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_lifetime_left(OM_uint32 *minor_status, 
-		       krb5_context context,
-		       OM_uint32 lifetime,
-		       OM_uint32 *lifetime_rec)
-{
-    krb5_timestamp timeret;
-    krb5_error_code kret;
-
-    if (lifetime == 0) {
-	*lifetime_rec = GSS_C_INDEFINITE;
-	return GSS_S_COMPLETE;
-    }
-
-    kret = krb5_timeofday(context, &timeret);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    if (lifetime < timeret) 
-	*lifetime_rec = 0;
-    else
-	*lifetime_rec = lifetime - timeret;
-
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32 _gsskrb5_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    krb5_context context;
-    OM_uint32 lifetime;
-    OM_uint32 major_status;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    lifetime = ctx->lifetime;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    major_status = _gsskrb5_lifetime_left(minor_status, context,
-					  lifetime, time_rec);
-    if (major_status != GSS_S_COMPLETE)
-	return major_status;
-
-    *minor_status = 0;
-
-    if (*time_rec == 0)
-	return GSS_S_CONTEXT_EXPIRED;
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c b/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c
deleted file mode 100644
index 66d797c..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $");
-
-#if 0
-OM_uint32
-gss_krb5_copy_ccache(OM_uint32 *minor_status,
-		     krb5_context context,
-		     gss_cred_id_t cred,
-		     krb5_ccache out)
-{
-    krb5_error_code kret;
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->ccache == NULL) {
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_cc_copy_cache(context, cred->ccache, out);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-#endif
-
-
-OM_uint32
-_gsskrb5_import_cred(OM_uint32 *minor_status,
-		     krb5_ccache id,
-		     krb5_principal keytab_principal,
-		     krb5_keytab keytab,
-		     gss_cred_id_t *cred)
-{
-    krb5_context context;
-    krb5_error_code kret;
-    gsskrb5_cred handle;
-    OM_uint32 ret;
-
-    *cred = NULL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    handle = calloc(1, sizeof(*handle));
-    if (handle == NULL) {
-	_gsskrb5_clear_status ();
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-
-    handle->usage = 0;
-
-    if (id) {
-	char *str;
-
-	handle->usage |= GSS_C_INITIATE;
-
-	kret = krb5_cc_get_principal(context, id,
-				     &handle->principal);
-	if (kret) {
-	    free(handle);
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	
-	if (keytab_principal) {
-	    krb5_boolean match;
-
-	    match = krb5_principal_compare(context,
-					   handle->principal,
-					   keytab_principal);
-	    if (match == FALSE) {
-		krb5_free_principal(context, handle->principal);
-		free(handle);
-		_gsskrb5_clear_status ();
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-	}
-
-	ret = __gsskrb5_ccache_lifetime(minor_status,
-					context,
-					id,
-					handle->principal,
-					&handle->lifetime);
-	if (ret != GSS_S_COMPLETE) {
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return ret;
-	}
-
-
-	kret = krb5_cc_get_full_name(context, id, &str);
-	if (kret)
-	    goto out;
-
-	kret = krb5_cc_resolve(context, str, &handle->ccache);
-	free(str);
-	if (kret)
-	    goto out;
-    }
-
-
-    if (keytab) {
-	char *str;
-
-	handle->usage |= GSS_C_ACCEPT;
-
-	if (keytab_principal && handle->principal == NULL) {
-	    kret = krb5_copy_principal(context, 
-				       keytab_principal, 
-				       &handle->principal);
-	    if (kret)
-		goto out;
-	}
-
-	kret = krb5_kt_get_full_name(context, keytab, &str);
-	if (kret)
-	    goto out;
-
-	kret = krb5_kt_resolve(context, str, &handle->keytab);
-	free(str);
-	if (kret)
-	    goto out;
-    }
-
-
-    if (id || keytab) {
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret == GSS_S_COMPLETE)
-	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-					 &handle->mechanisms);
-	if (ret != GSS_S_COMPLETE) {
-	    kret = *minor_status;
-	    goto out;
-	}
-    }
-
-    *minor_status = 0;
-    *cred = (gss_cred_id_t)handle;
-    return GSS_S_COMPLETE;
-
-out:
-    gss_release_oid_set(minor_status, &handle->mechanisms);
-    if (handle->ccache)
-	krb5_cc_close(context, handle->ccache);
-    if (handle->keytab)
-	krb5_kt_close(context, handle->keytab);
-    if (handle->principal)
-	krb5_free_principal(context, handle->principal);
-    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-    free(handle);
-    *minor_status = kret;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c b/crypto/heimdal/lib/gssapi/krb5/decapsulate.c
deleted file mode 100644
index 39176fa..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $");
-
-/*
- * return the length of the mechanism in token or -1
- * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
- */
-
-ssize_t
-_gsskrb5_get_mech (const u_char *ptr,
-		      size_t total_len,
-		      const u_char **mech_ret)
-{
-    size_t len, len_len, mech_len, foo;
-    const u_char *p = ptr;
-    int e;
-
-    if (total_len < 1)
-	return -1;
-    if (*p++ != 0x60)
-	return -1;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return -1;
-    p += len_len;
-    if (*p++ != 0x06)
-	return -1;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return -1;
-    p += foo;
-    *mech_ret = p;
-    return mech_len;
-}
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len,
-			   gss_OID mech)
-{
-    const u_char *p;
-    ssize_t mech_len;
-
-    mech_len = _gsskrb5_get_mech (*str, total_len, &p);
-    if (mech_len < 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (mech_len != mech->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       mech->elements,
-	       mech->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    *str = rk_UNCONST(p);
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_verify_header(u_char **str,
-			  size_t total_len,
-			  const void *type,
-			  gss_OID oid)
-{
-    OM_uint32 ret;
-    size_t len;
-    u_char *p = *str;
-
-    ret = _gssapi_verify_mech_header(str, total_len, oid);
-    if (ret)
-	return ret;
-
-    len = total_len - (*str - p);
-
-    if (len < 2)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (memcmp (*str, type, 2) != 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-    *str += 2;
-
-    return 0;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-_gssapi_decapsulate(
-    OM_uint32 *minor_status,
-    gss_buffer_t input_token_buffer,
-    krb5_data *out_data,
-    const gss_OID mech
-)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = _gssapi_verify_mech_header(&p,
-				    input_token_buffer->length,
-				    mech);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-_gsskrb5_decapsulate(OM_uint32 *minor_status,    
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			const void *type,
-			gss_OID oid)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = _gsskrb5_verify_header(&p,
-				    input_token_buffer->length,
-				    type,
-				    oid);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Verify padding of a gss wrapped message and return its length.
- */
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t wrapped_token, 
-		   size_t datalen,
-		   size_t *padlen)
-{
-    u_char *pad;
-    size_t padlength;
-    int i;
-
-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
-    padlength = *pad;
-
-    if (padlength > datalen)
-	return GSS_S_BAD_MECH;
-
-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-	;
-    if (i != 0)
-	return GSS_S_BAD_MIC;
-
-    *padlen = padlength;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c
deleted file mode 100644
index abad986..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
-			    gss_ctx_id_t * context_handle,
-			    gss_buffer_t output_token)
-{
-    krb5_context context;
-    gsskrb5_ctx ctx;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *minor_status = 0;
-
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    if (*context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_COMPLETE;
-
-    ctx = (gsskrb5_ctx) *context_handle;
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    krb5_auth_con_free (context, ctx->auth_context);
-    if(ctx->source)
-	krb5_free_principal (context, ctx->source);
-    if(ctx->target)
-	krb5_free_principal (context, ctx->target);
-    if (ctx->ticket)
-	krb5_free_ticket (context, ctx->ticket);
-    if(ctx->order)
-	_gssapi_msg_order_destroy(&ctx->order);
-    if (ctx->service_keyblock)
-	krb5_free_keyblock (context, ctx->service_keyblock);
-    krb5_data_free(&ctx->fwd_data);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-    memset(ctx, 0, sizeof(*ctx));
-    free (ctx);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/display_name.c b/crypto/heimdal/lib/gssapi/krb5/display_name.c
deleted file mode 100644
index 727c447..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/display_name.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $");
-
-OM_uint32 _gsskrb5_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    krb5_context context;
-    krb5_const_principal name = (krb5_const_principal)input_name;
-    krb5_error_code kret;
-    char *buf;
-    size_t len;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_unparse_name_flags (context, name,
-				    KRB5_PRINCIPAL_UNPARSE_DISPLAY, &buf);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    len = strlen (buf);
-    output_name_buffer->length = len;
-    output_name_buffer->value  = malloc(len + 1);
-    if (output_name_buffer->value == NULL) {
-	free (buf);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (output_name_buffer->value, buf, len);
-    ((char *)output_name_buffer->value)[len] = '\0';
-    free (buf);
-    if (output_name_type)
-	*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/display_status.c b/crypto/heimdal/lib/gssapi/krb5/display_status.c
deleted file mode 100644
index c019252..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/display_status.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $");
-
-static const char *
-calling_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	NULL,			/* 0 */
-	"A required input parameter could not be read.", /*  */
-	"A required output parameter could not be written.", /*  */
-	"A parameter was malformed"
-    };
-
-    v >>= GSS_C_CALLING_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown calling error";
-    else
-	return msgs[v];
-}
-
-static const char *
-routine_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	NULL,			/* 0 */
-	"An unsupported mechanism was requested",
-	"An invalid name was supplied",
-	"A supplied name was of an unsupported type",
-	"Incorrect channel bindings were supplied",
-	"An invalid status code was supplied",
-	"A token had an invalid MIC",
-	"No credentials were supplied, "
-	"or the credentials were unavailable or inaccessible.",
-	"No context has been established",
-	"A token was invalid",
-	"A credential was invalid",
-	"The referenced credentials have expired",
-	"The context has expired",
-	"Miscellaneous failure (see text)",
-	"The quality-of-protection requested could not be provide",
-	"The operation is forbidden by local security policy",
-	"The operation or option is not available",
-	"The requested credential element already exists",
-	"The provided name was not a mechanism name.",
-    };
-
-    v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-static const char *
-supplementary_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	"normal completion",
-	"continuation call to routine required",
-	"duplicate per-message token detected",
-	"timed-out per-message token detected",
-	"reordered (early) per-message token detected",
-	"skipped predecessor token(s) detected"
-    };
-
-    v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
-    if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-void
-_gsskrb5_clear_status (void)
-{
-    krb5_context context;
-
-    if (_gsskrb5_init (&context) != 0)
-	return;
-    krb5_clear_error_string(context);
-}
-
-void
-_gsskrb5_set_status (const char *fmt, ...)
-{
-    krb5_context context;
-    va_list args;
-    char *str;
-
-    if (_gsskrb5_init (&context) != 0)
-	return;
-
-    va_start(args, fmt);
-    vasprintf(&str, fmt, args);
-    va_end(args);
-    if (str) {
-	krb5_set_error_string(context, str);
-	free(str);
-    }
-}
-
-OM_uint32 _gsskrb5_display_status
-(OM_uint32		*minor_status,
- OM_uint32		 status_value,
- int			 status_type,
- const gss_OID	 mech_type,
- OM_uint32		*message_context,
- gss_buffer_t	 status_string)
-{
-    krb5_context context;
-    char *buf;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    status_string->length = 0;
-    status_string->value = NULL;
-
-    if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-	gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_C_GSS_CODE;
-    }
-
-    if (status_type == GSS_C_GSS_CODE) {
-	if (GSS_SUPPLEMENTARY_INFO(status_value))
-	    asprintf(&buf, "%s", 
-		     supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
-	else
-	    asprintf (&buf, "%s %s",
-		      calling_error(GSS_CALLING_ERROR(status_value)),
-		      routine_error(GSS_ROUTINE_ERROR(status_value)));
-    } else if (status_type == GSS_C_MECH_CODE) {
-	buf = krb5_get_error_string(context);
-	if (buf == NULL) {
-	    const char *tmp = krb5_get_err_text (context, status_value);
-	    if (tmp == NULL)
-		asprintf(&buf, "unknown mech error-code %u",
-			 (unsigned)status_value);
-	    else
-		buf = strdup(tmp);
-	}
-    } else {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_STATUS;
-    }
-
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *message_context = 0;
-    *minor_status = 0;
-
-    status_string->length = strlen(buf);
-    status_string->value  = buf;
-  
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c b/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c
deleted file mode 100644
index 7337f1a..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    krb5_context context;
-    krb5_const_principal src = (krb5_const_principal)src_name;
-    krb5_principal *dest = (krb5_principal *)dest_name;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_copy_principal (context, src, dest);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    } else {
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c b/crypto/heimdal/lib/gssapi/krb5/encapsulate.c
deleted file mode 100644
index 58dcb5c..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $");
-
-void
-_gssapi_encap_length (size_t data_len,
-		      size_t *len,
-		      size_t *total_len,
-		      const gss_OID mech)
-{
-    size_t len_len;
-
-    *len = 1 + 1 + mech->length + data_len;
-
-    len_len = der_length_len(*len);
-
-    *total_len = 1 + len_len + *len;
-}
-
-void
-_gsskrb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len,
-			  const gss_OID mech)
-{
-    _gssapi_encap_length(data_len + 2, len, total_len, mech);
-}
-
-void *
-_gsskrb5_make_header (void *ptr,
-			 size_t len,
-			 const void *type,
-			 const gss_OID mech)
-{
-    u_char *p = ptr;
-    p = _gssapi_make_mech_header(p, len, mech);
-    memcpy (p, type, 2);
-    p += 2;
-    return p;
-}
-
-void *
-_gssapi_make_mech_header(void *ptr,
-			 size_t len,
-			 const gss_OID mech)
-{
-    u_char *p = ptr;
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = der_length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = mech->length;
-    memcpy (p, mech->elements, mech->length);
-    p += mech->length;
-    return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-_gssapi_encapsulate(
-    OM_uint32 *minor_status,
-    const krb5_data *in_data,
-    gss_buffer_t output_token,
-    const gss_OID mech
-)
-{
-    size_t len, outer_len;
-    void *p;
-
-    _gssapi_encap_length (in_data->length, &len, &outer_len, mech);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = _gssapi_make_mech_header (output_token->value, len, mech);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API krb5
- * wrappings.
- */
-
-OM_uint32
-_gsskrb5_encapsulate(
-			OM_uint32 *minor_status,    
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			const void *type,
-			const gss_OID mech
-)
-{
-    size_t len, outer_len;
-    u_char *p;
-
-    _gsskrb5_encap_length (in_data->length, &len, &outer_len, mech);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = _gsskrb5_make_header (output_token->value, len, type, mech);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/export_name.c b/crypto/heimdal/lib/gssapi/krb5/export_name.c
deleted file mode 100644
index efa45a2..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    krb5_context context;
-    krb5_const_principal princ = (krb5_const_principal)input_name;
-    krb5_error_code kret;
-    char *buf, *name;
-    size_t len;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_unparse_name (context, princ, &name);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    len = strlen (name);
-
-    exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
-    exported_name->value  = malloc(exported_name->length);
-    if (exported_name->value == NULL) {
-	free (name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    buf = exported_name->value;
-    memcpy(buf, "\x04\x01", 2);
-    buf += 2;
-    buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
-    buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
-    buf+= 2;
-    buf[0] = 0x06;
-    buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
-    buf+= 2;
-
-    memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    buf += GSS_KRB5_MECHANISM->length;
-
-    buf[0] = (len >> 24) & 0xff;
-    buf[1] = (len >> 16) & 0xff;
-    buf[2] = (len >> 8) & 0xff;
-    buf[3] = (len) & 0xff;
-    buf += 4;
-
-    memcpy (buf, name, len);
-
-    free (name);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c
deleted file mode 100644
index 0021861..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    krb5_context context;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    int flags;
-    OM_uint32 minor;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = 0;
-	return GSS_S_UNAVAILABLE;
-    }
-
-    sp = krb5_storage_emem ();
-    if (sp == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ac = ctx->auth_context;
-
-    /* flagging included fields */
-
-    flags = 0;
-    if (ac->local_address)
-	flags |= SC_LOCAL_ADDRESS;
-    if (ac->remote_address)
-	flags |= SC_REMOTE_ADDRESS;
-    if (ac->keyblock)
-	flags |= SC_KEYBLOCK;
-    if (ac->local_subkey)
-	flags |= SC_LOCAL_SUBKEY;
-    if (ac->remote_subkey)
-	flags |= SC_REMOTE_SUBKEY;
-
-    kret = krb5_store_int32 (sp, flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* marshall auth context */
-
-    kret = krb5_store_int32 (sp, ac->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->local_address) {
-	kret = krb5_store_address (sp, *ac->local_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_address) {
-	kret = krb5_store_address (sp, *ac->remote_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int16 (sp, ac->local_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int16 (sp, ac->remote_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->keyblock) {
-	kret = krb5_store_keyblock (sp, *ac->keyblock);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->local_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->local_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int32 (sp, ac->local_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-
-    kret = krb5_store_int32 (sp, ac->keytype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ac->cksumtype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* names */
-
-    ret = _gsskrb5_export_name (minor_status,
-				(gss_name_t)ctx->source, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-    kret = krb5_store_data (sp, data);
-    _gsskrb5_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    ret = _gsskrb5_export_name (minor_status,
-				(gss_name_t)ctx->target, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-
-    ret = GSS_S_FAILURE;
-
-    kret = krb5_store_data (sp, data);
-    _gsskrb5_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_store_int32 (sp, ctx->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ctx->more_flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ctx->lifetime);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = _gssapi_msg_order_export(sp, ctx->order);
-    if (kret ) {
-        *minor_status = kret;
-        goto failure;
-    }
-
-    kret = krb5_storage_to_data (sp, &data);
-    krb5_storage_free (sp);
-    if (kret) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    interprocess_token->length = data.length;
-    interprocess_token->value  = data.data;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
-				       GSS_C_NO_BUFFER);
-    if (ret != GSS_S_COMPLETE)
-	_gsskrb5_release_buffer (NULL, interprocess_token);
-    *minor_status = 0;
-    return ret;
- failure:
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/external.c b/crypto/heimdal/lib/gssapi/krb5/external.c
deleted file mode 100644
index 03fe61d..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/external.c
+++ /dev/null
@@ -1,425 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <gssapi_mech.h>
-
-RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * draft-ietf-cat-iakerb-09, IAKERB:
- *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
- *   with the mechanism proposed by SPNEGO [7] for negotiating protocol
- *   variations, is:  {iso(1) org(3) dod(6) internet(1) security(5)
- *   mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}.  The proposed
- *   mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
- *   accordance with the mechanism proposed by SPNEGO for negotiating
- *   protocol variations, is: {iso(1) org(3) dod(6) internet(1)
- *   security(5) mechanisms(5) iakerb(10)
- *   iakerbMinimumMessagesProtocol(2)}.
- */
-
-static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
-
-gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc;
-
-static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
-
-gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc;
-
-/*
- *
- */
-
-static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-
-gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
-
-/*
- * 1.2.752.43.13 Heimdal GSS-API Extentions
- */
-
-/* 1.2.752.43.13.1 */
-static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-
-gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc;
-
-/* 1.2.752.43.13.2 */
-static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-
-gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc;
-
-/* 1.2.752.43.13.3 */
-static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-
-gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
-
-/* 1.2.752.43.13.4 */
-static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-
-gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc;
-
-/* 1.2.752.43.13.5 */
-static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-
-gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc;
-
-/* 1.2.752.43.13.6 */
-static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc;
-
-/* 1.2.752.43.13.6.1 */
-static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
-{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc;
-
-/* 1.2.752.43.13.7 */
-static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-
-gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc;
-
-/* 1.2.752.43.13.8 */
-static gss_OID_desc gss_krb5_get_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-
-gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc;
-
-/* 1.2.752.43.13.9 */
-static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-
-gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc;
-
-/* 1.2.752.43.13.10 */
-static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-
-gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc;
-
-/* 1.2.752.43.13.11 */
-static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-
-gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc;
-
-/* 1.2.752.43.13.12 */
-static gss_OID_desc gss_krb5_get_authtime_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-
-gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc;
-
-/* 1.2.752.43.13.13 */
-static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-
-gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc;
-
-/* 1.2.752.43.13.14 */
-static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-
-gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
-
-/* 1.2.752.43.13.15 */
-static gss_OID_desc gss_krb5_set_default_realm_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-
-gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
-
-/* 1.2.752.43.13.16 */
-static gss_OID_desc gss_krb5_ccache_name_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-
-gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc;
-
-/* 1.2.752.43.14.1 */
-static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-
-gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-/*
- *
- */
-
-static gssapi_mech_interface_desc krb5_mech = {
-    GMI_VERSION,
-    "kerberos 5",
-    {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
-    _gsskrb5_acquire_cred,
-    _gsskrb5_release_cred,
-    _gsskrb5_init_sec_context,
-    _gsskrb5_accept_sec_context,
-    _gsskrb5_process_context_token,
-    _gsskrb5_delete_sec_context,
-    _gsskrb5_context_time,
-    _gsskrb5_get_mic,
-    _gsskrb5_verify_mic,
-    _gsskrb5_wrap,
-    _gsskrb5_unwrap,
-    _gsskrb5_display_status,
-    _gsskrb5_indicate_mechs,
-    _gsskrb5_compare_name,
-    _gsskrb5_display_name,
-    _gsskrb5_import_name,
-    _gsskrb5_export_name,
-    _gsskrb5_release_name,
-    _gsskrb5_inquire_cred,
-    _gsskrb5_inquire_context,
-    _gsskrb5_wrap_size_limit,
-    _gsskrb5_add_cred,
-    _gsskrb5_inquire_cred_by_mech,
-    _gsskrb5_export_sec_context,
-    _gsskrb5_import_sec_context,
-    _gsskrb5_inquire_names_for_mech,
-    _gsskrb5_inquire_mechs_for_name,
-    _gsskrb5_canonicalize_name,
-    _gsskrb5_duplicate_name,
-    _gsskrb5_inquire_sec_context_by_oid,
-    _gsskrb5_inquire_cred_by_oid,
-    _gsskrb5_set_sec_context_option,
-    _gsskrb5_set_cred_option,
-    _gsskrb5_pseudo_random
-};
-
-gssapi_mech_interface
-__gss_krb5_initialize(void)
-{
-    return &krb5_mech;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/get_mic.c b/crypto/heimdal/lib/gssapi/krb5/get_mic.c
deleted file mode 100644
index 133481f..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/get_mic.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-mic_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int32_t seq_number;
-  size_t len, total_len;
-
-  _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-    message_token->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM); 
-
-  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
-  p += 4;
-
-  /* Fill in later (SND-SEQ) */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value, message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-				   ctx->auth_context,
-				   &seq_number);
-
-  p -= 16;			/* SND_SEQ */
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-  
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  Checksum cksum;
-  u_char seq[8];
-
-  int32_t seq_number;
-  size_t len, total_len;
-
-  krb5_crypto crypto;
-  krb5_error_code kret;
-  krb5_data encdata;
-  char *tmp;
-  char ivec[8];
-
-  _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-      message_token->length = 0;
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01", /* TOK-ID */
-			      GSS_KRB5_MECHANISM);
-
-  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
-  p += 4;
-
-  /* this should be done in parts */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  kret = krb5_crypto_init(context, key, 0, &crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      free (tmp);
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  kret = krb5_create_checksum (context,
-			       crypto,
-			       KRB5_KU_USAGE_SIGN,
-			       0,
-			       tmp,
-			       message_buffer->length + 8,
-			       &cksum);
-  free (tmp);
-  krb5_crypto_destroy (context, crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-			       ctx->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  kret = krb5_crypto_init(context, key,
-			  ETYPE_DES3_CBC_NONE, &crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  if (ctx->more_flags & COMPAT_OLD_DES3)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  kret = krb5_encrypt_ivec (context,
-			    crypto,
-			    KRB5_KU_USAGE_SEQ,
-			    seq, 8, &encdata, ivec);
-  krb5_crypto_destroy (context, crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  
-  free_Checksum (&cksum);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  krb5_context context;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = mic_des (minor_status, ctx, context, qop_req,
-		     message_buffer, message_token, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = mic_des3 (minor_status, ctx, context, qop_req,
-		      message_buffer, message_token, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
-				     message_buffer, message_token, key);
-      break;
-  default :
-      ret = _gssapi_mic_cfx (minor_status, ctx, context, qop_req,
-			     message_buffer, message_token, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et b/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et
deleted file mode 100644
index dbfdbdf..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# extended gss krb5 error messages
-#
-
-id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $"
-
-error_table gk5
-
-prefix GSS_KRB5_S
-
-error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string"
-error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits"
-error_code G_NOUSER, "UID does not resolve to username"
-error_code G_VALIDATE_FAILED, "Validation error"
-error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data"
-error_code G_BAD_MSG_CTX, "Message context invalid"
-error_code G_WRONG_SIZE, "Buffer is the wrong size"
-error_code G_BAD_USAGE, "Credential usage type is unknown"
-error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
-
-index 128
-
-error_code KG_CCACHE_NOMATCH, "Principal in credential cache does not match desired name"
-error_code KG_KEYTAB_NOMATCH, "No principal in keytab matches desired name"
-error_code KG_TGT_MISSING, "Credential cache has no TGT"
-error_code KG_NO_SUBKEY, "Authenticator has no subkey"
-error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established"
-error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token"
-error_code KG_BAD_LENGTH, "Invalid field length in token"
-error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context"
-error_code KG_INPUT_TOO_LONG, "Input too long"
diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h
deleted file mode 100644
index c2239f1..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h
+++ /dev/null
@@ -1,703 +0,0 @@
-/* This is a generated file */
-#ifndef __gsskrb5_private_h__
-#define __gsskrb5_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_krb5_initialize (void);
-
-OM_uint32
-__gsskrb5_ccache_lifetime (
-	OM_uint32 */*minor_status*/,
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*principal*/,
-	OM_uint32 */*lifetime*/);
-
-OM_uint32
-_gss_DES3_get_mic_compat (
-	OM_uint32 */*minor_status*/,
-	gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/);
-
-OM_uint32
-_gssapi_decapsulate (
-	 OM_uint32 */*minor_status*/,
-	gss_buffer_t /*input_token_buffer*/,
-	krb5_data */*out_data*/,
-	const gss_OID mech );
-
-void
-_gssapi_encap_length (
-	size_t /*data_len*/,
-	size_t */*len*/,
-	size_t */*total_len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_encapsulate (
-	 OM_uint32 */*minor_status*/,
-	const krb5_data */*in_data*/,
-	gss_buffer_t /*output_token*/,
-	const gss_OID mech );
-
-OM_uint32
-_gssapi_get_mic_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*message_token*/,
-	krb5_keyblock */*key*/);
-
-void *
-_gssapi_make_mech_header (
-	void */*ptr*/,
-	size_t /*len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_mic_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*message_token*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_msg_order_check (
-	struct gss_msg_order */*o*/,
-	OM_uint32 /*seq_num*/);
-
-OM_uint32
-_gssapi_msg_order_create (
-	OM_uint32 */*minor_status*/,
-	struct gss_msg_order **/*o*/,
-	OM_uint32 /*flags*/,
-	OM_uint32 /*seq_num*/,
-	OM_uint32 /*jitter_window*/,
-	int /*use_64*/);
-
-OM_uint32
-_gssapi_msg_order_destroy (struct gss_msg_order **/*m*/);
-
-krb5_error_code
-_gssapi_msg_order_export (
-	krb5_storage */*sp*/,
-	struct gss_msg_order */*o*/);
-
-OM_uint32
-_gssapi_msg_order_f (OM_uint32 /*flags*/);
-
-OM_uint32
-_gssapi_msg_order_import (
-	OM_uint32 */*minor_status*/,
-	krb5_storage */*sp*/,
-	struct gss_msg_order **/*o*/);
-
-OM_uint32
-_gssapi_unwrap_arcfour (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int */*conf_state*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_unwrap_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int */*conf_state*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_verify_mech_header (
-	u_char **/*str*/,
-	size_t /*total_len*/,
-	gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_verify_mic_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * /*qop_state*/,
-	krb5_keyblock */*key*/,
-	char */*type*/);
-
-OM_uint32
-_gssapi_verify_mic_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_verify_pad (
-	gss_buffer_t /*wrapped_token*/,
-	size_t /*datalen*/,
-	size_t */*padlen*/);
-
-OM_uint32
-_gssapi_wrap_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t /*output_message_buffer*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int */*conf_state*/,
-	gss_buffer_t /*output_message_buffer*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_size_arcfour (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 */*max_input_size*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_size_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 */*max_input_size*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gsskrb5_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t * /*delegated_cred_handle*/);
-
-OM_uint32
-_gsskrb5_acquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_add_cred (
-	 OM_uint32 */*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t */*output_cred_handle*/,
-	gss_OID_set */*actual_mechs*/,
-	OM_uint32 */*initiator_time_rec*/,
-	OM_uint32 */*acceptor_time_rec*/);
-
-OM_uint32
-_gsskrb5_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-void
-_gsskrb5_clear_status (void);
-
-OM_uint32
-_gsskrb5_compare_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gsskrb5_context_time (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_create_8003_checksum (
-	 OM_uint32 */*minor_status*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	OM_uint32 /*flags*/,
-	const krb5_data */*fwd_data*/,
-	Checksum */*result*/);
-
-OM_uint32
-_gsskrb5_create_ctx (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	enum gss_ctx_id_t_state /*state*/);
-
-OM_uint32
-_gsskrb5_decapsulate (
-	OM_uint32 */*minor_status*/,
-	gss_buffer_t /*input_token_buffer*/,
-	krb5_data */*out_data*/,
-	const void */*type*/,
-	gss_OID /*oid*/);
-
-krb5_error_code
-_gsskrb5_decode_be_om_uint32 (
-	const void */*ptr*/,
-	OM_uint32 */*n*/);
-
-krb5_error_code
-_gsskrb5_decode_om_uint32 (
-	const void */*ptr*/,
-	OM_uint32 */*n*/);
-
-OM_uint32
-_gsskrb5_delete_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t /*output_token*/);
-
-OM_uint32
-_gsskrb5_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gsskrb5_display_status (
-	OM_uint32 */*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 */*message_context*/,
-	gss_buffer_t /*status_string*/);
-
-OM_uint32
-_gsskrb5_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-void
-_gsskrb5_encap_length (
-	size_t /*data_len*/,
-	size_t */*len*/,
-	size_t */*total_len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gsskrb5_encapsulate (
-	 OM_uint32 */*minor_status*/,
-	const krb5_data */*in_data*/,
-	gss_buffer_t /*output_token*/,
-	const void */*type*/,
-	const gss_OID mech );
-
-krb5_error_code
-_gsskrb5_encode_be_om_uint32 (
-	OM_uint32 /*n*/,
-	u_char */*p*/);
-
-krb5_error_code
-_gsskrb5_encode_om_uint32 (
-	OM_uint32 /*n*/,
-	u_char */*p*/);
-
-OM_uint32
-_gsskrb5_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gsskrb5_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-ssize_t
-_gsskrb5_get_mech (
-	const u_char */*ptr*/,
-	size_t /*total_len*/,
-	const u_char **/*mech_ret*/);
-
-OM_uint32
-_gsskrb5_get_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gsskrb5_get_tkt_flags (
-	OM_uint32 */*minor_status*/,
-	gsskrb5_ctx /*ctx*/,
-	OM_uint32 */*tkt_flags*/);
-
-OM_uint32
-_gsskrb5_import_cred (
-	OM_uint32 */*minor_status*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*keytab_principal*/,
-	krb5_keytab /*keytab*/,
-	gss_cred_id_t */*cred*/);
-
-OM_uint32
-_gsskrb5_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*input_name_buffer*/,
-	const gss_OID /*input_name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gsskrb5_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t * context_handle );
-
-OM_uint32
-_gsskrb5_indicate_mechs (
-	OM_uint32 * /*minor_status*/,
-	gss_OID_set * mech_set );
-
-krb5_error_code
-_gsskrb5_init (krb5_context */*context*/);
-
-OM_uint32
-_gsskrb5_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gsskrb5_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*output_name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gsskrb5_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gsskrb5_inquire_cred_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gsskrb5_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gsskrb5_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gsskrb5_inquire_sec_context_by_oid (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gsskrb5_krb5_ccache_name (
-	OM_uint32 */*minor_status*/,
-	const char */*name*/,
-	const char **/*out_name*/);
-
-OM_uint32
-_gsskrb5_lifetime_left (
-	OM_uint32 */*minor_status*/,
-	krb5_context /*context*/,
-	OM_uint32 /*lifetime*/,
-	OM_uint32 */*lifetime_rec*/);
-
-void *
-_gsskrb5_make_header (
-	void */*ptr*/,
-	size_t /*len*/,
-	const void */*type*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gsskrb5_process_context_token (
-	 OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gsskrb5_pseudo_random (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*prf_key*/,
-	const gss_buffer_t /*prf_in*/,
-	ssize_t /*desired_output_len*/,
-	gss_buffer_t /*prf_out*/);
-
-OM_uint32
-_gsskrb5_register_acceptor_identity (const char */*identity*/);
-
-OM_uint32
-_gsskrb5_release_buffer (
-	OM_uint32 * /*minor_status*/,
-	gss_buffer_t buffer );
-
-OM_uint32
-_gsskrb5_release_cred (
-	OM_uint32 * /*minor_status*/,
-	gss_cred_id_t * cred_handle );
-
-OM_uint32
-_gsskrb5_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-OM_uint32
-_gsskrb5_seal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	int /*qop_req*/,
-	gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gsskrb5_set_cred_option (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t */*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-OM_uint32
-_gsskrb5_set_sec_context_option (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-void
-_gsskrb5_set_status (
-	const char */*fmt*/,
-	...);
-
-OM_uint32
-_gsskrb5_sign (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*qop_req*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gsskrb5_unseal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	int * qop_state );
-
-OM_uint32
-_gsskrb5_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gsskrb5_verify (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*token_buffer*/,
-	int * qop_state );
-
-OM_uint32
-_gsskrb5_verify_8003_checksum (
-	 OM_uint32 */*minor_status*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const Checksum */*cksum*/,
-	OM_uint32 */*flags*/,
-	krb5_data */*fwd_data*/);
-
-OM_uint32
-_gsskrb5_verify_header (
-	u_char **/*str*/,
-	size_t /*total_len*/,
-	const void */*type*/,
-	gss_OID /*oid*/);
-
-OM_uint32
-_gsskrb5_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gsskrb5_verify_mic_internal (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * /*qop_state*/,
-	char * type );
-
-OM_uint32
-_gsskrb5_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gsskrb5_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-krb5_error_code
-_gsskrb5cfx_max_wrap_length_cfx (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	int /*conf_req_flag*/,
-	size_t /*input_length*/,
-	OM_uint32 */*output_length*/);
-
-krb5_error_code
-_gsskrb5cfx_wrap_length_cfx (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	int /*conf_req_flag*/,
-	size_t /*input_length*/,
-	size_t */*output_length*/,
-	size_t */*cksumsize*/,
-	uint16_t */*padlength*/);
-
-krb5_error_code
-_gsskrb5i_address_to_krb5addr (
-	krb5_context /*context*/,
-	OM_uint32 /*gss_addr_type*/,
-	gss_buffer_desc */*gss_addr*/,
-	int16_t /*port*/,
-	krb5_address */*address*/);
-
-krb5_error_code
-_gsskrb5i_get_acceptor_subkey (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-_gsskrb5i_get_initiator_subkey (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-OM_uint32
-_gsskrb5i_get_token_key (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-void
-_gsskrb5i_is_cfx (
-	gsskrb5_ctx /*ctx*/,
-	int */*is_cfx*/);
-
-#endif /* __gsskrb5_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
deleted file mode 100644
index 6ffb607..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */
-
-#ifndef GSSKRB5_LOCL_H
-#define GSSKRB5_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include <gkrb5_err.h>
-#include <gssapi.h>
-#include <gssapi_mech.h>
-#include <assert.h>
-
-#include "cfx.h"
-
-/*
- *
- */
-
-struct gss_msg_order;
-
-typedef struct {
-  struct krb5_auth_context_data *auth_context;
-  krb5_principal source, target;
-#define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0)
-  OM_uint32 flags;
-  enum { LOCAL = 1, OPEN = 2, 
-	 COMPAT_OLD_DES3 = 4,
-         COMPAT_OLD_DES3_SELECTED = 8,
-	 ACCEPTOR_SUBKEY = 16
-  } more_flags;
-  enum gss_ctx_id_t_state {
-      /* initiator states */
-      INITIATOR_START,
-      INITIATOR_WAIT_FOR_MUTAL,
-      INITIATOR_READY,
-      /* acceptor states */
-      ACCEPTOR_START,
-      ACCEPTOR_WAIT_FOR_DCESTYLE,
-      ACCEPTOR_READY
-  } state;
-  struct krb5_ticket *ticket;
-  OM_uint32 lifetime;
-  HEIMDAL_MUTEX ctx_id_mutex;
-  struct gss_msg_order *order;
-  krb5_keyblock *service_keyblock;
-  krb5_data fwd_data;
-} *gsskrb5_ctx;
-
-typedef struct {
-  krb5_principal principal;
-  int cred_flags;
-#define GSS_CF_DESTROY_CRED_ON_RELEASE	1
-  struct krb5_keytab_data *keytab;
-  OM_uint32 lifetime;
-  gss_cred_usage_t usage;
-  gss_OID_set mechanisms;
-  struct krb5_ccache_data *ccache;
-  HEIMDAL_MUTEX cred_id_mutex;
-  krb5_enctype *enctypes;
-} *gsskrb5_cred;
-
-typedef struct Principal *gsskrb5_name;
-
-/*
- *
- */
-
-extern krb5_keytab _gsskrb5_keytab;
-extern HEIMDAL_MUTEX gssapi_keytab_mutex;
-
-struct gssapi_thr_context {
-    HEIMDAL_MUTEX mutex;
-    char *error_string;
-};
-
-/*
- * Prototypes
- */
-
-#include <krb5/gsskrb5-private.h>
-
-#define GSSAPI_KRB5_INIT(ctx) do {				\
-    krb5_error_code kret_gss_init;				\
-    if((kret_gss_init = _gsskrb5_init (ctx)) != 0) {		\
-	*minor_status = kret_gss_init;				\
-	return GSS_S_FAILURE;					\
-    }								\
-} while (0)
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS  0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK	  0x04
-#define SC_LOCAL_SUBKEY	  0x08
-#define SC_REMOTE_SUBKEY  0x10
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/krb5/import_name.c b/crypto/heimdal/lib/gssapi/krb5/import_name.c
deleted file mode 100644
index bf31db9..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/import_name.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
-		 krb5_context context,
-		 const char *name,
-		 gss_name_t *output_name)
-{
-    krb5_principal princ;
-    krb5_error_code kerr;
-
-    kerr = krb5_parse_name (context, name, &princ);
-
-    if (kerr == 0) {
-	*output_name = (gss_name_t)princ;
-	return GSS_S_COMPLETE;
-    }
-    *minor_status = kerr;
-
-    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
-	return GSS_S_BAD_NAME;
-
-    return GSS_S_FAILURE;
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
-		  krb5_context context,
-		  const gss_buffer_t input_name_buffer,
-		  gss_name_t *output_name)
-{
-    OM_uint32 ret;
-    char *tmp;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    ret = parse_krb5_name(minor_status, context, tmp, output_name);
-    free(tmp);
-
-    return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
-		       krb5_context context,
-		       const gss_buffer_t input_name_buffer,
-		       gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-    char *tmp;
-    char *p;
-    char *host;
-    char local_hostname[MAXHOSTNAMELEN];
-    krb5_principal princ = NULL;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    p = strchr (tmp, '@');
-    if (p != NULL) {
-	*p = '\0';
-	host = p + 1;
-    } else {
-	if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
-	    *minor_status = errno;
-	    free (tmp);
-	    return GSS_S_FAILURE;
-	}
-	host = local_hostname;
-    }
-
-    kerr = krb5_sname_to_principal (context,
-				    host,
-				    tmp,
-				    KRB5_NT_SRV_HST,
-				    &princ);
-    free (tmp);
-    *minor_status = kerr;
-    if (kerr == 0) {
-	*output_name = (gss_name_t)princ;
-	return GSS_S_COMPLETE;
-    }
-
-    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
-	return GSS_S_BAD_NAME;
-
-    return GSS_S_FAILURE;
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
-		    krb5_context context,
-		    const gss_buffer_t input_name_buffer,
-		    gss_name_t *output_name)
-{
-    unsigned char *p;
-    uint32_t length;
-    OM_uint32 ret;
-    char *name;
-
-    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    p = input_name_buffer->value;
-
-    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
-	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
-	p[4] != 0x06 ||
-	p[5] != GSS_KRB5_MECHANISM->length ||
-	memcmp(&p[6], GSS_KRB5_MECHANISM->elements, 
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_NAME;
-
-    p += 6 + GSS_KRB5_MECHANISM->length;
-
-    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
-    p += 4;
-
-    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    name = malloc(length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, p, length);
-    name[length] = '\0';
-
-    ret = parse_krb5_name(minor_status, context, name, output_name);
-    free(name);
-
-    return ret;
-}
-
-OM_uint32 _gsskrb5_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    krb5_context context;
-
-    *minor_status = 0;
-    *output_name = GSS_C_NO_NAME;
-    
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
-	gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
-	return import_hostbased_name (minor_status,
-				      context,
-				      input_name_buffer,
-				      output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
-	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
-	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- 	/* default printable syntax */
-	return import_krb5_name (minor_status,
-				 context,
-				 input_name_buffer,
-				 output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
-	return import_export_name(minor_status,
-				  context,
-				  input_name_buffer, 
-				  output_name);
-    } else {
-	*minor_status = 0;
-	return GSS_S_BAD_NAMETYPE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c
deleted file mode 100644
index 3300036..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_context context;
-    krb5_error_code kret;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    krb5_address local, remote;
-    krb5_address *localp, *remotep;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    krb5_keyblock keyblock;
-    int32_t tmp;
-    int32_t flags;
-    gsskrb5_ctx ctx;
-    gss_name_t name;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    localp = remotep = NULL;
-
-    sp = krb5_storage_from_mem (interprocess_token->value,
-				interprocess_token->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	krb5_storage_free (sp);
-	return GSS_S_FAILURE;
-    }
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    kret = krb5_auth_con_init (context,
-			       &ctx->auth_context);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    /* flags */
-
-    *minor_status = 0;
-
-    if (krb5_ret_int32 (sp, &flags) != 0)
-	goto failure;
-
-    /* retrieve the auth context */
-
-    ac = ctx->auth_context;
-    if (krb5_ret_uint32 (sp, &ac->flags) != 0)
-	goto failure;
-    if (flags & SC_LOCAL_ADDRESS) {
-	if (krb5_ret_address (sp, localp = &local) != 0)
-	    goto failure;
-    }
-
-    if (flags & SC_REMOTE_ADDRESS) {
-	if (krb5_ret_address (sp, remotep = &remote) != 0)
-	    goto failure;
-    }
-
-    krb5_auth_con_setaddrs (context, ac, localp, remotep);
-    if (localp)
-	krb5_free_address (context, localp);
-    if (remotep)
-	krb5_free_address (context, remotep);
-    localp = remotep = NULL;
-
-    if (krb5_ret_int16 (sp, &ac->local_port) != 0)
-	goto failure;
-
-    if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
-	goto failure;
-    if (flags & SC_KEYBLOCK) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (flags & SC_LOCAL_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setlocalsubkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (flags & SC_REMOTE_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setremotesubkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (krb5_ret_uint32 (sp, &ac->local_seqnumber))
-	goto failure;
-    if (krb5_ret_uint32 (sp, &ac->remote_seqnumber))
-	goto failure;
-
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->keytype = tmp;
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->cksumtype = tmp;
-
-    /* names */
-
-    if (krb5_ret_data (sp, &data))
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-				&name);
-    if (ret) {
-	ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
-				    &name);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }
-    ctx->source = (krb5_principal)name;
-    krb5_data_free (&data);
-
-    if (krb5_ret_data (sp, &data) != 0)
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-				&name);
-    if (ret) {
-	ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
-				    &name);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }    
-    ctx->target = (krb5_principal)name;
-    krb5_data_free (&data);
-
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->more_flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->lifetime = tmp;
-
-    ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
-    if (ret)
-        goto failure;    
-    
-    krb5_storage_free (sp);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-
-failure:
-    krb5_auth_con_free (context,
-			ctx->auth_context);
-    if (ctx->source != NULL)
-	krb5_free_principal(context, ctx->source);
-    if (ctx->target != NULL)
-	krb5_free_principal(context, ctx->target);
-    if (localp)
-	krb5_free_address (context, localp);
-    if (remotep)
-	krb5_free_address (context, remotep);
-    if(ctx->order)
-	_gssapi_msg_order_destroy(&ctx->order);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-    krb5_storage_free (sp);
-    free (ctx);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c b/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c
deleted file mode 100644
index eb886c2..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_indicate_mechs
-           (OM_uint32 * minor_status,
-            gss_OID_set * mech_set
-           )
-{
-  OM_uint32 ret, junk;
-
-  ret = gss_create_empty_oid_set(minor_status, mech_set);
-  if (ret)
-      return ret;
-
-  ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
-  if (ret) {
-      gss_release_oid_set(&junk, mech_set);
-      return ret;
-  }
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/init.c b/crypto/heimdal/lib/gssapi/krb5/init.c
deleted file mode 100644
index 3bbdcc8..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/init.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $");
-
-static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static int created_key;
-static HEIMDAL_thread_key context_key;
-
-static void
-destroy_context(void *ptr)
-{
-    krb5_context context = ptr;
-
-    if (context == NULL)
-	return;
-    krb5_free_context(context);
-}
-
-krb5_error_code
-_gsskrb5_init (krb5_context *context)
-{
-    krb5_error_code ret = 0;
-
-    HEIMDAL_MUTEX_lock(&context_mutex);
-
-    if (!created_key) {
-	HEIMDAL_key_create(&context_key, destroy_context, ret);
-	if (ret) {
-	    HEIMDAL_MUTEX_unlock(&context_mutex);
-	    return ret;
-	}
-	created_key = 1;
-    }
-    HEIMDAL_MUTEX_unlock(&context_mutex);
-
-    *context = HEIMDAL_getspecific(context_key);
-    if (*context == NULL) {
-
-	ret = krb5_init_context(context);
-	if (ret == 0) {
-	    HEIMDAL_setspecific(context_key, *context, ret);
-	    if (ret) {
-		krb5_free_context(*context);
-		*context = NULL;
-	    }
-	}
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c
deleted file mode 100644
index 05f7978..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ /dev/null
@@ -1,811 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: init_sec_context.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_context context,
-	       krb5_auth_context ac,
-	       const gss_channel_bindings_t input_chan_bindings)	       
-{
-    /* Port numbers are expected to be in application_data.value, 
-     * initator's port first */ 
-
-    krb5_address initiator_addr, acceptor_addr;
-    krb5_error_code kret;
-       
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
-	|| input_chan_bindings->application_data.length !=
-	2 * sizeof(ac->local_port))
-	return 0;
-
-    memset(&initiator_addr, 0, sizeof(initiator_addr));
-    memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-       
-    ac->local_port =
-	*(int16_t *) input_chan_bindings->application_data.value;
-       
-    ac->remote_port =
-	*((int16_t *) input_chan_bindings->application_data.value + 1);
-       
-    kret = _gsskrb5i_address_to_krb5addr(context,
-					 input_chan_bindings->acceptor_addrtype,
-					 &input_chan_bindings->acceptor_address,
-					 ac->remote_port,
-					 &acceptor_addr);
-    if (kret)
-	return kret;
-           
-    kret = _gsskrb5i_address_to_krb5addr(context,
-					 input_chan_bindings->initiator_addrtype,
-					 &input_chan_bindings->initiator_address,
-					 ac->local_port,
-					 &initiator_addr);
-    if (kret) {
-	krb5_free_address (context, &acceptor_addr);
-	return kret;
-    }
-       
-    kret = krb5_auth_con_setaddrs(context,
-				  ac,
-				  &initiator_addr,  /* local address */
-				  &acceptor_addr);  /* remote address */
-       
-    krb5_free_address (context, &initiator_addr);
-    krb5_free_address (context, &acceptor_addr);
-       
-#if 0
-    free(input_chan_bindings->application_data.value);
-    input_chan_bindings->application_data.value = NULL;
-    input_chan_bindings->application_data.length = 0;
-#endif
-
-    return kret;
-}
-
-OM_uint32
-_gsskrb5_create_ctx(
-        OM_uint32 * minor_status,
-	gss_ctx_id_t * context_handle,
-	krb5_context context,
- 	const gss_channel_bindings_t input_chan_bindings,
- 	enum gss_ctx_id_t_state state)
-{
-    krb5_error_code kret;
-    gsskrb5_ctx ctx;
-
-    *context_handle = NULL;
-
-    ctx = malloc(sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ctx->auth_context		= NULL;
-    ctx->source			= NULL;
-    ctx->target			= NULL;
-    ctx->state			= state;
-    ctx->flags			= 0;
-    ctx->more_flags		= 0;
-    ctx->service_keyblock	= NULL;
-    ctx->ticket			= NULL;
-    krb5_data_zero(&ctx->fwd_data);
-    ctx->lifetime		= GSS_C_INDEFINITE;
-    ctx->order			= NULL;
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    kret = krb5_auth_con_init (context, &ctx->auth_context);
-    if (kret) {
-	*minor_status = kret;
-
-	HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-		
-	return GSS_S_FAILURE;
-    }
-
-    kret = set_addresses(context, ctx->auth_context, input_chan_bindings);
-    if (kret) {
-	*minor_status = kret;
-
-	HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
-	krb5_auth_con_free(context, ctx->auth_context);
-
-	return GSS_S_BAD_BINDINGS;
-    }
-
-    /*
-     * We need a sequence number
-     */
-
-    krb5_auth_con_addflags(context,
-			   ctx->auth_context,
-			   KRB5_AUTH_CONTEXT_DO_SEQUENCE |
-			   KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED,
-			   NULL);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-
-static OM_uint32
-gsskrb5_get_creds(
-        OM_uint32 * minor_status,
-	krb5_context context,
-	krb5_ccache ccache,
-	gsskrb5_ctx ctx,
-	krb5_const_principal target_name,
-	OM_uint32 time_req,
-	OM_uint32 * time_rec,
-	krb5_creds ** cred)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_creds this_cred;
-    OM_uint32 lifetime_rec;
-
-    *cred = NULL;
-
-    memset(&this_cred, 0, sizeof(this_cred));
-    this_cred.client = ctx->source;
-    this_cred.server = ctx->target;
-
-    if (time_req && time_req != GSS_C_INDEFINITE) {
-	krb5_timestamp ts;
-
-	krb5_timeofday (context, &ts);
-	this_cred.times.endtime = ts + time_req;
-    } else {
-	this_cred.times.endtime   = 0;
-    }
-
-    this_cred.session.keytype = KEYTYPE_NULL;
-
-    kret = krb5_get_credentials(context,
-				0,
-				ccache,
-				&this_cred,
-				cred);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    ctx->lifetime = (*cred)->times.endtime;
-
-    ret = _gsskrb5_lifetime_left(minor_status, context,
-				 ctx->lifetime, &lifetime_rec);
-    if (ret) return ret;
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	return GSS_S_CONTEXT_EXPIRED;
-    }
-
-    if (time_rec) *time_rec = lifetime_rec;
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-gsskrb5_initiator_ready(
-	OM_uint32 * minor_status,
-	gsskrb5_ctx ctx,
-	krb5_context context)
-{
-	OM_uint32 ret;
-	int32_t seq_number;
-	int is_cfx = 0;
-	OM_uint32 flags = ctx->flags;
-
-	krb5_auth_getremoteseqnumber (context,
-				      ctx->auth_context,
-				      &seq_number);
-
-	_gsskrb5i_is_cfx(ctx, &is_cfx);
-
-	ret = _gssapi_msg_order_create(minor_status,
-				       &ctx->order,
-				       _gssapi_msg_order_f(flags),
-				       seq_number, 0, is_cfx);
-	if (ret) return ret;
-
-	ctx->state	= INITIATOR_READY;
-	ctx->more_flags	|= OPEN;
-
-	return GSS_S_COMPLETE;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_context context,
-	       krb5_auth_context ac,
-	       krb5_ccache ccache,
-	       krb5_creds *cred,
-	       krb5_const_principal name,
-	       krb5_data *fwd_data,
-	       uint32_t *flags)
-{
-    krb5_creds creds;
-    KDCOptions fwd_flags;
-    krb5_error_code kret;
-       
-    memset (&creds, 0, sizeof(creds));
-    krb5_data_zero (fwd_data);
-       
-    kret = krb5_cc_get_principal(context, ccache, &creds.client);
-    if (kret) 
-	goto out;
-       
-    kret = krb5_build_principal(context,
-				&creds.server,
-				strlen(creds.client->realm),
-				creds.client->realm,
-				KRB5_TGS_NAME,
-				creds.client->realm,
-				NULL);
-    if (kret)
-	goto out; 
-       
-    creds.times.endtime = 0;
-       
-    memset(&fwd_flags, 0, sizeof(fwd_flags));
-    fwd_flags.forwarded = 1;
-    fwd_flags.forwardable = 1;
-       
-    if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
-	name->name.name_string.len < 2) 
-	goto out;
-       
-    kret = krb5_get_forwarded_creds(context,
-				    ac,
-				    ccache,
-				    KDCOptions2int(fwd_flags),
-				    name->name.name_string.val[1],
-				    &creds,
-				    fwd_data);
-       
- out:
-    if (kret)
-	*flags &= ~GSS_C_DELEG_FLAG;
-    else
-	*flags |= GSS_C_DELEG_FLAG;
-       
-    if (creds.client)
-	krb5_free_principal(context, creds.client);
-    if (creds.server)
-	krb5_free_principal(context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- gsskrb5_cred initiator_cred_handle,
- gsskrb5_ctx ctx,
- krb5_context context,
- krb5_const_principal name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_flags ap_options;
-    krb5_creds *cred = NULL;
-    krb5_data outbuf;
-    krb5_ccache ccache = NULL;
-    uint32_t flags;
-    krb5_data authenticator;
-    Checksum cksum;
-    krb5_enctype enctype;
-    krb5_data fwd_data;
-    OM_uint32 lifetime_rec;
-
-    krb5_data_zero(&outbuf);
-    krb5_data_zero(&fwd_data);
-
-    *minor_status = 0;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (initiator_cred_handle == NULL) {
-	kret = krb5_cc_default (context, &ccache);
-	if (kret) {
-	    *minor_status = kret;
-	    ret = GSS_S_FAILURE;
-	    goto failure;
-	}
-    } else
-	ccache = initiator_cred_handle->ccache;
-
-    kret = krb5_cc_get_principal (context, ccache, &ctx->source);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (context, name, &ctx->target);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-	goto failure;
-
-
-    /*
-     * This is hideous glue for (NFS) clients that wants to limit the
-     * available enctypes to what it can support (encryption in
-     * kernel). If there is no enctypes selected for this credential,
-     * reset it to the default set of enctypes.
-     */
-    {
-	krb5_enctype *enctypes = NULL;
-
-	if (initiator_cred_handle && initiator_cred_handle->enctypes)
-	    enctypes = initiator_cred_handle->enctypes;
-	krb5_set_default_in_tkt_etypes(context, enctypes);
-    }
-
-    ret = gsskrb5_get_creds(minor_status,
-			    context,
-			    ccache,
-			    ctx,
-			    ctx->target,
-			    time_req,
-			    time_rec,
-			    &cred);
-    if (ret)
-	goto failure;
-
-    ctx->lifetime = cred->times.endtime;
-
-    ret = _gsskrb5_lifetime_left(minor_status,
-				 context,
-				 ctx->lifetime,
-				 &lifetime_rec);
-    if (ret) {
-	goto failure;
-    }
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	ret = GSS_S_CONTEXT_EXPIRED;
-	goto failure;
-    }
-
-    krb5_auth_con_setkey(context, 
-			 ctx->auth_context, 
-			 &cred->session);
-
-    kret = krb5_auth_con_generatelocalsubkey(context, 
-					     ctx->auth_context,
-					     &cred->session);
-    if(kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-    
-    /* 
-     * If the credential doesn't have ok-as-delegate, check what local
-     * policy say about ok-as-delegate, default is FALSE that makes
-     * code ignore the KDC setting and follow what the application
-     * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
-     * KDC doesn't set ok-as-delegate.
-     */
-    if (!cred->flags.b.ok_as_delegate) {
-	krb5_boolean delegate;
-    
-	krb5_appdefault_boolean(context,
-				"gssapi", name->realm,
-				"ok-as-delegate", FALSE, &delegate);
-	if (delegate)
-	    req_flags &= ~GSS_C_DELEG_FLAG;
-    }
-
-    flags = 0;
-    ap_options = 0;
-    if (req_flags & GSS_C_DELEG_FLAG)
-	do_delegation (context,
-		       ctx->auth_context,
-		       ccache, cred, name, &fwd_data, &flags);
-    
-    if (req_flags & GSS_C_MUTUAL_FLAG) {
-	flags |= GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    
-    if (req_flags & GSS_C_REPLAY_FLAG)
-	flags |= GSS_C_REPLAY_FLAG;
-    if (req_flags & GSS_C_SEQUENCE_FLAG)
-	flags |= GSS_C_SEQUENCE_FLAG;
-    if (req_flags & GSS_C_ANON_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_DCE_STYLE) {
-	/* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
-	flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    if (req_flags & GSS_C_IDENTIFY_FLAG)
-	flags |= GSS_C_IDENTIFY_FLAG;
-    if (req_flags & GSS_C_EXTENDED_ERROR_FLAG)
-	flags |= GSS_C_EXTENDED_ERROR_FLAG;
-
-    flags |= GSS_C_CONF_FLAG;
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_TRANS_FLAG;
-    
-    if (ret_flags)
-	*ret_flags = flags;
-    ctx->flags = flags;
-    ctx->more_flags |= LOCAL;
-    
-    ret = _gsskrb5_create_8003_checksum (minor_status,
-					 input_chan_bindings,
-					 flags,
-					 &fwd_data,
-					 &cksum);
-    krb5_data_free (&fwd_data);
-    if (ret)
-	goto failure;
-
-    enctype = ctx->auth_context->keyblock->keytype;
-
-    kret = krb5_build_authenticator (context,
-				     ctx->auth_context,
-				     enctype,
-				     cred,
-				     &cksum,
-				     NULL,
-				     &authenticator,
-				     KRB5_KU_AP_REQ_AUTH);
-
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_build_ap_req (context,
-			      enctype,
-			      cred,
-			      ap_options,
-			      authenticator,
-			      &outbuf);
-
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
-				   (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
-    if (ret)
-	goto failure;
-
-    krb5_data_free (&outbuf);
-    krb5_free_creds(context, cred);
-    free_Checksum(&cksum);
-    if (initiator_cred_handle == NULL)
-	krb5_cc_close(context, ccache);
-
-    if (flags & GSS_C_MUTUAL_FLAG) {
-	ctx->state = INITIATOR_WAIT_FOR_MUTAL;
-	return GSS_S_CONTINUE_NEEDED;
-    }
-
-    return gsskrb5_initiator_ready(minor_status, ctx, context);
-failure:
-    if(cred)
-	krb5_free_creds(context, cred);
-    if (ccache && initiator_cred_handle == NULL)
-	krb5_cc_close(context, ccache);
-
-    return ret;
-
-}
-
-static OM_uint32
-repl_mutual
-(OM_uint32 * minor_status,
- gsskrb5_ctx ctx,
- krb5_context context,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data indata;
-    krb5_ap_rep_enc_part *repl;
-    int is_cfx = 0;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (ctx->flags & GSS_C_DCE_STYLE) {
-	/* There is no OID wrapping. */
-	indata.length	= input_token->length;
-	indata.data	= input_token->value;
-    } else {
-	ret = _gsskrb5_decapsulate (minor_status,
-				    input_token,
-				    &indata,
-				    "\x02\x00",
-				    GSS_KRB5_MECHANISM);
-	if (ret) {
-	    /* XXX - Handle AP_ERROR */
-	    return ret;
-	}
-    }
-
-    kret = krb5_rd_rep (context,
-			ctx->auth_context,
-			&indata,
-			&repl);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    krb5_free_ap_rep_enc_part (context,
-			       repl);
-    
-    _gsskrb5i_is_cfx(ctx, &is_cfx);
-    if (is_cfx) {
-	krb5_keyblock *key = NULL;
-
-	kret = krb5_auth_con_getremotesubkey(context,
-					     ctx->auth_context, 
-					     &key);
-	if (kret == 0 && key != NULL) {
-    	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	    krb5_free_keyblock (context, key);
-	}
-    }
-
-
-    *minor_status = 0;
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     time_rec);
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-    if (ret_flags)
-	*ret_flags = ctx->flags;
-
-    if (req_flags & GSS_C_DCE_STYLE) {
-	int32_t con_flags;
-	krb5_data outbuf;
-
-	/* Do don't do sequence number for the mk-rep */
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
-				  &con_flags);
-
-	kret = krb5_mk_rep(context,
-			   ctx->auth_context,
-			   &outbuf);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	
-	output_token->length = outbuf.length;
-	output_token->value  = outbuf.data;
-
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
-				  NULL);
-    }
-
-    return gsskrb5_initiator_ready(minor_status, ctx, context);
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 _gsskrb5_init_sec_context
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle;
-    krb5_const_principal name = (krb5_const_principal)target_name;
-    gsskrb5_ctx ctx;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (context_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-    }
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-
-    if (target_name == GSS_C_NO_NAME) {
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_C_NO_OID;
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    if (mech_type != GSS_C_NO_OID && 
-	!gss_oid_equal(mech_type, GSS_KRB5_MECHANISM))
-	return GSS_S_BAD_MECH;
-
-    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
-	OM_uint32 ret;
-
-	if (*context_handle != GSS_C_NO_CONTEXT) {
-	    *minor_status = 0;
-	    return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-	}
-    
-	ret = _gsskrb5_create_ctx(minor_status,
-				  context_handle,
-				  context,
-				  input_chan_bindings,
-				  INITIATOR_START);
-	if (ret)
-	    return ret;
-    }
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	*minor_status = 0;
-	return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-    }
-
-    ctx = (gsskrb5_ctx) *context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    switch (ctx->state) {
-    case INITIATOR_START:
-	ret = init_auth(minor_status,
-			cred,
-			ctx,
-			context,
-			name,
-			mech_type,
-			req_flags,
-			time_req,
-			input_chan_bindings,
-			input_token,
-			actual_mech_type,
-			output_token,
-			ret_flags,
-			time_rec);
-	break;
-    case INITIATOR_WAIT_FOR_MUTAL:
-	ret = repl_mutual(minor_status,
-			  ctx,
-			  context,
-			  mech_type,
-			  req_flags,
-			  time_req,
-			  input_chan_bindings,
-			  input_token,
-			  actual_mech_type,
-			  output_token,
-			  ret_flags,
-			  time_rec);
-	break;
-    case INITIATOR_READY:
-	/* 
-	 * If we get there, the caller have called
-	 * gss_init_sec_context() one time too many.
-	 */
-	*minor_status = 0;
-	ret = GSS_S_BAD_STATUS;
-	break;
-    default:
-	*minor_status = 0;
-	ret = GSS_S_BAD_STATUS;
-	break;
-    }
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    /* destroy context in case of error */
-    if (GSS_ERROR(ret)) {
-	OM_uint32 min2;
-	_gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
-    }
-
-    return ret;
-
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c b/crypto/heimdal/lib/gssapi/krb5/inquire_context.c
deleted file mode 100644
index 4143056..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_inquire_context (
-    OM_uint32 * minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_name_t * src_name,
-	gss_name_t * targ_name,
-	OM_uint32 * lifetime_rec,
-	gss_OID * mech_type,
-	OM_uint32 * ctx_flags,
-	int * locally_initiated,
-	int * open_context
-    )
-{
-    krb5_context context;
-    OM_uint32 ret;
-    gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
-    gss_name_t name;
-
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (targ_name)
-	*targ_name = GSS_C_NO_NAME;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (src_name) {
-	name = (gss_name_t)ctx->source;
-	ret = _gsskrb5_duplicate_name (minor_status, name, src_name);
-	if (ret)
-	    goto failed;
-    }
-
-    if (targ_name) {
-	name = (gss_name_t)ctx->target;
-	ret = _gsskrb5_duplicate_name (minor_status, name, targ_name);
-	if (ret)
-	    goto failed;
-    }
-
-    if (lifetime_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status, 
-				     context,
-				     ctx->lifetime,
-				     lifetime_rec);
-	if (ret)
-	    goto failed;
-    }
-
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (ctx_flags)
-	*ctx_flags = ctx->flags;
-
-    if (locally_initiated)
-	*locally_initiated = ctx->more_flags & LOCAL;
-
-    if (open_context)
-	*open_context = ctx->more_flags & OPEN;
-
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return GSS_S_COMPLETE;
-
-failed:
-    if (src_name)
-	_gsskrb5_release_name(NULL, src_name);
-    if (targ_name)
-	_gsskrb5_release_name(NULL, targ_name);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c
deleted file mode 100644
index 47bf71e..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred
-(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- gss_name_t * output_name,
- OM_uint32 * lifetime,
- gss_cred_usage_t * cred_usage,
- gss_OID_set * mechanisms
-    )
-{
-    krb5_context context;
-    gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
-    gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
-    gsskrb5_cred acred = NULL, icred = NULL;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (output_name)
-	*output_name = NULL;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	ret = _gsskrb5_acquire_cred(minor_status, 
-				    GSS_C_NO_NAME,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    GSS_C_ACCEPT,
-				    &aqcred_accept,
-				    NULL,
-				    NULL);
-	if (ret == GSS_S_COMPLETE)
-	    acred = (gsskrb5_cred)aqcred_accept;
-
-	ret = _gsskrb5_acquire_cred(minor_status, 
-				    GSS_C_NO_NAME,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    GSS_C_INITIATE,
-				    &aqcred_init,
-				    NULL,
-				    NULL);
-	if (ret == GSS_S_COMPLETE)
-	    icred = (gsskrb5_cred)aqcred_init;
-
-	if (icred == NULL && acred == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_NO_CRED;
-	}
-    } else
-	acred = (gsskrb5_cred)cred_handle;
-
-    if (acred)
-	HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
-    if (icred)
-	HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
-
-    if (output_name != NULL) {
-	if (icred && icred->principal != NULL) {
-	    gss_name_t name;
-	    
-	    if (acred && acred->principal)
-		name = (gss_name_t)acred->principal;
-	    else
-		name = (gss_name_t)icred->principal;
-		
-            ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
-            if (ret)
-		goto out;
-	} else if (acred && acred->usage == GSS_C_ACCEPT) {
-	    krb5_principal princ;
-	    *minor_status = krb5_sname_to_principal(context, NULL,
-						    NULL, KRB5_NT_SRV_HST, 
-						    &princ);
-	    if (*minor_status) {
-		ret = GSS_S_FAILURE;
-		goto out;
-	    }
-	    *output_name = (gss_name_t)princ;
-	} else {
-	    krb5_principal princ;
-	    *minor_status = krb5_get_default_principal(context,
-						       &princ);
-	    if (*minor_status) {
-		ret = GSS_S_FAILURE;
-		goto out;
-	    }
-	    *output_name = (gss_name_t)princ;
-	}
-    }
-    if (lifetime != NULL) {
-	OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
-
-	if (acred) alife = acred->lifetime;
-	if (icred) ilife = icred->lifetime;
-
-	ret = _gsskrb5_lifetime_left(minor_status, 
-				     context,
-				     min(alife,ilife),
-				     lifetime);
-	if (ret)
-	    goto out;
-    }
-    if (cred_usage != NULL) {
-	if (acred && icred)
-	    *cred_usage = GSS_C_BOTH;
-	else if (acred)
-	    *cred_usage = GSS_C_ACCEPT;
-	else if (icred)
-	    *cred_usage = GSS_C_INITIATE;
-	else
-	    abort();
-    }
-
-    if (mechanisms != NULL) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret)
-	    goto out;
-	if (acred)
-	    ret = gss_add_oid_set_member(minor_status,
-					 &acred->mechanisms->elements[0],
-					 mechanisms);
-	if (ret == GSS_S_COMPLETE && icred)
-	    ret = gss_add_oid_set_member(minor_status,
-					 &icred->mechanisms->elements[0],
-					 mechanisms);
-        if (ret)
-	    goto out;
-    }
-    ret = GSS_S_COMPLETE;
-out:
-    if (acred)
-	HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
-    if (icred)
-	HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
-
-    if (aqcred_init != GSS_C_NO_CREDENTIAL)
-	ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
-    if (aqcred_accept != GSS_C_NO_CREDENTIAL)
-	ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c
deleted file mode 100644
index a8af214..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred_by_mech (
-    OM_uint32 * minor_status,
-	const gss_cred_id_t cred_handle,
-	const gss_OID mech_type,
-	gss_name_t * name,
-	OM_uint32 * initiator_lifetime,
-	OM_uint32 * acceptor_lifetime,
-	gss_cred_usage_t * cred_usage
-    )
-{
-    gss_cred_usage_t usage;
-    OM_uint32 maj_stat;
-    OM_uint32 lifetime;
-
-    maj_stat = 
-	_gsskrb5_inquire_cred (minor_status, cred_handle,
-			       name, &lifetime, &usage, NULL);
-    if (maj_stat)
-	return maj_stat;
-
-    if (initiator_lifetime) {
-	if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
-	    *initiator_lifetime = lifetime;
-	else
-	    *initiator_lifetime = 0;
-    }
-   
-    if (acceptor_lifetime) {
-	if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
-	    *acceptor_lifetime = lifetime;
-	else
-	    *acceptor_lifetime = 0;
-    }
-
-    if (cred_usage)
-	*cred_usage = usage;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c
deleted file mode 100644
index da50b11..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred_by_oid
-	   (OM_uint32 * minor_status,
-	    const gss_cred_id_t cred_handle,
-	    const gss_OID desired_object,
-	    gss_buffer_set_t *data_set)
-{
-    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
-    krb5_error_code ret;
-    gss_buffer_desc buffer;
-    char *str;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_COPY_CCACHE_X) == 0) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->ccache == NULL) {
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_cc_get_full_name(context, cred->ccache, &str);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    buffer.value = str;
-    buffer.length = strlen(str);
-
-    ret = gss_add_buffer_set_member(minor_status, &buffer, data_set);
-    if (ret != GSS_S_COMPLETE)
-	_gsskrb5_clear_status ();
-
-    free(str);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c
deleted file mode 100644
index 0ce051f..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_KRB5_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(NULL, mech_types);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
deleted file mode 100644
index 64abd3c..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $");
-
-
-static gss_OID *name_list[] = {
-    &GSS_C_NT_HOSTBASED_SERVICE,
-    &GSS_C_NT_USER_NAME,
-    &GSS_KRB5_NT_PRINCIPAL_NAME,
-    &GSS_C_NT_EXPORT_NAME,
-    NULL
-};
-
-OM_uint32 _gsskrb5_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-    int i;
-
-    *minor_status = 0;
-
-    if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
-	gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
-	*name_types = GSS_C_NO_OID_SET;
-	return GSS_S_BAD_MECH;
-    }
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    
-    for (i = 0; name_list[i] != NULL; i++) {
-	ret = gss_add_oid_set_member(minor_status, 
-				     *(name_list[i]),
-				     name_types);
-	if (ret != GSS_S_COMPLETE)
-	    break;
-    }
-
-    if (ret != GSS_S_COMPLETE)
-	gss_release_oid_set(NULL, name_types);
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
deleted file mode 100644
index 5ca7536..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
-
-static int
-oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix)
-{
-    int ret;
-    heim_oid oid;
-    heim_oid prefix;
- 
-    *suffix = 0;
-
-    ret = der_get_oid(oid_enc->elements, oid_enc->length,
-		      &oid, NULL);
-    if (ret) {
-	return 0;
-    }
-
-    ret = der_get_oid(prefix_enc->elements, prefix_enc->length,
-		      &prefix, NULL);
-    if (ret) {
-	der_free_oid(&oid);
-	return 0;
-    }
-
-    ret = 0;
-
-    if (oid.length - 1 == prefix.length) {
-	*suffix = oid.components[oid.length - 1];
-	oid.length--;
-	ret = (der_heim_oid_cmp(&oid, &prefix) == 0);
-	oid.length++;
-    }
-
-    der_free_oid(&oid);
-    der_free_oid(&prefix);
-
-    return ret;
-}
-
-static OM_uint32 inquire_sec_context_tkt_flags
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-            gss_buffer_set_t *data_set)
-{
-    OM_uint32 tkt_flags;
-    unsigned char buf[4];
-    gss_buffer_desc value;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-    if (context_handle->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	_gsskrb5_set_status("No ticket from which to obtain flags");
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }
-
-    tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    _gsskrb5_encode_om_uint32(tkt_flags, buf);
-    value.length = sizeof(buf);
-    value.value = buf;
-
-    return gss_add_buffer_set_member(minor_status,
-				     &value,
-				     data_set);
-}
-
-enum keytype { ACCEPTOR_KEY, INITIATOR_KEY, TOKEN_KEY };
-
-static OM_uint32 inquire_sec_context_get_subkey
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-	    enum keytype keytype,
-            gss_buffer_set_t *data_set)
-{
-    krb5_keyblock *key = NULL;
-    krb5_storage *sp = NULL;
-    krb5_data data;
-    OM_uint32 maj_stat = GSS_S_COMPLETE;
-    krb5_error_code ret;
-
-    krb5_data_zero(&data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	ret = ENOMEM;
-	goto out;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    switch(keytype) {
-    case ACCEPTOR_KEY:
-	ret = _gsskrb5i_get_acceptor_subkey(context_handle, context, &key);
-	break;
-    case INITIATOR_KEY:
-	ret = _gsskrb5i_get_initiator_subkey(context_handle, context, &key);
-	break;
-    case TOKEN_KEY:
-	ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-	break;
-    default:
-	_gsskrb5_set_status("%d is not a valid subkey type", keytype);
-	ret = EINVAL;
-	break;
-   }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) 
-	goto out;
-    if (key == NULL) {
-	_gsskrb5_set_status("have no subkey of type %d", keytype);
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = krb5_store_keyblock(sp, *key);
-    krb5_free_keyblock (context, key);
-    if (ret)
-	goto out;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	goto out;
-
-    {
-	gss_buffer_desc value;
-	
-	value.length = data.length;
-	value.value = data.data;
-	
-	maj_stat = gss_add_buffer_set_member(minor_status,
-					     &value,
-					     data_set);
-    }
-
-out:
-    krb5_data_free(&data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	maj_stat = GSS_S_FAILURE;
-    }
-    return maj_stat;
-}
-
-static OM_uint32 inquire_sec_context_authz_data
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            unsigned ad_type,
-            gss_buffer_set_t *data_set)
-{
-    krb5_data data;
-    gss_buffer_desc ad_data;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-    *data_set = GSS_C_NO_BUFFER_SET;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    if (context_handle->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	*minor_status = EINVAL;
-	_gsskrb5_set_status("No ticket to obtain authz data from");
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ret = krb5_ticket_get_authorization_data_type(context,
-						  context_handle->ticket,
-						  ad_type,
-						  &data);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ad_data.value = data.data;
-    ad_data.length = data.length;
-
-    ret = gss_add_buffer_set_member(minor_status,
-				    &ad_data,
-				    data_set);
-
-    krb5_data_free(&data);
-
-    return ret;
-}
-
-static OM_uint32 inquire_sec_context_has_updated_spnego
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-            gss_buffer_set_t *data_set)
-{
-    int is_updated = 0;
-
-    *minor_status = 0;
-    *data_set = GSS_C_NO_BUFFER_SET;
-
-    /*
-     * For Windows SPNEGO implementations, both the initiator and the
-     * acceptor are assumed to have been updated if a "newer" [CLAR] or
-     * different enctype is negotiated for use by the Kerberos GSS-API
-     * mechanism.
-     */
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    _gsskrb5i_is_cfx(context_handle, &is_updated);
-    if (is_updated == 0) {
-	krb5_keyblock *acceptor_subkey;
-
-	if (context_handle->more_flags & LOCAL)
-	    acceptor_subkey = context_handle->auth_context->remote_subkey;
-	else
-	    acceptor_subkey = context_handle->auth_context->local_subkey;
-
-	if (acceptor_subkey != NULL)
-	    is_updated = (acceptor_subkey->keytype !=
-			  context_handle->auth_context->keyblock->keytype);
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    return is_updated ? GSS_S_COMPLETE : GSS_S_FAILURE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-export_lucid_sec_context_v1(OM_uint32 *minor_status,
-			    gsskrb5_ctx context_handle,
-			    krb5_context context,
-			    gss_buffer_set_t *data_set)
-{
-    krb5_storage *sp = NULL;
-    OM_uint32 major_status = GSS_S_COMPLETE;
-    krb5_error_code ret;
-    krb5_keyblock *key = NULL;
-    int32_t number;
-    int is_cfx;
-    krb5_data data;
-    
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-    _gsskrb5i_is_cfx(context_handle, &is_cfx);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_store_int32(sp, 1);
-    if (ret) goto out;
-    ret = krb5_store_int32(sp, (context_handle->more_flags & LOCAL) ? 1 : 0);
-    if (ret) goto out;
-    ret = krb5_store_int32(sp, context_handle->lifetime);
-    if (ret) goto out;
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &number);
-    ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
-    ret = krb5_store_uint32(sp, (uint32_t)number);
-    krb5_auth_getremoteseqnumber (context,
-				  context_handle->auth_context,
-				  &number);
-    ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
-    ret = krb5_store_uint32(sp, (uint32_t)number);
-    ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0);
-    if (ret) goto out;
-
-    ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-    if (ret) goto out;
-
-    if (is_cfx == 0) {
-	int sign_alg, seal_alg;
-
-	switch (key->keytype) {
-	case ETYPE_DES_CBC_CRC:
-	case ETYPE_DES_CBC_MD4:
-	case ETYPE_DES_CBC_MD5:
-	    sign_alg = 0;
-	    seal_alg = 0;
-	    break;
-	case ETYPE_DES3_CBC_MD5:
-	case ETYPE_DES3_CBC_SHA1:
-	    sign_alg = 4;
-	    seal_alg = 2;
-	    break;
-	case ETYPE_ARCFOUR_HMAC_MD5:
-	case ETYPE_ARCFOUR_HMAC_MD5_56:
-	    sign_alg = 17;
-	    seal_alg = 16;
-	    break;
-	default:
-	    sign_alg = -1;
-	    seal_alg = -1;
-	    break;
-	}
-	ret = krb5_store_int32(sp, sign_alg);
-	if (ret) goto out;
-	ret = krb5_store_int32(sp, seal_alg);
-	if (ret) goto out;
-	/* ctx_key */
-	ret = krb5_store_keyblock(sp, *key);
-	if (ret) goto out;
-    } else {
-	int subkey_p = (context_handle->more_flags & ACCEPTOR_SUBKEY) ? 1 : 0;
-
-	/* have_acceptor_subkey */
-	ret = krb5_store_int32(sp, subkey_p);
-	if (ret) goto out;
-	/* ctx_key */
-	ret = krb5_store_keyblock(sp, *key);
-	if (ret) goto out;
-	/* acceptor_subkey */
-	if (subkey_p) {
-	    ret = krb5_store_keyblock(sp, *key);
-	    if (ret) goto out;
-	}
-    }
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret) goto out;
-
-    {
-	gss_buffer_desc ad_data;
-
-	ad_data.value = data.data;
-	ad_data.length = data.length;
-
-	ret = gss_add_buffer_set_member(minor_status, &ad_data, data_set);
-	krb5_data_free(&data);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    if (key)
-	krb5_free_keyblock (context, key);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	major_status = GSS_S_FAILURE;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return major_status;
-}
-
-static OM_uint32
-get_authtime(OM_uint32 *minor_status,
-	     gsskrb5_ctx ctx, 
-	     gss_buffer_set_t *data_set)
-
-{
-    gss_buffer_desc value;
-    unsigned char buf[4];
-    OM_uint32 authtime;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (ctx->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	_gsskrb5_set_status("No ticket to obtain auth time from");
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    
-    authtime = ctx->ticket->ticket.authtime;
-    
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    _gsskrb5_encode_om_uint32(authtime, buf);
-    value.length = sizeof(buf);
-    value.value = buf;
-
-    return gss_add_buffer_set_member(minor_status,
-				     &value,
-				     data_set);
-}
-
-
-static OM_uint32 
-get_service_keyblock
-        (OM_uint32 *minor_status,
-	 gsskrb5_ctx ctx, 
-	 gss_buffer_set_t *data_set)
-{
-    krb5_storage *sp = NULL;
-    krb5_data data;
-    OM_uint32 maj_stat = GSS_S_COMPLETE;
-    krb5_error_code ret = EINVAL;
-    
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (ctx->service_keyblock == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	_gsskrb5_set_status("No service keyblock on gssapi context");
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE; 
-    }
-
-    krb5_data_zero(&data);
-
-    ret = krb5_store_keyblock(sp, *ctx->service_keyblock);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    if (ret)
-	goto out;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	goto out;
-
-    {
-	gss_buffer_desc value;
-	
-	value.length = data.length;
-	value.value = data.data;
-	
-	maj_stat = gss_add_buffer_set_member(minor_status,
-					     &value,
-					     data_set);
-    }
-
-out:
-    krb5_data_free(&data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	maj_stat = GSS_S_FAILURE;
-    }
-    return maj_stat;
-}
-/*
- *
- */
-
-OM_uint32 _gsskrb5_inquire_sec_context_by_oid
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    krb5_context context;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-    unsigned suffix;
-
-    if (ctx == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_NO_CONTEXT;
-    }
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_GET_TKT_FLAGS_X)) {
-	return inquire_sec_context_tkt_flags(minor_status,
-					     ctx,
-					     data_set);
-    } else if (gss_oid_equal(desired_object, GSS_C_PEER_HAS_UPDATED_SPNEGO)) {
-	return inquire_sec_context_has_updated_spnego(minor_status,
-						      ctx,
-						      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      TOKEN_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_INITIATOR_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      INITIATOR_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_ACCEPTOR_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      ACCEPTOR_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) {
-	return get_authtime(minor_status, ctx, data_set);
-    } else if (oid_prefix_equal(desired_object,
-				GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X,
-				&suffix)) {
-	return inquire_sec_context_authz_data(minor_status,
-					      ctx,
-					      context,
-					      suffix,
-					      data_set);
-    } else if (oid_prefix_equal(desired_object,
-				GSS_KRB5_EXPORT_LUCID_CONTEXT_X,
-				&suffix)) {
-	if (suffix == 1)
-	    return export_lucid_sec_context_v1(minor_status,
-					       ctx,
-					       context,
-					       data_set);
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SERVICE_KEYBLOCK_X)) {
-	return get_service_keyblock(minor_status, ctx, data_set);
-    } else {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/prf.c b/crypto/heimdal/lib/gssapi/krb5/prf.c
deleted file mode 100644
index f79c937..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/prf.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $");
-
-OM_uint32
-_gsskrb5_pseudo_random(OM_uint32 *minor_status,
-		       gss_ctx_id_t context_handle,
-		       int prf_key,
-		       const gss_buffer_t prf_in,
-		       ssize_t desired_output_len,
-		       gss_buffer_t prf_out)
-{
-    gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_data input, output;
-    uint32_t num;
-    unsigned char *p;
-    krb5_keyblock *key = NULL;
-
-    if (ctx == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (desired_output_len <= 0) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    GSSAPI_KRB5_INIT (&context);
-
-    switch(prf_key) {
-    case GSS_C_PRF_KEY_FULL:
-	_gsskrb5i_get_acceptor_subkey(ctx, context, &key);
-	break;
-    case GSS_C_PRF_KEY_PARTIAL:
-	_gsskrb5i_get_initiator_subkey(ctx, context, &key);
-	break;
-    default:
-	_gsskrb5_set_status("unknown kerberos prf_key");
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    if (key == NULL) {
-	_gsskrb5_set_status("no prf_key found");
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    krb5_free_keyblock (context, key);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    prf_out->value = malloc(desired_output_len);
-    if (prf_out->value == NULL) {
-	_gsskrb5_set_status("Out of memory");
-	*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-    prf_out->length = desired_output_len;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    input.length = prf_in->length + 4;
-    input.data = malloc(prf_in->length + 4);
-    if (input.data == NULL) {
-	OM_uint32 junk;
-	_gsskrb5_set_status("Out of memory");
-	*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
-	gss_release_buffer(&junk, prf_out);
-	krb5_crypto_destroy(context, crypto);
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_FAILURE;
-    }
-    memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
-
-    num = 0;
-    p = prf_out->value;
-    while(desired_output_len > 0) {
-	_gsskrb5_encode_om_uint32(num, input.data);
-	ret = krb5_crypto_prf(context, crypto, &input, &output);
-	if (ret) {
-	    OM_uint32 junk;
-	    *minor_status = ret;
-	    free(input.data);
-	    gss_release_buffer(&junk, prf_out);
-	    krb5_crypto_destroy(context, crypto);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(p, output.data, min(desired_output_len, output.length));
-	p += output.length;
-	desired_output_len -= output.length;
-	krb5_data_free(&output);
-	num++;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c b/crypto/heimdal/lib/gssapi/krb5/process_context_token.c
deleted file mode 100644
index 15638f5..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    krb5_context context;
-    OM_uint32 ret = GSS_S_FAILURE;
-    gss_buffer_desc empty_buffer;
-    gss_qop_t qop_state;
-
-    empty_buffer.length = 0;
-    empty_buffer.value = NULL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = _gsskrb5_verify_mic_internal(minor_status, 
-				       (gsskrb5_ctx)context_handle,
-				       context,
-				       token_buffer, &empty_buffer,
-				       GSS_C_QOP_DEFAULT, "\x01\x02");
-
-    if (ret == GSS_S_COMPLETE)
-	ret = _gsskrb5_delete_sec_context(minor_status,
-					  rk_UNCONST(&context_handle),
-					  GSS_C_NO_BUFFER);
-    if (ret == GSS_S_COMPLETE)
-	*minor_status = 0;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c b/crypto/heimdal/lib/gssapi/krb5/release_buffer.c
deleted file mode 100644
index 5dff626..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32 _gsskrb5_release_buffer
-           (OM_uint32 * minor_status,
-            gss_buffer_t buffer
-           )
-{
-  *minor_status = 0;
-  free (buffer->value);
-  buffer->value  = NULL;
-  buffer->length = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_cred.c b/crypto/heimdal/lib/gssapi/krb5/release_cred.c
deleted file mode 100644
index ab5695b..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_cred.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $");
-
-OM_uint32 _gsskrb5_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    krb5_context context;
-    gsskrb5_cred cred;
-    OM_uint32 junk;
-
-    *minor_status = 0;
-
-    if (*cred_handle == NULL) 
-        return GSS_S_COMPLETE;
-
-    cred = (gsskrb5_cred)*cred_handle;
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->principal != NULL)
-        krb5_free_principal(context, cred->principal);
-    if (cred->keytab != NULL)
-	krb5_kt_close(context, cred->keytab);
-    if (cred->ccache != NULL) {
-	const krb5_cc_ops *ops;
-	ops = krb5_cc_get_ops(context, cred->ccache);
-	if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE)
-	    krb5_cc_destroy(context, cred->ccache);
-	else 
-	    krb5_cc_close(context, cred->ccache);
-    }
-    gss_release_oid_set(&junk, &cred->mechanisms);
-    if (cred->enctypes)
-	free(cred->enctypes);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex);
-    memset(cred, 0, sizeof(*cred));
-    free(cred);
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_name.c b/crypto/heimdal/lib/gssapi/krb5/release_name.c
deleted file mode 100644
index 80b9193..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_name.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $");
-
-OM_uint32 _gsskrb5_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    krb5_context context;
-    krb5_principal name = (krb5_principal)*input_name;
-
-    *minor_status = 0;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *input_name = GSS_C_NO_NAME;
-
-    krb5_free_principal(context, name);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/sequence.c b/crypto/heimdal/lib/gssapi/krb5/sequence.c
deleted file mode 100644
index 677a3c8..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/sequence.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $");
-
-#define DEFAULT_JITTER_WINDOW 20
-
-struct gss_msg_order {
-    OM_uint32 flags;
-    OM_uint32 start;
-    OM_uint32 length;
-    OM_uint32 jitter_window;
-    OM_uint32 first_seq;
-    OM_uint32 elem[1];
-};
-
-
-/*
- *
- */
-
-static OM_uint32
-msg_order_alloc(OM_uint32 *minor_status,
-		struct gss_msg_order **o,
-		OM_uint32 jitter_window)
-{
-    size_t len;
-    
-    len = jitter_window * sizeof((*o)->elem[0]);
-    len += sizeof(**o);
-    len -= sizeof((*o)->elem[0]);
-    
-    *o = calloc(1, len);
-    if (*o == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;    
-}
-
-/*
- *
- */
-
-OM_uint32
-_gssapi_msg_order_create(OM_uint32 *minor_status,
-			 struct gss_msg_order **o, 
-			 OM_uint32 flags, 
-			 OM_uint32 seq_num, 
-			 OM_uint32 jitter_window,
-			 int use_64)
-{
-    OM_uint32 ret;
-
-    if (jitter_window == 0)
-	jitter_window = DEFAULT_JITTER_WINDOW;
-
-    ret = msg_order_alloc(minor_status, o, jitter_window);
-    if(ret != GSS_S_COMPLETE)
-        return ret;
-
-    (*o)->flags = flags;
-    (*o)->length = 0;
-    (*o)->first_seq = seq_num;
-    (*o)->jitter_window = jitter_window;
-    (*o)->elem[0] = seq_num - 1;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_msg_order_destroy(struct gss_msg_order **m)
-{
-    free(*m);
-    *m = NULL;
-    return GSS_S_COMPLETE;
-}
-
-static void
-elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val)
-{
-    o->elem[slot % o->jitter_window] = val;
-}
-
-static void
-elem_insert(struct gss_msg_order *o, 
-	    unsigned int after_slot,
-	    OM_uint32 seq_num)
-{
-    assert(o->jitter_window > after_slot);
-
-    if (o->length > after_slot)
-	memmove(&o->elem[after_slot + 1], &o->elem[after_slot],
-		(o->length - after_slot - 1) * sizeof(o->elem[0]));
-
-    elem_set(o, after_slot, seq_num);
-
-    if (o->length < o->jitter_window)
-	o->length++;
-}
-
-/* rule 1: expected sequence number */
-/* rule 2: > expected sequence number */
-/* rule 3: seqnum < seqnum(first) */
-/* rule 4+5: seqnum in [seqnum(first),seqnum(last)]  */
-
-OM_uint32
-_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
-{
-    OM_uint32 r;
-    int i;
-
-    if (o == NULL)
-	return GSS_S_COMPLETE;
-
-    if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
-	return GSS_S_COMPLETE;
-
-    /* check if the packet is the next in order */
-    if (o->elem[0] == seq_num - 1) {
-	elem_insert(o, 0, seq_num);
-	return GSS_S_COMPLETE;
-    }
-
-    r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG;
-
-    /* sequence number larger then largest sequence number 
-     * or smaller then the first sequence number */
-    if (seq_num > o->elem[0]
-	|| seq_num < o->first_seq
-	|| o->length == 0) 
-    {
-	elem_insert(o, 0, seq_num);
-	if (r) {
-	    return GSS_S_COMPLETE;
-	} else {
-	    return GSS_S_GAP_TOKEN;
-	}
-    }
-
-    assert(o->length > 0);
-
-    /* sequence number smaller the first sequence number */
-    if (seq_num < o->elem[o->length - 1]) {
-	if (r)
-	    return(GSS_S_OLD_TOKEN);
-	else
-	    return(GSS_S_UNSEQ_TOKEN);
-    }
-
-    if (seq_num == o->elem[o->length - 1]) {
-	return GSS_S_DUPLICATE_TOKEN;
-    }
-
-    for (i = 0; i < o->length - 1; i++) {
-	if (o->elem[i] == seq_num)
-	    return GSS_S_DUPLICATE_TOKEN;
-	if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) {
-	    elem_insert(o, i, seq_num);
-	    if (r)
-		return GSS_S_COMPLETE;
-	    else
-		return GSS_S_UNSEQ_TOKEN;
-	}
-    }
-
-    return GSS_S_FAILURE;
-}
-
-OM_uint32
-_gssapi_msg_order_f(OM_uint32 flags)
-{
-    return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
-}
-
-/*
- * Translate `o` into inter-process format and export in to `sp'.
- */
-
-krb5_error_code
-_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
-{
-    krb5_error_code kret;
-    OM_uint32 i;
-    
-    kret = krb5_store_int32(sp, o->flags);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->start);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->length);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->jitter_window);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->first_seq);
-    if (kret)
-        return kret;
-    
-    for (i = 0; i < o->jitter_window; i++) {
-        kret = krb5_store_int32(sp, o->elem[i]);
-	if (kret)
-	    return kret;
-    }
-    
-    return 0;
-}
-
-OM_uint32
-_gssapi_msg_order_import(OM_uint32 *minor_status,
-			 krb5_storage *sp, 
-			 struct gss_msg_order **o)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    int32_t i, flags, start, length, jitter_window, first_seq;
-    
-    kret = krb5_ret_int32(sp, &flags);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &start);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &length);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &jitter_window);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &first_seq);
-    if (kret)
-	goto failed;
-    
-    ret = msg_order_alloc(minor_status, o, jitter_window);
-    if (ret != GSS_S_COMPLETE)
-        return ret;
-    
-    (*o)->flags = flags;
-    (*o)->start = start;
-    (*o)->length = length;
-    (*o)->jitter_window = jitter_window;
-    (*o)->first_seq = first_seq;
-    
-    for( i = 0; i < jitter_window; i++ ) {
-        kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
-	if (kret)
-	    goto failed;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-
-failed:
-    _gssapi_msg_order_destroy(o);
-    *minor_status = kret;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c b/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c
deleted file mode 100644
index d0ca1c4..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $");
-
-static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */
-
-gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
-
-static OM_uint32
-import_cred(OM_uint32 *minor_status,
-	    krb5_context context,
-            gss_cred_id_t *cred_handle,
-            const gss_buffer_t value)
-{
-    OM_uint32 major_stat;
-    krb5_error_code ret;
-    krb5_principal keytab_principal = NULL;
-    krb5_keytab keytab = NULL;
-    krb5_storage *sp = NULL;
-    krb5_ccache id = NULL;
-    char *str;
-
-    if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    sp = krb5_storage_from_mem(value->value, value->length);
-    if (sp == NULL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    /* credential cache name */
-    ret = krb5_ret_string(sp, &str);
-    if (ret) {
-	*minor_status = ret;
-	major_stat =  GSS_S_FAILURE;
-	goto out;
-    }
-    if (str[0]) {
-	ret = krb5_cc_resolve(context, str, &id);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-    }
-    free(str);
-    str = NULL;
-
-    /* keytab principal name */
-    ret = krb5_ret_string(sp, &str);
-    if (ret == 0 && str[0])
-	ret = krb5_parse_name(context, str, &keytab_principal);
-    if (ret) {
-	*minor_status = ret;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-    free(str);
-    str = NULL;
-
-    /* keytab principal */
-    ret = krb5_ret_string(sp, &str);
-    if (ret) {
-	*minor_status = ret;
-	major_stat =  GSS_S_FAILURE;
-	goto out;
-    }
-    if (str[0]) {
-	ret = krb5_kt_resolve(context, str, &keytab);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-    }
-    free(str);
-    str = NULL;
-
-    major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal,
-				      keytab, cred_handle);
-out:
-    if (id)
-	krb5_cc_close(context, id);
-    if (keytab_principal)
-	krb5_free_principal(context, keytab_principal);
-    if (keytab)
-	krb5_kt_close(context, keytab);
-    if (str)
-	free(str);
-    if (sp)
-	krb5_storage_free(sp);
-
-    return major_stat;
-}
-
-
-static OM_uint32
-allowed_enctypes(OM_uint32 *minor_status,
-		 krb5_context context,
-		 gss_cred_id_t *cred_handle,
-		 const gss_buffer_t value)
-{
-    OM_uint32 major_stat;
-    krb5_error_code ret;
-    size_t len, i;
-    krb5_enctype *enctypes = NULL;
-    krb5_storage *sp = NULL;
-    gsskrb5_cred cred;
-
-    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    cred = (gsskrb5_cred)*cred_handle;
-
-    if ((value->length % 4) != 0) {
-	*minor_status = 0;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    len = value->length / 4;
-    enctypes = malloc((len + 1) * 4);
-    if (enctypes == NULL) {
-	*minor_status = ENOMEM;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    sp = krb5_storage_from_mem(value->value, value->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    for (i = 0; i < len; i++) {
-	uint32_t e;
-
-	ret = krb5_ret_uint32(sp, &e);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-	enctypes[i] = e;
-    }
-    enctypes[i] = 0;
-
-    if (cred->enctypes)
-	free(cred->enctypes);
-    cred->enctypes = enctypes;
-
-    krb5_storage_free(sp);
-
-    return GSS_S_COMPLETE;
-
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    if (enctypes)
-	free(enctypes);
-
-    return major_stat;
-}
-
-
-OM_uint32
-_gsskrb5_set_cred_option
-           (OM_uint32 *minor_status,
-            gss_cred_id_t *cred_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    krb5_context context;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (value == GSS_C_NO_BUFFER) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
-	return import_cred(minor_status, context, cred_handle, value);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
-	return allowed_enctypes(minor_status, context, cred_handle, value);
-
-    *minor_status = EINVAL;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c
deleted file mode 100644
index 50441a1..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- *  glue routine for _gsskrb5_inquire_sec_context_by_oid
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $");
-
-static OM_uint32
-get_bool(OM_uint32 *minor_status,
-	 const gss_buffer_t value,
-	 int *flag)
-{
-    if (value->value == NULL || value->length != 1) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    *flag = *((const char *)value->value) != 0;
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-get_string(OM_uint32 *minor_status,
-	   const gss_buffer_t value,
-	   char **str)
-{
-    if (value == NULL || value->length == 0) {
-	*str = NULL;
-    } else {
-	*str = malloc(value->length + 1);
-	if (*str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_UNAVAILABLE;
-	}
-	memcpy(*str, value->value, value->length);
-	(*str)[value->length] = '\0';
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_set_sec_context_option
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    krb5_context context;
-    OM_uint32 maj_stat;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (value == GSS_C_NO_BUFFER) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_COMPAT_DES3_MIC_X)) {
-	gsskrb5_ctx ctx;
-	int flag;
-
-	if (*context_handle == GSS_C_NO_CONTEXT) {
-	    *minor_status = EINVAL;
-	    return GSS_S_NO_CONTEXT;
-	}
-
-	maj_stat = get_bool(minor_status, value, &flag);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	ctx = (gsskrb5_ctx)*context_handle;
-	HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-	if (flag)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	else
-	    ctx->more_flags &= ~COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_COMPLETE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DNS_CANONICALIZE_X)) {
-	int flag;
-
-	maj_stat = get_bool(minor_status, value, &flag);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	krb5_set_dns_canonicalize_hostname(context, flag);
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	_gsskrb5_register_acceptor_identity(str);
-	free(str);
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	if (str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_CALL_INACCESSIBLE_READ;
-	}
-
-	krb5_set_default_realm(context, str);
-	free(str);
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) {
-
-	if (value == NULL || value->length == 0) {
-	    krb5_set_send_to_kdc_func(context, NULL, NULL);
-	} else {
-	    struct gsskrb5_send_to_kdc c;
-
-	    if (value->length != sizeof(c)) {
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-	    memcpy(&c, value->value, sizeof(c));
-	    krb5_set_send_to_kdc_func(context,
-				      (krb5_send_to_kdc_func)c.func, 
-				      c.ptr);
-	}
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	if (str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_CALL_INACCESSIBLE_READ;
-	}
-
-	*minor_status = krb5_cc_set_default_name(context, str);
-	free(str);
-	if (*minor_status)
-	    return GSS_S_FAILURE;
-
-	return GSS_S_COMPLETE;
-    }
-
-    *minor_status = EINVAL;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c b/crypto/heimdal/lib/gssapi/krb5/test_cfx.c
deleted file mode 100644
index b453622..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: test_cfx.c 19031 2006-11-13 18:02:57Z lha $");
-
-struct range {
-    size_t lower;
-    size_t upper;
-};
-
-struct range tests[] = {
-    { 0, 1040 },
-    { 2040, 2080 },
-    { 4080, 5000 },
-    { 8180, 8292 },
-    { 9980, 10010 }
-};
-
-static void
-test_range(const struct range *r, int integ, 
-	   krb5_context context, krb5_crypto crypto)
-{
-    krb5_error_code ret;
-    size_t size, rsize;
-
-    for (size = r->lower; size < r->upper; size++) {
-	OM_uint32 max_wrap_size;
-	size_t cksumsize;
-	uint16_t padsize;
-
-	ret = _gsskrb5cfx_max_wrap_length_cfx(context,
-					      crypto,
-					      integ,
-					      size,
-					      &max_wrap_size);
-	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
-	if (max_wrap_size == 0)
-	    continue;
-
-	ret = _gsskrb5cfx_wrap_length_cfx(context,
-					  crypto,
-					  integ,
-					  max_wrap_size,
-					  &rsize, &cksumsize, &padsize);
-	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
-
-	if (size < rsize)
-	    krb5_errx(context, 1, 
-		      "size (%d) < rsize (%d) for max_wrap_size %d",
-		      (int)size, (int)rsize, (int)max_wrap_size);
-    }
-}
-
-static void
-test_special(krb5_context context, krb5_crypto crypto,
-	     int integ, size_t testsize)
-{
-    krb5_error_code ret;
-    size_t rsize;
-    OM_uint32 max_wrap_size;
-    size_t cksumsize;
-    uint16_t padsize;
-
-    ret = _gsskrb5cfx_max_wrap_length_cfx(context,
-					  crypto,
-					  integ,
-					  testsize,
-					  &max_wrap_size);
-    if (ret)
-	krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
-    
-    ret = _gsskrb5cfx_wrap_length_cfx(context,
-				      crypto,
-				      integ,
-				      max_wrap_size,
-				      &rsize, &cksumsize, &padsize);
-    if (ret)
-	krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
-    
-    if (testsize < rsize)
-	krb5_errx(context, 1, 
-		  "testsize (%d) < rsize (%d) for max_wrap_size %d",
-		  (int)testsize, (int)rsize, (int)max_wrap_size);
-}
-
-
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_keyblock keyblock;
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_crypto crypto;
-    int i;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_context_init: %d", ret);
-    
-    ret = krb5_generate_random_keyblock(context, 
-					ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-					&keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_crypto_init(context, &keyblock, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    test_special(context, crypto, 1, 60);
-    test_special(context, crypto, 0, 60);
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	test_range(&tests[i], 1, context, crypto);
-	test_range(&tests[i], 0, context, crypto);
-    }
-
-    krb5_free_keyblock_contents(context, &keyblock);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c b/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c
deleted file mode 100644
index 51d8159..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: ticket_flags.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32
-_gsskrb5_get_tkt_flags(OM_uint32 *minor_status,
-		       gsskrb5_ctx ctx,
-		       OM_uint32 *tkt_flags)
-{
-    if (ctx == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_NO_CONTEXT;
-    }
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (ctx->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }
-
-    *tkt_flags = TicketFlags2int(ctx->ticket->ticket.flags);
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/unwrap.c b/crypto/heimdal/lib/gssapi/krb5/unwrap.c
deleted file mode 100644
index d0a33d8..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/unwrap.c
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-unwrap_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *seq;
-  size_t len;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int i;
-  uint32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01",
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x00\x00", 2) != 0)
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x00\x00", 2) == 0) {
-      cstate = 1;
-  } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
-      cstate = 0;
-  } else
-      return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-      *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 16;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      DES_set_key (&deskey, &schedule);
-      memset (&zero, 0, sizeof(zero));
-      DES_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       input_message_buffer->length - len,
-		       &schedule,
-		       &zero,
-		       DES_DECRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (&schedule, 0, sizeof(schedule));
-  }
-  /* check pad */
-  ret = _gssapi_verify_pad(input_message_buffer, 
-			   input_message_buffer->length - len,
-			   &padlength);
-  if (ret)
-      return ret;
-
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, input_message_buffer->length - len);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 16;
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  seq = p;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  if (cmp != 0) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 24,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  size_t len;
-  u_char *seq;
-  krb5_data seq_data;
-  u_char cksum[20];
-  uint32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  krb5_crypto crypto;
-  Checksum csum;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01",
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x02\x00", 2) == 0) {
-    cstate = 1;
-  } else if (memcmp (p, "\xff\xff", 2) == 0) {
-    cstate = 0;
-  } else
-    return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-    *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 28;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_decrypt(context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, input_message_buffer->length - len, &tmp);
-      krb5_crypto_destroy(context, crypto);
-      if (ret) {
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == input_message_buffer->length - len);
-
-      memcpy (p, tmp.data, tmp.length);
-      krb5_data_free(&tmp);
-  }
-  /* check pad */
-  ret = _gssapi_verify_pad(input_message_buffer, 
-			   input_message_buffer->length - len,
-			   &padlength);
-  if (ret)
-      return ret;
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 28;
-
-  ret = krb5_crypto_init(context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret) {
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_FAILURE;
-  }
-  {
-      DES_cblock ivec;
-
-      memcpy(&ivec, p + 8, 8);
-      ret = krb5_decrypt_ivec (context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       p, 8, &seq_data,
-			       &ivec);
-  }
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_FAILURE;
-  }
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  seq = seq_data.data;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-  
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  /* verify checksum */
-
-  memcpy (cksum, p + 8, 20);
-
-  memcpy (p + 20, p - 8, 8);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = cksum;
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_verify_checksum (context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      p + 20,
-			      input_message_buffer->length - len + 8,
-			      &csum);
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 36,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-  krb5_keyblock *key;
-  krb5_context context;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
-
-  output_message_buffer->value = NULL;
-  output_message_buffer->length = 0;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  if (qop_state != NULL)
-      *qop_state = GSS_C_QOP_DEFAULT;
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  *minor_status = 0;
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = unwrap_des (minor_status, ctx,
-			input_message_buffer, output_message_buffer,
-			conf_state, qop_state, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = unwrap_des3 (minor_status, ctx, context,
-			 input_message_buffer, output_message_buffer,
-			 conf_state, qop_state, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_unwrap_arcfour (minor_status, ctx, context,
-				    input_message_buffer, output_message_buffer,
-				    conf_state, qop_state, key);
-      break;
-  default :
-      ret = _gssapi_unwrap_cfx (minor_status, ctx, context,
-				input_message_buffer, output_message_buffer,
-				conf_state, qop_state, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/v1.c b/crypto/heimdal/lib/gssapi/krb5/v1.c
deleted file mode 100644
index c5ebeb9..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: v1.c 18334 2006-10-07 22:16:04Z lha $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 _gsskrb5_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  return _gsskrb5_get_mic(minor_status,
-	context_handle,
-	(gss_qop_t)qop_req,
-	message_buffer,
-	message_token);
-}
-
-OM_uint32 _gsskrb5_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-  return _gsskrb5_verify_mic(minor_status,
-	context_handle,
-	message_buffer,
-	token_buffer,
-	(gss_qop_t *)qop_state);
-}
-
-OM_uint32 _gsskrb5_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  return _gsskrb5_wrap(minor_status,
-	context_handle,
-	conf_req_flag,
-	(gss_qop_t)qop_req,
-	input_message_buffer,
-	conf_state,
-	output_message_buffer);
-}
-
-OM_uint32 _gsskrb5_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-  return _gsskrb5_unwrap(minor_status,
-	context_handle,
-	input_message_buffer,
-	output_message_buffer,
-	conf_state,
-	(gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c b/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
deleted file mode 100644
index 52381af..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-verify_mic_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16], *seq;
-  DES_key_schedule schedule;
-  DES_cblock zero;
-  DES_cblock deskey;
-  uint32_t seq_number;
-  OM_uint32 ret;
-  int cmp;
-
-  p = token_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   token_buffer->length,
-				   type,
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x00\x00", 2) != 0)
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-  p += 16;
-
-  /* verify checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value,
-	     message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0) {
-    memset (deskey, 0, sizeof(deskey));
-    memset (&schedule, 0, sizeof(schedule));
-    return GSS_S_BAD_MIC;
-  }
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 16;
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  seq = p;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  if (cmp != 0) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  u_char *seq;
-  uint32_t seq_number;
-  OM_uint32 ret;
-  krb5_crypto crypto;
-  krb5_data seq_data;
-  int cmp, docompat;
-  Checksum csum;
-  char *tmp;
-  char ivec[8];
-  
-  p = token_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   token_buffer->length,
-				   type,
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-
-  ret = krb5_crypto_init(context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret){
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* verify sequence number */
-  docompat = 0;
-retry:
-  if (docompat)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  ret = krb5_decrypt_ivec (context,
-			   crypto,
-			   KRB5_KU_USAGE_SEQ,
-			   p, 8, &seq_data, ivec);
-  if (ret) {
-      if (docompat++) {
-	  krb5_crypto_destroy (context, crypto);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      } else
-	  goto retry;
-  }
-
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      if (docompat++) {
-	  krb5_crypto_destroy (context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  seq = seq_data.data;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  /* verify checksum */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      krb5_crypto_destroy (context, crypto);
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = p + 8;
-
-  ret = krb5_verify_checksum (context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      tmp, message_buffer->length + 8,
-			      &csum);
-  free (tmp);
-  if (ret) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  krb5_crypto_destroy (context, crypto);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_verify_mic_internal
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    char * type
-	    )
-{
-    krb5_keyblock *key;
-    OM_uint32 ret;
-    krb5_keytype keytype;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    krb5_enctype_to_keytype (context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
-	ret = verify_mic_des (minor_status, context_handle, context,
-			      message_buffer, token_buffer, qop_state, key,
-			      type);
-	break;
-    case KEYTYPE_DES3 :
-	ret = verify_mic_des3 (minor_status, context_handle, context,
-			       message_buffer, token_buffer, qop_state, key,
-			       type);
-	break;
-    case KEYTYPE_ARCFOUR :
-    case KEYTYPE_ARCFOUR_56 :
-	ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
-					  context,
-					  message_buffer, token_buffer,
-					  qop_state, key, type);
-	break;
-    default :
-	ret = _gssapi_verify_mic_cfx (minor_status, context_handle,
-				      context,
-				      message_buffer, token_buffer, qop_state,
-				      key);
-	break;
-    }
-    krb5_free_keyblock (context, key);
-    
-    return ret;
-}
-
-OM_uint32
-_gsskrb5_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    krb5_context context;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = _gsskrb5_verify_mic_internal(minor_status, 
-				       (gsskrb5_ctx)context_handle,
-				       context,
-				       message_buffer, token_buffer,
-				       qop_state, "\x01\x01");
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/wrap.c b/crypto/heimdal/lib/gssapi/krb5/wrap.c
deleted file mode 100644
index d413798..0000000
--- a/crypto/heimdal/lib/gssapi/krb5/wrap.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $");
-
-/*
- * Return initiator subkey, or if that doesn't exists, the subkey.
- */
-
-krb5_error_code
-_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
-			       krb5_context context,
-			       krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    *key = NULL;
-
-    if (ctx->more_flags & LOCAL) {
-	ret = krb5_auth_con_getlocalsubkey(context,
-				     ctx->auth_context, 
-				     key);
-    } else {
-	ret = krb5_auth_con_getremotesubkey(context,
-				      ctx->auth_context, 
-				      key);
-    }
-    if (ret == 0 && *key == NULL)
-	ret = krb5_auth_con_getkey(context,
-				   ctx->auth_context, 
-				   key);
-    if (ret == 0 && *key == NULL) {
-	krb5_set_error_string(context, "No initiator subkey available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return ret;
-}
-
-krb5_error_code
-_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
-			      krb5_context context,
-			      krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    *key = NULL;
-
-    if (ctx->more_flags & LOCAL) {
-	ret = krb5_auth_con_getremotesubkey(context,
-				      ctx->auth_context, 
-				      key);
-    } else {
-	ret = krb5_auth_con_getlocalsubkey(context,
-				     ctx->auth_context, 
-				     key);
-    }
-    if (ret == 0 && *key == NULL) {
-	krb5_set_error_string(context, "No acceptor subkey available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return ret;
-}
-
-OM_uint32
-_gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
-			krb5_context context,
-			krb5_keyblock **key)
-{
-    _gsskrb5i_get_acceptor_subkey(ctx, context, key);
-    if(*key == NULL) {
-	/*
-	 * Only use the initiator subkey or ticket session key if an
-	 * acceptor subkey was not required.
-	 */
-	if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
-	    _gsskrb5i_get_initiator_subkey(ctx, context, key);
-    }
-    if (*key == NULL) {
-	krb5_set_error_string(context, "No token key available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size,
-	    int blocksize,
-	    int extrasize
-           )
-{
-    size_t len, total_len; 
-
-    len = 8 + req_output_size + blocksize + extrasize;
-
-    _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-    total_len -= req_output_size; /* token length */
-    if (total_len < req_output_size) {
-        *max_input_size = (req_output_size - total_len);
-        (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
-    } else {
-        *max_input_size = 0;
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-  krb5_context context;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
-				      conf_req_flag, qop_req, 
-				      req_output_size, max_input_size, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
-      break;
-  default :
-      ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
-				  conf_req_flag, qop_req, 
-				  req_output_size, max_input_size, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  *minor_status = 0;
-  return ret;
-}
-
-static OM_uint32
-wrap_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 22;
-  _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    output_message_buffer->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM);
-
-  /* SGN_ALG */
-  memcpy (p, "\x00\x00", 2);
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x00\x00", 2);
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* fill in later */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* confounder + data + pad */
-  krb5_generate_random_block(p, 8);
-  memcpy (p + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, datalen);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  memcpy (p - 8, hash, 8);
-
-  /* sequence number */
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  krb5_auth_con_getlocalseqnumber (context,
-				   ctx->auth_context,
-				   &seq_number);
-
-  p -= 16;
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-  /* encrypt the data */
-  p += 16;
-
-  if(conf_req_flag) {
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      DES_set_key (&deskey, &schedule);
-      memset (&zero, 0, sizeof(zero));
-      DES_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       datalen,
-		       &schedule,
-		       &zero,
-		       DES_ENCRYPT);
-  }
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-  uint32_t ret;
-  krb5_crypto crypto;
-  Checksum cksum;
-  krb5_data encdata;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 34;
-  _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    output_message_buffer->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM); 
-
-  /* SGN_ALG */
-  memcpy (p, "\x04\x00", 2);	/* HMAC SHA1 DES3-KD */
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x02\x00", 2); /* DES3-KD */
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* calculate checksum (the above + confounder + data + pad) */
-
-  memcpy (p + 20, p - 8, 8);
-  krb5_generate_random_block(p + 28, 8);
-  memcpy (p + 28 + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_create_checksum (context,
-			      crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      0,
-			      p + 20,
-			      datalen + 8,
-			      &cksum);
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* zero out SND_SEQ + SGN_CKSUM in case */
-  memset (p, 0, 28);
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-  free_Checksum (&cksum);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-			       ctx->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-
-  ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
-			 &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  {
-      DES_cblock ivec;
-
-      memcpy (&ivec, p + 8, 8);
-      ret = krb5_encrypt_ivec (context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       seq, 8, &encdata,
-			       &ivec);
-  }
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-  /* encrypt the data */
-  p += 28;
-
-  if(conf_req_flag) {
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  free (output_message_buffer->value);
-	  output_message_buffer->length = 0;
-	  output_message_buffer->value = NULL;
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, datalen, &tmp);
-      krb5_crypto_destroy(context, crypto);
-      if (ret) {
-	  free (output_message_buffer->value);
-	  output_message_buffer->length = 0;
-	  output_message_buffer->value = NULL;
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == datalen);
-
-      memcpy (p, tmp.data, datalen);
-      krb5_data_free(&tmp);
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  krb5_context context;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = wrap_des (minor_status, ctx, context, conf_req_flag,
-		      qop_req, input_message_buffer, conf_state,
-		      output_message_buffer, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
-		       qop_req, input_message_buffer, conf_state,
-		       output_message_buffer, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
-				  qop_req, input_message_buffer, conf_state,
-				  output_message_buffer, key);
-      break;
-  default :
-      ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
-			      qop_req, input_message_buffer, conf_state,
-			      output_message_buffer, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c
deleted file mode 100644
index 79fc538..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: accept_sec_context.c 22521 2008-01-24 11:53:18Z lha $");
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
-{
-    OM_uint32 maj_stat;
-
-    *ctx = calloc(1, sizeof(**ctx));
-
-    (*ctx)->server = &ntlmsspi_kdc_digest;
-
-    maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
-    if (maj_stat != GSS_S_COMPLETE)
-	return maj_stat;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_accept_sec_context
-(OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token_buffer,
- const gss_channel_bindings_t input_chan_bindings,
- gss_name_t * src_name,
- gss_OID * mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec,
- gss_cred_id_t * delegated_cred_handle
-    )
-{
-    krb5_error_code ret;
-    struct ntlm_buf data;
-    ntlm_ctx ctx;
-
-    output_token->value = NULL;
-    output_token->length = 0;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL)
-	return GSS_S_FAILURE;
-	
-    if (input_token_buffer == GSS_C_NO_BUFFER)
-	return GSS_S_FAILURE;
-
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (mech_type)
-	*mech_type = GSS_C_NO_OID;
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-    if (delegated_cred_handle)
-	*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	struct ntlm_type1 type1;
-	OM_uint32 major_status;
-	OM_uint32 retflags;
-	struct ntlm_buf out;
-
-	major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx);
-	if (major_status)
-	    return major_status;
-	*context_handle = (gss_ctx_id_t)ctx;
-	
-	/* check if the mechs is allowed by remote service */
-	major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL);
-	if (major_status) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    return major_status;
-	}
-
-	data.data = input_token_buffer->value;
-	data.length = input_token_buffer->length;
-	
-	ret = heim_ntlm_decode_type1(&data, &type1);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	if ((type1.flags & NTLM_NEG_UNICODE) == 0) {
-	    heim_ntlm_free_type1(&type1);
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = EINVAL;
-	    return GSS_S_FAILURE;
-	}
-
-	if (type1.flags & NTLM_NEG_SIGN)
-	    ctx->gssflags |= GSS_C_CONF_FLAG;
-	if (type1.flags & NTLM_NEG_SIGN)
-	    ctx->gssflags |= GSS_C_INTEG_FLAG;
-
-	major_status = (*ctx->server->nsi_type2)(minor_status,
-						 ctx->ictx,
-						 type1.flags,
-						 type1.hostname,
-						 type1.domain,
-						 &retflags,
-						 &out);
-	heim_ntlm_free_type1(&type1);
-	if (major_status != GSS_S_COMPLETE) {
-	    OM_uint32 junk;
-	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
-	    return major_status;
-	}
-
-	output_token->value = malloc(out.length);
-	if (output_token->value == NULL) {
-	    OM_uint32 junk;
-	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(output_token->value, out.data, out.length);
-	output_token->length = out.length;
-
-	ctx->flags = retflags;
-
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	OM_uint32 maj_stat;
-	struct ntlm_type3 type3;
-	struct ntlm_buf session;
-
-	ctx = (ntlm_ctx)*context_handle;
-
-	data.data = input_token_buffer->value;
-	data.length = input_token_buffer->length;
-
-	ret = heim_ntlm_decode_type3(&data, 1, &type3);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	maj_stat = (*ctx->server->nsi_type3)(minor_status,
-					     ctx->ictx,
-					     &type3,
-					     &session);
-	if (maj_stat) {
-	    heim_ntlm_free_type3(&type3);
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    return maj_stat;
-	}
-
-	if (src_name) {
-	    ntlm_name n = calloc(1, sizeof(*n));
-	    if (n) {
-		n->user = strdup(type3.username);
-		n->domain = strdup(type3.targetname);
-	    }
-	    if (n == NULL || n->user == NULL || n->domain == NULL) {
-		heim_ntlm_free_type3(&type3);
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		return maj_stat;
-	    }
-	    *src_name = (gss_name_t)n;
-	}	    
-
-	heim_ntlm_free_type3(&type3);
-
-	ret = krb5_data_copy(&ctx->sessionkey, 
-			     session.data, session.length);
-	if (ret) {	
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	
-	if (session.length != 0) {
-
-	    ctx->status |= STATUS_SESSIONKEY; 
-
-	    if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
-		_gss_ntlm_set_key(&ctx->u.v2.send, 1,
-				  (ctx->flags & NTLM_NEG_KEYEX),
-				  ctx->sessionkey.data,
-				  ctx->sessionkey.length);
-		_gss_ntlm_set_key(&ctx->u.v2.recv, 0,
-				  (ctx->flags & NTLM_NEG_KEYEX),
-				  ctx->sessionkey.data,
-				  ctx->sessionkey.length);
-	    } else {
-		RC4_set_key(&ctx->u.v1.crypto_send.key, 
-			    ctx->sessionkey.length,
-			    ctx->sessionkey.data);
-		RC4_set_key(&ctx->u.v1.crypto_recv.key, 
-			    ctx->sessionkey.length,
-			    ctx->sessionkey.data);
-	    }
-	}
-
-	if (mech_type)
-	    *mech_type = GSS_NTLM_MECHANISM;
-	if (time_rec)
-	    *time_rec = GSS_C_INDEFINITE;
-
-	ctx->status |= STATUS_OPEN;
-
-	if (ret_flags)
-	    *ret_flags = ctx->gssflags;
-
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c
deleted file mode 100644
index 8e17d4f..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: acquire_cred.c 22380 2007-12-29 18:42:56Z lha $");
-
-OM_uint32 _gss_ntlm_acquire_cred
-           (OM_uint32 * min_stat,
-            const gss_name_t desired_name,
-            OM_uint32 time_req,
-            const gss_OID_set desired_mechs,
-            gss_cred_usage_t cred_usage,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * time_rec
-           )
-{
-    ntlm_name name = (ntlm_name) desired_name;
-    OM_uint32 maj_stat;
-    ntlm_ctx ctx;
-
-    *min_stat = 0;
-    if (output_cred_handle)
-	*output_cred_handle = GSS_C_NO_CREDENTIAL;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-    if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
-
-    if (desired_name == NULL)
-	return GSS_S_NO_CRED;
-
-    if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
-
-	maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	
-	maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, 
-					     name->domain);
-
-	if (maj_stat)
-	    return maj_stat;
-
-	{
-	    gss_ctx_id_t context = (gss_ctx_id_t)ctx;
-	    _gss_ntlm_delete_sec_context(min_stat, &context, NULL);
-	    *min_stat = 0;
-	}
-    }	
-    if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
-	ntlm_cred cred;
-
-	*min_stat = _gss_ntlm_get_user_cred(name, &cred);
-	if (*min_stat)
-	    return GSS_S_FAILURE;
-	cred->usage = cred_usage;
-
-	*output_cred_handle = (gss_cred_id_t)cred;
-    }
-
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c b/crypto/heimdal/lib/gssapi/ntlm/add_cred.c
deleted file mode 100644
index 11a2581..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: add_cred.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (output_cred_handle)
-	*output_cred_handle = GSS_C_NO_CREDENTIAL;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-    if (initiator_time_rec)
-	*initiator_time_rec = 0;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c b/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c
deleted file mode 100644
index 8eaa870..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: canonicalize_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c b/crypto/heimdal/lib/gssapi/ntlm/compare_name.c
deleted file mode 100644
index d2c2d8b..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: compare_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/context_time.c b/crypto/heimdal/lib/gssapi/ntlm/context_time.c
deleted file mode 100644
index a6895cb..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/context_time.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: context_time.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/crypto.c b/crypto/heimdal/lib/gssapi/ntlm/crypto.c
deleted file mode 100644
index b05246c..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/crypto.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: crypto.c 19535 2006-12-28 14:49:01Z lha $");
-
-uint32_t
-_krb5_crc_update (const char *p, size_t len, uint32_t res);
-void
-_krb5_crc_init_table(void);
-
-/*
- *
- */
-
-static void
-encode_le_uint32(uint32_t n, unsigned char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-}
-
-
-static void
-decode_le_uint32(const void *ptr, uint32_t *n)
-{
-    const unsigned char *p = ptr;
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-}
-
-/*
- *
- */
-
-const char a2i_signmagic[] =
-    "session key to server-to-client signing key magic constant";
-const char a2i_sealmagic[] =
-    "session key to server-to-client sealing key magic constant";
-const char i2a_signmagic[] =
-    "session key to client-to-server signing key magic constant";
-const char i2a_sealmagic[] =
-    "session key to client-to-server sealing key magic constant";
-
-
-void
-_gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
-		  unsigned char *data, size_t len)
-{
-    unsigned char out[16];
-    MD5_CTX ctx;
-    const char *signmagic;
-    const char *sealmagic;
-
-    if (acceptor) {
-	signmagic = a2i_signmagic;
-	sealmagic = a2i_sealmagic;
-    } else {
-	signmagic = i2a_signmagic;
-	sealmagic = i2a_sealmagic;
-    }
-
-    key->seq = 0;
-
-    MD5_Init(&ctx);
-    MD5_Update(&ctx, data, len);
-    MD5_Update(&ctx, signmagic, strlen(signmagic) + 1);
-    MD5_Final(key->signkey, &ctx);
-
-    MD5_Init(&ctx);
-    MD5_Update(&ctx, data, len);
-    MD5_Update(&ctx, sealmagic, strlen(sealmagic) + 1);
-    MD5_Final(out, &ctx);
-
-    RC4_set_key(&key->sealkey, 16, out);
-    if (sealsign)
-	key->signsealkey = &key->sealkey;
-}
-
-/*
- *
- */
-
-static OM_uint32
-v1_sign_message(gss_buffer_t in,
-		RC4_KEY *signkey,
-		uint32_t seq,
-		unsigned char out[16])
-{
-    unsigned char sigature[12];
-    uint32_t crc;
-    
-    _krb5_crc_init_table();
-    crc = _krb5_crc_update(in->value, in->length, 0);
-    
-    encode_le_uint32(0, &sigature[0]);
-    encode_le_uint32(crc, &sigature[4]);
-    encode_le_uint32(seq, &sigature[8]);
-    
-    encode_le_uint32(1, out); /* version */
-    RC4(signkey, sizeof(sigature), sigature, out + 4);
-    
-    if (RAND_bytes(out + 4, 4) != 1)
-	return GSS_S_UNAVAILABLE;
-    
-    return 0;
-}
-
-
-static OM_uint32
-v2_sign_message(gss_buffer_t in,
-		unsigned char signkey[16],
-		RC4_KEY *sealkey,
-		uint32_t seq,
-		unsigned char out[16])
-{
-    unsigned char hmac[16];
-    unsigned int hmaclen;
-    HMAC_CTX c;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL);
-    
-    encode_le_uint32(seq, hmac);
-    HMAC_Update(&c, hmac, 4);
-    HMAC_Update(&c, in->value, in->length);
-    HMAC_Final(&c, hmac, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    encode_le_uint32(1, &out[0]);
-    if (sealkey)
-	RC4(sealkey, 8, hmac, &out[4]);
-    else
-	memcpy(&out[4], hmac, 8);
-
-    memset(&out[12], 0, 4);
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-v2_verify_message(gss_buffer_t in,
-		  unsigned char signkey[16],
-		  RC4_KEY *sealkey,
-		  uint32_t seq,
-		  const unsigned char checksum[16])
-{
-    OM_uint32 ret;
-    unsigned char out[16];
-
-    ret = v2_sign_message(in, signkey, sealkey, seq, out);
-    if (ret)
-	return ret;
-
-    if (memcmp(checksum, out, 16) != 0)
-	return GSS_S_BAD_MIC;
-
-    return GSS_S_COMPLETE;
-}    
-
-static OM_uint32
-v2_seal_message(const gss_buffer_t in,
-		unsigned char signkey[16],
-		uint32_t seq,
-		RC4_KEY *sealkey,
-		gss_buffer_t out)
-{
-    unsigned char *p;
-    OM_uint32 ret;
-
-    if (in->length + 16 < in->length)
-	return EINVAL;
-
-    p = malloc(in->length + 16);
-    if (p == NULL)
-	return ENOMEM;
-
-    RC4(sealkey, in->length, in->value, p);
-
-    ret = v2_sign_message(in, signkey, sealkey, seq, &p[in->length]);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    out->value = p;
-    out->length = in->length + 16;
-
-    return 0;
-}
-
-static OM_uint32
-v2_unseal_message(gss_buffer_t in,
-		  unsigned char signkey[16],
-		  uint32_t seq,
-		  RC4_KEY *sealkey,
-		  gss_buffer_t out)
-{
-    OM_uint32 ret;
-
-    if (in->length < 16)
-	return GSS_S_BAD_MIC;
-
-    out->length = in->length - 16;
-    out->value = malloc(out->length);
-    if (out->value == NULL)
-	return GSS_S_BAD_MIC;
-
-    RC4(sealkey, out->length, in->value, out->value);
-
-    ret = v2_verify_message(out, signkey, sealkey, seq,
-			    ((const unsigned char *)in->value) + out->length);
-    if (ret) {
-	OM_uint32 junk;
-	gss_release_buffer(&junk, out);
-    }
-    return ret;
-}
-
-/*
- *
- */
-
-#define CTX_FLAGS_ISSET(_ctx,_flags) \
-    (((_ctx)->flags & (_flags)) == (_flags))
-
-/*
- *
- */
- 
-OM_uint32 _gss_ntlm_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 junk;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (message_token) {
-	message_token->length = 0;
-	message_token->value = NULL;
-    }
-
-    message_token->value = malloc(16);
-    message_token->length = 16;
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0) {
-	    gss_release_buffer(&junk, message_token);
-	    return GSS_S_UNAVAILABLE;
-	}
-
-	ret = v2_sign_message(message_buffer,
-			      ctx->u.v2.send.signkey,
-			      ctx->u.v2.send.signsealkey,
-			      ctx->u.v2.send.seq++,
-			      message_token->value);
-	if (ret)
-	    gss_release_buffer(&junk, message_token);
-        return ret;
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0) {
-	    gss_release_buffer(&junk, message_token);
-	    return GSS_S_UNAVAILABLE;
-	}
-
-	ret = v1_sign_message(message_buffer,
-			      &ctx->u.v1.crypto_send.key,
-			      ctx->u.v1.crypto_send.seq++,
-			      message_token->value);
-	if (ret)
-	    gss_release_buffer(&junk, message_token);
-        return ret;
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_ALWAYS_SIGN)) {
-	unsigned char *sigature;
-
-	sigature = message_token->value;
-
-	encode_le_uint32(1, &sigature[0]); /* version */
-	encode_le_uint32(0, &sigature[4]);
-	encode_le_uint32(0, &sigature[8]);
-	encode_le_uint32(0, &sigature[12]);
-
-        return GSS_S_COMPLETE;
-    }
-    gss_release_buffer(&junk, message_token);
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-    *minor_status = 0;
-
-    if (token_buffer->length != 16)
-	return GSS_S_BAD_MIC;
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0)
-	    return GSS_S_UNAVAILABLE;
-
-	ret = v2_verify_message(message_buffer,
-				ctx->u.v2.recv.signkey,
-				ctx->u.v2.recv.signsealkey,
-				ctx->u.v2.recv.seq++,
-				token_buffer->value);
-	if (ret)
-	    return ret;
-
-	return GSS_S_COMPLETE;
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
-
-	unsigned char sigature[12];
-	uint32_t crc, num;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0)
-	    return GSS_S_UNAVAILABLE;
-
-	decode_le_uint32(token_buffer->value, &num);
-	if (num != 1)
-	    return GSS_S_BAD_MIC;
-
-	RC4(&ctx->u.v1.crypto_recv.key, sizeof(sigature),
-	    ((unsigned char *)token_buffer->value) + 4, sigature);
-
-	_krb5_crc_init_table();
-	crc = _krb5_crc_update(message_buffer->value, 
-			       message_buffer->length, 0);
-	/* skip first 4 bytes in the encrypted checksum */
-	decode_le_uint32(&sigature[4], &num);
-	if (num != crc)
-	    return GSS_S_BAD_MIC;
-	decode_le_uint32(&sigature[8], &num);
-	if (ctx->u.v1.crypto_recv.seq != num)
-	    return GSS_S_BAD_MIC;
-	ctx->u.v1.crypto_recv.seq++;
-
-        return GSS_S_COMPLETE;
-    } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) {
-	uint32_t num;
-	unsigned char *p;
-
-	p = (unsigned char*)(token_buffer->value);
-
-	decode_le_uint32(&p[0], &num); /* version */
-	if (num != 1) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[4], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[8], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[12], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-
-        return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    *minor_status = 0;
-
-    if(ctx->flags & NTLM_NEG_SEAL) {
-
-	if (req_output_size < 16)
-	    *max_input_size = 0;
-	else
-	    *max_input_size = req_output_size - 16;
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32 _gss_ntlm_wrap
-(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
-    )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 ret;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (conf_state)
-	*conf_state = 0;
-    if (output_message_buffer == GSS_C_NO_BUFFER)
-	return GSS_S_FAILURE;
-
-    
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
-
-	return v2_seal_message(input_message_buffer,
-			       ctx->u.v2.send.signkey,
-			       ctx->u.v2.send.seq++,
-			       &ctx->u.v2.send.sealkey,
-			       output_message_buffer);
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
-	gss_buffer_desc trailer;
-	OM_uint32 junk;
-
-	output_message_buffer->length = input_message_buffer->length + 16;
-	output_message_buffer->value = malloc(output_message_buffer->length);
-	if (output_message_buffer->value == NULL) {
-	    output_message_buffer->length = 0;
-	    return GSS_S_FAILURE;
-	}
-
-
-	RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length,
-	    input_message_buffer->value, output_message_buffer->value);
-	
-	ret = _gss_ntlm_get_mic(minor_status, context_handle,
-				0, input_message_buffer,
-				&trailer);
-	if (ret) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    return ret;
-	}
-	if (trailer.length != 16) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    gss_release_buffer(&junk, &trailer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(((unsigned char *)output_message_buffer->value) + 
-	       input_message_buffer->length,
-	       trailer.value, trailer.length);
-	gss_release_buffer(&junk, &trailer);
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32 _gss_ntlm_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 ret;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (output_message_buffer) {
-	output_message_buffer->value = NULL;
-	output_message_buffer->length = 0;
-    }
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
-
-	return v2_unseal_message(input_message_buffer,
-				 ctx->u.v2.recv.signkey,
-				 ctx->u.v2.recv.seq++,
-				 &ctx->u.v2.recv.sealkey,
-				 output_message_buffer);
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
-
-	gss_buffer_desc trailer;
-	OM_uint32 junk;
-
-	if (input_message_buffer->length < 16)
-	    return GSS_S_BAD_MIC;
-
-	output_message_buffer->length = input_message_buffer->length - 16;
-	output_message_buffer->value = malloc(output_message_buffer->length);
-	if (output_message_buffer->value == NULL) {
-	    output_message_buffer->length = 0;
-	    return GSS_S_FAILURE;
-	}
-	
-	RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length,
-	    input_message_buffer->value, output_message_buffer->value);
-	
-	trailer.value = ((unsigned char *)input_message_buffer->value) +
-	    output_message_buffer->length;
-	trailer.length = 16;
-
-	ret = _gss_ntlm_verify_mic(minor_status, context_handle,
-				   output_message_buffer,
-				   &trailer, NULL);
-	if (ret) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    return ret;
-	}
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c
deleted file mode 100644
index c51f227..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: delete_sec_context.c 22163 2007-12-04 21:25:06Z lha $");
-
-OM_uint32 _gss_ntlm_delete_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t output_token
-           )
-{
-    if (context_handle) {
-	ntlm_ctx ctx = (ntlm_ctx)*context_handle;
-	gss_cred_id_t cred = (gss_cred_id_t)ctx->client;
-
-	*context_handle = GSS_C_NO_CONTEXT;
-
-	if (ctx->server)
-	    (*ctx->server->nsi_destroy)(minor_status, ctx->ictx);
-
-	_gss_ntlm_release_cred(NULL, &cred);
-
-	memset(ctx, 0, sizeof(*ctx));
-	free(ctx);
-    }
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/digest.c b/crypto/heimdal/lib/gssapi/ntlm/digest.c
deleted file mode 100644
index fecf4a5..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/digest.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: digest.c 22169 2007-12-04 22:19:16Z lha $");
-
-/*
- *
- */
-
-struct ntlmkrb5 {
-    krb5_context context;
-    krb5_ntlm ntlm;
-    krb5_realm kerberos_realm;
-    krb5_ccache id;
-    krb5_data opaque;
-    int destroy;
-    OM_uint32 flags;
-    struct ntlm_buf key;
-    krb5_data sessionkey;
-};
-
-static OM_uint32 kdc_destroy(OM_uint32 *, void *);
-
-/*
- * Get credential cache that the ntlm code can use to talk to the KDC
- * using the digest API.
- */
-
-static krb5_error_code
-get_ccache(krb5_context context, int *destroy, krb5_ccache *id)
-{
-    krb5_principal principal = NULL;
-    krb5_error_code ret;
-    krb5_keytab kt = NULL;
-
-    *id = NULL;
-    
-    if (!issuid()) {
-	const char *cache;
-
-	cache = getenv("NTLM_ACCEPTOR_CCACHE");
-	if (cache) {
-	    ret = krb5_cc_resolve(context, cache, id);
-	    if (ret)
-		goto out;
-	    return 0;
-	}
-    }
-
-    ret = krb5_sname_to_principal(context, NULL, "host", 
-				  KRB5_NT_SRV_HST, &principal);
-    if (ret)
-	goto out;
-    
-    ret = krb5_cc_cache_match(context, principal, NULL, id);
-    if (ret == 0)
-	return 0;
-    
-    /* did not find in default credcache, lets try default keytab */
-    ret = krb5_kt_default(context, &kt);
-    if (ret)
-	goto out;
-
-    /* XXX check in keytab */
-    {
-	krb5_get_init_creds_opt *opt;
-	krb5_creds cred;
-
-	memset(&cred, 0, sizeof(cred));
-
-	ret = krb5_cc_new_unique(context, "MEMORY", NULL, id);
-	if (ret)
-	    goto out;
-	*destroy = 1;
-	ret = krb5_get_init_creds_opt_alloc(context, &opt);
-	if (ret)
-	    goto out;
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  principal,
-					  kt,
-					  0,
-					  NULL,
-					  opt);
-	krb5_get_init_creds_opt_free(context, opt);
-	if (ret)
-	    goto out;
-	ret = krb5_cc_initialize (context, *id, cred.client);
-	if (ret) {
-	    krb5_free_cred_contents (context, &cred);
-	    goto out;
-	}
-	ret = krb5_cc_store_cred (context, *id, &cred);
-	krb5_free_cred_contents (context, &cred);
-	if (ret)
-	    goto out;
-    }
-
-    krb5_kt_close(context, kt);
-    
-    return 0;
-
-out:
-    if (*destroy)
-	krb5_cc_destroy(context, *id);
-    else
-	krb5_cc_close(context, *id);
-
-    *id = NULL;
-
-    if (kt)
-	krb5_kt_close(context, kt);
-
-    if (principal)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_alloc(OM_uint32 *minor, void **ctx)
-{
-    krb5_error_code ret;
-    struct ntlmkrb5 *c;
-    OM_uint32 junk;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	*minor = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_init_context(&c->context);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = get_ccache(c->context, &c->destroy, &c->id);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_ntlm_alloc(c->context, &c->ntlm);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    *ctx = c;
-
-    return GSS_S_COMPLETE;
-}
-
-static int
-kdc_probe(OM_uint32 *minor, void *ctx, const char *realm)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-    unsigned flags;
-
-    ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags);
-    if (ret)
-	return ret;
-    
-    if ((flags & (1|2|4)) == 0)
-	return EINVAL;
-
-    return 0;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_destroy(OM_uint32 *minor, void *ctx)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_data_free(&c->opaque);
-    krb5_data_free(&c->sessionkey);
-    if (c->ntlm)
-	krb5_ntlm_free(c->context, c->ntlm);
-    if (c->id) {
-	if (c->destroy)
-	    krb5_cc_destroy(c->context, c->id);
-	else
-	    krb5_cc_close(c->context, c->id);
-    }
-    if (c->context)
-	krb5_free_context(c->context);
-    memset(c, 0, sizeof(*c));
-    free(c);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_type2(OM_uint32 *minor_status,
-	  void *ctx,
-	  uint32_t flags,
-	  const char *hostname,
-	  const char *domain,
-	  uint32_t *ret_flags,
-	  struct ntlm_buf *out)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-    struct ntlm_type2 type2;
-    krb5_data challange;
-    struct ntlm_buf data;
-    krb5_data ti;
-    
-    memset(&type2, 0, sizeof(type2));
-    
-    /*
-     * Request data for type 2 packet from the KDC.
-     */
-    ret = krb5_ntlm_init_request(c->context, 
-				 c->ntlm,
-				 NULL,
-				 c->id,
-				 flags,
-				 hostname,
-				 domain);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_opaque(c->context, c->ntlm, &c->opaque);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_flags(c->context, c->ntlm, &type2.flags);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *ret_flags = type2.flags;
-
-    ret = krb5_ntlm_init_get_challange(c->context, c->ntlm, &challange);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (challange.length != sizeof(type2.challange)) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    memcpy(type2.challange, challange.data, sizeof(type2.challange));
-    krb5_data_free(&challange);
-
-    ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm,
-					&type2.targetname);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_ntlm_init_get_targetinfo(c->context, c->ntlm, &ti);
-    if (ret) {
-	free(type2.targetname);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    type2.targetinfo.data = ti.data;
-    type2.targetinfo.length = ti.length;
-	
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    free(type2.targetname);
-    krb5_data_free(&ti);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-	
-    out->data = data.data;
-    out->length = data.length;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_type3(OM_uint32 *minor_status,
-	  void *ctx,
-	  const struct ntlm_type3 *type3,
-	  struct ntlm_buf *sessionkey)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-
-    sessionkey->data = NULL;
-    sessionkey->length = 0;
-
-    ret = krb5_ntlm_req_set_flags(c->context, c->ntlm, type3->flags);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm, 
-				       type3->targetname);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_lm(c->context, c->ntlm, 
-			       type3->lm.data, type3->lm.length);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm, 
-				 type3->ntlm.data, type3->ntlm.length);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque);
-    if (ret) goto out;
-
-    if (type3->sessionkey.length) {
-	ret = krb5_ntlm_req_set_session(c->context, c->ntlm,
-					type3->sessionkey.data,
-					type3->sessionkey.length);
-	if (ret) goto out;
-    }
-
-    /*
-     * Verify with the KDC the type3 packet is ok
-     */
-    ret = krb5_ntlm_request(c->context, 
-			    c->ntlm,
-			    NULL,
-			    c->id);
-    if (ret)
-	goto out;
-
-    if (krb5_ntlm_rep_get_status(c->context, c->ntlm) != TRUE) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    if (type3->sessionkey.length) {
-	ret = krb5_ntlm_rep_get_sessionkey(c->context, 
-					   c->ntlm,
-					   &c->sessionkey);
-	if (ret)
-	    goto out;
-
-	sessionkey->data = c->sessionkey.data;
-	sessionkey->length = c->sessionkey.length;
-    }
-
-    return 0;
-
- out:
-    *minor_status = ret;
-    return GSS_S_FAILURE;
-}
-
-/*
- *
- */
-
-static void
-kdc_free_buffer(struct ntlm_buf *sessionkey)
-{
-    if (sessionkey->data)
-	free(sessionkey->data);
-    sessionkey->data = NULL;
-    sessionkey->length = 0;
-}
-
-/*
- *
- */
-
-struct ntlm_server_interface ntlmsspi_kdc_digest = {
-    kdc_alloc,
-    kdc_destroy,
-    kdc_probe,
-    kdc_type2,
-    kdc_type3,
-    kdc_free_buffer
-};
diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_name.c b/crypto/heimdal/lib/gssapi/ntlm/display_name.c
deleted file mode 100644
index a04d96c..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/display_name.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: display_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    *minor_status = 0;
-
-    if (output_name_type)
-	*output_name_type = GSS_NTLM_MECHANISM;
-
-    if (output_name_buffer) {
-	ntlm_name n = (ntlm_name)input_name;
-	char *str;
-	int len;
-	
-	output_name_buffer->length = 0;
-	output_name_buffer->value = NULL;
-
-	if (n == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_NAME;
-	}
-
-	len = asprintf(&str, "%s@%s", n->user, n->domain);
-	if (str == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	output_name_buffer->length = len;
-	output_name_buffer->value = str;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_status.c b/crypto/heimdal/lib/gssapi/ntlm/display_status.c
deleted file mode 100644
index 70be5eb..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/display_status.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1998 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: display_status.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_display_status
-           (OM_uint32		*minor_status,
-	    OM_uint32		 status_value,
-	    int			 status_type,
-	    const gss_OID	 mech_type,
-	    OM_uint32		*message_context,
-	    gss_buffer_t	 status_string)
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (status_string) {
-	status_string->length = 0;
-	status_string->value = NULL;
-    }
-    if (message_context)
-	*message_context = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c b/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c
deleted file mode 100644
index 2b2f7dd..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: duplicate_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (dest_name)
-	*dest_name = NULL;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_name.c b/crypto/heimdal/lib/gssapi/ntlm/export_name.c
deleted file mode 100644
index f0941b1..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/export_name.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: export_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (exported_name) {
-	exported_name->length = 0;
-	exported_name->value = NULL;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c
deleted file mode 100644
index 99a7be1..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: export_sec_context.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32
-_gss_ntlm_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (interprocess_token) {
-	interprocess_token->length = 0;
-	interprocess_token->value = NULL;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/external.c b/crypto/heimdal/lib/gssapi/ntlm/external.c
deleted file mode 100644
index 8f86032..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/external.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: external.c 19359 2006-12-15 20:01:48Z lha $");
-
-static gssapi_mech_interface_desc ntlm_mech = {
-    GMI_VERSION,
-    "ntlm",
-    {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") },
-    _gss_ntlm_acquire_cred,
-    _gss_ntlm_release_cred,
-    _gss_ntlm_init_sec_context,
-    _gss_ntlm_accept_sec_context,
-    _gss_ntlm_process_context_token,
-    _gss_ntlm_delete_sec_context,
-    _gss_ntlm_context_time,
-    _gss_ntlm_get_mic,
-    _gss_ntlm_verify_mic,
-    _gss_ntlm_wrap,
-    _gss_ntlm_unwrap,
-    _gss_ntlm_display_status,
-    NULL,
-    _gss_ntlm_compare_name,
-    _gss_ntlm_display_name,
-    _gss_ntlm_import_name,
-    _gss_ntlm_export_name,
-    _gss_ntlm_release_name,
-    _gss_ntlm_inquire_cred,
-    _gss_ntlm_inquire_context,
-    _gss_ntlm_wrap_size_limit,
-    _gss_ntlm_add_cred,
-    _gss_ntlm_inquire_cred_by_mech,
-    _gss_ntlm_export_sec_context,
-    _gss_ntlm_import_sec_context,
-    _gss_ntlm_inquire_names_for_mech,
-    _gss_ntlm_inquire_mechs_for_name,
-    _gss_ntlm_canonicalize_name,
-    _gss_ntlm_duplicate_name
-};
-
-gssapi_mech_interface
-__gss_ntlm_initialize(void)
-{
-	return &ntlm_mech;
-}
-
-static gss_OID_desc _gss_ntlm_mechanism_desc = 
-{10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
-
-gss_OID GSS_NTLM_MECHANISM = &_gss_ntlm_mechanism_desc;
diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_name.c b/crypto/heimdal/lib/gssapi/ntlm/import_name.c
deleted file mode 100644
index 91cba08..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/import_name.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: import_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    char *name, *p, *p2;
-    ntlm_name n;
-
-    *minor_status = 0;
-
-    if (output_name)
-	*output_name = GSS_C_NO_NAME;
-
-    if (!gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
-	return GSS_S_BAD_NAMETYPE;
-
-    name = malloc(input_name_buffer->length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, input_name_buffer->value, input_name_buffer->length);
-    name[input_name_buffer->length] = '\0';
-
-    /* find "domain" part of the name and uppercase it */
-    p = strchr(name, '@');
-    if (p == NULL)
-	return GSS_S_BAD_NAME;
-    p[0] = '\0';
-    p++;
-    p2 = strchr(p, '.');
-    if (p2 && p2[1] != '\0') {
-	p = p2 + 1;
-	p2 = strchr(p, '.');
-	if (p2)
-	    *p2 = '\0';
-    }
-    strupr(p);
-    
-    n = calloc(1, sizeof(*n));
-    if (name == NULL) {
-	free(name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    n->user = strdup(name);
-    n->domain = strdup(p);
-
-    free(name);
-
-    if (n->user == NULL || n->domain == NULL) {
-	free(n->user);
-	free(n->domain);
-	free(n);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *output_name = (gss_name_t)n;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c
deleted file mode 100644
index cde0a01..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: import_sec_context.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32
-_gss_ntlm_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (context_handle)
-	*context_handle = GSS_C_NO_CONTEXT;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c b/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c
deleted file mode 100644
index 6417163..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: indicate_mechs.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_indicate_mechs
-(OM_uint32 * minor_status,
- gss_OID_set * mech_set
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (mech_set)
-	*mech_set = GSS_C_NO_OID_SET;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c
deleted file mode 100644
index 140dbec..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c
+++ /dev/null
@@ -1,508 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: init_sec_context.c 22382 2007-12-30 12:13:17Z lha $");
-
-static int
-from_file(const char *fn, const char *target_domain, 
-	  char **username, struct ntlm_buf *key)
-{	  
-    char *str, buf[1024];
-    FILE *f;
-
-    f = fopen(fn, "r");
-    if (f == NULL)
-	return ENOENT;
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *d, *u, *p;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (buf[0] == '#')
-	    continue;
-	str = NULL;
-	d = strtok_r(buf, ":", &str);
-	if (d && strcasecmp(target_domain, d) != 0)
-	    continue;
-	u = strtok_r(NULL, ":", &str);
-	p = strtok_r(NULL, ":", &str);
-	if (u == NULL || p == NULL)
-	    continue;
-
-	*username = strdup(u);
-
-	heim_ntlm_nt_key(p, key);
-
-	memset(buf, 0, sizeof(buf));
-	fclose(f);
-	return 0;
-    }
-    memset(buf, 0, sizeof(buf));
-    fclose(f);
-    return ENOENT;
-}
-
-static int
-get_user_file(const ntlm_name target_name, 
-	      char **username, struct ntlm_buf *key)
-{
-    const char *fn;
-
-    if (issuid())
-	return ENOENT;
-
-    fn = getenv("NTLM_USER_FILE");
-    if (fn == NULL)
-	return ENOENT;
-    if (from_file(fn, target_name->domain, username, key) == 0)
-	return 0;
-
-    return ENOENT;
-}
-
-/*
- * Pick up the ntlm cred from the default krb5 credential cache.
- */
-
-static int
-get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
-{
-    krb5_principal client;
-    krb5_context context = NULL;
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-    krb5_creds mcreds, creds;
-
-    *username = NULL;
-    key->length = 0;
-    key->data = NULL;
-
-    memset(&creds, 0, sizeof(creds));
-    memset(&mcreds, 0, sizeof(mcreds));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	goto out;
-
-    ret = krb5_cc_get_principal(context, id, &client);
-    if (ret)
-	goto out;
-
-    ret = krb5_unparse_name_flags(context, client,
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  username);
-    if (ret)
-	goto out;
-
-    ret = krb5_make_principal(context, &mcreds.server,
-			      krb5_principal_get_realm(context, client),
-			      "@ntlm-key", name->domain, NULL);
-    krb5_free_principal(context, client);
-    if (ret)
-	goto out;
-
-    mcreds.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
-    ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_MATCH_KEYTYPE, 
-				&mcreds, &creds);
-    if (ret) {
-	char *s = krb5_get_error_message(context, ret);
-	krb5_free_error_string(context, s);
-	goto out;
-    }
-
-    key->data = malloc(creds.session.keyvalue.length);
-    if (key->data == NULL)
-	goto out;
-    key->length = creds.session.keyvalue.length;
-    memcpy(key->data, creds.session.keyvalue.data, key->length);
-
-    krb5_free_cred_contents(context, &creds);
-
-    return 0;
-
-out:
-    if (*username) {
-	free(*username);
-	*username = NULL;
-    }
-    krb5_free_cred_contents(context, &creds);
-    if (mcreds.server)
-	krb5_free_principal(context, mcreds.server);
-    if (id)
-	krb5_cc_close(context, id);
-    if (context)
-	krb5_free_context(context);
-
-    return ret;
-}
-
-int
-_gss_ntlm_get_user_cred(const ntlm_name target_name,
-			ntlm_cred *rcred)
-{
-    ntlm_cred cred;
-    int ret;
- 
-    cred = calloc(1, sizeof(*cred));
-    if (cred == NULL)
-	return ENOMEM;
-    
-    ret = get_user_file(target_name, &cred->username, &cred->key);
-    if (ret)
-	ret = get_user_ccache(target_name, &cred->username, &cred->key);
-    if (ret) {
-	free(cred);
-	return ret;
-    }
-    
-    cred->domain = strdup(target_name->domain);
-    *rcred = cred;
-
-    return ret;
-}
-
-static int
-_gss_copy_cred(ntlm_cred from, ntlm_cred *to)
-{
-    *to = calloc(1, sizeof(*to));
-    if (*to == NULL)
-	return ENOMEM;
-    (*to)->username = strdup(from->username);
-    if ((*to)->username == NULL) {
-	free(*to);
-	return ENOMEM;
-    }
-    (*to)->domain = strdup(from->domain);
-    if ((*to)->domain == NULL) {
-	free((*to)->username);
-	free(*to);
-	return ENOMEM;
-    }
-    (*to)->key.data = malloc(from->key.length);
-    if ((*to)->key.data == NULL) {
-	free((*to)->domain);
-	free((*to)->username);
-	free(*to);
-	return ENOMEM;
-    }
-    memcpy((*to)->key.data, from->key.data, from->key.length);
-    (*to)->key.length = from->key.length;
-
-    return 0;
-}
-
-OM_uint32
-_gss_ntlm_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-	   )
-{
-    ntlm_ctx ctx;
-    ntlm_name name = (ntlm_name)target_name;
-
-    *minor_status = 0;
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mech_type)
-	*actual_mech_type = GSS_C_NO_OID;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	struct ntlm_type1 type1;
-	struct ntlm_buf data;
-	uint32_t flags = 0;
-	int ret;
-	
-	ctx = calloc(1, sizeof(*ctx));
-	if (ctx == NULL) {
-	    *minor_status = EINVAL;
-	    return GSS_S_FAILURE;
-	}
-	*context_handle = (gss_ctx_id_t)ctx;
-
-	if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) {
-	    ntlm_cred cred = (ntlm_cred)initiator_cred_handle;
-	    ret = _gss_copy_cred(cred, &ctx->client);
-	} else
-	    ret = _gss_ntlm_get_user_cred(name, &ctx->client);
-
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	if (req_flags & GSS_C_CONF_FLAG)
-	    flags |= NTLM_NEG_SEAL;
-	if (req_flags & GSS_C_INTEG_FLAG)
-	    flags |= NTLM_NEG_SIGN;
-	else
-	    flags |= NTLM_NEG_ALWAYS_SIGN;
-
-	flags |= NTLM_NEG_UNICODE;
-	flags |= NTLM_NEG_NTLM;
-	flags |= NTLM_NEG_NTLM2_SESSION;
-	flags |= NTLM_NEG_KEYEX;
-
-	memset(&type1, 0, sizeof(type1));
-	
-	type1.flags = flags;
-	type1.domain = name->domain;
-	type1.hostname = NULL;
-	type1.os[0] = 0;
-	type1.os[1] = 0;
-	
-	ret = heim_ntlm_encode_type1(&type1, &data);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	
-	output_token->value = data.data;
-	output_token->length = data.length;
-	
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	krb5_error_code ret;
-	struct ntlm_type2 type2;
-	struct ntlm_type3 type3;
-	struct ntlm_buf data;
-
-	ctx = (ntlm_ctx)*context_handle;
-
-	data.data = input_token->value;
-	data.length = input_token->length;
-
-	ret = heim_ntlm_decode_type2(&data, &type2);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	ctx->flags = type2.flags;
-
-	/* XXX check that type2.targetinfo matches `target_name� */
-	/* XXX check verify targetinfo buffer */
-
-	memset(&type3, 0, sizeof(type3));
-
-	type3.username = ctx->client->username;
-	type3.flags = type2.flags;
-	type3.targetname = type2.targetname;
-	type3.ws = rk_UNCONST("workstation");
-
-	/*
-	 * NTLM Version 1 if no targetinfo buffer.
-	 */
-
-	if (1 || type2.targetinfo.length == 0) {
-	    struct ntlm_buf sessionkey;
-
-	    if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
-		unsigned char nonce[8];
-
-		if (RAND_bytes(nonce, sizeof(nonce)) != 1) {
-		    _gss_ntlm_delete_sec_context(minor_status, 
-						 context_handle, NULL);
-		    *minor_status = EINVAL;
-		    return GSS_S_FAILURE;
-		}
-
-		ret = heim_ntlm_calculate_ntlm2_sess(nonce,
-						     type2.challange,
-						     ctx->client->key.data,
-						     &type3.lm,
-						     &type3.ntlm);
-	    } else {
-		ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data, 
-						ctx->client->key.length,
-						type2.challange,
-						&type3.ntlm);
-
-	    }
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data, 
-					       ctx->client->key.length,
-					       &sessionkey,
-					       &type3.sessionkey);
-	    if (ret) {
-		if (type3.lm.data)
-		    free(type3.lm.data);
-		if (type3.ntlm.data)
-		    free(type3.ntlm.data);
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = krb5_data_copy(&ctx->sessionkey, 
-				 sessionkey.data, sessionkey.length);
-	    free(sessionkey.data);
-	    if (ret) {
-		if (type3.lm.data)
-		    free(type3.lm.data);
-		if (type3.ntlm.data)
-		    free(type3.ntlm.data);
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-	    ctx->status |= STATUS_SESSIONKEY; 
-
-	} else {
-	    struct ntlm_buf sessionkey;
-	    unsigned char ntlmv2[16];
-	    struct ntlm_targetinfo ti;
-
-	    /* verify infotarget */
-	    
-	    ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
-	    if(ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data,
-					    ctx->client->key.length,
-					    ctx->client->username,
-					    name->domain,
-					    type2.challange,
-					    &type2.targetinfo,
-					    ntlmv2,
-					    &type3.ntlm);
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
-					       &sessionkey,
-					       &type3.sessionkey);
-	    memset(ntlmv2, 0, sizeof(ntlmv2));
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-	    
-	    ctx->flags |= NTLM_NEG_NTLM2_SESSION;
-
-	    ret = krb5_data_copy(&ctx->sessionkey, 
-				 sessionkey.data, sessionkey.length);
-	    free(sessionkey.data);
-	}
-
-	if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
-	    ctx->status |= STATUS_SESSIONKEY; 
-	    _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	    _gss_ntlm_set_key(&ctx->u.v2.recv, 1, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	} else {
-	    ctx->status |= STATUS_SESSIONKEY; 
-	    RC4_set_key(&ctx->u.v1.crypto_recv.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	    RC4_set_key(&ctx->u.v1.crypto_send.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	}
-	
-
-
-	ret = heim_ntlm_encode_type3(&type3, &data);
-	free(type3.sessionkey.data);
-	if (type3.lm.data)
-	    free(type3.lm.data);
-	if (type3.ntlm.data)
-	    free(type3.ntlm.data);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	output_token->length = data.length;
-	output_token->value = data.data;
-
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_NTLM_MECHANISM;
-	if (ret_flags)
-	    *ret_flags = 0;
-	if (time_rec)
-	    *time_rec = GSS_C_INDEFINITE;
-
-	ctx->status |= STATUS_OPEN;
-
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c
deleted file mode 100644
index fe6b322..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_context.c 21079 2007-06-13 00:25:25Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    *minor_status = 0;
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (targ_name)
-	*targ_name = GSS_C_NO_NAME;
-    if (lifetime_rec)
-	*lifetime_rec = GSS_C_INDEFINITE;
-    if (mech_type)
-	*mech_type = GSS_NTLM_MECHANISM;
-    if (ctx_flags)
-	*ctx_flags = ctx->gssflags;
-    if (locally_initiated)
-	*locally_initiated = (ctx->status & STATUS_CLIENT) ? 1 : 0;
-    if (open_context)
-	*open_context = (ctx->status & STATUS_OPEN) ? 1 : 0;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c
deleted file mode 100644
index 1d49b50..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_cred.c 22148 2007-12-04 17:59:29Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    OM_uint32 ret, junk;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (name)
-	*name = GSS_C_NO_NAME;
-    if (lifetime)
-	*lifetime = GSS_C_INDEFINITE;
-    if (cred_usage)
-	*cred_usage = 0;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL)
-	return GSS_S_NO_CRED;
-
-    if (mechanisms) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret)
-	    goto out;
-	ret = gss_add_oid_set_member(minor_status,
-				     GSS_NTLM_MECHANISM,
-				     mechanisms);
-        if (ret)
-	    goto out;
-    }
-
-    return GSS_S_COMPLETE;
-out:
-    gss_release_oid_set(&junk, mechanisms);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
deleted file mode 100644
index 572c6fe..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_cred_by_mech.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (name)
-	*name = GSS_C_NO_NAME;
-    if (initiator_lifetime)
-	*initiator_lifetime = 0;
-    if (acceptor_lifetime)
-	*acceptor_lifetime = 0;
-    if (cred_usage)
-	*cred_usage = 0;
-    return GSS_S_UNAVAILABLE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
deleted file mode 100644
index 8bee483..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_mechs_for_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (mech_types)
-	*mech_types = GSS_C_NO_OID_SET;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
deleted file mode 100644
index ebf624d..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_names_for_mech.c 19334 2006-12-14 12:17:34Z lha $");
-
-
-OM_uint32 _gss_ntlm_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h
deleted file mode 100644
index cc6c400..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h
+++ /dev/null
@@ -1,264 +0,0 @@
-/* This is a generated file */
-#ifndef __ntlm_private_h__
-#define __ntlm_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_ntlm_initialize (void);
-
-OM_uint32
-_gss_ntlm_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t * delegated_cred_handle );
-
-OM_uint32
-_gss_ntlm_acquire_cred (
-	OM_uint32 * /*min_stat*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_add_cred (
-	 OM_uint32 */*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t */*output_cred_handle*/,
-	gss_OID_set */*actual_mechs*/,
-	OM_uint32 */*initiator_time_rec*/,
-	OM_uint32 */*acceptor_time_rec*/);
-
-OM_uint32
-_gss_ntlm_allocate_ctx (
-	OM_uint32 */*minor_status*/,
-	ntlm_ctx */*ctx*/);
-
-OM_uint32
-_gss_ntlm_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_ntlm_compare_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gss_ntlm_context_time (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_delete_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_ntlm_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gss_ntlm_display_status (
-	OM_uint32 */*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 */*message_context*/,
-	gss_buffer_t /*status_string*/);
-
-OM_uint32
-_gss_ntlm_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-OM_uint32
-_gss_ntlm_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gss_ntlm_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-OM_uint32
-_gss_ntlm_get_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-int
-_gss_ntlm_get_user_cred (
-	const ntlm_name /*target_name*/,
-	ntlm_cred */*rcred*/);
-
-OM_uint32
-_gss_ntlm_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*input_name_buffer*/,
-	const gss_OID /*input_name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_ntlm_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t * context_handle );
-
-OM_uint32
-_gss_ntlm_indicate_mechs (
-	OM_uint32 * /*minor_status*/,
-	gss_OID_set * mech_set );
-
-OM_uint32
-_gss_ntlm_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gss_ntlm_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gss_ntlm_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gss_ntlm_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gss_ntlm_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gss_ntlm_process_context_token (
-	 OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gss_ntlm_release_cred (
-	OM_uint32 * /*minor_status*/,
-	gss_cred_id_t * cred_handle );
-
-OM_uint32
-_gss_ntlm_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-void
-_gss_ntlm_set_key (
-	struct ntlmv2_key */*key*/,
-	int /*acceptor*/,
-	int /*sealsign*/,
-	unsigned char */*data*/,
-	size_t /*len*/);
-
-OM_uint32
-_gss_ntlm_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_ntlm_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_ntlm_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_ntlm_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-#endif /* __ntlm_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm.h
deleted file mode 100644
index 5713b72..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: ntlm.h 22373 2007-12-28 18:36:06Z lha $ */
-
-#ifndef NTLM_NTLM_H
-#define NTLM_NTLM_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <string.h>
-#include <errno.h>
-
-#include <gssapi.h>
-#include <gssapi_mech.h>
-
-#include <krb5.h>
-#include <roken.h>
-#include <heim_threads.h>
-
-#include <heimntlm.h>
-
-#include "crypto-headers.h"
-
-typedef OM_uint32
-(*ntlm_interface_init)(OM_uint32 *, void **);
-
-typedef OM_uint32
-(*ntlm_interface_destroy)(OM_uint32 *, void *);
-
-typedef int
-(*ntlm_interface_probe)(OM_uint32 *, void *, const char *);
-
-typedef OM_uint32
-(*ntlm_interface_type2)(OM_uint32 *, void *, uint32_t, const char *,
-			const char *, uint32_t *, struct ntlm_buf *);
-
-typedef OM_uint32
-(*ntlm_interface_type3)(OM_uint32 *, void *, const struct ntlm_type3 *,
-			struct ntlm_buf *);
-
-typedef void
-(*ntlm_interface_free_buffer)(struct ntlm_buf *);
-
-struct ntlm_server_interface {
-    ntlm_interface_init nsi_init;
-    ntlm_interface_destroy nsi_destroy;
-    ntlm_interface_probe nsi_probe;
-    ntlm_interface_type2 nsi_type2;
-    ntlm_interface_type3 nsi_type3;
-    ntlm_interface_free_buffer nsi_free_buffer;
-};
-
-
-struct ntlmv2_key {
-    uint32_t seq;
-    RC4_KEY sealkey;
-    RC4_KEY *signsealkey;
-    unsigned char signkey[16];
-};
-
-extern struct ntlm_server_interface ntlmsspi_kdc_digest;
-
-typedef struct ntlm_cred {
-    gss_cred_usage_t usage;
-    char *username;
-    char *domain;
-    struct ntlm_buf key;
-} *ntlm_cred;
-
-typedef struct {
-    struct ntlm_server_interface *server;
-    void *ictx;
-    ntlm_cred client;
-    OM_uint32 gssflags;
-    uint32_t flags;
-    uint32_t status;
-#define STATUS_OPEN 1
-#define STATUS_CLIENT 2
-#define STATUS_SESSIONKEY 4
-    krb5_data sessionkey;
-
-    union {
-	struct {
-	    struct {
-		uint32_t seq;
-		RC4_KEY key;
-	    } crypto_send, crypto_recv;
-	} v1;
-	struct {
-	    struct ntlmv2_key send, recv;
-	} v2;
-    } u;
-} *ntlm_ctx;
-
-typedef struct {
-    char *user;
-    char *domain;
-} *ntlm_name;
-
-#include <ntlm/ntlm-private.h>
-
-
-#endif /* NTLM_NTLM_H */
diff --git a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c b/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c
deleted file mode 100644
index 33c1072..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: process_context_token.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c b/crypto/heimdal/lib/gssapi/ntlm/release_cred.c
deleted file mode 100644
index a63e568..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: release_cred.c 22163 2007-12-04 21:25:06Z lha $");
-
-OM_uint32 _gss_ntlm_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    ntlm_cred cred;
-
-    if (minor_status)
-	*minor_status = 0;
-
-    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
-	return GSS_S_COMPLETE;
-
-    cred = (ntlm_cred)*cred_handle;
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (cred->username)
-	free(cred->username);
-    if (cred->domain)
-	free(cred->domain);
-    if (cred->key.data) {
-	memset(cred->key.data, 0, cred->key.length);
-	free(cred->key.data);
-    }
-
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_name.c b/crypto/heimdal/lib/gssapi/ntlm/release_name.c
deleted file mode 100644
index 687d9fd..0000000
--- a/crypto/heimdal/lib/gssapi/ntlm/release_name.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: release_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (input_name) {
-	ntlm_name n = (ntlm_name)*input_name;
-	*input_name = GSS_C_NO_NAME;
-	free(n->user);
-	free(n->domain);
-	free(n);
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c
deleted file mode 100644
index 0cec33c..0000000
--- a/crypto/heimdal/lib/gssapi/process_context_token.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
-
-OM_uint32 gss_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    gss_buffer_desc empty_buffer;
-    gss_qop_t qop_state;
-
-    empty_buffer.length = 0;
-    empty_buffer.value = NULL;
-
-    qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle,
-				  token_buffer, &empty_buffer,
-				  GSS_C_QOP_DEFAULT, "\x01\x02");
-
-    if (ret == GSS_S_COMPLETE)
-	ret = gss_delete_sec_context(minor_status,
-				     (gss_ctx_id_t *)&context_handle,
-				     GSS_C_NO_BUFFER);
-    if (ret == GSS_S_COMPLETE)
-	*minor_status = 0;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c
deleted file mode 100644
index 258b76f..0000000
--- a/crypto/heimdal/lib/gssapi/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * minor_status,
-            gss_buffer_t buffer
-           )
-{
-  *minor_status = 0;
-  free (buffer->value);
-  buffer->value  = NULL;
-  buffer->length = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c
deleted file mode 100644
index 01cbb6a..0000000
--- a/crypto/heimdal/lib/gssapi/release_cred.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $");
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_COMPLETE;
-    }
-
-    GSSAPI_KRB5_INIT ();
-
-    if ((*cred_handle)->principal != NULL)
-        krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
-    if ((*cred_handle)->keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
-    if ((*cred_handle)->ccache != NULL) {
-	const krb5_cc_ops *ops;
-	ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
-	if (ops == &krb5_mcc_ops)
-	    krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
-	else 
-	    krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
-    }
-    gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
-    free(*cred_handle);
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c
deleted file mode 100644
index 6894ffa..0000000
--- a/crypto/heimdal/lib/gssapi/release_name.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
-
-OM_uint32 gss_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-    if (minor_status)
-      *minor_status = 0;
-    krb5_free_principal(gssapi_krb5_context,
-			*input_name);
-    *input_name = GSS_C_NO_NAME;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c
deleted file mode 100644
index 04eb015..0000000
--- a/crypto/heimdal/lib/gssapi/release_oid_set.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * minor_status,
-            gss_OID_set * set
-           )
-{
-  if (minor_status)
-      *minor_status = 0;
-  free ((*set)->elements);
-  free (*set);
-  *set = GSS_C_NO_OID_SET;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
deleted file mode 100644
index 1afe26f..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ /dev/null
@@ -1,1024 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * Portions Copyright (c) 2004 PADL Software Pty Ltd.
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
-
-static OM_uint32
-send_reject (OM_uint32 *minor_status,
-	     gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    size_t size;
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    *(nt.u.negTokenResp.negResult)  = reject;
-    nt.u.negTokenResp.supportedMech = NULL;
-    nt.u.negTokenResp.responseToken = NULL;
-    nt.u.negTokenResp.mechListMIC   = NULL;
-    
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length, &nt,
-		       &size, *minor_status);
-    free_NegotiationToken(&nt);
-    if (*minor_status != 0)
-	return GSS_S_FAILURE;
-
-    return GSS_S_BAD_MECH;
-}
-
-static OM_uint32
-acceptor_approved(gss_name_t target_name, gss_OID mech)
-{
-    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
-    gss_OID_set oidset;
-    OM_uint32 junk, ret;
-
-    if (target_name == GSS_C_NO_NAME)
-	return GSS_S_COMPLETE;
-
-    gss_create_empty_oid_set(&junk, &oidset);
-    gss_add_oid_set_member(&junk, mech, &oidset);
-    
-    ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset,
-			   GSS_C_ACCEPT, &cred, NULL, NULL);
-    gss_release_oid_set(&junk, &oidset);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    gss_release_cred(&junk, &cred);
-    
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-send_supported_mechs (OM_uint32 *minor_status,
-		      gss_buffer_t output_token)
-{
-    NegotiationTokenWin nt;
-    char hostname[MAXHOSTNAMELEN + 1], *p;
-    gss_buffer_desc name_buf;
-    gss_OID name_type;
-    gss_name_t target_princ;
-    gss_name_t canon_princ;
-    OM_uint32 minor;
-    size_t buf_len;
-    gss_buffer_desc data;
-    OM_uint32 ret;
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationTokenWin_negTokenInit;
-    nt.u.negTokenInit.reqFlags = NULL;
-    nt.u.negTokenInit.mechToken = NULL;
-    nt.u.negTokenInit.negHints = NULL;
-
-    ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME,
-					    acceptor_approved, 1, NULL,
-					    &nt.u.negTokenInit.mechTypes, NULL);
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-
-    memset(&target_princ, 0, sizeof(target_princ));
-    if (gethostname(hostname, sizeof(hostname) - 2) != 0) {
-	*minor_status = errno;
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-    hostname[sizeof(hostname) - 1] = '\0';
-
-    /* Send the constructed SAM name for this host */
-    for (p = hostname; *p != '\0' && *p != '.'; p++) {
-	*p = toupper((unsigned char)*p);
-    }
-    *p++ = '$';
-    *p = '\0';
-
-    name_buf.length = strlen(hostname);
-    name_buf.value = hostname;
-
-    ret = gss_import_name(minor_status, &name_buf,
-			  GSS_C_NO_OID,
-			  &target_princ);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	return ret;
-    }
-
-    name_buf.length = 0;
-    name_buf.value = NULL;
-
-    /* Canonicalize the name using the preferred mechanism */
-    ret = gss_canonicalize_name(minor_status,
-				target_princ,
-				GSS_C_NO_OID,
-				&canon_princ);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	gss_release_name(&minor, &target_princ);
-	return ret;
-    }
-
-    ret = gss_display_name(minor_status, canon_princ,
-			   &name_buf, &name_type);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	gss_release_name(&minor, &canon_princ);
-	gss_release_name(&minor, &target_princ);
-	return ret;
-    }
-
-    gss_release_name(&minor, &canon_princ);
-    gss_release_name(&minor, &target_princ);
-
-    ALLOC(nt.u.negTokenInit.negHints, 1);
-    if (nt.u.negTokenInit.negHints == NULL) {
-	*minor_status = ENOMEM;
-	gss_release_buffer(&minor, &name_buf);
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-
-    ALLOC(nt.u.negTokenInit.negHints->hintName, 1);
-    if (nt.u.negTokenInit.negHints->hintName == NULL) {
-	*minor_status = ENOMEM;
-	gss_release_buffer(&minor, &name_buf);
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-
-    *(nt.u.negTokenInit.negHints->hintName) = name_buf.value;
-    name_buf.value = NULL;
-    nt.u.negTokenInit.negHints->hintAddress = NULL;
-
-    ASN1_MALLOC_ENCODE(NegotiationTokenWin, 
-		       data.value, data.length, &nt, &buf_len, ret);
-    free_NegotiationTokenWin(&nt);
-    if (ret) {
-	return ret;
-    }
-    if (data.length != buf_len)
-	abort();
-
-    ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
-
-    free (data.value);
-
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    *minor_status = 0;
-
-    return GSS_S_CONTINUE_NEEDED;
-}
-
-static OM_uint32
-send_accept (OM_uint32 *minor_status,
-	     gssspnego_ctx context_handle,
-	     gss_buffer_t mech_token,
-	     int initial_response,
-	     gss_buffer_t mech_buf,
-	     gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    OM_uint32 ret;
-    gss_buffer_desc mech_mic_buf;
-    size_t size;
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (context_handle->open) {
-	if (mech_token != GSS_C_NO_BUFFER
-	    && mech_token->length != 0
-	    && mech_buf != GSS_C_NO_BUFFER)
-	    *(nt.u.negTokenResp.negResult)  = accept_incomplete;
-	else
-	    *(nt.u.negTokenResp.negResult)  = accept_completed;
-    } else {
-	if (initial_response && context_handle->require_mic)
-	    *(nt.u.negTokenResp.negResult)  = request_mic;
-	else
-	    *(nt.u.negTokenResp.negResult)  = accept_incomplete;
-    }
-
-    if (initial_response) {
-	ALLOC(nt.u.negTokenResp.supportedMech, 1);
-	if (nt.u.negTokenResp.supportedMech == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-
-	ret = der_get_oid(context_handle->preferred_mech_type->elements,
-			  context_handle->preferred_mech_type->length,
-			  nt.u.negTokenResp.supportedMech,
-			  NULL);
-	if (ret) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    } else {
-	nt.u.negTokenResp.supportedMech = NULL;
-    }
-
-    if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) {
-	ALLOC(nt.u.negTokenResp.responseToken, 1);
-	if (nt.u.negTokenResp.responseToken == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	nt.u.negTokenResp.responseToken->length = mech_token->length;
-	nt.u.negTokenResp.responseToken->data   = mech_token->value;
-	mech_token->length = 0;
-	mech_token->value  = NULL;
-    } else {
-	nt.u.negTokenResp.responseToken = NULL;
-    }
-
-    if (mech_buf != GSS_C_NO_BUFFER) {
-	ret = gss_get_mic(minor_status,
-			  context_handle->negotiated_ctx_id,
-			  0,
-			  mech_buf,
-			  &mech_mic_buf);
-	if (ret == GSS_S_COMPLETE) {
-	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
-	    if (nt.u.negTokenResp.mechListMIC == NULL) {
-		gss_release_buffer(minor_status, &mech_mic_buf);
-		free_NegotiationToken(&nt);
-		*minor_status = ENOMEM;
-		return GSS_S_FAILURE;
-	    }
-	    nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length;
-	    nt.u.negTokenResp.mechListMIC->data   = mech_mic_buf.value;
-	} else if (ret == GSS_S_UNAVAILABLE) {
-	    nt.u.negTokenResp.mechListMIC = NULL;
-	} else {
-	    free_NegotiationToken(&nt);
-	    return ret;
-	}
-
-    } else
-	nt.u.negTokenResp.mechListMIC = NULL;
- 
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length,
-		       &nt, &size, ret);
-    if (ret) {
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     * The response should not be encapsulated, because
-     * it is a SubsequentContextToken (note though RFC 1964
-     * specifies encapsulation for all _Kerberos_ tokens).
-     */
-
-    if (*(nt.u.negTokenResp.negResult) == accept_completed)
-	ret = GSS_S_COMPLETE;
-    else
-	ret = GSS_S_CONTINUE_NEEDED;
-    free_NegotiationToken(&nt);
-    return ret;
-}
-
-
-static OM_uint32
-verify_mechlist_mic
-	   (OM_uint32 *minor_status,
-	    gssspnego_ctx context_handle,
-	    gss_buffer_t mech_buf,
-	    heim_octet_string *mechListMIC
-	   )
-{
-    OM_uint32 ret;
-    gss_buffer_desc mic_buf;
-
-    if (context_handle->verified_mic) {
-	/* This doesn't make sense, we've already verified it? */
-	*minor_status = 0;
-	return GSS_S_DUPLICATE_TOKEN;
-    }
-
-    if (mechListMIC == NULL) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    mic_buf.length = mechListMIC->length;
-    mic_buf.value  = mechListMIC->data;
-
-    ret = gss_verify_mic(minor_status,
-			 context_handle->negotiated_ctx_id,
-			 mech_buf,
-			 &mic_buf,
-			 NULL);
-
-    if (ret != GSS_S_COMPLETE)
-	ret = GSS_S_DEFECTIVE_TOKEN;
-
-    return ret;
-}
-
-static OM_uint32
-select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
-	    gss_OID *mech_p)
-{
-    char mechbuf[64];
-    size_t mech_len;
-    gss_OID_desc oid;
-    OM_uint32 ret, junk;
-
-    ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
-		       sizeof(mechbuf),
-		       mechType,
-		       &mech_len);
-    if (ret) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    oid.length   = mech_len;
-    oid.elements = mechbuf + sizeof(mechbuf) - mech_len;
-
-    if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) {
-	return GSS_S_BAD_MECH;
-    }
-
-    *minor_status = 0;
-
-    /* Translate broken MS Kebreros OID */
-    if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
-	gssapi_mech_interface mech;
-
-	mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
-	if (mech == NULL)
-	    return GSS_S_BAD_MECH;
-
-	ret = gss_duplicate_oid(minor_status,
-				&_gss_spnego_mskrb_mechanism_oid_desc,
-				mech_p);
-    } else {
-	gssapi_mech_interface mech;
-
-	mech = __gss_get_mechanism(&oid);
-	if (mech == NULL)
-	    return GSS_S_BAD_MECH;
-
-	ret = gss_duplicate_oid(minor_status,
-				&mech->gm_mech_oid,
-				mech_p);
-    }
-
-    if (verify_p) {
-	gss_name_t name = GSS_C_NO_NAME;
-	gss_buffer_desc namebuf;
-	char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
-
-	host = getenv("GSSAPI_SPNEGO_NAME");
-	if (host == NULL || issuid()) {
-	    if (gethostname(hostname, sizeof(hostname)) != 0) {
-		*minor_status = errno;
-		return GSS_S_FAILURE;
-	    }
-	    asprintf(&str, "host@%s", hostname);
-	    host = str;
-	}
-
-	namebuf.length = strlen(host);
-	namebuf.value = host;
-
-	ret = gss_import_name(minor_status, &namebuf,
-			      GSS_C_NT_HOSTBASED_SERVICE, &name);
-	if (str)
-	    free(str);
-	if (ret != GSS_S_COMPLETE)
-	    return ret;
-
-	ret = acceptor_approved(name, *mech_p);
-	gss_release_name(&junk, &name);
-    }
-
-    return ret;
-}
-
-
-static OM_uint32
-acceptor_complete(OM_uint32 * minor_status,
-		  gssspnego_ctx ctx,
-		  int *get_mic,
-		  gss_buffer_t mech_buf,
-		  gss_buffer_t mech_input_token,
-		  gss_buffer_t mech_output_token,
-		  heim_octet_string *mic,
-		  gss_buffer_t output_token)
-{
-    OM_uint32 ret;
-    int require_mic, verify_mic;
-    gss_buffer_desc buf;
-
-    buf.length = 0;
-    buf.value = NULL;
-
-    ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
-    if (ret)
-	return ret;
-    
-    ctx->require_mic = require_mic;
-
-    if (mic != NULL)
-	require_mic = 1;
-    
-    if (ctx->open && require_mic) {
-	if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */
-	    verify_mic = 1;
-	    *get_mic = 0;
-	} else if (mech_output_token != GSS_C_NO_BUFFER &&
-		   mech_output_token->length == 0) { /* Odd */
-	    *get_mic = verify_mic = 1;
-	} else { /* Even/One */
-	    verify_mic = 0;
-	    *get_mic = 1;
-	}
-	
-	if (verify_mic || get_mic) {
-	    int eret;
-	    size_t buf_len;
-	    
-	    ASN1_MALLOC_ENCODE(MechTypeList, 
-			       mech_buf->value, mech_buf->length,
-			       &ctx->initiator_mech_types, &buf_len, eret);
-	    if (eret) {
-		*minor_status = eret;
-		return GSS_S_FAILURE;
-	    }
-	    if (buf.length != buf_len)
-		abort();
-	}
-	
-	if (verify_mic) {
-	    ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
-	    if (ret) {
-		if (get_mic)
-		    send_reject (minor_status, output_token);
-		if (buf.value)
-		    free(buf.value);
-		return ret;
-	    }
-	    ctx->verified_mic = 1;
-	}
-	if (buf.value)
-	    free(buf.value);
-
-    } else
-	*get_mic = verify_mic = 0;
-    
-    return GSS_S_COMPLETE;
-}
-
-
-static OM_uint32
-acceptor_start
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    OM_uint32 ret, junk, minor;
-    NegotiationToken nt;
-    size_t nt_len;
-    NegTokenInit *ni;
-    int i;
-    gss_buffer_desc data;
-    gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
-    gss_buffer_desc mech_output_token;
-    gss_buffer_desc mech_buf;
-    gss_OID preferred_mech_type = GSS_C_NO_OID;
-    gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
-    int get_mic = 0;
-    int first_ok = 0;
-
-    mech_output_token.value = NULL;
-    mech_output_token.length = 0;
-    mech_buf.value = NULL;
-
-    if (input_token_buffer->length == 0)
-	return send_supported_mechs (minor_status, output_token);
-	
-    ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    /*
-     * The GSS-API encapsulation is only present on the initial
-     * context token (negTokenInit).
-     */
-    ret = gss_decapsulate_token (input_token_buffer,
-				 GSS_SPNEGO_MECHANISM,
-				 &data);
-    if (ret)
-	return ret;
-
-    ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
-    gss_release_buffer(minor_status, &data);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (nt.element != choice_NegotiationToken_negTokenInit) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    ni = &nt.u.negTokenInit;
-
-    if (ni->mechTypes.len < 1) {
-	free_NegotiationToken(&nt);
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
-    if (ret) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     * First we try the opportunistic token if we have support for it,
-     * don't try to verify we have credential for the token,
-     * gss_accept_sec_context will (hopefully) tell us that.
-     * If that failes, 
-     */
-
-    ret = select_mech(minor_status,
-		      &ni->mechTypes.val[0], 
-		      0,
-		      &preferred_mech_type);
-
-    if (ret == 0 && ni->mechToken != NULL) {
-	gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-	gss_cred_id_t mech_cred;
-	gss_buffer_desc ibuf;
-
-	ibuf.length = ni->mechToken->length;
-	ibuf.value = ni->mechToken->data;
-	mech_input_token = &ibuf;
-
-	if (acceptor_cred != NULL)
-	    mech_cred = acceptor_cred->negotiated_cred_id;
-	else
-	    mech_cred = GSS_C_NO_CREDENTIAL;
-	
-	if (ctx->mech_src_name != GSS_C_NO_NAME)
-	    gss_release_name(&minor, &ctx->mech_src_name);
-	
-	if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
-	    _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-	
-	ret = gss_accept_sec_context(&minor,
-				     &ctx->negotiated_ctx_id,
-				     mech_cred,
-				     mech_input_token,
-				     input_chan_bindings,
-				     &ctx->mech_src_name,
-				     &ctx->negotiated_mech_type,
-				     &mech_output_token,
-				     &ctx->mech_flags,
-				     &ctx->mech_time_rec,
-				     &mech_delegated_cred);
-	if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	    ctx->preferred_mech_type = preferred_mech_type;
-	    ctx->negotiated_mech_type = preferred_mech_type;
-	    if (ret == GSS_S_COMPLETE)
-		ctx->open = 1;
-
-	    if (mech_delegated_cred && delegated_cred_handle)
-		ret = _gss_spnego_alloc_cred(minor_status,
-					     mech_delegated_cred,
-					     delegated_cred_handle);
-	    else
-		gss_release_cred(&junk, &mech_delegated_cred);
-
-	    ret = acceptor_complete(minor_status,
-				    ctx,
-				    &get_mic,
-				    &mech_buf,
-				    mech_input_token,
-				    &mech_output_token,
-				    ni->mechListMIC,
-				    output_token);
-	    if (ret != GSS_S_COMPLETE)
-		goto out;
-
-	    first_ok = 1;
-	}
-    }
-
-    /*
-     * If opportunistic token failed, lets try the other mechs.
-     */
-
-    if (!first_ok) {
-
-	/* Call glue layer to find first mech we support */
-	for (i = 1; i < ni->mechTypes.len; ++i) {
-	    ret = select_mech(minor_status,
-			      &ni->mechTypes.val[i],
-			      1,
-			      &preferred_mech_type);
-	    if (ret == 0)
-		break;
-	}
-	if (preferred_mech_type == GSS_C_NO_OID) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegotiationToken(&nt);
-	    return GSS_S_BAD_MECH;
-	}
-
-	ctx->preferred_mech_type = preferred_mech_type;
-	ctx->negotiated_mech_type = preferred_mech_type;
-    }
-
-    /*
-     * The initial token always have a response
-     */
-
-    ret = send_accept (minor_status,
-		       ctx,
-		       &mech_output_token,
-		       1,
-		       get_mic ? &mech_buf : NULL,
-		       output_token);
-    if (ret)
-	goto out;
-    
-out:
-    if (mech_output_token.value != NULL)
-	gss_release_buffer(&minor, &mech_output_token);
-    if (mech_buf.value != NULL) {
-	free(mech_buf.value);
-	mech_buf.value = NULL;
-    }
-    free_NegotiationToken(&nt);
-
-
-    if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
-	    spnego_name name;
-
-	    name = calloc(1, sizeof(*name));
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
-        if (delegated_cred_handle != NULL) {
-	    *delegated_cred_handle = ctx->delegated_cred_id;
-	    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-	}
-    }
-    
-    if (mech_type != NULL)
-	*mech_type = ctx->negotiated_mech_type;
-    if (ret_flags != NULL)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec != NULL)
-	*time_rec = ctx->mech_time_rec;
-
-    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- 	return ret;
-    }
-
-    _gss_spnego_internal_delete_sec_context(&minor, context_handle,
-					    GSS_C_NO_BUFFER);
-    
-    return ret;
-}
-
-
-static OM_uint32
-acceptor_continue
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    OM_uint32 ret, ret2, minor;
-    NegotiationToken nt;
-    size_t nt_len;
-    NegTokenResp *na;
-    unsigned int negResult = accept_incomplete;
-    gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
-    gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
-    gss_buffer_desc mech_buf;
-    gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
-
-    mech_buf.value = NULL;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    /*
-     * The GSS-API encapsulation is only present on the initial
-     * context token (negTokenInit).
-     */
-
-    ret = decode_NegotiationToken(input_token_buffer->value, 
-				  input_token_buffer->length,
-				  &nt, &nt_len);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (nt.element != choice_NegotiationToken_negTokenResp) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    na = &nt.u.negTokenResp;
-
-    if (na->negResult != NULL) {
-	negResult = *(na->negResult);
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    {
-	gss_buffer_desc ibuf, obuf;
-	int require_mic, get_mic = 0;
-	int require_response;
-	heim_octet_string *mic;
-
-	if (na->responseToken != NULL) {
-	    ibuf.length = na->responseToken->length;
-	    ibuf.value = na->responseToken->data;
-	    mech_input_token = &ibuf;
-	} else {
-	    ibuf.value = NULL;
-	    ibuf.length = 0;
-	}
-
-	if (mech_input_token != GSS_C_NO_BUFFER) {
-	    gss_cred_id_t mech_cred;
-	    gss_cred_id_t mech_delegated_cred;
-	    gss_cred_id_t *mech_delegated_cred_p;
-
-	    if (acceptor_cred != NULL)
-		mech_cred = acceptor_cred->negotiated_cred_id;
-	    else
-		mech_cred = GSS_C_NO_CREDENTIAL;
-
-	    if (delegated_cred_handle != NULL) {
-		mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-		mech_delegated_cred_p = &mech_delegated_cred;
-	    } else {
-		mech_delegated_cred_p = NULL;
-	    }
-
-	    if (ctx->mech_src_name != GSS_C_NO_NAME)
-		gss_release_name(&minor, &ctx->mech_src_name);
-
-	    if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
-		_gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
-	    ret = gss_accept_sec_context(&minor,
-					 &ctx->negotiated_ctx_id,
-					 mech_cred,
-					 mech_input_token,
-					 input_chan_bindings,
-					 &ctx->mech_src_name,
-					 &ctx->negotiated_mech_type,
-					 &obuf,
-					 &ctx->mech_flags,
-					 &ctx->mech_time_rec,
-					 mech_delegated_cred_p);
-	    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-		if (mech_delegated_cred_p != NULL &&
-		    mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
-		    ret2 = _gss_spnego_alloc_cred(minor_status,
-						  mech_delegated_cred,
-						  &ctx->delegated_cred_id);
-		    if (ret2 != GSS_S_COMPLETE)
-			ret = ret2;
-		}
-		mech_output_token = &obuf;
-	    }
-	    if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
-		free_NegotiationToken(&nt);
-		send_reject (minor_status, output_token);
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		return ret;
-	    }
-	    if (ret == GSS_S_COMPLETE)
-		ctx->open = 1;
-	} else
-	    ret = GSS_S_COMPLETE;
-
-	ret2 = _gss_spnego_require_mechlist_mic(minor_status, 
-						ctx,
-						&require_mic);
-	if (ret2)
-	    goto out;
-
-	ctx->require_mic = require_mic;
-
-	mic = na->mechListMIC;
-	if (mic != NULL)
-	    require_mic = 1;
-
-	if (ret == GSS_S_COMPLETE)
-	    ret = acceptor_complete(minor_status,
-				    ctx,
-				    &get_mic,
-				    &mech_buf,
-				    mech_input_token,
-				    mech_output_token,
-				    na->mechListMIC,
-				    output_token);
-
-	if (ctx->mech_flags & GSS_C_DCE_STYLE)
-	    require_response = (negResult != accept_completed);
-	else
-	    require_response = 0;
-
-	/*
-	 * Check whether we need to send a result: there should be only
-	 * one accept_completed response sent in the entire negotiation
-	 */
-	if ((mech_output_token != GSS_C_NO_BUFFER &&
-	     mech_output_token->length != 0)
-	    || (ctx->open && negResult == accept_incomplete)
-	    || require_response
-	    || get_mic) {
-	    ret2 = send_accept (minor_status,
-				ctx,
-				mech_output_token,
-				0,
-				get_mic ? &mech_buf : NULL,
-				output_token);
-	    if (ret2)
-		goto out;
-	}
-
-     out:
-	if (ret2 != GSS_S_COMPLETE)
-	    ret = ret2;
-	if (mech_output_token != NULL)
-	    gss_release_buffer(&minor, mech_output_token);
-	if (mech_buf.value != NULL)
-	    free(mech_buf.value);
-	free_NegotiationToken(&nt);
-    }
-
-    if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
-	    spnego_name name;
-
-	    name = calloc(1, sizeof(*name));
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
-        if (delegated_cred_handle != NULL) {
-	    *delegated_cred_handle = ctx->delegated_cred_id;
-	    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-	}
-    }
-
-    if (mech_type != NULL)
-	*mech_type = ctx->negotiated_mech_type;
-    if (ret_flags != NULL)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec != NULL)
-	*time_rec = ctx->mech_time_rec;
-
-    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- 	return ret;
-    }
-
-    _gss_spnego_internal_delete_sec_context(&minor, context_handle,
-				   GSS_C_NO_BUFFER);
-
-    return ret;
-}
-
-OM_uint32
-_gss_spnego_accept_sec_context
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    _gss_accept_sec_context_t *func;
-
-    *minor_status = 0;
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (src_name != NULL)
-	*src_name = GSS_C_NO_NAME;
-    if (mech_type != NULL)
-	*mech_type = GSS_C_NO_OID;
-    if (ret_flags != NULL)
-	*ret_flags = 0;
-    if (time_rec != NULL)
-	*time_rec = 0;
-    if (delegated_cred_handle != NULL)
-	*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-
-    if (*context_handle == GSS_C_NO_CONTEXT) 
-	func = acceptor_start;
-    else
-	func = acceptor_continue;
-    
-
-    return (*func)(minor_status, context_handle, acceptor_cred_handle,
-		   input_token_buffer, input_chan_bindings,
-		   src_name, mech_type, output_token, ret_flags,
-		   time_rec, delegated_cred_handle);
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/compat.c b/crypto/heimdal/lib/gssapi/spnego/compat.c
deleted file mode 100644
index 287f4f7..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/compat.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $");
-
-/*
- * Apparently Microsoft got the OID wrong, and used
- * 1.2.840.48018.1.2.2 instead. We need both this and
- * the correct Kerberos OID here in order to deal with
- * this. Because this is manifest in SPNEGO only I'd
- * prefer to deal with this here rather than inside the
- * Kerberos mechanism.
- */
-gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
-	{9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
-
-gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
-	{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-/*
- * Allocate a SPNEGO context handle
- */
-OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
-					 gss_ctx_id_t *context_handle)
-{
-    gssspnego_ctx ctx;
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ctx->initiator_mech_types.len = 0;
-    ctx->initiator_mech_types.val = NULL;
-    ctx->preferred_mech_type = GSS_C_NO_OID;
-    ctx->negotiated_mech_type = GSS_C_NO_OID;
-    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-
-    /*
-     * Cache these so we can return them before returning
-     * GSS_S_COMPLETE, even if the mechanism has itself
-     * completed earlier
-     */
-    ctx->mech_flags = 0;
-    ctx->mech_time_rec = 0;
-    ctx->mech_src_name = GSS_C_NO_NAME;
-    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-
-    ctx->open = 0;
-    ctx->local = 0;
-    ctx->require_mic = 0;
-    ctx->verified_mic = 0;
-
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Free a SPNEGO context handle. The caller must have acquired
- * the lock before this is called.
- */
-OM_uint32 _gss_spnego_internal_delete_sec_context
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            gss_buffer_t output_token
-           )
-{
-    gssspnego_ctx ctx;
-    OM_uint32 ret, minor;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (output_token != GSS_C_NO_BUFFER) {
-	output_token->length = 0;
-	output_token->value = NULL;
-    }
-
-    ctx = (gssspnego_ctx)*context_handle;
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    if (ctx == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (ctx->initiator_mech_types.val != NULL)
-	free_MechTypeList(&ctx->initiator_mech_types);
-
-    _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
-    gss_release_oid(&minor, &ctx->preferred_mech_type);
-    ctx->negotiated_mech_type = GSS_C_NO_OID;
-
-    gss_release_name(&minor, &ctx->target_name);
-    gss_release_name(&minor, &ctx->mech_src_name);
-
-    if (ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT) {
-	ret = gss_delete_sec_context(minor_status,
-				     &ctx->negotiated_ctx_id,
-				     output_token);
-	ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
-    free(ctx);
-    *context_handle = NULL;
-
-    return ret;
-}
-
-/*
- * For compatability with the Windows SPNEGO implementation, the
- * default is to ignore the mechListMIC unless CFX is used and
- * a non-preferred mechanism was negotiated
- */
-
-OM_uint32
-_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
-				 gssspnego_ctx ctx,
-				 int *require_mic)
-{
-    gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
-    OM_uint32 minor;
-
-    *minor_status = 0;
-    *require_mic = 0;
-
-    if (ctx == NULL) {
-	return GSS_S_COMPLETE;
-    }
-
-    if (ctx->require_mic) {
-	/* Acceptor requested it: mandatory to honour */
-	*require_mic = 1;
-	return GSS_S_COMPLETE;
-    }
-
-    /*
-     * Check whether peer indicated implicit support for updated SPNEGO
-     * (eg. in the Kerberos case by using CFX)
-     */
-    if (gss_inquire_sec_context_by_oid(&minor, ctx->negotiated_ctx_id,
-				       GSS_C_PEER_HAS_UPDATED_SPNEGO,
-				       &buffer_set) == GSS_S_COMPLETE) {
-	*require_mic = 1;
-	gss_release_buffer_set(&minor, &buffer_set);
-    }
-
-    /* Safe-to-omit MIC rules follow */
-    if (*require_mic) {
-	if (gss_oid_equal(ctx->negotiated_mech_type, ctx->preferred_mech_type)) {
-	    *require_mic = 0;
-	} else if (gss_oid_equal(ctx->negotiated_mech_type, &_gss_spnego_krb5_mechanism_oid_desc) &&
-		   gss_oid_equal(ctx->preferred_mech_type, &_gss_spnego_mskrb_mechanism_oid_desc)) {
-	    *require_mic = 0;
-	}
-    }
-
-    return GSS_S_COMPLETE;
-}
-
-static int
-add_mech_type(gss_OID mech_type,
-	      int includeMSCompatOID,
-	      MechTypeList *mechtypelist)
-{
-    MechType mech;
-    int ret;
-
-    if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM))
-	return 0;
-
-    if (includeMSCompatOID &&
-	gss_oid_equal(mech_type, &_gss_spnego_krb5_mechanism_oid_desc)) {
-	ret = der_get_oid(_gss_spnego_mskrb_mechanism_oid_desc.elements,
-			  _gss_spnego_mskrb_mechanism_oid_desc.length,
-			  &mech,
-			  NULL);
-	if (ret)
-	    return ret;
-	ret = add_MechTypeList(mechtypelist, &mech);
-	free_MechType(&mech);
-	if (ret)
-	    return ret;
-    }
-    ret = der_get_oid(mech_type->elements, mech_type->length, &mech, NULL);
-    if (ret)
-	return ret;
-    ret = add_MechTypeList(mechtypelist, &mech);
-    free_MechType(&mech);
-    return ret;
-}
-
-
-OM_uint32
-_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
-				   gss_name_t target_name,
-				   OM_uint32 (*func)(gss_name_t, gss_OID),
-				   int includeMSCompatOID,
-				   const gssspnego_cred cred_handle,
-				   MechTypeList *mechtypelist,
-				   gss_OID *preferred_mech)
-{
-    gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
-    gss_OID first_mech = GSS_C_NO_OID;
-    OM_uint32 ret;
-    int i;
-
-    mechtypelist->len = 0;
-    mechtypelist->val = NULL;
-
-    if (cred_handle != NULL) {
-	ret = gss_inquire_cred(minor_status,
-			       cred_handle->negotiated_cred_id,
-			       NULL,
-			       NULL,
-			       NULL,
-			       &supported_mechs);
-    } else {
-	ret = gss_indicate_mechs(minor_status, &supported_mechs);
-    }
-
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-
-    if (supported_mechs->count == 0) {
-	*minor_status = ENOENT;
-	gss_release_oid_set(minor_status, &supported_mechs);
-	return GSS_S_FAILURE;
-    }
-
-    ret = (*func)(target_name, GSS_KRB5_MECHANISM);
-    if (ret == GSS_S_COMPLETE) {
-	ret = add_mech_type(GSS_KRB5_MECHANISM,
-			    includeMSCompatOID,
-			    mechtypelist);
-	if (!GSS_ERROR(ret))
-	    first_mech = GSS_KRB5_MECHANISM;
-    }
-    ret = GSS_S_COMPLETE;
-
-    for (i = 0; i < supported_mechs->count; i++) {
-	OM_uint32 subret;
-	if (gss_oid_equal(&supported_mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-	if (gss_oid_equal(&supported_mechs->elements[i], GSS_KRB5_MECHANISM))
-	    continue;
-
-	subret = (*func)(target_name, &supported_mechs->elements[i]);
-	if (subret != GSS_S_COMPLETE)
-	    continue;
-
-	ret = add_mech_type(&supported_mechs->elements[i],
-			    includeMSCompatOID,
-			    mechtypelist);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    ret = GSS_S_FAILURE;
-	    break;
-	}
-	if (first_mech == GSS_C_NO_OID)
-	    first_mech = &supported_mechs->elements[i];
-    }
-
-    if (mechtypelist->len == 0) {
-	gss_release_oid_set(minor_status, &supported_mechs);
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (preferred_mech != NULL) {
-	ret = gss_duplicate_oid(minor_status, first_mech, preferred_mech);
-	if (ret != GSS_S_COMPLETE)
-	    free_MechTypeList(mechtypelist);
-    }
-    gss_release_oid_set(minor_status, &supported_mechs);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c b/crypto/heimdal/lib/gssapi/spnego/context_stubs.c
deleted file mode 100644
index 3535c7b..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c
+++ /dev/null
@@ -1,903 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: context_stubs.c 21035 2007-06-09 15:32:47Z lha $");
-
-static OM_uint32
-spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
-{
-    OM_uint32 ret, junk;
-    gss_OID_set m;
-    int i;
-
-    ret = gss_indicate_mechs(minor_status, &m);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mechs);
-    if (ret != GSS_S_COMPLETE) {
-	gss_release_oid_set(&junk, &m);
-	return ret;
-    }
-
-    for (i = 0; i < m->count; i++) {
-	if (gss_oid_equal(&m->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-
-	ret = gss_add_oid_set_member(minor_status, &m->elements[i], mechs);
-	if (ret) {
-	    gss_release_oid_set(&junk, &m);
-	    gss_release_oid_set(&junk, mechs);
-	    return ret;
-	}
-    }
-    return ret;
-}
-
-
-
-OM_uint32 _gss_spnego_process_context_token
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t token_buffer
-           )
-{
-    gss_ctx_id_t context ;
-    gssspnego_ctx ctx;
-    OM_uint32 ret;
-
-    if (context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_NO_CONTEXT;
-
-    context = context_handle;
-    ctx = (gssspnego_ctx)context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = gss_process_context_token(minor_status,
-				    ctx->negotiated_ctx_id,
-				    token_buffer);
-    if (ret != GSS_S_COMPLETE) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return ret;
-    }
-
-    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-
-    return _gss_spnego_internal_delete_sec_context(minor_status,
-					   &context,
-					   GSS_C_NO_BUFFER);
-}
-
-OM_uint32 _gss_spnego_delete_sec_context
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            gss_buffer_t output_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_NO_CONTEXT;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    return _gss_spnego_internal_delete_sec_context(minor_status,
-						   context_handle,
-						   output_token);
-}
-
-OM_uint32 _gss_spnego_context_time
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 *time_rec
-           )
-{
-    gssspnego_ctx ctx;
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_context_time(minor_status,
-			    ctx->negotiated_ctx_id,
-			    time_rec);
-}
-
-OM_uint32 _gss_spnego_get_mic
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
-		       qop_req, message_buffer, message_token);
-}
-
-OM_uint32 _gss_spnego_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_verify_mic(minor_status,
-			  ctx->negotiated_ctx_id,
-			  message_buffer,
-			  token_buffer,
-			  qop_state);
-}
-
-OM_uint32 _gss_spnego_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_wrap(minor_status,
-		    ctx->negotiated_ctx_id,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unwrap(minor_status,
-		      ctx->negotiated_ctx_id,
-		      input_message_buffer,
-		      output_message_buffer,
-		      conf_state,
-		      qop_state);
-}
-
-OM_uint32 _gss_spnego_display_status
-           (OM_uint32 * minor_status,
-            OM_uint32 status_value,
-            int status_type,
-            const gss_OID mech_type,
-            OM_uint32 * message_context,
-            gss_buffer_t status_string
-           )
-{
-    return GSS_S_FAILURE;
-}
-
-OM_uint32 _gss_spnego_compare_name
-           (OM_uint32 *minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    spnego_name n1 = (spnego_name)name1;
-    spnego_name n2 = (spnego_name)name2;
-
-    *name_equal = 0;
-
-    if (!gss_oid_equal(&n1->type, &n2->type))
-	return GSS_S_COMPLETE;
-    if (n1->value.length != n2->value.length)
-	return GSS_S_COMPLETE;
-    if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
-	return GSS_S_COMPLETE;
-
-    *name_equal = 1;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    spnego_name name = (spnego_name)input_name;
-
-    *minor_status = 0;
-
-    if (name == NULL || name->mech == GSS_C_NO_NAME)
-	return GSS_S_FAILURE;
-
-    return gss_display_name(minor_status, name->mech,
-			    output_name_buffer, output_name_type);
-}
-
-OM_uint32 _gss_spnego_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t name_buffer,
-            const gss_OID name_type,
-            gss_name_t * output_name
-           )
-{
-    spnego_name name;
-    OM_uint32 maj_stat;
-
-    *minor_status = 0;
-
-    name = calloc(1, sizeof(*name));
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    maj_stat = _gss_copy_oid(minor_status, name_type, &name->type);
-    if (maj_stat) {
-	free(name);
-	return GSS_S_FAILURE;
-    }
-    
-    maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
-    if (maj_stat) {
-	gss_name_t rname = (gss_name_t)name;
-	_gss_spnego_release_name(minor_status, &rname);
-	return GSS_S_FAILURE;
-    }
-    name->mech = GSS_C_NO_NAME;
-    *output_name = (gss_name_t)name;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    spnego_name name;
-    *minor_status = 0;
-
-    if (input_name == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    name = (spnego_name)input_name;
-    if (name->mech == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    return gss_export_name(minor_status, name->mech, exported_name);
-}
-
-OM_uint32 _gss_spnego_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    *minor_status = 0;
-
-    if (*input_name != GSS_C_NO_NAME) {
-	OM_uint32 junk;
-	spnego_name name = (spnego_name)*input_name;
-	_gss_free_oid(&junk, &name->type);
-	gss_release_buffer(&junk, &name->value);
-	if (name->mech != GSS_C_NO_NAME)
-	    gss_release_name(&junk, &name->mech);
-	free(name);
-
-	*input_name = GSS_C_NO_NAME;
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_inquire_context(minor_status,
-			       ctx->negotiated_ctx_id,
-			       src_name,
-			       targ_name,
-			       lifetime_rec,
-			       mech_type,
-			       ctx_flags,
-			       locally_initiated,
-			       open_context);
-}
-
-OM_uint32 _gss_spnego_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_wrap_size_limit(minor_status,
-			       ctx->negotiated_ctx_id,
-			       conf_req_flag,
-			       qop_req,
-			       req_output_size,
-			       max_input_size);
-}
-
-OM_uint32 _gss_spnego_export_sec_context (
-            OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t interprocess_token
-           )
-{
-    gssspnego_ctx ctx;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    if (ctx == NULL)
-	return GSS_S_NO_CONTEXT;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ret = gss_export_sec_context(minor_status,
-				 &ctx->negotiated_ctx_id,
-				 interprocess_token);
-    if (ret == GSS_S_COMPLETE) {
-	ret = _gss_spnego_internal_delete_sec_context(minor_status,
-					     context_handle,
-					     GSS_C_NO_BUFFER);
-	if (ret == GSS_S_COMPLETE)
-	    return GSS_S_COMPLETE;
-    }
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_import_sec_context (
-            OM_uint32 * minor_status,
-            const gss_buffer_t interprocess_token,
-            gss_ctx_id_t *context_handle
-           )
-{
-    OM_uint32 ret, minor;
-    gss_ctx_id_t context;
-    gssspnego_ctx ctx;
-
-    ret = _gss_spnego_alloc_sec_context(minor_status, &context);
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-    ctx = (gssspnego_ctx)context;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = gss_import_sec_context(minor_status,
-				 interprocess_token,
-				 &ctx->negotiated_ctx_id);
-    if (ret != GSS_S_COMPLETE) {
-	_gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
-	return ret;
-    }
-
-    ctx->open = 1;
-    /* don't bother filling in the rest of the fields */
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    gss_OID_set mechs, names, n;
-    OM_uint32 ret, junk;
-    int i, j;
-
-    *name_types = NULL;
-
-    ret = spnego_supported_mechs(minor_status, &mechs);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ret = gss_create_empty_oid_set(minor_status, &names);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    for (i = 0; i < mechs->count; i++) {
-	ret = gss_inquire_names_for_mech(minor_status,
-					 &mechs->elements[i],
-					 &n);
-	if (ret)
-	    continue;
-
-	for (j = 0; j < n->count; j++)
-	    gss_add_oid_set_member(minor_status,
-				   &n->elements[j],
-				   &names);
-	gss_release_oid_set(&junk, &n);
-    }
-
-    ret = GSS_S_COMPLETE;
-    *name_types = names;
-out:
-
-    gss_release_oid_set(&junk, &mechs);
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret, junk;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_SPNEGO_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(&junk, mech_types);
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    /* XXX */
-    return gss_duplicate_name(minor_status, input_name, output_name);
-}
-
-OM_uint32 _gss_spnego_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    return gss_duplicate_name(minor_status, src_name, dest_name);
-}
-
-OM_uint32 _gss_spnego_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_sign(minor_status,
-		    ctx->negotiated_ctx_id,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-}
-
-OM_uint32 _gss_spnego_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_verify(minor_status,
-		      ctx->negotiated_ctx_id,
-		      message_buffer,
-		      token_buffer,
-		      qop_state);
-}
-
-OM_uint32 _gss_spnego_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_seal(minor_status,
-		    ctx->negotiated_ctx_id,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unseal(minor_status,
-		      ctx->negotiated_ctx_id,
-		      input_message_buffer,
-		      output_message_buffer,
-		      conf_state,
-		      qop_state);
-}
-
-#if 0
-OM_uint32 _gss_spnego_unwrap_ex
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-	    const gss_buffer_t token_header_buffer,
-	    const gss_buffer_t associated_data_buffer,
-	    const gss_buffer_t input_message_buffer,
-	    gss_buffer_t output_message_buffer,
-	    int * conf_state,
-	    gss_qop_t * qop_state)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unwrap_ex(minor_status,
-			 ctx->negotiated_ctx_id,
-			 token_header_buffer,
-			 associated_data_buffer,
-			 input_message_buffer,
-			 output_message_buffer,
-			 conf_state,
-			 qop_state);
-}
-
-OM_uint32 _gss_spnego_wrap_ex
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t associated_data_buffer,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_token_buffer,
-            gss_buffer_t output_message_buffer
-	   )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
-	associated_data_buffer->length != input_message_buffer->length) {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_QOP;
-    }
-
-    return gss_wrap_ex(minor_status,
-		       ctx->negotiated_ctx_id,
-		       conf_req_flag,
-		       qop_req,
-		       associated_data_buffer,
-		       input_message_buffer,
-		       conf_state,
-		       output_token_buffer,
-		       output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_complete_auth_token
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-	    gss_buffer_t input_message_buffer)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_complete_auth_token(minor_status,
-				   ctx->negotiated_ctx_id,
-				   input_message_buffer);
-}
-#endif
-
-OM_uint32 _gss_spnego_inquire_sec_context_by_oid
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_inquire_sec_context_by_oid(minor_status,
-					  ctx->negotiated_ctx_id,
-					  desired_object,
-					  data_set);
-}
-
-OM_uint32 _gss_spnego_set_sec_context_option
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_set_sec_context_option(minor_status,
-				      &ctx->negotiated_ctx_id,
-				      desired_object,
-				      value);
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c b/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c
deleted file mode 100644
index 2362e99..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $");
-
-OM_uint32
-_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
-{
-    gssspnego_cred cred;
-    OM_uint32 ret;
-    
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-	return GSS_S_COMPLETE;
-    }
-    cred = (gssspnego_cred)*cred_handle;
-
-    ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
-
-    free(cred);
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    return ret;
-}
-
-OM_uint32
-_gss_spnego_alloc_cred(OM_uint32 *minor_status,
-		       gss_cred_id_t mech_cred_handle,
-		       gss_cred_id_t *cred_handle)
-{
-    gssspnego_cred cred;
-
-    if (*cred_handle != GSS_C_NO_CREDENTIAL) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    cred = calloc(1, sizeof(*cred));
-    if (cred == NULL) {
-	*cred_handle = GSS_C_NO_CREDENTIAL;
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    cred->negotiated_cred_id = mech_cred_handle;
-
-    *cred_handle = (gss_cred_id_t)cred;
-
-    return GSS_S_COMPLETE; 
-}
-
-/*
- * For now, just a simple wrapper that avoids recursion. When
- * we support gss_{get,set}_neg_mechs() we will need to expose
- * more functionality.
- */
-OM_uint32 _gss_spnego_acquire_cred
-(OM_uint32 *minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
-    )
-{
-    const spnego_name dname = (const spnego_name)desired_name;
-    gss_name_t name = GSS_C_NO_NAME;
-    OM_uint32 ret, tmp;
-    gss_OID_set_desc actual_desired_mechs;
-    gss_OID_set mechs;
-    int i, j;
-    gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
-    gssspnego_cred cred;
-
-    *output_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (dname) {
-	ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
-	if (ret) {
-	    return ret;
-	}
-    }
-    
-    ret = gss_indicate_mechs(minor_status, &mechs);
-    if (ret != GSS_S_COMPLETE) {
-	gss_release_name(minor_status, &name);
-	return ret;
-    }
-
-    /* Remove ourselves from this list */
-    actual_desired_mechs.count = mechs->count;
-    actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
-					   sizeof(gss_OID_desc));
-    if (actual_desired_mechs.elements == NULL) {
-	*minor_status = ENOMEM;
-	ret = GSS_S_FAILURE;
-	goto out;
-    }
-
-    for (i = 0, j = 0; i < mechs->count; i++) {
-	if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-
-	actual_desired_mechs.elements[j] = mechs->elements[i];
-	j++;
-    }
-    actual_desired_mechs.count = j;
-
-    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
-				 &cred_handle);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    cred = (gssspnego_cred)cred_handle;
-    ret = gss_acquire_cred(minor_status, name,
-			   time_req, &actual_desired_mechs,
-			   cred_usage,
-			   &cred->negotiated_cred_id,
-			   actual_mechs, time_rec);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    *output_cred_handle = cred_handle;
-
-out:
-    gss_release_name(minor_status, &name);
-    gss_release_oid_set(&tmp, &mechs);
-    if (actual_desired_mechs.elements != NULL) {
-	free(actual_desired_mechs.elements);
-    }
-    if (ret != GSS_S_COMPLETE) {
-	_gss_spnego_release_cred(&tmp, &cred_handle);
-    }
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    gssspnego_cred cred;
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (name) {
-	sname = calloc(1, sizeof(*sname));
-	if (sname == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred(minor_status,
-			   cred->negotiated_cred_id,
-			   sname ? &sname->mech : NULL,
-			   lifetime,
-			   cred_usage,
-			   mechanisms);
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_add_cred (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t input_cred_handle,
-            const gss_name_t desired_name,
-            const gss_OID desired_mech,
-            gss_cred_usage_t cred_usage,
-            OM_uint32 initiator_time_req,
-            OM_uint32 acceptor_time_req,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * initiator_time_rec,
-            OM_uint32 * acceptor_time_rec
-           )
-{
-    gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
-    OM_uint32 ret, tmp;
-    gssspnego_cred input_cred, output_cred;
-
-    *output_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
-				 &spnego_output_cred_handle);
-    if (ret)
-	return ret;
-
-    input_cred = (gssspnego_cred)input_cred_handle;
-    output_cred = (gssspnego_cred)spnego_output_cred_handle;
-
-    ret = gss_add_cred(minor_status,
-		       input_cred->negotiated_cred_id,
-		       desired_name,
-		       desired_mech,
-		       cred_usage,
-		       initiator_time_req,
-		       acceptor_time_req,
-		       &output_cred->negotiated_cred_id,
-		       actual_mechs,
-		       initiator_time_rec,
-		       acceptor_time_rec);
-    if (ret) {
-	_gss_spnego_release_cred(&tmp, &spnego_output_cred_handle);
-	return ret;
-    }
-
-    *output_cred_handle = spnego_output_cred_handle;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-           )
-{
-    gssspnego_cred cred;
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (name) {
-	sname = calloc(1, sizeof(*sname));
-	if (sname == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred_by_mech(minor_status,
-				   cred->negotiated_cred_id,
-				   mech_type,
-				   sname ? &sname->mech : NULL,
-				   initiator_lifetime,
-				   acceptor_lifetime,
-				   cred_usage);
-
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_cred_by_oid
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    gssspnego_cred cred;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred_by_oid(minor_status,
-				  cred->negotiated_cred_id,
-				  desired_object,
-				  data_set);
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/external.c b/crypto/heimdal/lib/gssapi/spnego/external.c
deleted file mode 100644
index fbc231f..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/external.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-#include <gssapi_mech.h>
-
-RCSID("$Id: external.c 18336 2006-10-07 22:27:13Z lha $");
-
-/*
- * RFC2478, SPNEGO:
- *  The security mechanism of the initial
- *  negotiation token is identified by the Object Identifier
- *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
- */
-
-static gssapi_mech_interface_desc spnego_mech = {
-    GMI_VERSION,
-    "spnego",
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
-    _gss_spnego_acquire_cred,
-    _gss_spnego_release_cred,
-    _gss_spnego_init_sec_context,
-    _gss_spnego_accept_sec_context,
-    _gss_spnego_process_context_token,
-    _gss_spnego_internal_delete_sec_context,
-    _gss_spnego_context_time,
-    _gss_spnego_get_mic,
-    _gss_spnego_verify_mic,
-    _gss_spnego_wrap,
-    _gss_spnego_unwrap,
-    _gss_spnego_display_status,
-    NULL,
-    _gss_spnego_compare_name,
-    _gss_spnego_display_name,
-    _gss_spnego_import_name,
-    _gss_spnego_export_name,
-    _gss_spnego_release_name,
-    _gss_spnego_inquire_cred,
-    _gss_spnego_inquire_context,
-    _gss_spnego_wrap_size_limit,
-    _gss_spnego_add_cred,
-    _gss_spnego_inquire_cred_by_mech,
-    _gss_spnego_export_sec_context,
-    _gss_spnego_import_sec_context,
-    _gss_spnego_inquire_names_for_mech,
-    _gss_spnego_inquire_mechs_for_name,
-    _gss_spnego_canonicalize_name,
-    _gss_spnego_duplicate_name
-};
-
-gssapi_mech_interface
-__gss_spnego_initialize(void)
-{
-	return &spnego_mech;
-}
-
-static gss_OID_desc _gss_spnego_mechanism_desc = 
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
-
-gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc;
diff --git a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c
deleted file mode 100644
index 7c74981..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ /dev/null
@@ -1,663 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * Portions Copyright (c) 2004 PADL Software Pty Ltd.
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: init_sec_context.c 19411 2006-12-18 15:42:03Z lha $");
-
-/*
- * Is target_name an sane target for `mech�.
- */
-
-static OM_uint32
-initiator_approved(gss_name_t target_name, gss_OID mech)
-{
-    OM_uint32 min_stat, maj_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc out;
-    
-    maj_stat = gss_init_sec_context(&min_stat,
-				    GSS_C_NO_CREDENTIAL,
-				    &ctx,
-				    target_name,
-				    mech,
-				    0,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_CHANNEL_BINDINGS,
-				    GSS_C_NO_BUFFER,
-				    NULL,
-				    &out,
-				    NULL,
-				    NULL);
-    if (GSS_ERROR(maj_stat))
-	return GSS_S_BAD_MECH;
-    gss_release_buffer(&min_stat, &out);
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Send a reply. Note that we only need to send a reply if we
- * need to send a MIC or a mechanism token. Otherwise, we can
- * return an empty buffer.
- *
- * The return value of this will be returned to the API, so it
- * must return GSS_S_CONTINUE_NEEDED if a token was generated.
- */
-static OM_uint32
-spnego_reply_internal(OM_uint32 *minor_status,
-		      gssspnego_ctx context_handle,
-		      const gss_buffer_t mech_buf,
-		      gss_buffer_t mech_token,
-		      gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    gss_buffer_desc mic_buf;
-    OM_uint32 ret;
-    size_t size;
-
-    if (mech_buf == GSS_C_NO_BUFFER && mech_token->length == 0) {
-	output_token->length = 0;
-	output_token->value = NULL;
-
-	return context_handle->open ? GSS_S_COMPLETE : GSS_S_FAILURE;
-    }
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    nt.u.negTokenResp.supportedMech = NULL;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (mech_token->length == 0) {
-	nt.u.negTokenResp.responseToken = NULL;
-	*(nt.u.negTokenResp.negResult)  = accept_completed;
-    } else {
-	ALLOC(nt.u.negTokenResp.responseToken, 1);
-	if (nt.u.negTokenResp.responseToken == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	nt.u.negTokenResp.responseToken->length = mech_token->length;
-	nt.u.negTokenResp.responseToken->data   = mech_token->value;
-	mech_token->length = 0;
-	mech_token->value  = NULL;
-
-	*(nt.u.negTokenResp.negResult)  = accept_incomplete;
-    }
-
-    if (mech_buf != GSS_C_NO_BUFFER) {
-
-	ret = gss_get_mic(minor_status,
-			  context_handle->negotiated_ctx_id,
-			  0,
-			  mech_buf,
-			  &mic_buf);
-	if (ret == GSS_S_COMPLETE) {
-	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
-	    if (nt.u.negTokenResp.mechListMIC == NULL) {
-		gss_release_buffer(minor_status, &mic_buf);
-		free_NegotiationToken(&nt);
-		*minor_status = ENOMEM;
-		return GSS_S_FAILURE;
-	    }
-
-	    nt.u.negTokenResp.mechListMIC->length = mic_buf.length;
-	    nt.u.negTokenResp.mechListMIC->data   = mic_buf.value;
-	} else if (ret == GSS_S_UNAVAILABLE) {
-	    nt.u.negTokenResp.mechListMIC = NULL;
-	} if (ret) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    } else {
-	nt.u.negTokenResp.mechListMIC = NULL;
-    }
-
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length,
-		       &nt, &size, ret);
-    if (ret) {
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (*(nt.u.negTokenResp.negResult) == accept_completed)
-	ret = GSS_S_COMPLETE;
-    else
-	ret = GSS_S_CONTINUE_NEEDED;
-
-    free_NegotiationToken(&nt);
-    return ret;
-}
-
-static OM_uint32
-spnego_initial
-           (OM_uint32 * minor_status,
-	    gssspnego_cred cred,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-    )
-{
-    NegTokenInit ni;
-    int ret;
-    OM_uint32 sub, minor;
-    gss_buffer_desc mech_token;
-    u_char *buf;
-    size_t buf_size, buf_len;
-    gss_buffer_desc data;
-    size_t ni_len;
-    gss_ctx_id_t context;
-    gssspnego_ctx ctx;
-    spnego_name name = (spnego_name)target_name;
-
-    *minor_status = 0;
-
-    memset (&ni, 0, sizeof(ni));
-
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    if (target_name == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    sub = _gss_spnego_alloc_sec_context(&minor, &context);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	return sub;
-    }
-    ctx = (gssspnego_ctx)context;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ctx->local = 1;
-
-    sub = gss_import_name(&minor, &name->value, &name->type, &ctx->target_name);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    sub = _gss_spnego_indicate_mechtypelist(&minor, 
-					    ctx->target_name,
-					    initiator_approved,
-					    0,
-					    cred,
-					    &ni.mechTypes,
-					    &ctx->preferred_mech_type);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    ni.reqFlags = NULL;
-
-    /*
-     * If we have a credential handle, use it to select the mechanism
-     * that we will use
-     */
-
-    /* generate optimistic token */
-    sub = gss_init_sec_context(&minor,
-			       (cred != NULL) ? cred->negotiated_cred_id :
-			          GSS_C_NO_CREDENTIAL,
-			       &ctx->negotiated_ctx_id,
-			       ctx->target_name,
-			       ctx->preferred_mech_type,
-			       req_flags,
-			       time_req,
-			       input_chan_bindings,
-			       input_token,
-			       &ctx->negotiated_mech_type,
-			       &mech_token,
-			       &ctx->mech_flags,
-			       &ctx->mech_time_rec);
-    if (GSS_ERROR(sub)) {
-	free_NegTokenInit(&ni);
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-    if (sub == GSS_S_COMPLETE)
-	ctx->maybe_open = 1;
-
-    if (mech_token.length != 0) {
-	ALLOC(ni.mechToken, 1);
-	if (ni.mechToken == NULL) {
-	    free_NegTokenInit(&ni);
-	    gss_release_buffer(&minor, &mech_token);
-	    _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	ni.mechToken->length = mech_token.length;
-	ni.mechToken->data = malloc(mech_token.length);
-	if (ni.mechToken->data == NULL && mech_token.length != 0) {
-	    free_NegTokenInit(&ni);
-	    gss_release_buffer(&minor, &mech_token);
-	    *minor_status = ENOMEM;
-	    _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(ni.mechToken->data, mech_token.value, mech_token.length);
-	gss_release_buffer(&minor, &mech_token);
-    } else
-	ni.mechToken = NULL;
-
-    ni.mechListMIC = NULL;
-
-    ni_len = length_NegTokenInit(&ni);
-    buf_size = 1 + der_length_len(ni_len) + ni_len;
-
-    buf = malloc(buf_size);
-    if (buf == NULL) {
-	free_NegTokenInit(&ni);
-	*minor_status = ENOMEM;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return GSS_S_FAILURE;
-    }
-
-    ret = encode_NegTokenInit(buf + buf_size - 1,
-			      ni_len,
-			      &ni, &buf_len);
-    if (ret == 0 && ni_len != buf_len)
-	abort();
-
-    if (ret == 0) {
-	size_t tmp;
-
-	ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
-				     buf_size - buf_len,
-				     buf_len,
-				     ASN1_C_CONTEXT,
-				     CONS,
-				     0,
-				     &tmp);
-	if (ret == 0 && tmp + buf_len != buf_size)
-	    abort();
-    }
-    if (ret) {
-	*minor_status = ret;
-	free(buf);
-	free_NegTokenInit(&ni);
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return GSS_S_FAILURE;
-    }
-
-    data.value  = buf;
-    data.length = buf_size;
-
-    ctx->initiator_mech_types.len = ni.mechTypes.len;
-    ctx->initiator_mech_types.val = ni.mechTypes.val;
-    ni.mechTypes.len = 0;
-    ni.mechTypes.val = NULL;
- 
-    free_NegTokenInit(&ni);
-
-    sub = gss_encapsulate_token(&data,
-				GSS_SPNEGO_MECHANISM,
-				output_token);
-    free (buf);
-
-    if (sub) {
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    if (actual_mech_type)
-	*actual_mech_type = ctx->negotiated_mech_type;
-    if (ret_flags)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec)
-	*time_rec = ctx->mech_time_rec;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *context_handle = context;
-
-    return GSS_S_CONTINUE_NEEDED;
-}
-
-static OM_uint32
-spnego_reply
-           (OM_uint32 * minor_status,
-	    const gssspnego_cred cred,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret, minor;
-    NegTokenResp resp;
-    size_t len, taglen;
-    gss_OID_desc mech;
-    int require_mic;
-    size_t buf_len;
-    gss_buffer_desc mic_buf, mech_buf;
-    gss_buffer_desc mech_output_token;
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    mech_output_token.length = 0;
-    mech_output_token.value = NULL;
-
-    mech_buf.value = NULL;
-    mech_buf.length = 0;
-
-    ret = der_match_tag_and_length(input_token->value, input_token->length,
-				   ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
-    if (ret)
-	return ret;
-
-    if (len > input_token->length - taglen)
-	return ASN1_OVERRUN;
-
-    ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
-			      len, &resp, NULL);
-    if (ret) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (resp.negResult == NULL
-	|| *(resp.negResult) == reject
-	/* || resp.supportedMech == NULL */
-	)
-    {
-	free_NegTokenResp(&resp);
-	return GSS_S_BAD_MECH;
-    }
-
-    /*
-     * Pick up the mechanism that the acceptor selected, only allow it
-     * to be sent in packet.
-     */
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (resp.supportedMech) {
-
-	if (ctx->oidlen) {
-	    free_NegTokenResp(&resp);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_BAD_MECH;
-	}
-	ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1,
-			  sizeof(ctx->oidbuf),
-			  resp.supportedMech,
-			  &ctx->oidlen);
-	/* Avoid recursively embedded SPNEGO */
-	if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length &&
-		    memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
-			   GSS_SPNEGO_MECHANISM->elements,
-			   ctx->oidlen) == 0))
-	{
-	    free_NegTokenResp(&resp);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_BAD_MECH;
-	}
-
-	/* check if the acceptor took our optimistic token */
-	if (ctx->oidlen != ctx->preferred_mech_type->length ||
-	    memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
-		   ctx->preferred_mech_type->elements,
-		   ctx->oidlen) != 0)
-	{
-	    gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id, 
-				   GSS_C_NO_BUFFER);
-	    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-	}
-    } else if (ctx->oidlen == 0) {
-	free_NegTokenResp(&resp);
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_BAD_MECH;
-    }
-
-    if (resp.responseToken != NULL || 
-	ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	gss_buffer_desc mech_input_token;
-
-	if (resp.responseToken) {
-	    mech_input_token.length = resp.responseToken->length;
-	    mech_input_token.value  = resp.responseToken->data;
-	} else {
-	    mech_input_token.length = 0;
-	    mech_input_token.value = NULL;
-	}
-
-
-	mech.length = ctx->oidlen;
-	mech.elements = ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen;
-
-	/* Fall through as if the negotiated mechanism
-	   was requested explicitly */
-	ret = gss_init_sec_context(&minor,
-				   (cred != NULL) ? cred->negotiated_cred_id :
-				       GSS_C_NO_CREDENTIAL,
-				   &ctx->negotiated_ctx_id,
-				   ctx->target_name,
-				   &mech,
-				   req_flags,
-				   time_req,
-				   input_chan_bindings,
-				   &mech_input_token,
-				   &ctx->negotiated_mech_type,
-				   &mech_output_token,
-				   &ctx->mech_flags,
-				   &ctx->mech_time_rec);
-	if (GSS_ERROR(ret)) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
-	    *minor_status = minor;
-	    return ret;
-	}
-	if (ret == GSS_S_COMPLETE) {
-	    ctx->open = 1;
-	}
-    } else if (*(resp.negResult) == accept_completed) {
-	if (ctx->maybe_open)
-	    ctx->open = 1;
-    }
-
-    if (*(resp.negResult) == request_mic) {
-	ctx->require_mic = 1;
-    }
-
-    if (ctx->open) {
-	/*
-	 * Verify the mechListMIC if one was provided or CFX was
-	 * used and a non-preferred mechanism was selected
-	 */
-	if (resp.mechListMIC != NULL) {
-	    require_mic = 1;
-	} else {
-	    ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
-						   &require_mic);
-	    if (ret) {
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		free_NegTokenResp(&resp);
-		gss_release_buffer(&minor, &mech_output_token);
-		return ret;
-	    }
-	}
-    } else {
-	require_mic = 0;
-    }
-
-    if (require_mic) {
-	ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length,
-			   &ctx->initiator_mech_types, &buf_len, ret);
-	if (ret) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
-	    gss_release_buffer(&minor, &mech_output_token);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	if (mech_buf.length != buf_len)
-	    abort();
-
-	if (resp.mechListMIC == NULL) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free(mech_buf.value);
-	    free_NegTokenResp(&resp);
-	    *minor_status = 0;
-	    return GSS_S_DEFECTIVE_TOKEN;
-	}
-	mic_buf.length = resp.mechListMIC->length;
-	mic_buf.value  = resp.mechListMIC->data;
-
-	if (mech_output_token.length == 0) {
-	    ret = gss_verify_mic(minor_status,
-				 ctx->negotiated_ctx_id,
-				 &mech_buf,
-				 &mic_buf,
-				 NULL);
-	   if (ret) {
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		free(mech_buf.value);
-		gss_release_buffer(&minor, &mech_output_token);
-		free_NegTokenResp(&resp);
-		return GSS_S_DEFECTIVE_TOKEN;
-	    }
-	    ctx->verified_mic = 1;
-	}
-    }
-
-    ret = spnego_reply_internal(minor_status, ctx,
-				require_mic ? &mech_buf : NULL,
-				&mech_output_token,
-				output_token);
-
-    if (mech_buf.value != NULL)
-	free(mech_buf.value);
-
-    free_NegTokenResp(&resp);
-    gss_release_buffer(&minor, &mech_output_token);
-
-    if (actual_mech_type)
-	*actual_mech_type = ctx->negotiated_mech_type;
-    if (ret_flags)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec)
-	*time_rec = ctx->mech_time_rec;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return ret;
-}
-
-OM_uint32 _gss_spnego_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
-
-    if (*context_handle == GSS_C_NO_CONTEXT)
-	return spnego_initial (minor_status,
-			       cred,
-			       context_handle,
-			       target_name,
-			       mech_type,
-			       req_flags,
-			       time_req,
-			       input_chan_bindings,
-			       input_token,
-			       actual_mech_type,
-			       output_token,
-			       ret_flags,
-			       time_rec);
-    else
-	return spnego_reply (minor_status,
-			     cred,
-			     context_handle,
-			     target_name,
-			     mech_type,
-			     req_flags,
-			     time_req,
-			     input_chan_bindings,
-			     input_token,
-			     actual_mech_type,
-			     output_token,
-			     ret_flags,
-			     time_rec);
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h b/crypto/heimdal/lib/gssapi/spnego/spnego-private.h
deleted file mode 100644
index d80db00..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h
+++ /dev/null
@@ -1,330 +0,0 @@
-/* This is a generated file */
-#ifndef __spnego_private_h__
-#define __spnego_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_spnego_initialize (void);
-
-OM_uint32
-_gss_spnego_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t *delegated_cred_handle );
-
-OM_uint32
-_gss_spnego_acquire_cred (
-	OM_uint32 */*minor_status*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_spnego_add_cred (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * /*initiator_time_rec*/,
-	OM_uint32 * acceptor_time_rec );
-
-OM_uint32
-_gss_spnego_alloc_cred (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t /*mech_cred_handle*/,
-	gss_cred_id_t */*cred_handle*/);
-
-OM_uint32
-_gss_spnego_alloc_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t */*context_handle*/);
-
-OM_uint32
-_gss_spnego_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_spnego_compare_name (
-	OM_uint32 */*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gss_spnego_context_time (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 *time_rec );
-
-OM_uint32
-_gss_spnego_delete_sec_context (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_spnego_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gss_spnego_display_status (
-	OM_uint32 * /*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 * /*message_context*/,
-	gss_buffer_t status_string );
-
-OM_uint32
-_gss_spnego_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-OM_uint32
-_gss_spnego_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gss_spnego_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-OM_uint32
-_gss_spnego_get_mic (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gss_spnego_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*name_buffer*/,
-	const gss_OID /*name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_spnego_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t *context_handle );
-
-OM_uint32
-_gss_spnego_indicate_mechtypelist (
-	OM_uint32 */*minor_status*/,
-	gss_name_t /*target_name*/,
-	OM_uint32 (*/*func*/)(gss_name_t, gss_OID),
-	int /*includeMSCompatOID*/,
-	const gssspnego_cred /*cred_handle*/,
-	MechTypeList */*mechtypelist*/,
-	gss_OID */*preferred_mech*/);
-
-OM_uint32
-_gss_spnego_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_spnego_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gss_spnego_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gss_spnego_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gss_spnego_inquire_cred_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gss_spnego_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gss_spnego_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gss_spnego_inquire_sec_context_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gss_spnego_internal_delete_sec_context (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_spnego_process_context_token (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gss_spnego_release_cred (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t */*cred_handle*/);
-
-OM_uint32
-_gss_spnego_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-OM_uint32
-_gss_spnego_require_mechlist_mic (
-	OM_uint32 */*minor_status*/,
-	gssspnego_ctx /*ctx*/,
-	int */*require_mic*/);
-
-OM_uint32
-_gss_spnego_seal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	int /*qop_req*/,
-	gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_spnego_set_sec_context_option (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-OM_uint32
-_gss_spnego_sign (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*qop_req*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gss_spnego_unseal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	int * qop_state );
-
-OM_uint32
-_gss_spnego_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_spnego_verify (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*token_buffer*/,
-	int * qop_state );
-
-OM_uint32
-_gss_spnego_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_spnego_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_spnego_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-#endif /* __spnego_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 b/crypto/heimdal/lib/gssapi/spnego/spnego.asn1
deleted file mode 100644
index 058f10b..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1
+++ /dev/null
@@ -1,63 +0,0 @@
--- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
-
-SPNEGO DEFINITIONS ::=
-BEGIN
-
-MechType::= OBJECT IDENTIFIER
-
-MechTypeList ::= SEQUENCE OF MechType
-
-ContextFlags ::= BIT STRING {
-    delegFlag       (0),
-    mutualFlag      (1),
-    replayFlag      (2),
-    sequenceFlag    (3),
-    anonFlag        (4),
-    confFlag        (5),
-    integFlag       (6)
-}
-
-NegHints ::= SEQUENCE {
-    hintName       [0]  GeneralString	OPTIONAL,
-    hintAddress    [1]  OCTET STRING	OPTIONAL
-} 
-
-NegTokenInitWin ::= SEQUENCE {
-    mechTypes       [0] MechTypeList,
-    reqFlags        [1] ContextFlags   OPTIONAL,
-    mechToken       [2] OCTET STRING   OPTIONAL,
-    negHints        [3] NegHints       OPTIONAL
-}
-
-NegTokenInit ::= SEQUENCE {
-    mechTypes       [0] MechTypeList,
-    reqFlags        [1] ContextFlags   OPTIONAL,
-    mechToken       [2] OCTET STRING   OPTIONAL,
-    mechListMIC	    [3] OCTET STRING   OPTIONAL,
-    ...
-}
-
--- NB: negResult is not OPTIONAL in the new SPNEGO spec but
--- Windows clients do not always send it
-NegTokenResp ::= SEQUENCE {
-    negResult      [0] ENUMERATED {
-                            accept_completed    (0),
-                            accept_incomplete   (1),
-                            reject              (2),
-                            request-mic         (3) }          OPTIONAL,
-    supportedMech  [1] MechType                                OPTIONAL,
-    responseToken  [2] OCTET STRING                            OPTIONAL,
-    mechListMIC    [3] OCTET STRING                            OPTIONAL,
-    ...
-}
-
-NegotiationToken ::= CHOICE {
-	negTokenInit[0]		NegTokenInit,
-	negTokenResp[1]		NegTokenResp
-}
-
-NegotiationTokenWin ::= CHOICE {
-	negTokenInit[0]		NegTokenInitWin
-}
-
-END
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
deleted file mode 100644
index 44b2468..0000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
-
-#ifndef SPNEGO_LOCL_H
-#define SPNEGO_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-
-#include <gssapi/gssapi_spnego.h>
-#include <gssapi.h>
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <ctype.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#include <heim_threads.h>
-#include <asn1_err.h>
-
-#include <gssapi_mech.h>
-
-#include "spnego_asn1.h"
-#include "mech/utils.h"
-#include <der.h>
-
-#include <roken.h>
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-
-typedef struct {
-	gss_cred_id_t		negotiated_cred_id;
-} *gssspnego_cred;
-
-typedef struct {
-	MechTypeList		initiator_mech_types;
-	gss_OID			preferred_mech_type;
-	gss_OID			negotiated_mech_type;
-	gss_ctx_id_t		negotiated_ctx_id;
-	OM_uint32		mech_flags;
-	OM_uint32		mech_time_rec;
-	gss_name_t		mech_src_name;
-	gss_cred_id_t		delegated_cred_id;
-	unsigned int		open : 1;
-	unsigned int		local : 1;
-	unsigned int		require_mic : 1;
-	unsigned int		verified_mic : 1;
-	unsigned int		maybe_open : 1;
-	HEIMDAL_MUTEX		ctx_id_mutex;
-
-	gss_name_t		target_name;
-
-	u_char			oidbuf[17];
- 	size_t			oidlen;
-
-} *gssspnego_ctx;
-
-typedef struct {
-	gss_OID_desc		type;
-	gss_buffer_desc		value;
-	gss_name_t		mech;
-} *spnego_name;
-
-extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
-extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;
-
-#include <spnego/spnego-private.h>
-
-#endif /* SPNEGO_LOCL_H */
diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c
deleted file mode 100644
index fd2bc32..0000000
--- a/crypto/heimdal/lib/gssapi/test_acquire_cred.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * Copyright (c) 2003-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#include "test_common.h"
-
-RCSID("$Id: test_acquire_cred.c 22129 2007-12-04 01:13:13Z lha $");
-
-static void
-print_time(OM_uint32 time_rec)
-{
-    if (time_rec == GSS_C_INDEFINITE) {
-	printf("cred never expire\n");
-    } else {
-	time_t t = time_rec + time(NULL);
-	printf("expiration time: %s", ctime(&t));
-    }
-}
-
-#if 0
-
-static void
-test_add(gss_cred_id_t cred_handle)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t copy_cred;
-    OM_uint32 time_rec;
-
-    major_status = gss_add_cred (&minor_status,
-				 cred_handle,
-				 GSS_C_NO_NAME,
-				 GSS_KRB5_MECHANISM,
-				 GSS_C_INITIATE,
-				 0,
-				 0,
-				 &copy_cred,
-				 NULL,
-				 &time_rec,
-				 NULL);
-			    
-    if (GSS_ERROR(major_status))
-	errx(1, "add_cred failed");
-
-    print_time(time_rec);
-
-    major_status = gss_release_cred(&minor_status,
-				    &copy_cred);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-}
-
-static void
-copy_cred(void)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t cred_handle;
-    OM_uint32 time_rec;
-
-    major_status = gss_acquire_cred(&minor_status, 
-				    GSS_C_NO_NAME,
-				    0,
-				    NULL,
-				    GSS_C_INITIATE,
-				    &cred_handle,
-				    NULL,
-				    &time_rec);
-    if (GSS_ERROR(major_status))
-	errx(1, "acquire_cred failed");
-	
-    print_time(time_rec);
-
-    test_add(cred_handle);
-    test_add(cred_handle);
-    test_add(cred_handle);
-
-    major_status = gss_release_cred(&minor_status,
-				    &cred_handle);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-}
-#endif
-
-static void
-acquire_cred_service(const char *service,
-		     gss_OID nametype,
-		     int flags)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t cred_handle;
-    OM_uint32 time_rec;
-    gss_buffer_desc name_buffer;
-    gss_name_t name = GSS_C_NO_NAME;
-
-    if (service) {
-	name_buffer.value = rk_UNCONST(service);
-	name_buffer.length = strlen(service);
-	
-	major_status = gss_import_name(&minor_status,
-				       &name_buffer,
-				       nametype,
-				       &name);
-	if (GSS_ERROR(major_status))
-	    errx(1, "import_name failed");
-    }
-
-    major_status = gss_acquire_cred(&minor_status, 
-				    name,
-				    0,
-				    NULL,
-				    flags,
-				    &cred_handle,
-				    NULL,
-				    &time_rec);
-    if (GSS_ERROR(major_status)) {
-	warnx("acquire_cred failed: %s", 
-	     gssapi_err(major_status, minor_status, GSS_C_NO_OID));
-    } else {    
-	print_time(time_rec);
-	gss_release_cred(&minor_status, &cred_handle);
-    }
-
-    if (name != GSS_C_NO_NAME)
-	gss_release_name(&minor_status, &name);
-
-    if (GSS_ERROR(major_status))
-	exit(1);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-static char *acquire_name;
-static char *acquire_type;
-static char *name_type;
-static char *ccache;
-
-static struct getargs args[] = {
-    {"acquire-name", 0,	arg_string,	&acquire_name, "name", NULL },
-    {"acquire-type", 0,	arg_string,	&acquire_type, "type", NULL },
-    {"ccache", 0,	arg_string,	&ccache, "name", NULL },
-    {"name-type", 0,	arg_string,	&name_type, "type", NULL },
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    OM_uint32 flag;
-    gss_OID type;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage(1);
-
-    if (acquire_type) {
-	if (strcasecmp(acquire_type, "both") == 0)
-	    flag = GSS_C_BOTH;
-	else if (strcasecmp(acquire_type, "accept") == 0)
-	    flag = GSS_C_ACCEPT;
-	else if (strcasecmp(acquire_type, "initiate") == 0)
-	    flag = GSS_C_INITIATE;
-	else
-	    errx(1, "unknown type %s", acquire_type);
-    } else
-	flag = GSS_C_ACCEPT;
-	
-    if (name_type) {
-	if (strcasecmp("hostbased-service", name_type) == 0)
-	    type = GSS_C_NT_HOSTBASED_SERVICE;
-	else if (strcasecmp("user-name", name_type) == 0)
-	    type = GSS_C_NT_USER_NAME;
-	else
-	    errx(1, "unknown name type %s", name_type);
-    } else
-	type = GSS_C_NT_HOSTBASED_SERVICE;
-
-    if (ccache) {
-	OM_uint32 major_status, minor_status;
-	major_status = gss_krb5_ccache_name(&minor_status,
-					    ccache, NULL);
-	if (GSS_ERROR(major_status))
-	    errx(1, "gss_krb5_ccache_name %s", 
-		 gssapi_err(major_status, minor_status, GSS_C_NO_OID));
-    }
-
-    acquire_cred_service(acquire_name, type, flag);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_common.c b/crypto/heimdal/lib/gssapi/test_common.c
deleted file mode 100644
index 329180f..0000000
--- a/crypto/heimdal/lib/gssapi/test_common.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <err.h>
-#include "test_common.h"
-
-RCSID("$Id: test_common.c 20075 2007-01-31 06:05:19Z lha $");
-
-char *
-gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech)
-{
-	OM_uint32 disp_min_stat, disp_maj_stat;
-	gss_buffer_desc maj_error_message;
-	gss_buffer_desc min_error_message;
-	OM_uint32 msg_ctx = 0;
-
-	char *ret = NULL;
-
-	maj_error_message.length = 0;
-	maj_error_message.value = NULL;
-	min_error_message.length = 0;
-	min_error_message.value = NULL;
-	
-	disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, 
-					   GSS_C_GSS_CODE,
-					   mech, &msg_ctx, &maj_error_message);
-	disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
-					   GSS_C_MECH_CODE,
-					   mech, &msg_ctx, &min_error_message);
-	asprintf(&ret, "gss-code: %lu %.*s\nmech-code: %lu %.*s", 
-		 (unsigned long)maj_stat,
-		 (int)maj_error_message.length, 
-		 (char *)maj_error_message.value, 
-		 (unsigned long)min_stat,
-		 (int)min_error_message.length, 
-		 (char *)min_error_message.value);
-
-	gss_release_buffer(&disp_min_stat, &maj_error_message);
-	gss_release_buffer(&disp_min_stat, &min_error_message);
-
-	return ret;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/test_common.h b/crypto/heimdal/lib/gssapi/test_common.h
deleted file mode 100644
index 8e78a5d..0000000
--- a/crypto/heimdal/lib/gssapi/test_common.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: test_common.h 20075 2007-01-31 06:05:19Z lha $ */
-
-char * gssapi_err(OM_uint32, OM_uint32, gss_OID);
diff --git a/crypto/heimdal/lib/gssapi/test_context.c b/crypto/heimdal/lib/gssapi/test_context.c
deleted file mode 100644
index e02535a..0000000
--- a/crypto/heimdal/lib/gssapi/test_context.c
+++ /dev/null
@@ -1,542 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-#include "test_common.h"
-
-RCSID("$Id: test_context.c 20075 2007-01-31 06:05:19Z lha $");
-
-static char *type_string;
-static char *mech_string;
-static char *ret_mech_string;
-static int dns_canon_flag = -1;
-static int mutual_auth_flag = 0;
-static int dce_style_flag = 0;
-static int wrapunwrap_flag = 0;
-static int getverifymic_flag = 0;
-static int deleg_flag = 0;
-static int version_flag = 0;
-static int verbose_flag = 0;
-static int help_flag	= 0;
-
-static struct {
-    const char *name;
-    gss_OID *oid;
-} o2n[] = {
-    { "krb5", &GSS_KRB5_MECHANISM },
-    { "spnego", &GSS_SPNEGO_MECHANISM },
-    { "ntlm", &GSS_NTLM_MECHANISM },
-    { "sasl-digest-md5", &GSS_SASL_DIGEST_MD5_MECHANISM }
-};
-
-static gss_OID
-string_to_oid(const char *name)
-{
-    int i;
-    for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
-	if (strcasecmp(name, o2n[i].name) == 0)
-	    return *o2n[i].oid;
-    errx(1, "name %s not unknown", name);
-}
-
-static const char *
-oid_to_string(const gss_OID oid)
-{
-    int i;
-    for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
-	if (gss_oid_equal(oid, *o2n[i].oid))
-	    return o2n[i].name;
-    return "unknown oid";
-}
-
-static void
-loop(gss_OID mechoid,
-     gss_OID nameoid, const char *target,
-     gss_cred_id_t init_cred,
-     gss_ctx_id_t *sctx, gss_ctx_id_t *cctx,
-     gss_OID *actual_mech, 
-     gss_cred_id_t *deleg_cred)
-{
-    int server_done = 0, client_done = 0;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t gss_target_name;
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 flags = 0, ret_cflags, ret_sflags;
-    gss_OID actual_mech_client; 
-    gss_OID actual_mech_server; 
-
-    *actual_mech = GSS_C_NO_OID;
-
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_CONF_FLAG;
-
-    if (mutual_auth_flag)
-	flags |= GSS_C_MUTUAL_FLAG;
-    if (dce_style_flag)
-	flags |= GSS_C_DCE_STYLE;
-    if (deleg_flag)
-	flags |= GSS_C_DELEG_FLAG;
-
-    input_token.value = rk_UNCONST(target);
-    input_token.length = strlen(target);
-
-    maj_stat = gss_import_name(&min_stat,
-			       &input_token,
-			       nameoid,
-			       &gss_target_name);
-    if (GSS_ERROR(maj_stat))
-	err(1, "import name creds failed with: %d", maj_stat);
-
-    input_token.length = 0;
-    input_token.value = NULL;
-
-    while (!server_done || !client_done) {
-
-	maj_stat = gss_init_sec_context(&min_stat,
-					init_cred,
-					cctx,
-					gss_target_name,
-					mechoid, 
-					flags,
-					0, 
-					NULL,
-					&input_token,
-					&actual_mech_client,
-					&output_token,
-					&ret_cflags,
-					NULL);
-	if (GSS_ERROR(maj_stat))
-	    errx(1, "init_sec_context: %s",
-		 gssapi_err(maj_stat, min_stat, mechoid));
-	if (maj_stat & GSS_S_CONTINUE_NEEDED)
-	    ;
-	else
-	    client_done = 1;
-
-	if (client_done && server_done)
-	    break;
-
-	if (input_token.length != 0)
-	    gss_release_buffer(&min_stat, &input_token);
-
-	maj_stat = gss_accept_sec_context(&min_stat,
-					  sctx,
-					  GSS_C_NO_CREDENTIAL,
-					  &output_token,
-					  GSS_C_NO_CHANNEL_BINDINGS,
-					  NULL,
-					  &actual_mech_server,
-					  &input_token,
-					  &ret_sflags,
-					  NULL,
-					  deleg_cred);
-	if (GSS_ERROR(maj_stat))
-		errx(1, "accept_sec_context: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech_server));
-
-	if (verbose_flag)
-	    printf("%.*s", (int)input_token.length, (char *)input_token.value);
-
-	if (output_token.length != 0)
-	    gss_release_buffer(&min_stat, &output_token);
-
-	if (maj_stat & GSS_S_CONTINUE_NEEDED)
-	    ;
-	else
-	    server_done = 1;
-    }	
-    if (output_token.length != 0)
-	gss_release_buffer(&min_stat, &output_token);
-    if (input_token.length != 0)
-	gss_release_buffer(&min_stat, &input_token);
-    gss_release_name(&min_stat, &gss_target_name);
-
-    if (gss_oid_equal(actual_mech_server, actual_mech_client) == 0)
-	errx(1, "mech mismatch");
-    *actual_mech = actual_mech_server;
-}
-
-static void
-wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
-{
-    gss_buffer_desc input_token, output_token, output_token2;
-    OM_uint32 min_stat, maj_stat;
-    int32_t flags = 0;
-    gss_qop_t qop_state;
-    int conf_state;
-
-    input_token.value = "foo";
-    input_token.length = 3;
-
-    maj_stat = gss_wrap(&min_stat, cctx, flags, 0, &input_token,
-			&conf_state, &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_wrap failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-
-    maj_stat = gss_unwrap(&min_stat, sctx, &output_token,
-			  &output_token2, &conf_state, &qop_state);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_unwrap failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-}
-
-static void
-getverifymic(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
-{
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 min_stat, maj_stat;
-    gss_qop_t qop_state;
-
-    input_token.value = "bar";
-    input_token.length = 3;
-
-    maj_stat = gss_get_mic(&min_stat, cctx, 0, &input_token,
-			   &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_get_mic failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-
-    maj_stat = gss_verify_mic(&min_stat, sctx, &input_token,
-			      &output_token, &qop_state);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_verify_mic failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-}
-
-
-/*
- *
- */
-
-static struct getargs args[] = {
-    {"name-type",0,	arg_string, &type_string,  "type of name", NULL },
-    {"mech-type",0,	arg_string, &mech_string,  "type of mech", NULL },
-    {"ret-mech-type",0,	arg_string, &ret_mech_string,
-     "type of return mech", NULL },
-    {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, 
-     "use dns to canonicalize", NULL },
-    {"mutual-auth",0,	arg_flag,	&mutual_auth_flag,"mutual auth", NULL },
-    {"dce-style",0,	arg_flag,	&dce_style_flag, "dce-style", NULL },
-    {"wrapunwrap",0,	arg_flag,	&wrapunwrap_flag, "wrap/unwrap", NULL },
-    {"getverifymic",0,	arg_flag,	&getverifymic_flag, 
-     "get and verify mic", NULL },
-    {"delegate",0,	arg_flag,	&deleg_flag, "delegate credential", NULL },
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"verbose",	'v',	arg_flag,	&verbose_flag, "verbose", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    OM_uint32 min_stat, maj_stat;
-    gss_ctx_id_t cctx, sctx;
-    void *ctx;
-    gss_OID nameoid, mechoid, actual_mech;
-    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
-
-    setprogname(argv[0]);
-
-    cctx = sctx = GSS_C_NO_CONTEXT;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	usage(1);
-
-    if (dns_canon_flag != -1)
-	gsskrb5_set_dns_canonicalize(dns_canon_flag);
-
-    if (type_string == NULL)
-	nameoid = GSS_C_NT_HOSTBASED_SERVICE;
-    else if (strcmp(type_string, "hostbased-service") == 0)
-	nameoid = GSS_C_NT_HOSTBASED_SERVICE;
-    else if (strcmp(type_string, "krb5-principal-name") == 0)
-	nameoid = GSS_KRB5_NT_PRINCIPAL_NAME;
-    else
-	errx(1, "%s not suppported", type_string);
-
-    if (mech_string == NULL)
-	mechoid = GSS_KRB5_MECHANISM;
-    else 
-	mechoid = string_to_oid(mech_string);
-
-    loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
-	 &sctx, &cctx, &actual_mech, &deleg_cred);
-    
-    if (verbose_flag)
-	printf("resulting mech: %s\n", oid_to_string(actual_mech));
-
-    if (ret_mech_string) {
-	gss_OID retoid;
-
-	retoid = string_to_oid(ret_mech_string);
-
-	if (gss_oid_equal(retoid, actual_mech) == 0)
-	    errx(1, "actual_mech mech is not the expected type %s", 
-		 ret_mech_string);
-    }
-
-    /* XXX should be actual_mech */
-    if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { 
-	krb5_context context;
-	time_t time, skew;
-	gss_buffer_desc authz_data;
-	gss_buffer_desc in, out1, out2;
-	krb5_keyblock *keyblock, *keyblock2;
-	krb5_timestamp now;
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx(1, "krb5_init_context");
-
-	ret = krb5_timeofday(context, &now);
-	if (ret) 
-		errx(1, "krb5_timeofday failed");
-	
-	/* client */
-	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
-						     &cctx,
-						     1, /* version */
-						     &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-		errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	
-	
-	maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	
-	/* server */
-	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
-						     &sctx,
-						     1, /* version */
-						     &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
- 	maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
-							     sctx,
-							     &time);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gsskrb5_extract_authtime_from_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	skew = abs(time - now);
-	if (skew > krb5_get_max_time_skew(context)) {
-	    errx(1, "gsskrb5_extract_authtime_from_sec_context failed: "
-		 "time skew too great %llu > %llu", 
-		 (unsigned long long)skew, 
-		 (unsigned long long)krb5_get_max_time_skew(context));
-	}
-
- 	maj_stat = gsskrb5_extract_service_keyblock(&min_stat,
-						    sctx,
-						    &keyblock);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gsskrb5_export_service_keyblock failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	krb5_free_keyblock(context, keyblock);
-
- 	maj_stat = gsskrb5_get_subkey(&min_stat,
-				      sctx,
-				      &keyblock);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_subkey server failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat != GSS_S_COMPLETE)
-	    keyblock = NULL;
-	
- 	maj_stat = gsskrb5_get_subkey(&min_stat,
-				      cctx,
-				      &keyblock2);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_subkey client failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat != GSS_S_COMPLETE)
-	    keyblock2 = NULL;
-
-	if (keyblock || keyblock2) {
-	    if (keyblock == NULL)
-		errx(1, "server missing token keyblock");
-	    if (keyblock2 == NULL)
-		errx(1, "client missing token keyblock");
-
-	    if (keyblock->keytype != keyblock2->keytype)
-		errx(1, "enctype mismatch");
-	    if (keyblock->keyvalue.length != keyblock2->keyvalue.length)
-		errx(1, "key length mismatch");
-	    if (memcmp(keyblock->keyvalue.data, keyblock2->keyvalue.data, 
-		       keyblock2->keyvalue.length) != 0)
-		errx(1, "key data mismatch");
-	}
-
-	if (keyblock)
-	    krb5_free_keyblock(context, keyblock);
-	if (keyblock2)
-	    krb5_free_keyblock(context, keyblock2);
-
- 	maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
-						sctx,
-						&keyblock);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_initiator_subkey failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat == GSS_S_COMPLETE)
-	    krb5_free_keyblock(context, keyblock);
-
- 	maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
-							       sctx,
-							       128,
-							       &authz_data);
-	if (maj_stat == GSS_S_COMPLETE)
-	    gss_release_buffer(&min_stat, &authz_data);
-
-	krb5_free_context(context);
-
-
-	memset(&out1, 0, sizeof(out1));
-	memset(&out2, 0, sizeof(out2));
-
-	in.value = "foo";
-	in.length = 3;
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out1);
-	gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out2);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-	
-	gss_release_buffer(&min_stat, &out1);
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out1);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-
-	gss_release_buffer(&min_stat, &out1);
-	gss_release_buffer(&min_stat, &out2);
-
-	in.value = "bar";
-	in.length = 3;
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_PARTIAL, &in, 
-			  100, &out1);
-	gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_PARTIAL, &in, 
-			  100, &out2);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-
-	gss_release_buffer(&min_stat, &out1);
-	gss_release_buffer(&min_stat, &out2);
-
-	wrapunwrap_flag = 1;
-	getverifymic_flag = 1;
-    }
-
-    if (wrapunwrap_flag) {
-	wrapunwrap(cctx, sctx, actual_mech);
-	wrapunwrap(cctx, sctx, actual_mech);
-	wrapunwrap(sctx, cctx, actual_mech);
-	wrapunwrap(sctx, cctx, actual_mech);
-    }
-    if (getverifymic_flag) {
-	getverifymic(cctx, sctx, actual_mech);
-	getverifymic(cctx, sctx, actual_mech);
-	getverifymic(sctx, cctx, actual_mech);
-	getverifymic(sctx, cctx, actual_mech);
-    }
-
-    gss_delete_sec_context(&min_stat, &cctx, NULL);
-    gss_delete_sec_context(&min_stat, &sctx, NULL);
-
-    if (deleg_cred != GSS_C_NO_CREDENTIAL) {
-
-	loop(mechoid, nameoid, argv[0], deleg_cred, &cctx, &sctx, &actual_mech, NULL);
-
-	gss_delete_sec_context(&min_stat, &cctx, NULL);
-	gss_delete_sec_context(&min_stat, &sctx, NULL);
-
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_cred.c b/crypto/heimdal/lib/gssapi/test_cred.c
deleted file mode 100644
index 5ecc89f..0000000
--- a/crypto/heimdal/lib/gssapi/test_cred.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 2003-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_cred.c 17750 2006-06-30 11:55:28Z lha $");
-
-static void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
-	    gss_release_buffer (&new_stat, &status_string);
-	}
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-static void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    vwarnx (fmt, args);
-    gss_print_errors (status);
-    va_end(args);
-    exit (exitval);
-}
-
-static void
-acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_cred_id_t cred;
-    int i;
-
-    for (i = 0; i < counter; i++) {
-	maj_stat = gss_acquire_cred(&min_stat, name,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    usage,
-				    &cred,
-				    NULL,
-				    NULL);
-	if (maj_stat != GSS_S_COMPLETE)
-	    gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE", 
-		    i, (int)maj_stat);
-				    
-	maj_stat = gss_release_cred(&min_stat, &cred);
-	if (maj_stat != GSS_S_COMPLETE)
-	    gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE", 
-		    i, (int)maj_stat);
-    }
-}
-
-
-static void
-acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_cred_id_t cred, cred2, cred3;
-
-    maj_stat = gss_acquire_cred(&min_stat, name,
-				GSS_C_INDEFINITE,
-				GSS_C_NO_OID_SET,
-				usage,
-				&cred,
-				NULL,
-				NULL);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
-    
-    maj_stat = gss_add_cred(&min_stat,
-			    cred,
-			    GSS_C_NO_NAME,
-			    GSS_KRB5_MECHANISM,
-			    usage,
-			    GSS_C_INDEFINITE,
-			    GSS_C_INDEFINITE,
-			    &cred2,
-			    NULL,
-			    NULL,
-			    NULL);
-			    
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_release_cred(&min_stat, &cred);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_add_cred(&min_stat,
-			    cred2,
-			    GSS_C_NO_NAME,
-			    GSS_KRB5_MECHANISM,
-			    GSS_C_BOTH,
-			    GSS_C_INDEFINITE,
-			    GSS_C_INDEFINITE,
-			    &cred3,
-			    NULL,
-			    NULL,
-			    NULL);
-
-    maj_stat = gss_release_cred(&min_stat, &cred2);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_release_cred(&min_stat, &cred3);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    struct gss_buffer_desc_struct name_buffer;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 1)
-	errx(1, "argc < 1");
-
-    name_buffer.value = argv[0];
-    name_buffer.length = strlen(argv[0]);
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "import name error");
-
-    acquire_release_loop(name, 100, GSS_C_ACCEPT);
-    acquire_release_loop(name, 100, GSS_C_INITIATE);
-    acquire_release_loop(name, 100, GSS_C_BOTH);
-
-    acquire_add_release_add(name, GSS_C_ACCEPT);
-    acquire_add_release_add(name, GSS_C_INITIATE);
-    acquire_add_release_add(name, GSS_C_BOTH);
-
-    gss_release_name(&min_stat, &name);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_kcred.c b/crypto/heimdal/lib/gssapi/test_kcred.c
deleted file mode 100644
index b774b04..0000000
--- a/crypto/heimdal/lib/gssapi/test_kcred.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * Copyright (c) 2003-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <krb5.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_kcred.c 20694 2007-05-30 13:58:46Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static void
-copy_import(void)
-{
-    gss_cred_id_t cred1, cred2;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name1, name2;
-    OM_uint32 lifetime1, lifetime2;
-    gss_cred_usage_t usage1, usage2;
-    gss_OID_set mechs1, mechs2;
-    krb5_ccache id;
-    krb5_error_code ret;
-    krb5_context context;
-    int equal;
-
-    maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
-				GSS_C_NO_OID_SET, GSS_C_INITIATE,
-				&cred1, NULL, NULL);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_acquire_cred");
-
-    maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1,
-				&usage1, &mechs1);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred");
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context");
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_krb5_copy_ccache");
-
-    maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_krb5_import_cred");
-
-    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
-				&usage2, &mechs2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred 2");
-
-    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-	
-    if (lifetime1 != lifetime2)
-	errx(1, "lifetime not equal %lu != %lu",
-	     (unsigned long)lifetime1, (unsigned long)lifetime2);
-
-    if (usage1 != usage2) {
-	/* as long any of them is both are everything it ok */
-	if (usage1 != GSS_C_BOTH && usage2 != GSS_C_BOTH)
-	    errx(1, "usages disjoined");
-    }
-
-    gss_release_name(&min_stat, &name2);
-    gss_release_oid_set(&min_stat, &mechs2);
-
-    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
-				&usage2, &mechs2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred");
-
-    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-	
-    if (lifetime1 != lifetime2)
-	errx(1, "lifetime not equal %lu != %lu",
-	     (unsigned long)lifetime1, (unsigned long)lifetime2);
-
-    gss_release_cred(&min_stat, &cred1);
-    gss_release_cred(&min_stat, &cred2);
-
-    gss_release_name(&min_stat, &name1);
-    gss_release_name(&min_stat, &name2);
-
-#if 0
-    compare(mechs1, mechs2);
-#endif
-
-    gss_release_oid_set(&min_stat, &mechs1);
-    gss_release_oid_set(&min_stat, &mechs2);
-
-    krb5_cc_destroy(context, id);
-    krb5_free_context(context);
-}
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    copy_import();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_names.c b/crypto/heimdal/lib/gssapi/test_names.c
deleted file mode 100644
index abc4769..0000000
--- a/crypto/heimdal/lib/gssapi/test_names.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_names.c 17856 2006-07-20 05:13:25Z lha $");
-
-static void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
-	    gss_release_buffer (&new_stat, &status_string);
-	}
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-static void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    vwarnx (fmt, args);
-    gss_print_errors (status);
-    va_end(args);
-    exit (exitval);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    gss_buffer_desc name_buffer;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name, MNname, MNname2;
-    int optidx = 0;
-    char *str;
-    int len, equal;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    /*
-     * test import/export
-     */
-
-    len = asprintf(&str, "ftp@freeze-arrow.mit.edu");
-    if (len == -1)
-	errx(1, "asprintf");
-
-    name_buffer.value = str;
-    name_buffer.length = len;
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import name error");
-    free(str);
-
-    maj_stat = gss_canonicalize_name (&min_stat,
-				      name,
-				      GSS_KRB5_MECHANISM,
-				      &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "canonicalize name error");
-
-    maj_stat = gss_export_name(&min_stat,
-			       MNname,
-			       &name_buffer);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "export name error (KRB5)");
-
-    /*
-     * Import the exported name and compare
-     */
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_EXPORT_NAME,
-			       &MNname2);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import name error (exported KRB5 name)");
-
-
-    maj_stat = gss_compare_name(&min_stat, MNname, MNname2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-
-    gss_release_name(&min_stat, &MNname2);
-    gss_release_buffer(&min_stat, &name_buffer);
-    gss_release_name(&min_stat, &MNname);
-    gss_release_name(&min_stat, &name);
-
-    /*
-     * Import oid less name and compare to mech name.
-     * Dovecot SASL lib does this.
-     */
-
-    len = asprintf(&str, "lha");
-    if (len == -1)
-	errx(1, "asprintf");
-
-    name_buffer.value = str;
-    name_buffer.length = len;
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NO_OID,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import (no oid) name error");
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_KRB5_NT_USER_NAME,
-			       &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import (krb5 mn) name error");
-
-    free(str);
-
-    maj_stat = gss_compare_name(&min_stat, name, MNname, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-
-    gss_release_name(&min_stat, &MNname);
-    gss_release_name(&min_stat, &name);
-
-#if 0
-    maj_stat = gss_canonicalize_name (&min_stat,
-				      name,
-				      GSS_SPNEGO_MECHANISM,
-				      &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "canonicalize name error");
-
-
-    maj_stat = gss_export_name(&maj_stat,
-			       MNname,
-			       &name_buffer);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "export name error (SPNEGO)");
-
-    gss_release_name(&min_stat, &MNname);
-    gss_release_buffer(&min_stat, &name_buffer);
-#endif
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_ntlm.c b/crypto/heimdal/lib/gssapi/test_ntlm.c
deleted file mode 100644
index 9bd0d1e..0000000
--- a/crypto/heimdal/lib/gssapi/test_ntlm.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- * Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include "test_common.h"
-
-RCSID("$Id: test_ntlm.c 22423 2008-01-13 09:45:03Z lha $");
-
-#include <krb5.h>
-#include <heimntlm.h>
-
-static int
-test_libntlm_v1(int flags)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword";
-    OM_uint32 maj_stat, min_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc input, output;
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    gss_name_t src_name = GSS_C_NO_NAME;
-    
-    memset(&type1, 0, sizeof(type1));
-    memset(&type2, 0, sizeof(type2));
-    memset(&type3, 0, sizeof(type3));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|flags;
-    type1.domain = strdup(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    input.value = data.data;
-    input.length = data.length;
-
-    output.length = 0;
-    output.value = NULL;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(data.data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "accept_sec_context v1: %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    if (output.length == 0)
-	errx(1, "output.length == 0");
-
-    data.data = output.value;
-    data.length = output.length;
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    gss_release_buffer(&min_stat, &output);
-
-    type3.flags = type2.flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = type2.targetname;
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm1(key.data, key.length,
-				  type2.challange,
-				  &type3.ntlm);
-
-	if (flags & NTLM_NEG_KEYEX) {
-	    struct ntlm_buf sessionkey;
-	    heim_ntlm_build_ntlm1_master(key.data, key.length,
-					 &sessionkey,
-				     &type3.sessionkey);
-	    free(sessionkey.data);
-	}
-	free(key.data);
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    input.length = data.length;
-    input.value = data.data;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      &src_name,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(input.value);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "accept_sec_context v1 2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    gss_release_buffer(&min_stat, &output);
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    if (src_name == GSS_C_NO_NAME)
-	errx(1, "no source name!");
-
-    gss_display_name(&min_stat, src_name, &output, NULL);
-
-    printf("src_name: %.*s\n", (int)output.length, (char*)output.value);
-
-    gss_release_name(&min_stat, &src_name);
-    gss_release_buffer(&min_stat, &output);
-
-    return 0;
-}
-
-static int
-test_libntlm_v2(int flags)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword";
-    OM_uint32 maj_stat, min_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc input, output;
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    
-    memset(&type1, 0, sizeof(type1));
-    memset(&type2, 0, sizeof(type2));
-    memset(&type3, 0, sizeof(type3));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_NTLM|flags;
-    type1.domain = strdup(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    input.value = data.data;
-    input.length = data.length;
-
-    output.length = 0;
-    output.value = NULL;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(data.data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "accept_sec_context v2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    if (output.length == 0)
-	errx(1, "output.length == 0");
-
-    data.data = output.value;
-    data.length = output.length;
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    type3.flags = type2.flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = type2.targetname;
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-	unsigned char ntlmv2[16];
-
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm2(key.data, key.length,
-				  user,
-				  type2.targetname,
-				  type2.challange,
-				  &type2.targetinfo,
-				  ntlmv2,
-				  &type3.ntlm);
-	free(key.data);
-
-	if (flags & NTLM_NEG_KEYEX) {
-	    struct ntlm_buf sessionkey;
-	    heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
-					 &sessionkey,
-					 &type3.sessionkey);
-	    free(sessionkey.data);
-	}
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    input.length = data.length;
-    input.value = data.data;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(input.value);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "accept_sec_context v2 2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    return 0;
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0, optind = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    ret += test_libntlm_v1(0);
-    ret += test_libntlm_v1(NTLM_NEG_KEYEX);
-
-    ret += test_libntlm_v2(0);
-    ret += test_libntlm_v2(NTLM_NEG_KEYEX);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_oid.c b/crypto/heimdal/lib/gssapi/test_oid.c
deleted file mode 100644
index 3beb30c..0000000
--- a/crypto/heimdal/lib/gssapi/test_oid.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-
-RCSID("$Id: test_oid.c 20488 2007-04-21 06:29:11Z lha $");
-
-int
-main(int argc, char **argv)
-{
-    OM_uint32 minor_status, maj_stat;
-    gss_buffer_desc data;
-    int ret;
-
-    maj_stat = gss_oid_to_str(&minor_status, GSS_KRB5_MECHANISM, &data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "gss_oid_to_str failed");
-
-    ret = strcmp(data.value, "1 2 840 113554 1 2 2");
-    gss_release_buffer(&maj_stat, &data);
-    if (ret)
-	return 1;
-
-    maj_stat = gss_oid_to_str(&minor_status, GSS_C_NT_EXPORT_NAME, &data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "gss_oid_to_str failed");
-
-    ret = strcmp(data.value, "1 3 6 1 5 6 4");
-    gss_release_buffer(&maj_stat, &data);
-    if (ret)
-	return 1;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c
deleted file mode 100644
index e747c5a..0000000
--- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member,
-            const gss_OID_set set,
-            int * present
-           )
-{
-  size_t i;
-
-  *minor_status = 0;
-  *present = 0;
-  for (i = 0; i < set->count; ++i)
-      if (gss_oid_equal(member, &set->elements[i]) != 0) {
-	  *present = 1;
-	  break;
-      }
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
deleted file mode 100644
index b798438..0000000
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $");
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				  context_handle->auth_context, 
-				  &skey);
-    if(skey == NULL)
-	krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				     context_handle->auth_context, 
-				     &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-unwrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x00\x00", 2) != 0)
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x00\x00", 2) == 0) {
-      cstate = 1;
-  } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
-      cstate = 0;
-  } else
-      return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-      *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 16;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       input_message_buffer->length - len,
-		       schedule,
-		       &zero,
-		       DES_DECRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, input_message_buffer->length - len);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 24,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  u_char seq[8];
-  krb5_data seq_data;
-  u_char cksum[20];
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  krb5_crypto crypto;
-  Checksum csum;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x02\x00", 2) == 0) {
-    cstate = 1;
-  } else if (memcmp (p, "\xff\xff", 2) == 0) {
-    cstate = 0;
-  } else
-    return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-    *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 28;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, input_message_buffer->length - len, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == input_message_buffer->length - len);
-
-      memcpy (p, tmp.data, tmp.length);
-      krb5_data_free(&tmp);
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 28;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  {
-      des_cblock ivec;
-
-      memcpy(&ivec, p + 8, 8);
-      ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       p, 8, &seq_data,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      return GSS_S_BAD_MIC;
-  }
-
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* verify checksum */
-
-  memcpy (cksum, p + 8, 20);
-
-  memcpy (p + 20, p - 8, 8);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = cksum;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      p + 20,
-			      input_message_buffer->length - len + 8,
-			      &csum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 36,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  if (qop_state != NULL)
-      *qop_state = GSS_C_QOP_DEFAULT;
-  ret = gss_krb5_get_remotekey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  *minor_status = 0;
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = unwrap_des (minor_status, context_handle,
-			input_message_buffer, output_message_buffer,
-			conf_state, qop_state, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = unwrap_des3 (minor_status, context_handle,
-			 input_message_buffer, output_message_buffer,
-			 conf_state, qop_state, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_unwrap_arcfour (minor_status, context_handle,
-				    input_message_buffer, output_message_buffer,
-				    conf_state, qop_state, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c
deleted file mode 100644
index 34091ea..0000000
--- a/crypto/heimdal/lib/gssapi/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 gss_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  return gss_get_mic(minor_status,
-	context_handle,
-	(gss_qop_t)qop_req,
-	message_buffer,
-	message_token);
-}
-
-OM_uint32 gss_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-  return gss_verify_mic(minor_status,
-	context_handle,
-	message_buffer,
-	token_buffer,
-	(gss_qop_t *)qop_state);
-}
-
-OM_uint32 gss_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  return gss_wrap(minor_status,
-	context_handle,
-	conf_req_flag,
-	(gss_qop_t)qop_req,
-	input_message_buffer,
-	conf_state,
-	output_message_buffer);
-}
-
-OM_uint32 gss_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-  return gss_unwrap(minor_status,
-	context_handle,
-	input_message_buffer,
-	output_message_buffer,
-	conf_state,
-	(gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
deleted file mode 100644
index aef2d07..0000000
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $");
-
-static OM_uint32
-verify_mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock zero;
-  des_cblock deskey;
-  int32_t seq_number;
-  OM_uint32 ret;
-
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x00\x00", 2) != 0)
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-  p += 16;
-
-  /* verify checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value,
-	     message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0) {
-    memset (deskey, 0, sizeof(deskey));
-    memset (schedule, 0, sizeof(schedule));
-    return GSS_S_BAD_MIC;
-  }
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  OM_uint32 ret;
-  krb5_crypto crypto;
-  krb5_data seq_data;
-  int cmp, docompat;
-  Checksum csum;
-  char *tmp;
-  char ivec[8];
-  
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret){
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* verify sequence number */
-  docompat = 0;
-retry:
-  if (docompat)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			   crypto,
-			   KRB5_KU_USAGE_SEQ,
-			   p, 8, &seq_data, ivec);
-  if (ret) {
-      if (docompat++) {
-	  gssapi_krb5_set_error_string ();
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      } else
-	  goto retry;
-  }
-
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  /* verify checksum */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = p + 8;
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      tmp, message_buffer->length + 8,
-			      &csum);
-  free (tmp);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ret;
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_verify_mic_internal
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    char * type
-	    )
-{
-    krb5_keyblock *key;
-    OM_uint32 ret;
-    krb5_keytype keytype;
-
-    ret = gss_krb5_get_remotekey(context_handle, &key);
-    if (ret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
-	ret = verify_mic_des (minor_status, context_handle,
-			      message_buffer, token_buffer, qop_state, key,
-			      type);
-	break;
-    case KEYTYPE_DES3 :
-	ret = verify_mic_des3 (minor_status, context_handle,
-			       message_buffer, token_buffer, qop_state, key,
-			       type);
-	break;
-    case KEYTYPE_ARCFOUR :
-	ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
-					  message_buffer, token_buffer,
-					  qop_state, key, type);
-	break;
-    default :
-	*minor_status = KRB5_PROG_ETYPE_NOSUPP;
-	ret = GSS_S_FAILURE;
-	break;
-    }
-    krb5_free_keyblock (gssapi_krb5_context, key);
-    
-    return ret;
-}
-
-OM_uint32
-gss_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    OM_uint32 ret;
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle, 
-				  message_buffer, token_buffer,
-				  qop_state, "\x01\x01");
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/version-script.map b/crypto/heimdal/lib/gssapi/version-script.map
deleted file mode 100644
index 43ea73f..0000000
--- a/crypto/heimdal/lib/gssapi/version-script.map
+++ /dev/null
@@ -1,97 +0,0 @@
-# $Id: version-script.map 20493 2007-04-21 07:56:20Z lha $
-
-HEIMDAL_GSS_1.0 {
-	global:
-		GSS_KRB5_MECHANISM;
-		GSS_NTLM_MECHANISM;
-		GSS_SPNEGO_MECHANISM;
-		GSS_SASL_DIGEST_MD5_MECHANISM;
-		GSS_C_NT_ANONYMOUS;
-		GSS_C_NT_EXPORT_NAME;
-		GSS_C_NT_HOSTBASED_SERVICE;
-		GSS_C_NT_HOSTBASED_SERVICE_X;
-		GSS_C_NT_MACHINE_UID_NAME;
-		GSS_C_NT_STRING_UID_NAME;
-		GSS_C_NT_USER_NAME;
-		GSS_KRB5_NT_PRINCIPAL_NAME;
-		GSS_KRB5_NT_USER_NAME;
-		GSS_KRB5_NT_MACHINE_UID_NAME;
-		GSS_KRB5_NT_STRING_UID_NAME;
-		gss_acquire_cred;
-		gss_release_cred;
-		gss_init_sec_context;
-		gss_accept_sec_context;
-		gss_process_context_token;
-		gss_delete_sec_context;
-		gss_context_time;
-		gss_get_mic;
-		gss_verify_mic;
-		gss_wrap;
-		gss_unwrap;
-		gss_display_status;
-		gss_indicate_mechs;
-		gss_compare_name;
-		gss_display_name;
-		gss_import_name;
-		gss_export_name;
-		gss_release_name;
-		gss_release_buffer;
-		gss_release_oid_set;
-		gss_inquire_cred;
-		gss_inquire_context;
-		gss_wrap_size_limit;
-		gss_add_cred;
-		gss_inquire_cred_by_mech;
-		gss_export_sec_context;
-		gss_import_sec_context;
-		gss_create_empty_oid_set;
-		gss_add_oid_set_member;
-		gss_test_oid_set_member;
-		gss_inquire_names_for_mech;
-		gss_inquire_mechs_for_name;
-		gss_canonicalize_name;
-		gss_duplicate_name;
-		gss_duplicate_oid;
-		gss_release_oid;
-		gss_oid_to_str;
-		gss_inquire_sec_context_by_oid;
-		gss_set_sec_context_option;
-		gss_set_cred_option;
-		gss_oid_equal;
-		gss_create_empty_buffer_set;
-		gss_add_buffer_set_member;
-		gss_release_buffer_set;
-		gss_inquire_cred_by_oid;
-		gss_pseudo_random;
-		gss_sign;
-		gss_verify;
-		gss_seal;
-		gss_unseal;
-		gss_inquire_sec_context_by_oid;
-		gss_encapsulate_token;
-		gss_decapsulate_token;
-		gss_krb5_ccache_name;
-		gsskrb5_register_acceptor_identity;
-		gss_krb5_copy_ccache;
-		gss_krb5_import_cred;
-		gss_krb5_get_tkt_flags;
-		gsskrb5_extract_authz_data_from_sec_context;
-		gsskrb5_set_dns_canonicalize;
-		gsskrb5_set_send_to_kdc;
-		gsskrb5_set_default_realm;
-		gsskrb5_extract_authtime_from_sec_context;
-		gsskrb5_extract_service_keyblock;
-		gsskrb5_get_initiator_subkey;
-		gsskrb5_get_subkey;
-		gss_krb5_export_lucid_sec_context;
-		gss_krb5_free_lucid_sec_context;
-		gss_krb5_set_allowable_enctypes;
-
-		# _gsskrb5cfx_ are really internal symbols, but export
-		# then now to make testing easier.
-		_gsskrb5cfx_max_wrap_length_cfx;
-		_gsskrb5cfx_wrap_length_cfx;
-
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
deleted file mode 100644
index a0f9d2f..0000000
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				 context_handle->auth_context, 
-				 &skey);
-    if(skey == NULL)
-	krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				      context_handle->auth_context, 
-				      &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_S_FAILURE;
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size,
-	    int blocksize,
-	    int extrasize
-           )
-{
-  size_t len, total_len, padlength;
-  padlength = blocksize - (req_output_size % blocksize);
-  len = req_output_size + 8 + padlength + extrasize;
-  gssapi_krb5_encap_length(len, &len, &total_len);
-  *max_input_size = (OM_uint32)total_len;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-  case KEYTYPE_ARCFOUR:
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
-      break;
-  case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  *minor_status = 0;
-  return ret;
-}
-
-static OM_uint32
-wrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 22;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x00\x00", 2);
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x00\x00", 2);
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* fill in later */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* confounder + data + pad */
-  krb5_generate_random_block(p, 8);
-  memcpy (p + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, datalen);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 16;
-
-  if(conf_req_flag) {
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       datalen,
-		       schedule,
-		       &zero,
-		       DES_ENCRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-  u_int32_t ret;
-  krb5_crypto crypto;
-  Checksum cksum;
-  krb5_data encdata;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 34;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x04\x00", 2);	/* HMAC SHA1 DES3-KD */
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x02\x00", 2); /* DES3-KD */
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* calculate checksum (the above + confounder + data + pad) */
-
-  memcpy (p + 20, p - 8, 8);
-  krb5_generate_random_block(p + 28, 8);
-  memcpy (p + 28 + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_create_checksum (gssapi_krb5_context,
-			      crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      0,
-			      p + 20,
-			      datalen + 8,
-			      &cksum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* zero out SND_SEQ + SGN_CKSUM in case */
-  memset (p, 0, 28);
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-  free_Checksum (&cksum);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
-			 &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  {
-      des_cblock ivec;
-
-      memcpy (&ivec, p + 8, 8);
-      ret = krb5_encrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       seq, 8, &encdata,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 28;
-
-  if(conf_req_flag) {
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, datalen, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == datalen);
-
-      memcpy (p, tmp.data, datalen);
-      krb5_data_free(&tmp);
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = wrap_des (minor_status, context_handle, conf_req_flag,
-		      qop_req, input_message_buffer, conf_state,
-		      output_message_buffer, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
-		       qop_req, input_message_buffer, conf_state,
-		       output_message_buffer, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
-				  qop_req, input_message_buffer, conf_state,
-				  output_message_buffer, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am
deleted file mode 100644
index f66cd06..0000000
--- a/crypto/heimdal/lib/hdb/Makefile.am
+++ /dev/null
@@ -1,115 +0,0 @@
-# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_hcrypto)
-
-BUILT_SOURCES = \
-	$(gen_files_hdb:.x=.c)	\
-	hdb_err.c \
-	hdb_err.h
-
-gen_files_hdb = \
-	asn1_Salt.x \
-	asn1_Key.x \
-	asn1_Event.x \
-	asn1_HDBFlags.x \
-	asn1_GENERATION.x \
-	asn1_HDB_Ext_PKINIT_acl.x \
-	asn1_HDB_Ext_PKINIT_hash.x \
-	asn1_HDB_Ext_Constrained_delegation_acl.x \
-	asn1_HDB_Ext_Lan_Manager_OWF.x \
-	asn1_HDB_Ext_Password.x \
-	asn1_HDB_Ext_Aliases.x \
-	asn1_HDB_extension.x \
-	asn1_HDB_extensions.x \
-	asn1_hdb_entry.x \
-	asn1_hdb_entry_alias.x
-
-CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
-
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_ldopen)
-
-if OPENLDAP_MODULE
-
-ldap_so = hdb_ldap.la
-hdb_ldap_la_SOURCES = hdb-ldap.c
-hdb_ldap_la_LDFLAGS = -module
-
-else
-
-ldap = hdb-ldap.c
-
-endif
-
-
-lib_LTLIBRARIES = libhdb.la $(ldap_so)
-libhdb_la_LDFLAGS = -version-info 11:0:2
-
-noinst_PROGRAMS = test_dbinfo
-
-dist_libhdb_la_SOURCES =			\
-	common.c				\
-	db.c					\
-	db3.c					\
-	ext.c					\
-	$(ldap)					\
-	hdb.c					\
-	hdb_locl.h				\
-	hdb-private.h				\
-	keys.c					\
-	keytab.c				\
-	dbinfo.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c
-
-nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
-
-AM_CPPFLAGS += $(INCLUDE_openldap)
-
-include_HEADERS = hdb.h hdb-protos.h
-nodist_include_HEADERS =  hdb_err.h hdb_asn1.h
-
-libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
-
-libhdb_la_LIBADD = \
-	$(LIB_com_err) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_openldap) \
-	$(LIB_dlopen) \
-	$(DBLIB) \
-	$(LIB_NDBM)
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
-
-hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-test_dbinfo_SOURCES = test_dbinfo.c
-
-test_dbinfo_LIBS = libhdb.la
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-
-EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in
deleted file mode 100644
index cb0f916..0000000
--- a/crypto/heimdal/lib/hdb/Makefile.in
+++ /dev/null
@@ -1,1060 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-noinst_PROGRAMS = test_dbinfo$(EXEEXT)
-subdir = lib/hdb
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-hdb_ldap_la_LIBADD =
-am__hdb_ldap_la_SOURCES_DIST = hdb-ldap.c
-@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_OBJECTS = hdb-ldap.lo
-hdb_ldap_la_OBJECTS = $(am_hdb_ldap_la_OBJECTS)
-hdb_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(hdb_ldap_la_LDFLAGS) $(LDFLAGS) -o $@
-@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_rpath = -rpath $(libdir)
-am__DEPENDENCIES_1 =
-libhdb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
-	../asn1/libasn1.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am__dist_libhdb_la_SOURCES_DIST = common.c db.c db3.c ext.c hdb-ldap.c \
-	hdb.c hdb_locl.h hdb-private.h keys.c keytab.c dbinfo.c mkey.c \
-	ndbm.c print.c
-@OPENLDAP_MODULE_FALSE@am__objects_1 = libhdb_la-hdb-ldap.lo
-dist_libhdb_la_OBJECTS = libhdb_la-common.lo libhdb_la-db.lo \
-	libhdb_la-db3.lo libhdb_la-ext.lo $(am__objects_1) \
-	libhdb_la-hdb.lo libhdb_la-keys.lo libhdb_la-keytab.lo \
-	libhdb_la-dbinfo.lo libhdb_la-mkey.lo libhdb_la-ndbm.lo \
-	libhdb_la-print.lo
-am__objects_2 = libhdb_la-asn1_Salt.lo libhdb_la-asn1_Key.lo \
-	libhdb_la-asn1_Event.lo libhdb_la-asn1_HDBFlags.lo \
-	libhdb_la-asn1_GENERATION.lo \
-	libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo \
-	libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo \
-	libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo \
-	libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo \
-	libhdb_la-asn1_HDB_Ext_Password.lo \
-	libhdb_la-asn1_HDB_Ext_Aliases.lo \
-	libhdb_la-asn1_HDB_extension.lo \
-	libhdb_la-asn1_HDB_extensions.lo libhdb_la-asn1_hdb_entry.lo \
-	libhdb_la-asn1_hdb_entry_alias.lo
-am__objects_3 = $(am__objects_2) libhdb_la-hdb_err.lo
-nodist_libhdb_la_OBJECTS = $(am__objects_3)
-libhdb_la_OBJECTS = $(dist_libhdb_la_OBJECTS) \
-	$(nodist_libhdb_la_OBJECTS)
-libhdb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libhdb_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS)
-am_test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT)
-test_dbinfo_OBJECTS = $(am_test_dbinfo_OBJECTS)
-test_dbinfo_LDADD = $(LDADD)
-test_dbinfo_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \
-	../krb5/libkrb5.la ../asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(hdb_ldap_la_SOURCES) $(dist_libhdb_la_SOURCES) \
-	$(nodist_libhdb_la_SOURCES) $(test_dbinfo_SOURCES)
-DIST_SOURCES = $(am__hdb_ldap_la_SOURCES_DIST) \
-	$(am__dist_libhdb_la_SOURCES_DIST) $(test_dbinfo_SOURCES)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \
-	-I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-BUILT_SOURCES = \
-	$(gen_files_hdb:.x=.c)	\
-	hdb_err.c \
-	hdb_err.h
-
-gen_files_hdb = \
-	asn1_Salt.x \
-	asn1_Key.x \
-	asn1_Event.x \
-	asn1_HDBFlags.x \
-	asn1_GENERATION.x \
-	asn1_HDB_Ext_PKINIT_acl.x \
-	asn1_HDB_Ext_PKINIT_hash.x \
-	asn1_HDB_Ext_Constrained_delegation_acl.x \
-	asn1_HDB_Ext_Lan_Manager_OWF.x \
-	asn1_HDB_Ext_Password.x \
-	asn1_HDB_Ext_Aliases.x \
-	asn1_HDB_extension.x \
-	asn1_HDB_extensions.x \
-	asn1_hdb_entry.x \
-	asn1_hdb_entry_alias.x
-
-CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_ldopen)
-
-@OPENLDAP_MODULE_TRUE@ldap_so = hdb_ldap.la
-@OPENLDAP_MODULE_TRUE@hdb_ldap_la_SOURCES = hdb-ldap.c
-@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module
-@OPENLDAP_MODULE_FALSE@ldap = hdb-ldap.c
-lib_LTLIBRARIES = libhdb.la $(ldap_so)
-libhdb_la_LDFLAGS = -version-info 11:0:2
-dist_libhdb_la_SOURCES = \
-	common.c				\
-	db.c					\
-	db3.c					\
-	ext.c					\
-	$(ldap)					\
-	hdb.c					\
-	hdb_locl.h				\
-	hdb-private.h				\
-	keys.c					\
-	keytab.c				\
-	dbinfo.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c
-
-nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
-include_HEADERS = hdb.h hdb-protos.h
-nodist_include_HEADERS = hdb_err.h hdb_asn1.h
-libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
-libhdb_la_LIBADD = \
-	$(LIB_com_err) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_openldap) \
-	$(LIB_dlopen) \
-	$(DBLIB) \
-	$(LIB_NDBM)
-
-test_dbinfo_SOURCES = test_dbinfo.c
-test_dbinfo_LIBS = libhdb.la
-EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/hdb/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/hdb/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-hdb_ldap.la: $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_DEPENDENCIES) 
-	$(hdb_ldap_la_LINK) $(am_hdb_ldap_la_rpath) $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_LIBADD) $(LIBS)
-libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) 
-	$(libhdb_la_LINK) -rpath $(libdir) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-test_dbinfo$(EXEEXT): $(test_dbinfo_OBJECTS) $(test_dbinfo_DEPENDENCIES) 
-	@rm -f test_dbinfo$(EXEEXT)
-	$(LINK) $(test_dbinfo_OBJECTS) $(test_dbinfo_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libhdb_la-common.lo: common.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-common.lo `test -f 'common.c' || echo '$(srcdir)/'`common.c
-
-libhdb_la-db.lo: db.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
-
-libhdb_la-db3.lo: db3.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db3.lo `test -f 'db3.c' || echo '$(srcdir)/'`db3.c
-
-libhdb_la-ext.lo: ext.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ext.lo `test -f 'ext.c' || echo '$(srcdir)/'`ext.c
-
-libhdb_la-hdb-ldap.lo: hdb-ldap.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb-ldap.lo `test -f 'hdb-ldap.c' || echo '$(srcdir)/'`hdb-ldap.c
-
-libhdb_la-hdb.lo: hdb.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb.lo `test -f 'hdb.c' || echo '$(srcdir)/'`hdb.c
-
-libhdb_la-keys.lo: keys.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keys.lo `test -f 'keys.c' || echo '$(srcdir)/'`keys.c
-
-libhdb_la-keytab.lo: keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
-
-libhdb_la-dbinfo.lo: dbinfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-dbinfo.lo `test -f 'dbinfo.c' || echo '$(srcdir)/'`dbinfo.c
-
-libhdb_la-mkey.lo: mkey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-mkey.lo `test -f 'mkey.c' || echo '$(srcdir)/'`mkey.c
-
-libhdb_la-ndbm.lo: ndbm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ndbm.lo `test -f 'ndbm.c' || echo '$(srcdir)/'`ndbm.c
-
-libhdb_la-print.lo: print.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
-
-libhdb_la-asn1_Salt.lo: asn1_Salt.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Salt.lo `test -f 'asn1_Salt.c' || echo '$(srcdir)/'`asn1_Salt.c
-
-libhdb_la-asn1_Key.lo: asn1_Key.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Key.lo `test -f 'asn1_Key.c' || echo '$(srcdir)/'`asn1_Key.c
-
-libhdb_la-asn1_Event.lo: asn1_Event.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Event.lo `test -f 'asn1_Event.c' || echo '$(srcdir)/'`asn1_Event.c
-
-libhdb_la-asn1_HDBFlags.lo: asn1_HDBFlags.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDBFlags.lo `test -f 'asn1_HDBFlags.c' || echo '$(srcdir)/'`asn1_HDBFlags.c
-
-libhdb_la-asn1_GENERATION.lo: asn1_GENERATION.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_GENERATION.lo `test -f 'asn1_GENERATION.c' || echo '$(srcdir)/'`asn1_GENERATION.c
-
-libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo: asn1_HDB_Ext_PKINIT_acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo `test -f 'asn1_HDB_Ext_PKINIT_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_acl.c
-
-libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo: asn1_HDB_Ext_PKINIT_hash.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo `test -f 'asn1_HDB_Ext_PKINIT_hash.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_hash.c
-
-libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo: asn1_HDB_Ext_Constrained_delegation_acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo `test -f 'asn1_HDB_Ext_Constrained_delegation_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Constrained_delegation_acl.c
-
-libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo: asn1_HDB_Ext_Lan_Manager_OWF.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo `test -f 'asn1_HDB_Ext_Lan_Manager_OWF.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Lan_Manager_OWF.c
-
-libhdb_la-asn1_HDB_Ext_Password.lo: asn1_HDB_Ext_Password.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Password.lo `test -f 'asn1_HDB_Ext_Password.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Password.c
-
-libhdb_la-asn1_HDB_Ext_Aliases.lo: asn1_HDB_Ext_Aliases.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Aliases.lo `test -f 'asn1_HDB_Ext_Aliases.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Aliases.c
-
-libhdb_la-asn1_HDB_extension.lo: asn1_HDB_extension.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extension.lo `test -f 'asn1_HDB_extension.c' || echo '$(srcdir)/'`asn1_HDB_extension.c
-
-libhdb_la-asn1_HDB_extensions.lo: asn1_HDB_extensions.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extensions.lo `test -f 'asn1_HDB_extensions.c' || echo '$(srcdir)/'`asn1_HDB_extensions.c
-
-libhdb_la-asn1_hdb_entry.lo: asn1_hdb_entry.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry.lo `test -f 'asn1_hdb_entry.c' || echo '$(srcdir)/'`asn1_hdb_entry.c
-
-libhdb_la-asn1_hdb_entry_alias.lo: asn1_hdb_entry_alias.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry_alias.lo `test -f 'asn1_hdb_entry_alias.c' || echo '$(srcdir)/'`asn1_hdb_entry_alias.c
-
-libhdb_la-hdb_err.lo: hdb_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb_err.lo `test -f 'hdb_err.c' || echo '$(srcdir)/'`hdb_err.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
-
-hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c
deleted file mode 100644
index 680b666..0000000
--- a/crypto/heimdal/lib/hdb/common.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: common.c 20236 2007-02-16 23:52:29Z lha $");
-
-int
-hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
-{
-    Principal new;
-    size_t len;
-    int ret;
-
-    ret = copy_Principal(p, &new);
-    if(ret) 
-	return ret;
-    new.name.name_type = 0;
-
-    ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
-    if (ret == 0 && key->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    free_Principal(&new);
-    return ret;
-}
-
-int
-hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
-{
-    return decode_Principal(key->data, key->length, p, NULL);
-}
-
-int
-hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
-{
-    size_t len;
-    int ret;
-    
-    ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
-    if (ret == 0 && value->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    return ret;
-}
-
-int
-hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
-{
-    return decode_hdb_entry(value->data, value->length, ent, NULL);
-}
-
-int
-hdb_entry_alias2value(krb5_context context, 
-		      const hdb_entry_alias *alias,
-		      krb5_data *value)
-{
-    size_t len;
-    int ret;
-    
-    ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length, 
-		       alias, &len, ret);
-    if (ret == 0 && value->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    return ret;
-}
-
-int
-hdb_value2entry_alias(krb5_context context, krb5_data *value, 
-		      hdb_entry_alias *ent)
-{
-    return decode_hdb_entry_alias(value->data, value->length, ent, NULL);
-}
-
-krb5_error_code
-_hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal,
-	   unsigned flags, hdb_entry_ex *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    hdb_principal2key(context, principal, &key);
-    code = db->hdb__get(context, db, key, &value);
-    krb5_data_free(&key);
-    if(code)
-	return code;
-    code = hdb_value2entry(context, &value, &entry->entry);
-    if (code == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) {
-	krb5_data_free(&value);
-	return HDB_ERR_NOENTRY;
-    } else if (code == ASN1_BAD_ID) {
-	hdb_entry_alias alias;
-
-	code = hdb_value2entry_alias(context, &value, &alias);
-	if (code) {
-	    krb5_data_free(&value);
-	    return code;
-	}
-	hdb_principal2key(context, alias.principal, &key);
-	krb5_data_free(&value);
-	free_hdb_entry_alias(&alias);
-
-	code = db->hdb__get(context, db, key, &value);
-	krb5_data_free(&key);
-	if (code)
-	    return code;
-	code = hdb_value2entry(context, &value, &entry->entry);
-	if (code) {
-	    krb5_data_free(&value);
-	    return code;
-	}
-    }
-    krb5_data_free(&value);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry(context, entry);
-    }
-    return code;
-}
-
-static krb5_error_code
-hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
-{
-    const HDB_Ext_Aliases *aliases;
-    krb5_error_code code;
-    hdb_entry oldentry;
-    krb5_data value;
-    int i;
-
-    code = db->hdb__get(context, db, *key, &value);
-    if (code == HDB_ERR_NOENTRY)
-	return 0;
-    else if (code)
-	return code;
-	    
-    code = hdb_value2entry(context, &value, &oldentry);
-    krb5_data_free(&value);
-    if (code)
-	return code;
-
-    code = hdb_entry_get_aliases(&oldentry, &aliases);
-    if (code || aliases == NULL) {
-	free_hdb_entry(&oldentry);
-	return code;
-    }
-    for (i = 0; i < aliases->aliases.len; i++) {
-	krb5_data akey;
-
-	hdb_principal2key(context, &aliases->aliases.val[i], &akey);
-	code = db->hdb__del(context, db, akey);
-	krb5_data_free(&akey);
-	if (code) {
-	    free_hdb_entry(&oldentry);
-	    return code;
-	}
-    }
-    free_hdb_entry(&oldentry);
-    return 0;
-}
-
-static krb5_error_code
-hdb_add_aliases(krb5_context context, HDB *db, 
-		unsigned flags, hdb_entry_ex *entry)
-{
-    const HDB_Ext_Aliases *aliases;
-    krb5_error_code code;
-    krb5_data key, value;
-    int i;
-    
-    code = hdb_entry_get_aliases(&entry->entry, &aliases);
-    if (code || aliases == NULL)
-	return code;
-    
-    for (i = 0; i < aliases->aliases.len; i++) {
-	hdb_entry_alias entryalias;
-	entryalias.principal = entry->entry.principal;
-	
-	hdb_principal2key(context, &aliases->aliases.val[i], &key);
-	code = hdb_entry_alias2value(context, &entryalias, &value);
-	if (code) {
-	    krb5_data_free(&key);
-	    return code;
-	}
-	code = db->hdb__put(context, db, flags, key, value);
-	krb5_data_free(&key);
-	krb5_data_free(&value);
-	if (code)
-	    return code;
-    }
-    return 0;
-}
-
-krb5_error_code
-_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    if(entry->entry.generation == NULL) {
-	struct timeval t;
-	entry->entry.generation = malloc(sizeof(*entry->entry.generation));
-	if(entry->entry.generation == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	gettimeofday(&t, NULL);
-	entry->entry.generation->time = t.tv_sec;
-	entry->entry.generation->usec = t.tv_usec;
-	entry->entry.generation->gen = 0;
-    } else
-	entry->entry.generation->gen++;
-    hdb_principal2key(context, entry->entry.principal, &key);
-    code = hdb_seal_keys(context, db, &entry->entry);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-
-    /* remove aliases */
-    code = hdb_remove_aliases(context, db, &key);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-    hdb_entry2value(context, &entry->entry, &value);
-    code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
-    krb5_data_free(&value);
-    krb5_data_free(&key);
-    if (code)
-	return code;
-
-    code = hdb_add_aliases(context, db, flags, entry);
-
-    return code;
-}
-
-krb5_error_code
-_hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
-{
-    krb5_data key;
-    int code;
-
-    hdb_principal2key(context, principal, &key);
-
-    code = hdb_remove_aliases(context, db, &key);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-    code = db->hdb__del(context, db, key);
-    krb5_data_free(&key);
-    return code;
-}
-
diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c
deleted file mode 100644
index 0b300a5..0000000
--- a/crypto/heimdal/lib/hdb/convert_db.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* Converts a database from version 0.0* to 0.1. This is done by
- * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
- * DES-CBC-MD5).
- *
- * Use with care. 
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
-
-static krb5_error_code
-update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    int i;
-    int n = 0;
-    Key *k;
-    int save_len;
-    Key *save_val;
-    HDB *new = data;
-    krb5_error_code ret;
-
-    for(i = 0; i < entry->keys.len; i++) 
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
-	    n += 2;
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
-	    n += 1;
-    k = malloc(sizeof(*k) * (entry->keys.len + n));
-    n = 0;
-    for(i = 0; i < entry->keys.len; i++) {
-	copy_Key(&entry->keys.val[i], &k[n]);
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
-	    copy_Key(&entry->keys.val[i], &k[n+2]);
-	    k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
-	    n += 2;
-	}
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
-	    n += 1;
-	}
-	n++;
-    }
-    save_len = entry->keys.len;
-    save_val = entry->keys.val;
-    entry->keys.len = n;
-    entry->keys.val = k;
-    ret = new->store(context, new, HDB_F_REPLACE, entry);
-    entry->keys.len = save_len;
-    entry->keys.val = save_val;
-    for(i = 0; i < n; i++) 
-	free_Key(&k[i]);
-    free(k);
-    return 0;
-}
-
-static krb5_error_code
-update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    HDB *new = data;
-    if(!db->master_key_set) {
-	int i;
-	for(i = 0; i < entry->keys.len; i++) {
-	    free(entry->keys.val[i].mkvno);
-	    entry->keys.val[i].mkvno = NULL;
-	}
-    }
-    new->store(context, new, HDB_F_REPLACE, entry);
-    return 0;
-}
-
-char *old_database = HDB_DEFAULT_DB;
-char *new_database = HDB_DEFAULT_DB ".new";
-char *mkeyfile;
-int update_version;
-int help_flag;
-int version_flag;
-
-struct getargs args[] = {
-    { "old-database",	0,	arg_string, &old_database,
-      "name of database to convert", "file" },
-    { "new-database",	0,	arg_string, &new_database,
-      "name of converted database", "file" },
-    { "master-key",	0,	arg_string, &mkeyfile, 
-      "v5 master key file", "file" },
-    { "update-version", 0, 	arg_flag, &update_version,
-      "update the database to the current version" },
-    { "help",		'h',	arg_flag,   &help_flag },
-    { "version",	0,	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    HDB *db, *new;
-    int optind = 0;
-    int master_key_set = 0;
-    
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	krb5_std_usage(1, args, num_args);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if(ret != 0)
-	errx(1, "krb5_init_context failed: %d", ret);
-    
-    ret = hdb_create(context, &db, old_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-
-    ret = hdb_set_master_keyfile(context, db, mkeyfile);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    master_key_set = 1;
-    ret = hdb_create(context, &new, new_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-    if (master_key_set) {
-	ret = hdb_set_master_keyfile(context, new, mkeyfile);
-	if (ret)
-	    krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    }
-    ret = db->open(context, db, O_RDONLY, 0);
-    if(ret == HDB_ERR_BADVERSION) {
-	krb5_data tag;
-	krb5_data version;
-	int foo;
-	unsigned ver;
-	tag.data = HDB_DB_FORMAT_ENTRY;
-	tag.length = strlen(tag.data);
-	ret = (*db->_get)(context, db, tag, &version);
-	if(ret)
-	    krb5_errx(context, 1, "database is wrong version, "
-		      "but couldn't find version key (%s)", 
-		      HDB_DB_FORMAT_ENTRY);
-	foo = sscanf(version.data, "%u", &ver);
-	krb5_data_free (&version);
-	if(foo != 1)
-	    krb5_errx(context, 1, "database version is not a number");
-	if(ver == 1 && HDB_DB_FORMAT == 2) {
-	    krb5_warnx(context, "will upgrade database from version %d to %d", 
-		       ver, HDB_DB_FORMAT);
-	    krb5_warnx(context, "rerun to do other conversions");
-	    update_version = 1;
-	} else
-	    krb5_errx(context, 1, 
-		      "don't know how to upgrade from version %d to %d", 
-		      ver, HDB_DB_FORMAT);
-    } else if(ret)
-	krb5_err(context, 1, ret, "%s", old_database);
-    ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", new_database);
-    if(update_version)
-	ret = hdb_foreach(context, db, 0, update_version2, new);
-    else
-	ret = hdb_foreach(context, db, 0, update_keytypes, new);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_foreach");
-    db->close(context, db);
-    new->close(context, new);
-    krb5_warnx(context, "wrote converted database to `%s'", new_database);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/db.c b/crypto/heimdal/lib/hdb/db.c
deleted file mode 100644
index 870f043..0000000
--- a/crypto/heimdal/lib/hdb/db.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $");
-
-#if HAVE_DB1
-
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    (*d->close)(d);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd = (*d->fd)(d);
-    if(fd < 0) {
-	krb5_set_error_string(context,
-			      "Can't lock database: %s", db->hdb_name);
-	return HDB_ERR_CANT_LOCK_DB;
-    }
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd = (*d->fd)(d);
-    if(fd < 0) {
-	krb5_set_error_string(context, 
-			      "Can't unlock database: %s", db->hdb_name);
-	return HDB_ERR_CANT_LOCK_DB;
-    }
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry_ex *entry, int flag)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT key, value;
-    krb5_data key_data, data;
-    int code;
-
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code == -1) {
-	krb5_set_error_string(context, "Database %s in use", db->hdb_name);
-	return HDB_ERR_DB_INUSE;
-    }
-    code = (*d->seq)(d, &key, &value, flag);
-    db->hdb_unlock(context, db); /* XXX check value */
-    if(code == -1) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s seq error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_NOENTRY;
-    }
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    memset(entry, 0, sizeof(*entry));
-    if (hdb_value2entry(context, &data, &entry->entry))
-	return DB_seq(context, db, flags, entry, R_NEXT);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (code == 0 && entry->entry.principal == NULL) {
-	entry->entry.principal = malloc(sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    code = ENOMEM;
-	    hdb_free_entry (context, entry);
-	} else {
-	    hdb_key2principal(context, &key_data, entry->entry.principal);
-	}
-    }
-    return code;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, R_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, R_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->hdb_name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    code = (*d->get)(d, &k, &v, 0);
-    db->hdb_unlock(context, db);
-    if(code < 0) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s get error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_NOENTRY;
-    }
-    
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    v.data = value.data;
-    v.size = value.length;
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
-    db->hdb_unlock(context, db);
-    if(code < 0) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s put error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_EXISTS;
-    }
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k;
-    krb5_error_code code;
-    k.data = key.data;
-    k.size = key.length;
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->del)(d, &k, 0);
-    db->hdb_unlock(context, db);
-    if(code == 1) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s put error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    char *fn;
-    krb5_error_code ret;
-
-    asprintf(&fn, "%s.db", db->hdb_name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-    free(fn);
-    /* try to open without .db extension */
-    if(db->hdb_db == NULL && errno == ENOENT)
-	db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL);
-    if(db->hdb_db == NULL) {
-	ret = errno;
-	krb5_set_error_string(context, "dbopen (%s): %s",
-			      db->hdb_name, strerror(ret));
-	return ret;
-    }
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY) {
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    if (ret) {
-	DB_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = DB_open;
-    (*db)->hdb_close = DB_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = DB_firstkey;
-    (*db)->hdb_nextkey= DB_nextkey;
-    (*db)->hdb_lock = DB_lock;
-    (*db)->hdb_unlock = DB_unlock;
-    (*db)->hdb_rename = DB_rename;
-    (*db)->hdb__get = DB__get;
-    (*db)->hdb__put = DB__put;
-    (*db)->hdb__del = DB__del;
-    (*db)->hdb_destroy = DB_destroy;
-    return 0;
-}
-
-#endif /* HAVE_DB1 */
diff --git a/crypto/heimdal/lib/hdb/db3.c b/crypto/heimdal/lib/hdb/db3.c
deleted file mode 100644
index 45ccbef..0000000
--- a/crypto/heimdal/lib/hdb/db3.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db3.c 21610 2007-07-17 07:10:45Z lha $");
-
-#if HAVE_DB3
-
-#ifdef HAVE_DB4_DB_H
-#include <db4/db.h>
-#elif defined(HAVE_DB3_DB_H)
-#include <db3/db.h>
-#else
-#include <db.h>
-#endif
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBC *dbcp = (DBC*)db->hdb_dbc;
-
-    (*dbcp->c_close)(dbcp);
-    db->hdb_dbc = 0;
-    (*d->close)(d, 0);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry_ex *entry, int flag)
-{
-    DBT key, value;
-    DBC *dbcp = db->hdb_dbc;
-    krb5_data key_data, data;
-    int code;
-
-    memset(&key, 0, sizeof(DBT));
-    memset(&value, 0, sizeof(DBT));
-    if ((*db->hdb_lock)(context, db, HDB_RLOCK))
-	return HDB_ERR_DB_INUSE;
-    code = (*dbcp->c_get)(dbcp, &key, &value, flag);
-    (*db->hdb_unlock)(context, db); /* XXX check value */
-    if (code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if (code)
-	return code;
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    memset(entry, 0, sizeof(*entry));
-    if (hdb_value2entry(context, &data, &entry->entry))
-	return DB_seq(context, db, flags, entry, DB_NEXT);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (entry->entry.principal == NULL) {
-	entry->entry.principal = malloc(sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	} else {
-	    hdb_key2principal(context, &key_data, entry->entry.principal);
-	}
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->hdb_name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    if ((code = (*db->hdb_lock)(context, db, HDB_RLOCK)))
-	return code;
-    code = (*d->get)(d, NULL, &k, &v, 0);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    v.data = value.data;
-    v.size = value.length;
-    v.flags = 0;
-    if ((code = (*db->hdb_lock)(context, db, HDB_WLOCK)))
-	return code;
-    code = (*d->put)(d, NULL, &k, &v, replace ? 0 : DB_NOOVERWRITE);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_KEYEXIST)
-	return HDB_ERR_EXISTS;
-    if(code)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k;
-    krb5_error_code code;
-    memset(&k, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    code = (*db->hdb_lock)(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->del)(d, NULL, &k, 0);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    DBC *dbc = NULL;
-    char *fn;
-    krb5_error_code ret;
-    DB *d;
-    int myflags = 0;
-
-    if (flags & O_CREAT)
-      myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-      myflags |= DB_EXCL;
-
-    if((flags & O_ACCMODE) == O_RDONLY)
-      myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-      myflags |= DB_TRUNCATE;
-
-    asprintf(&fn, "%s.db", db->hdb_name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db_create(&d, NULL, 0);
-    db->hdb_db = d;
-
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
-    ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode);
-#else
-    ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode);
-#endif
-
-    if (ret == ENOENT) {
-	/* try to open without .db extension */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
-	ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE,
-			 myflags, mode);
-#else
-	ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE, 
-			 myflags, mode);
-#endif
-    }
-
-    if (ret) {
-	free(fn);
-	krb5_set_error_string(context, "opening %s: %s",
-			      db->hdb_name, strerror(ret));
-	return ret;
-    }
-    free(fn);
-
-    ret = (*d->cursor)(d, NULL, &dbc, 0);
-    if (ret) {
-	krb5_set_error_string(context, "d->cursor: %s", strerror(ret));
-        return ret;
-    }
-    db->hdb_dbc = dbc;
-
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    if (ret) {
-	DB_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open  = DB_open;
-    (*db)->hdb_close = DB_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = DB_firstkey;
-    (*db)->hdb_nextkey= DB_nextkey;
-    (*db)->hdb_lock = DB_lock;
-    (*db)->hdb_unlock = DB_unlock;
-    (*db)->hdb_rename = DB_rename;
-    (*db)->hdb__get = DB__get;
-    (*db)->hdb__put = DB__put;
-    (*db)->hdb__del = DB__del;
-    (*db)->hdb_destroy = DB_destroy;
-    return 0;
-}
-#endif /* HAVE_DB3 */
diff --git a/crypto/heimdal/lib/hdb/dbinfo.c b/crypto/heimdal/lib/hdb/dbinfo.c
deleted file mode 100644
index d43e31b..0000000
--- a/crypto/heimdal/lib/hdb/dbinfo.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $");
-
-struct hdb_dbinfo {
-    char *label;
-    char *realm;
-    char *dbname;
-    char *mkey_file;
-    char *acl_file;
-    char *log_file;
-    const krb5_config_binding *binding;
-    struct hdb_dbinfo *next;
-};
-
-static int
-get_dbinfo(krb5_context context,
-	   const krb5_config_binding *db_binding,
-	   const char *label,
-	   struct hdb_dbinfo **db)
-{
-    struct hdb_dbinfo *di;
-    const char *p;
-
-    *db = NULL;
-
-    p = krb5_config_get_string(context, db_binding, "dbname", NULL);
-    if(p == NULL)
-	return 0;
-
-    di = calloc(1, sizeof(*di));
-    if (di == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    di->label = strdup(label);
-    di->dbname = strdup(p);
-
-    p = krb5_config_get_string(context, db_binding, "realm", NULL);
-    if(p)
-	di->realm = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "mkey_file", NULL);
-    if(p)
-	di->mkey_file = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "acl_file", NULL);
-    if(p)
-	di->acl_file = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "log_file", NULL);
-    if(p)
-	di->log_file = strdup(p);
-
-    di->binding = db_binding;
-
-    *db = di;
-    return 0;
-}
-
-
-int
-hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
-{
-    const krb5_config_binding *db_binding;
-    struct hdb_dbinfo *di, **dt, *databases;
-    const char *default_dbname = HDB_DEFAULT_DB;
-    const char *default_mkey = HDB_DB_DIR "/m-key";
-    const char *default_acl = HDB_DB_DIR "/kadmind.acl";
-    const char *p;
-    int ret;
-
-    *dbp = NULL;
-    dt = NULL;
-    databases = NULL;
-
-    db_binding = krb5_config_get(context, NULL, krb5_config_list,
-				 "kdc", 
-				 "database",
-				 NULL);
-    if (db_binding) {
-
-	ret = get_dbinfo(context, db_binding, "default", &di);
-	if (ret == 0 && di) {
-	    databases = di;
-	    dt = &di->next;
-	}		
-
-	for ( ; db_binding != NULL; db_binding = db_binding->next) {
-
-	    if (db_binding->type != krb5_config_list)
-		continue;
-
-	    ret = get_dbinfo(context, db_binding->u.list, 
-			     db_binding->name, &di);
-	    if (ret)
-		krb5_err(context, 1, ret, "failed getting realm");
-
-	    if (di == NULL)
-		continue;
-
-	    if (dt)
-		*dt = di;
-	    else
-		databases = di;
-	    dt = &di->next;
-
-	}
-    }
-
-    if(databases == NULL) {
-	/* if there are none specified, create one and use defaults */
-	di = calloc(1, sizeof(*di));
-	databases = di;
-	di->label = strdup("default");
-    }
-
-    for(di = databases; di; di = di->next) {
-	if(di->dbname == NULL) {
-	    di->dbname = strdup(default_dbname);
-	    if (di->mkey_file == NULL)
-		di->mkey_file = strdup(default_mkey);
-	}
-	if(di->mkey_file == NULL) {
-	    p = strrchr(di->dbname, '.');
-	    if(p == NULL || strchr(p, '/') != NULL)
-		/* final pathname component does not contain a . */
-		asprintf(&di->mkey_file, "%s.mkey", di->dbname);
-	    else
-		/* the filename is something.else, replace .else with
-                   .mkey */
-		asprintf(&di->mkey_file, "%.*s.mkey", 
-			 (int)(p - di->dbname), di->dbname);
-	}
-	if(di->acl_file == NULL)
-	    di->acl_file = strdup(default_acl);
-    }
-    *dbp = databases;
-    return 0;
-}
-
-
-struct hdb_dbinfo *
-hdb_dbinfo_get_next(struct hdb_dbinfo *dbp, struct hdb_dbinfo *dbprevp)
-{
-    if (dbprevp == NULL)
-	return dbp;
-    else
-	return dbprevp->next;
-}
-
-const char *
-hdb_dbinfo_get_label(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->label;
-}
-
-const char *
-hdb_dbinfo_get_realm(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->realm;
-}
-
-const char *
-hdb_dbinfo_get_dbname(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->dbname;
-}
-
-const char *
-hdb_dbinfo_get_mkey_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->mkey_file;
-}
-
-const char *
-hdb_dbinfo_get_acl_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->acl_file;
-}
-
-const char *
-hdb_dbinfo_get_log_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->log_file;
-}
-
-const krb5_config_binding *
-hdb_dbinfo_get_binding(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->binding;
-}
-
-void
-hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
-{
-    struct hdb_dbinfo *di, *ndi;
-
-    for(di = *dbp; di != NULL; di = ndi) {
-	ndi = di->next;
-	free (di->realm);
-	free (di->dbname);
-	if (di->mkey_file)
-	    free (di->mkey_file);
-	free(di);
-    }
-    *dbp = NULL;
-}
-
-/**
- * Return the directory where the hdb database resides.
- *
- * @param context Kerberos 5 context.
- *
- * @return string pointing to directory.
- */
-
-const char *
-hdb_db_dir(krb5_context context)
-{
-    return HDB_DB_DIR;
-}
-
-/**
- * Return the default hdb database resides.
- *
- * @param context Kerberos 5 context.
- *
- * @return string pointing to directory.
- */
-
-const char *
-hdb_default_db(krb5_context context)
-{
-    return HDB_DEFAULT_DB;
-}
diff --git a/crypto/heimdal/lib/hdb/ext.c b/crypto/heimdal/lib/hdb/ext.c
deleted file mode 100644
index 5f60999..0000000
--- a/crypto/heimdal/lib/hdb/ext.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/*
- * Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#include <der.h>
-
-RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $");
-
-krb5_error_code
-hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
-{
-    int i;
-
-    if (ent->extensions == NULL)
-	return 0;
-
-    /* 
-     * check for unknown extensions and if they where tagged mandatory
-     */
-
-    for (i = 0; i < ent->extensions->len; i++) {
-	if (ent->extensions->val[i].data.element != 
-	    choice_HDB_extension_data_asn1_ellipsis)
-	    continue;
-	if (ent->extensions->val[i].mandatory) {
-	    krb5_set_error_string(context,  "Principal have unknown "
-				  "mandatory extension");
-	    return HDB_ERR_MANDATORY_OPTION;
-	}
-    }
-    return 0;
-}
-
-HDB_extension *
-hdb_find_extension(const hdb_entry *entry, int type)
-{
-    int i;
-
-    if (entry->extensions == NULL)
-	return NULL;
-
-    for (i = 0; i < entry->extensions->len; i++)
-	if (entry->extensions->val[i].data.element == type)
-	    return &entry->extensions->val[i];
-    return NULL;
-}
-
-/*
- * Replace the extension `ext' in `entry'. Make a copy of the
- * extension, so the caller must still free `ext' on both success and
- * failure. Returns 0 or error code.
- */
-
-krb5_error_code
-hdb_replace_extension(krb5_context context, 
-		      hdb_entry *entry, 
-		      const HDB_extension *ext)
-{
-    HDB_extension *ext2;
-    HDB_extension *es;
-    int ret;
-
-    ext2 = NULL;
-
-    if (entry->extensions == NULL) {
-	entry->extensions = calloc(1, sizeof(*entry->extensions));
-	if (entry->extensions == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) {
-	ext2 = hdb_find_extension(entry, ext->data.element);
-    } else {
-	/* 
-	 * This is an unknown extention, and we are asked to replace a
-	 * possible entry in `entry' that is of the same type. This
-	 * might seem impossible, but ASN.1 CHOICE comes to our
-	 * rescue. The first tag in each branch in the CHOICE is
-	 * unique, so just find the element in the list that have the
-	 * same tag was we are putting into the list.
-	 */
-	Der_class replace_class, list_class;
-	Der_type replace_type, list_type;
-	unsigned int replace_tag, list_tag;
-	size_t size;
-	int i;
-
-	ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
-			  ext->data.u.asn1_ellipsis.length,
-			  &replace_class, &replace_type, &replace_tag,
-			  &size);
-	if (ret) {
-	    krb5_set_error_string(context, "hdb: failed to decode "
-				  "replacement hdb extention");
-	    return ret;
-	}
-
-	for (i = 0; i < entry->extensions->len; i++) {
-	    HDB_extension *ext3 = &entry->extensions->val[i];
-
-	    if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis)
-		continue;
-
-	    ret = der_get_tag(ext3->data.u.asn1_ellipsis.data,
-			      ext3->data.u.asn1_ellipsis.length,
-			      &list_class, &list_type, &list_tag,
-			      &size);
-	    if (ret) {
-		krb5_set_error_string(context, "hdb: failed to decode "
-				      "present hdb extention");
-		return ret;
-	    }
-
-	    if (MAKE_TAG(replace_class,replace_type,replace_type) ==
-		MAKE_TAG(list_class,list_type,list_type)) {
-		ext2 = ext3;
-		break;
-	    }
-	}
-    }
-
-    if (ext2) {
-	free_HDB_extension(ext2);
-	ret = copy_HDB_extension(ext, ext2);
-	if (ret)
-	    krb5_set_error_string(context, "hdb: failed to copy replacement "
-				  "hdb extention");
-	return ret;
-    }
-
-    es = realloc(entry->extensions->val, 
-		 (entry->extensions->len+1)*sizeof(entry->extensions->val[0]));
-    if (es == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    entry->extensions->val = es;
-
-    ret = copy_HDB_extension(ext,
-			     &entry->extensions->val[entry->extensions->len]);
-    if (ret == 0)
-	entry->extensions->len++;
-    else
-	krb5_set_error_string(context, "hdb: failed to copy new extension");
-
-    return ret;
-}
-
-krb5_error_code
-hdb_clear_extension(krb5_context context, 
-		    hdb_entry *entry, 
-		    int type)
-{
-    int i;
-
-    if (entry->extensions == NULL)
-	return 0;
-
-    for (i = 0; i < entry->extensions->len; i++) {
-	if (entry->extensions->val[i].data.element == type) {
-	    free_HDB_extension(&entry->extensions->val[i]);
-	    memmove(&entry->extensions->val[i],
-		    &entry->extensions->val[i + 1],
-		    sizeof(entry->extensions->val[i]) * (entry->extensions->len - i - 1));
-	    entry->extensions->len--;
-	}
-    }
-    if (entry->extensions->len == 0) {
-	free(entry->extensions->val);
-	free(entry->extensions);
-	entry->extensions = NULL;
-    }
-
-    return 0;
-}
-
-
-krb5_error_code
-hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_acl);
-    if (ext)
-	*a = &ext->data.u.pkinit_acl;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash);
-    if (ext)
-	*a = &ext->data.u.pkinit_cert_hash;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_last_pw_change);
-    if (ext)
-	*t = ext->data.u.last_pw_change;
-    else
-	*t = 0;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_set_pw_change_time(krb5_context context, 
-			     hdb_entry *entry,
-			     time_t t)
-{
-    HDB_extension ext;
-
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_last_pw_change;
-    if (t == 0)
-	t = time(NULL);
-    ext.data.u.last_pw_change = t;
-
-    return hdb_replace_extension(context, entry, &ext);
-}
-
-int
-hdb_entry_get_password(krb5_context context, HDB *db, 
-		       const hdb_entry *entry, char **p)
-{
-    HDB_extension *ext;
-    char *str;
-    int ret;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
-    if (ext) {
-	heim_utf8_string str;
-	heim_octet_string pw;
-
-	if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
-	    hdb_master_key key;
-
-	    key = _hdb_find_master_key(ext->data.u.password.mkvno, 
-				       db->hdb_master_key);
-
-	    if (key == NULL) {
-		krb5_set_error_string(context, "master key %d missing",
-				      *ext->data.u.password.mkvno);
-		return HDB_ERR_NO_MKEY;
-	    }
-
-	    ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
-				    ext->data.u.password.password.data,
-				    ext->data.u.password.password.length,
-				    &pw);
-	} else {
-	    ret = der_copy_octet_string(&ext->data.u.password.password, &pw);
-	}
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-
-	str = pw.data;
-	if (str[pw.length - 1] != '\0') {
-	    krb5_set_error_string(context, "password malformated");
-	    return EINVAL;
-	}
-
-	*p = strdup(str);
-
-	der_free_octet_string(&pw);
-	if (*p == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	return 0;
-    }
-
-    ret = krb5_unparse_name(context, entry->principal, &str);
-    if (ret == 0) {
-	krb5_set_error_string(context, "no password attributefor %s", str);
-	free(str);
-    } else 
-	krb5_clear_error_string(context);
-
-    return ENOENT;
-}
-
-int
-hdb_entry_set_password(krb5_context context, HDB *db, 
-		       hdb_entry *entry, const char *p)
-{
-    HDB_extension ext;
-    hdb_master_key key;
-    int ret;
-
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_password;
-
-    if (db->hdb_master_key_set) {
-
-	key = _hdb_find_master_key(NULL, db->hdb_master_key);
-	if (key == NULL) {
-	    krb5_set_error_string(context, "hdb_entry_set_password: "
-				  "failed to find masterkey");
-	    return HDB_ERR_NO_MKEY;
-	}
-
-	ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
-				p, strlen(p) + 1, 
-				&ext.data.u.password.password);
-	if (ret)
-	    return ret;
-
-	ext.data.u.password.mkvno = 
-	    malloc(sizeof(*ext.data.u.password.mkvno));
-	if (ext.data.u.password.mkvno == NULL) {
-	    free_HDB_extension(&ext);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	*ext.data.u.password.mkvno = _hdb_mkey_version(key);
-
-    } else {
-	ext.data.u.password.mkvno = NULL;
-
-	ret = krb5_data_copy(&ext.data.u.password.password, 
-			     p, strlen(p) + 1);
-	if (ret) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    free_HDB_extension(&ext);
-	    return ret;
-	}
-    }
-
-    ret = hdb_replace_extension(context, entry, &ext);
-
-    free_HDB_extension(&ext);
-
-    return ret;
-}
-
-int
-hdb_entry_clear_password(krb5_context context, hdb_entry *entry)
-{
-    return hdb_clear_extension(context, entry, 
-			       choice_HDB_extension_data_password);
-}
-
-krb5_error_code
-hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, 
-				  const HDB_Ext_Constrained_delegation_acl **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, 
-			     choice_HDB_extension_data_allowed_to_delegate_to);
-    if (ext)
-	*a = &ext->data.u.allowed_to_delegate_to;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_aliases);
-    if (ext)
-	*a = &ext->data.u.aliases;
-    else
-	*a = NULL;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c
deleted file mode 100644
index c9f3d37..0000000
--- a/crypto/heimdal/lib/hdb/hdb-ldap.c
+++ /dev/null
@@ -1,1829 +0,0 @@
-/*
- * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
- * Copyright (c) 2004, Andrew Bartlett.
- * Copyright (c) 2003 - 2007, Kungliga Tekniska H�gskolan.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software  nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef OPENLDAP
-
-#include <lber.h>
-#include <ldap.h>
-#include <sys/un.h>
-#include <hex.h>
-
-static krb5_error_code LDAP__connect(krb5_context context, HDB *);
-static krb5_error_code LDAP_close(krb5_context context, HDB *);
-
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry_ex * ent);
-
-static const char *default_structural_object = "account";
-static char *structural_object;
-static krb5_boolean samba_forwardable;
-
-struct hdbldapdb {
-    LDAP *h_lp;
-    int   h_msgid;
-    char *h_base;
-    char *h_url;
-    char *h_createbase;
-};
-
-#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
-#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
-#define HDBSETMSGID(db,msgid) \
-	do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
-#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
-#define HDB2URL(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_url)
-#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
-
-/*
- *
- */
-
-static char * krb5kdcentry_attrs[] = { 
-    "cn",
-    "createTimestamp",
-    "creatorsName",
-    "krb5EncryptionType",
-    "krb5KDCFlags",
-    "krb5Key",
-    "krb5KeyVersionNumber",
-    "krb5MaxLife",
-    "krb5MaxRenew",
-    "krb5PasswordEnd",
-    "krb5PrincipalName",
-    "krb5PrincipalRealm",
-    "krb5ValidEnd",
-    "krb5ValidStart",
-    "modifiersName",
-    "modifyTimestamp",
-    "objectClass",
-    "sambaAcctFlags",
-    "sambaKickoffTime",
-    "sambaNTPassword",
-    "sambaPwdLastSet",
-    "sambaPwdMustChange",
-    "uid",
-    NULL
-};
-
-static char *krb5principal_attrs[] = {
-    "cn",
-    "createTimestamp",
-    "creatorsName",
-    "krb5PrincipalName",
-    "krb5PrincipalRealm",
-    "modifiersName",
-    "modifyTimestamp",
-    "objectClass",
-    "uid",
-    NULL
-};
-
-static int
-LDAP_no_size_limit(krb5_context context, LDAP *lp)
-{
-    int ret, limit = LDAP_NO_LIMIT;
-
-    ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (ret != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(ret));
-	return HDB_ERR_BADVERSION;
-    }
-    return 0;
-}
-
-static int
-check_ldap(krb5_context context, HDB *db, int ret)
-{
-    switch (ret) {
-    case LDAP_SUCCESS:
-	return 0;
-    case LDAP_SERVER_DOWN:
-	LDAP_close(context, db);
-	return 1;
-    default:
-	return 1;
-    }
-}
-
-static krb5_error_code
-LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
-	     int *pIndex)
-{
-    int cMods;
-
-    if (*modlist == NULL) {
-	*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
-	if (*modlist == NULL)
-	    return ENOMEM;
-    }
-
-    for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
-	if ((*modlist)[cMods]->mod_op == modop &&
-	    strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) {
-	    break;
-	}
-    }
-
-    *pIndex = cMods;
-
-    if ((*modlist)[cMods] == NULL) {
-	LDAPMod *mod;
-
-	*modlist = (LDAPMod **)ber_memrealloc(*modlist,
-					      (cMods + 2) * sizeof(LDAPMod *));
-	if (*modlist == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
-	if ((*modlist)[cMods] == NULL)
-	    return ENOMEM;
-
-	mod = (*modlist)[cMods];
-	mod->mod_op = modop;
-	mod->mod_type = ber_strdup(attribute);
-	if (mod->mod_type == NULL) {
-	    ber_memfree(mod);
-	    (*modlist)[cMods] = NULL;
-	    return ENOMEM;
-	}
-
-	if (modop & LDAP_MOD_BVALUES) {
-	    mod->mod_bvalues = NULL;
-	} else {
-	    mod->mod_values = NULL;
-	}
-
-	(*modlist)[cMods + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute,
-		unsigned char *value, size_t len)
-{
-    krb5_error_code ret;
-    int cMods, i = 0;
-
-    ret = LDAP__setmod(modlist, modop | LDAP_MOD_BVALUES, attribute, &cMods);
-    if (ret)
-	return ret;
-
-    if (value != NULL) {
-	struct berval **bv;
-
-	bv = (*modlist)[cMods]->mod_bvalues;
-	if (bv != NULL) {
-	    for (i = 0; bv[i] != NULL; i++)
-		;
-	    bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
-	} else
-	    bv = ber_memalloc(2 * sizeof(*bv));
-	if (bv == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods]->mod_bvalues = bv;
-
-	bv[i] = ber_memalloc(sizeof(*bv));;
-	if (bv[i] == NULL)
-	    return ENOMEM;
-
-	bv[i]->bv_val = (void *)value;
-	bv[i]->bv_len = len;
-
-	bv[i + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
-	    const char *value)
-{
-    int cMods, i = 0;
-    krb5_error_code ret;
-
-    ret = LDAP__setmod(modlist, modop, attribute, &cMods);
-    if (ret)
-	return ret;
-
-    if (value != NULL) {
-	char **bv;
-
-	bv = (*modlist)[cMods]->mod_values;
-	if (bv != NULL) {
-	    for (i = 0; bv[i] != NULL; i++)
-		;
-	    bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
-	} else
-	    bv = ber_memalloc(2 * sizeof(*bv));
-	if (bv == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods]->mod_values = bv;
-
-	bv[i] = ber_strdup(value);
-	if (bv[i] == NULL)
-	    return ENOMEM;
-
-	bv[i + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod_generalized_time(LDAPMod *** mods, int modop,
-			     const char *attribute, KerberosTime * time)
-{
-    char buf[22];
-    struct tm *tm;
-
-    /* XXX not threadsafe */
-    tm = gmtime(time);
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm);
-
-    return LDAP_addmod(mods, modop, attribute, buf);
-}
-
-static krb5_error_code
-LDAP_addmod_integer(krb5_context context,
-		    LDAPMod *** mods, int modop,
-		    const char *attribute, unsigned long l)
-{
-    krb5_error_code ret;
-    char *buf;
-
-    ret = asprintf(&buf, "%ld", l);
-    if (ret < 0) {
-	krb5_set_error_string(context, "asprintf: out of memory:");
-	return ret;
-    }
-    ret = LDAP_addmod(mods, modop, attribute, buf);
-    free (buf);
-    return ret;
-}
-
-static krb5_error_code
-LDAP_get_string_value(HDB * db, LDAPMessage * entry,
-		      const char *attribute, char **ptr)
-{
-    char **vals;
-    int ret;
-
-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
-    if (vals == NULL) {
-	*ptr = NULL;
-	return HDB_ERR_NOENTRY;
-    }
-
-    *ptr = strdup(vals[0]);
-    if (*ptr == NULL)
-	ret = ENOMEM;
-    else
-	ret = 0;
-
-    ldap_value_free(vals);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
-		       const char *attribute, int *ptr)
-{
-    char **vals;
-
-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
-    if (vals == NULL)
-	return HDB_ERR_NOENTRY;
-
-    *ptr = atoi(vals[0]);
-    ldap_value_free(vals);
-    return 0;
-}
-
-static krb5_error_code
-LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
-				const char *attribute, KerberosTime * kt)
-{
-    char *tmp, *gentime;
-    struct tm tm;
-    int ret;
-
-    *kt = 0;
-
-    ret = LDAP_get_string_value(db, entry, attribute, &gentime);
-    if (ret)
-	return ret;
-
-    tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
-    if (tmp == NULL) {
-	free(gentime);
-	return HDB_ERR_NOENTRY;
-    }
-
-    free(gentime);
-
-    *kt = timegm(&tm);
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
-		LDAPMessage * msg, LDAPMod *** pmods)
-{
-    krb5_error_code ret;
-    krb5_boolean is_new_entry;
-    char *tmp = NULL;
-    LDAPMod **mods = NULL;
-    hdb_entry_ex orig;
-    unsigned long oflags, nflags;
-    int i;
-
-    krb5_boolean is_samba_account = FALSE;
-    krb5_boolean is_account = FALSE;
-    krb5_boolean is_heimdal_entry = FALSE;
-    krb5_boolean is_heimdal_principal = FALSE;
-
-    char **values;
-
-    *pmods = NULL;
-
-    if (msg != NULL) {
-
-	ret = LDAP_message2entry(context, db, msg, &orig);
-	if (ret)
-	    goto out;
-
-	is_new_entry = FALSE;
-	    
-	values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
-	if (values) {
-	    int num_objectclasses = ldap_count_values(values);
-	    for (i=0; i < num_objectclasses; i++) {
-		if (strcasecmp(values[i], "sambaSamAccount") == 0) {
-		    is_samba_account = TRUE;
-		} else if (strcasecmp(values[i], structural_object) == 0) {
-		    is_account = TRUE;
-		} else if (strcasecmp(values[i], "krb5Principal") == 0) {
-		    is_heimdal_principal = TRUE;
-		} else if (strcasecmp(values[i], "krb5KDCEntry") == 0) {
-		    is_heimdal_entry = TRUE;
-		}
-	    }
-	    ldap_value_free(values);
-	}
-
-	/*
-	 * If this is just a "account" entry and no other objectclass
-	 * is hanging on this entry, it's really a new entry.
-	 */
-	if (is_samba_account == FALSE && is_heimdal_principal == FALSE && 
-	    is_heimdal_entry == FALSE) {
-	    if (is_account == TRUE) {
-		is_new_entry = TRUE;
-	    } else {
-		ret = HDB_ERR_NOENTRY;
-		goto out;
-	    }
-	}
-    } else
-	is_new_entry = TRUE;
-
-    if (is_new_entry) {
-
-	/* to make it perfectly obvious we're depending on
-	 * orig being intiialized to zero */
-	memset(&orig, 0, sizeof(orig));
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
-	if (ret)
-	    goto out;
-	
-	/* account is the structural object class */
-	if (is_account == FALSE) {
-	    ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", 
-			      structural_object);
-	    is_account = TRUE;
-	    if (ret)
-		goto out;
-	}
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal");
-	is_heimdal_principal = TRUE;
-	if (ret)
-	    goto out;
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry");
-	is_heimdal_entry = TRUE;
-	if (ret)
-	    goto out;
-    }
-
-    if (is_new_entry || 
-	krb5_principal_compare(context, ent->entry.principal, orig.entry.principal)
-	== FALSE)
-    {
-	if (is_heimdal_principal || is_heimdal_entry) {
-
-	    ret = krb5_unparse_name(context, ent->entry.principal, &tmp);
-	    if (ret)
-		goto out;
-
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
-			      "krb5PrincipalName", tmp);
-	    if (ret) {
-		free(tmp);
-		goto out;
-	    }
-	    free(tmp);
-	}
-
-	if (is_account || is_samba_account) {
-	    ret = krb5_unparse_name_short(context, ent->entry.principal, &tmp);
-	    if (ret)
-		goto out;
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
-	    if (ret) {
-		free(tmp);
-		goto out;
-	    }
-	    free(tmp);
-	}
-    }
-
-    if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) {
-	ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-			    "krb5KeyVersionNumber", 
-			    ent->entry.kvno);
-	if (ret)
-	    goto out;
-    }
-
-    if (is_heimdal_entry && ent->entry.valid_start) {
-	if (orig.entry.valid_end == NULL
-	    || (*(ent->entry.valid_start) != *(orig.entry.valid_start))) {
-	    ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-					       "krb5ValidStart",
-					       ent->entry.valid_start);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (ent->entry.valid_end) {
- 	if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) {
-	    if (is_heimdal_entry) { 
-		ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-						   "krb5ValidEnd",
-						   ent->entry.valid_end);
-		if (ret)
-		    goto out;
-            }
-	    if (is_samba_account) {
-		ret = LDAP_addmod_integer(context, &mods,  LDAP_MOD_REPLACE,
-					  "sambaKickoffTime", 
-					  *(ent->entry.valid_end));
-		if (ret)
-		    goto out;
-	    }
-   	}
-    }
-
-    if (ent->entry.pw_end) {
-	if (orig.entry.pw_end == NULL || (*(ent->entry.pw_end) != *(orig.entry.pw_end))) {
-	    if (is_heimdal_entry) {
-		ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-						   "krb5PasswordEnd",
-						   ent->entry.pw_end);
-		if (ret)
-		    goto out;
-	    }
-
-	    if (is_samba_account) {
-		ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-					  "sambaPwdMustChange", 
-					  *(ent->entry.pw_end));
-		if (ret)
-		    goto out;
-	    }
-	}
-    }
-
-
-#if 0 /* we we have last_pw_change */
-    if (is_samba_account && ent->entry.last_pw_change) {
-	if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) {
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "sambaPwdLastSet", 
-				      *(ent->entry.last_pw_change));
-	    if (ret)
-		goto out;
-	}
-    }
-#endif
-
-    if (is_heimdal_entry && ent->entry.max_life) {
-	if (orig.entry.max_life == NULL
-	    || (*(ent->entry.max_life) != *(orig.entry.max_life))) {
-
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "krb5MaxLife", 
-				      *(ent->entry.max_life));
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (is_heimdal_entry && ent->entry.max_renew) {
-	if (orig.entry.max_renew == NULL
-	    || (*(ent->entry.max_renew) != *(orig.entry.max_renew))) {
-
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "krb5MaxRenew",
-				      *(ent->entry.max_renew));
-	    if (ret)
-		goto out;
-	}
-    }
-
-    oflags = HDBFlags2int(orig.entry.flags);
-    nflags = HDBFlags2int(ent->entry.flags);
-
-    if (is_heimdal_entry && oflags != nflags) {
-
-	ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				  "krb5KDCFlags",
-				  nflags);
-	if (ret)
-	    goto out;
-    }
-
-    /* Remove keys if they exists, and then replace keys. */
-    if (!is_new_entry && orig.entry.keys.len > 0) {
-	values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
-	if (values) {
-	    ldap_value_free(values);
-
-	    ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    for (i = 0; i < ent->entry.keys.len; i++) {
-
-	if (is_samba_account
-	    && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
-	    char *ntHexPassword;
-	    char *nt;
-		    
-	    /* the key might have been 'sealed', but samba passwords
-	       are clear in the directory */
-	    ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]);
-	    if (ret)
-		goto out;
-		    
-	    nt = ent->entry.keys.val[i].key.keyvalue.data;
-	    /* store in ntPassword, not krb5key */
-	    ret = hex_encode(nt, 16, &ntHexPassword);
-	    if (ret < 0) {
-		krb5_set_error_string(context, "hdb-ldap: failed to "
-				      "hex encode key");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", 
-			      ntHexPassword);
-	    free(ntHexPassword);
-	    if (ret)
-		goto out;
-		    
-	    /* have to kill the LM passwod if it exists */
-	    values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
-	    if (values) {
-		ldap_value_free(values);
-		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE,
-				  "sambaLMPassword", NULL);
-		if (ret)
-		    goto out;
-	    }
-		    
-	} else if (is_heimdal_entry) {
-	    unsigned char *buf;
-	    size_t len, buf_size;
-
-	    ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i], &len, ret);
-	    if (ret)
-		goto out;
-	    if(buf_size != len)
-		krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	    /* addmod_len _owns_ the key, doesn't need to copy it */
-	    ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (ent->entry.etypes) {
-	int add_krb5EncryptionType = 0;
-
-	/* 
-	 * Only add/modify krb5EncryptionType if it's a new heimdal
-	 * entry or krb5EncryptionType already exists on the entry.
-	 */
-
-	if (!is_new_entry) {
-	    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
-	    if (values) {
-		ldap_value_free(values);
-		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
-				  NULL);
-		if (ret)
-		    goto out;
-		add_krb5EncryptionType = 1;
-	    }
-	} else if (is_heimdal_entry)
-	    add_krb5EncryptionType = 1;
-
-	if (add_krb5EncryptionType) {
-	    for (i = 0; i < ent->entry.etypes->len; i++) {
-		if (is_samba_account && 
-		    ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
-		{
-		    ;
-		} else if (is_heimdal_entry) {
-		    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD,
-					      "krb5EncryptionType",
-					      ent->entry.etypes->val[i]);
-		    if (ret)
-			goto out;
-		}
-	    }
-	}
-    }
-
-    /* for clarity */
-    ret = 0;
-
- out:
-
-    if (ret == 0)
-	*pmods = mods;
-    else if (mods != NULL) {
-	ldap_mods_free(mods, 1);
-	*pmods = NULL;
-    }
-
-    if (msg)
-	hdb_free_entry(context, &orig);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
-		  krb5_principal * principal)
-{
-    krb5_error_code ret;
-    int rc;
-    const char *filter = "(objectClass=krb5Principal)";
-    char **values;
-    LDAPMessage *res = NULL, *e;
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	goto out;
-
-    rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE,
-		       filter, krb5principal_attrs,
-		       0, &res);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_search_s: filter: %s error: %s",
-			      filter, ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    e = ldap_first_entry(HDB2LDAP(db), res);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName");
-    if (values == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = krb5_parse_name(context, values[0], principal);
-    ldap_value_free(values);
-
-  out:
-    if (res)
-	ldap_msgfree(res);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP__lookup_princ(krb5_context context,
-		   HDB *db,
-		   const char *princname,
-		   const char *userid,
-		   LDAPMessage **msg)
-{
-    krb5_error_code ret;
-    int rc;
-    char *filter = NULL;
-
-    ret = LDAP__connect(context, db);
-    if (ret)
-	return ret;
-
-    rc = asprintf(&filter,
-		  "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
-		  princname);
-    if (rc < 0) {
-	krb5_set_error_string(context, "asprintf: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	goto out;
-
-    rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter, 
-		       krb5kdcentry_attrs, 0, msg);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_search_s: filter: %s - error: %s",
-			      filter, ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) {
-	free(filter);
-	filter = NULL;
-	ldap_msgfree(*msg);
-	*msg = NULL;
-	
-	rc = asprintf(&filter,
-	    "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
-		      structural_object, userid);
-	if (rc < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	    
-	ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-	if (ret)
-	    goto out;
-
-	rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, 
-			   filter, krb5kdcentry_attrs, 0, msg);
-	if (check_ldap(context, db, rc)) {
-	    krb5_set_error_string(context, 
-				  "ldap_search_s: filter: %s error: %s",
-				  filter, ldap_err2string(rc));
-	    ret = HDB_ERR_NOENTRY;
-	    goto out;
-	}
-    }
-
-    ret = 0;
-
-  out:
-    if (filter)
-	free(filter);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_principal2message(krb5_context context, HDB * db,
-		       krb5_const_principal princ, LDAPMessage ** msg)
-{
-    char *name, *name_short = NULL;
-    krb5_error_code ret;
-    krb5_realm *r, *r0;
-
-    *msg = NULL;
-
-    ret = krb5_unparse_name(context, princ, &name);
-    if (ret)
-	return ret;
-
-    ret = krb5_get_default_realms(context, &r0);
-    if(ret) {
-	free(name);
-	return ret;
-    }
-    for (r = r0; *r != NULL; r++) {
-	if(strcmp(krb5_principal_get_realm(context, princ), *r) == 0) {
-	    ret = krb5_unparse_name_short(context, princ, &name_short);
-	    if (ret) {
-		krb5_free_host_realm(context, r0);
-		free(name);
-		return ret;
-	    }
-	    break;
-	}
-    }
-    krb5_free_host_realm(context, r0);
-
-    ret = LDAP__lookup_princ(context, db, name, name_short, msg);
-    free(name);
-    free(name_short);
-
-    return ret;
-}
-
-/*
- * Construct an hdb_entry from a directory entry.
- */
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry_ex * ent)
-{
-    char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
-    char *samba_acct_flags = NULL;
-    unsigned long tmp;
-    struct berval **keys;
-    char **values;
-    int tmp_time, i, ret, have_arcfour = 0;
-
-    memset(ent, 0, sizeof(*ent));
-    ent->entry.flags = int2HDBFlags(0);
-
-    ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name);
-    if (ret == 0) {
-	ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
-	if (ret)
-	    goto out;
-    } else {
-	ret = LDAP_get_string_value(db, msg, "uid",
-				    &unparsed_name);
-	if (ret == 0) {
-	    ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
-	    if (ret)
-		goto out;
-	} else {
-	    krb5_set_error_string(context, "hdb-ldap: ldap entry missing"
-				  "principal name");
-	    return HDB_ERR_NOENTRY;
-	}
-    }
-
-    {
-	int integer;
-	ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
-				     &integer);
-	if (ret)
-	    ent->entry.kvno = 0;
-	else
-	    ent->entry.kvno = integer;
-    }
-
-    keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
-    if (keys != NULL) {
-	int i;
-	size_t l;
-
-	ent->entry.keys.len = ldap_count_values_len(keys);
-	ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key));
-	if (ent->entry.keys.val == NULL) {
-	    krb5_set_error_string(context, "calloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for (i = 0; i < ent->entry.keys.len; i++) {
-	    decode_Key((unsigned char *) keys[i]->bv_val,
-		       (size_t) keys[i]->bv_len, &ent->entry.keys.val[i], &l);
-	}
-	ber_bvecfree(keys);
-    } else {
-#if 1
-	/*
-	 * This violates the ASN1 but it allows a principal to
-	 * be related to a general directory entry without creating
-	 * the keys. Hopefully it's OK.
-	 */
-	ent->entry.keys.len = 0;
-	ent->entry.keys.val = NULL;
-#else
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-#endif
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
-    if (values != NULL) {
-	int i;
-
-	ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
-	if (ent->entry.etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ent->entry.etypes->len = ldap_count_values(values);
-	ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int));
-	if (ent->entry.etypes->val == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for (i = 0; i < ent->entry.etypes->len; i++) {
-	    ent->entry.etypes->val[i] = atoi(values[i]);
-	}
-	ldap_value_free(values);
-    }
-
-    for (i = 0; i < ent->entry.keys.len; i++) {
-	if (ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
-	    have_arcfour = 1;
-	    break;
-	}
-    }
-
-    /* manually construct the NT (type 23) key */
-    ret = LDAP_get_string_value(db, msg, "sambaNTPassword", &ntPasswordIN);
-    if (ret == 0 && have_arcfour == 0) {
-	unsigned *etypes;
-	Key *keys;
-	int i;
-
-	keys = realloc(ent->entry.keys.val,
-		       (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0]));
-	if (keys == NULL) {
-	    free(ntPasswordIN);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ent->entry.keys.val = keys;
-	memset(&ent->entry.keys.val[ent->entry.keys.len], 0, sizeof(Key));
-	ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
-	ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16);
-	if (ret) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    free(ntPasswordIN);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = hex_decode(ntPasswordIN,
-			 ent->entry.keys.val[ent->entry.keys.len].key.keyvalue.data, 16);
-	ent->entry.keys.len++;
-
-	if (ent->entry.etypes == NULL) {
-	    ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
-	    if (ent->entry.etypes == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ent->entry.etypes->val = NULL;
-	    ent->entry.etypes->len = 0;
-	}
-
-	for (i = 0; i < ent->entry.etypes->len; i++)
-	    if (ent->entry.etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5)
-		break;
-	/* If there is no ARCFOUR enctype, add one */
-	if (i == ent->entry.etypes->len) {
-	    etypes = realloc(ent->entry.etypes->val, 
-			     (ent->entry.etypes->len + 1) * 
-			     sizeof(ent->entry.etypes->val[0]));
-	    if (etypes == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;			    
-	    }
-	    ent->entry.etypes->val = etypes;
-	    ent->entry.etypes->val[ent->entry.etypes->len] = 
-		ETYPE_ARCFOUR_HMAC_MD5;
-	    ent->entry.etypes->len++;
-	}
-    }
-
-    ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
-					  &ent->entry.created_by.time);
-    if (ret)
-	ent->entry.created_by.time = time(NULL);
-
-    ent->entry.created_by.principal = NULL;
-
-    ret = LDAP_get_string_value(db, msg, "creatorsName", &dn);
-    if (ret == 0) {
-	if (LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal)
-	    != 0) {
-	    ent->entry.created_by.principal = NULL;
-	}
-	free(dn);
-    }
-
-    ent->entry.modified_by = (Event *) malloc(sizeof(Event));
-    if (ent->entry.modified_by == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
-					  &ent->entry.modified_by->time);
-    if (ret == 0) {
-	ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
-	if (LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal))
-	    ent->entry.modified_by->principal = NULL;
-	free(dn);
-    } else {
-	free(ent->entry.modified_by);
-	ent->entry.modified_by = NULL;
-    }
-
-    ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start));
-    if (ent->entry.valid_start == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
-					  ent->entry.valid_start);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.valid_start);
-	ent->entry.valid_start = NULL;
-    }
-    
-    ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
-    if (ent->entry.valid_end == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
-					  ent->entry.valid_end);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.valid_end);
-	ent->entry.valid_end = NULL;
-    }
-
-    ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time);
-    if (ret == 0) {
- 	if (ent->entry.valid_end == NULL) {
- 	    ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
- 	    if (ent->entry.valid_end == NULL) {
- 		krb5_set_error_string(context, "malloc: out of memory");
- 		ret = ENOMEM;
- 		goto out;
- 	    }
- 	}
- 	*ent->entry.valid_end = tmp_time;
-    }
-
-    ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
-    if (ent->entry.pw_end == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
-					  ent->entry.pw_end);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.pw_end);
-	ent->entry.pw_end = NULL;
-    }
-
-    ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time);
-    if (ret == 0) {
-	if (ent->entry.pw_end == NULL) {
-	    ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
-	    if (ent->entry.pw_end == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	}
-	*ent->entry.pw_end = tmp_time;
-    }
-
-    /* OPTIONAL */
-    ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
-    if (ret == 0)
-	hdb_entry_set_pw_change_time(context, &ent->entry, tmp_time);
-
-    {
-	int max_life;
-
-	ent->entry.max_life = malloc(sizeof(*ent->entry.max_life));
-	if (ent->entry.max_life == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life);
-	if (ret) {
-	    free(ent->entry.max_life);
-	    ent->entry.max_life = NULL;
-	} else
-	    *ent->entry.max_life = max_life;
-    }
-
-    {
-	int max_renew;
-
-	ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew));
-	if (ent->entry.max_renew == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew);
-	if (ret) {
-	    free(ent->entry.max_renew);
-	    ent->entry.max_renew = NULL;
-	} else
-	    *ent->entry.max_renew = max_renew;
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags");
-    if (values != NULL) {
-	errno = 0;
-	tmp = strtoul(values[0], (char **) NULL, 10);
-	if (tmp == ULONG_MAX && errno == ERANGE) {
-	    krb5_set_error_string(context, "strtoul: could not convert flag");
-	    ret = ERANGE;
-	    goto out;
-	}
-    } else {
-	tmp = 0;
-    }
-
-    ent->entry.flags = int2HDBFlags(tmp);
-
-    /* Try and find Samba flags to put into the mix */
-    ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags);
-    if (ret == 0) {
-	/* parse the [UXW...] string:
-	       
-	   'N'    No password	 
-	   'D'    Disabled	 
-	   'H'    Homedir required	 
-	   'T'    Temp account.	 
-	   'U'    User account (normal) 	 
-	   'M'    MNS logon user account - what is this ? 	 
-	   'W'    Workstation account	 
-	   'S'    Server account 	 
-	   'L'    Locked account	 
-	   'X'    No Xpiry on password 	 
-	   'I'    Interdomain trust account	 
-	    
-	*/	 
-	    
-	int i;
-	int flags_len = strlen(samba_acct_flags);
-
-	if (flags_len < 2)
-	    goto out2;
-
-	if (samba_acct_flags[0] != '[' 
-	    || samba_acct_flags[flags_len - 1] != ']') 
-	    goto out2;
-
-	/* Allow forwarding */
-	if (samba_forwardable)
-	    ent->entry.flags.forwardable = TRUE;
-
-	for (i=0; i < flags_len; i++) {
-	    switch (samba_acct_flags[i]) {
-	    case ' ':
-	    case '[':
-	    case ']':
-		break;
-	    case 'N':
-		/* how to handle no password in kerberos? */
-		break;
-	    case 'D':
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'H':
-		break;
-	    case 'T':
-		/* temp duplicate */
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'U':
-		ent->entry.flags.client = TRUE;
-		break;
-	    case 'M':
-		break;
-	    case 'W':
-	    case 'S':
-		ent->entry.flags.server = TRUE;
-		ent->entry.flags.client = TRUE;
-		break;
-	    case 'L':
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'X':
-		if (ent->entry.pw_end) {
-		    free(ent->entry.pw_end);
-		    ent->entry.pw_end = NULL;
-		}
-		break;
-	    case 'I':
-		ent->entry.flags.server = TRUE;
-		ent->entry.flags.client = TRUE;
-		break;
-	    }
-	}
-    out2:
-	free(samba_acct_flags);
-    }
-
-    ret = 0;
-
-out:
-    if (unparsed_name)
-	free(unparsed_name);
-
-    if (ret)
-	hdb_free_entry(context, ent);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_close(krb5_context context, HDB * db)
-{
-    if (HDB2LDAP(db)) {
-	ldap_unbind_ext(HDB2LDAP(db), NULL, NULL);
-	((struct hdbldapdb *)db->hdb_db)->h_lp = NULL;
-    }
-    
-    return 0;
-}
-
-static krb5_error_code
-LDAP_lock(krb5_context context, HDB * db, int operation)
-{
-    return 0;
-}
-
-static krb5_error_code
-LDAP_unlock(krb5_context context, HDB * db)
-{
-    return 0;
-}
-
-static krb5_error_code
-LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
-{
-    int msgid, rc, parserc;
-    krb5_error_code ret;
-    LDAPMessage *e;
-
-    msgid = HDB2MSGID(db);
-    if (msgid < 0)
-	return HDB_ERR_NOENTRY;
-
-    do {
-	rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e);
-	switch (rc) {
-	case LDAP_RES_SEARCH_REFERENCE:
-	    ldap_msgfree(e);
-	    ret = 0;
-	    break;
-	case LDAP_RES_SEARCH_ENTRY:
-	    /* We have an entry. Parse it. */
-	    ret = LDAP_message2entry(context, db, e, entry);
-	    ldap_msgfree(e);
-	    break;
-	case LDAP_RES_SEARCH_RESULT:
-	    /* We're probably at the end of the results. If not, abandon. */
-	    parserc =
-		ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL,
-				  NULL, NULL, 1);
-	    if (parserc != LDAP_SUCCESS
-		&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
-	        krb5_set_error_string(context, "ldap_parse_result: %s",
-				      ldap_err2string(parserc));
-		ldap_abandon(HDB2LDAP(db), msgid);
-	    }
-	    ret = HDB_ERR_NOENTRY;
-	    HDBSETMSGID(db, -1);
-	    break;
-	case LDAP_SERVER_DOWN:
-	    ldap_msgfree(e);
-	    LDAP_close(context, db);
-	    HDBSETMSGID(db, -1);
-	    ret = ENETDOWN;
-	    break;
-	default:
-	    /* Some unspecified error (timeout?). Abandon. */
-	    ldap_msgfree(e);
-	    ldap_abandon(HDB2LDAP(db), msgid);
-	    ret = HDB_ERR_NOENTRY;
-	    HDBSETMSGID(db, -1);
-	    break;
-	}
-    } while (rc == LDAP_RES_SEARCH_REFERENCE);
-
-    if (ret == 0) {
-	if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, &entry->entry);
-	    if (ret)
-		hdb_free_entry(context, entry);
-	}
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
-	      hdb_entry_ex *entry)
-{
-    krb5_error_code ret;
-    int msgid;
-
-    ret = LDAP__connect(context, db);
-    if (ret)
-	return ret;
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	return ret;
-
-    msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db),
-			LDAP_SCOPE_SUBTREE,
-			"(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))",
-			krb5kdcentry_attrs, 0);
-    if (msgid < 0)
-	return HDB_ERR_NOENTRY;
-
-    HDBSETMSGID(db, msgid);
-
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP_nextkey(krb5_context context, HDB * db, unsigned flags,
-	     hdb_entry_ex * entry)
-{
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP__connect(krb5_context context, HDB * db)
-{
-    int rc, version = LDAP_VERSION3;
-    /*
-     * Empty credentials to do a SASL bind with LDAP. Note that empty
-     * different from NULL credentials. If you provide NULL
-     * credentials instead of empty credentials you will get a SASL
-     * bind in progress message.
-     */
-    struct berval bv = { 0, "" };
-
-    if (HDB2LDAP(db)) {
-	/* connection has been opened. ping server. */
-	struct sockaddr_un addr;
-	socklen_t len = sizeof(addr);
-	int sd;
-
-	if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 &&
-	    getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
-	    /* the other end has died. reopen. */
-	    LDAP_close(context, db);
-	}
-    }
-
-    if (HDB2LDAP(db) != NULL) /* server is UP */
-	return 0;
-
-    rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db));
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_initialize: %s", 
-			      ldap_err2string(rc));
-	return HDB_ERR_NOENTRY;
-    }
-
-    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
-			 (const void *)&version);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(rc));
-	LDAP_close(context, db);
-	return HDB_ERR_BADVERSION;
-    }
-
-    rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
-			  NULL, NULL, NULL);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
-			      ldap_err2string(rc));
-	LDAP_close(context, db);
-	return HDB_ERR_BADVERSION;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
-{
-    /* Not the right place for this. */
-#ifdef HAVE_SIGACTION
-    struct sigaction sa;
-
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    sigemptyset(&sa.sa_mask);
-
-    sigaction(SIGPIPE, &sa, NULL);
-#else
-    signal(SIGPIPE, SIG_IGN);
-#endif /* HAVE_SIGACTION */
-
-    return LDAP__connect(context, db);
-}
-
-static krb5_error_code
-LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
-	   unsigned flags, hdb_entry_ex * entry)
-{
-    LDAPMessage *msg, *e;
-    krb5_error_code ret;
-
-    ret = LDAP_principal2message(context, db, principal, &msg);
-    if (ret)
-	return ret;
-
-    e = ldap_first_entry(HDB2LDAP(db), msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = LDAP_message2entry(context, db, e, entry);
-    if (ret == 0) {
-	if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, &entry->entry);
-	    if (ret)
-		hdb_free_entry(context, entry);
-	}
-    }
-
-  out:
-    ldap_msgfree(msg);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_store(krb5_context context, HDB * db, unsigned flags,
-	   hdb_entry_ex * entry)
-{
-    LDAPMod **mods = NULL;
-    krb5_error_code ret;
-    const char *errfn;
-    int rc;
-    LDAPMessage *msg = NULL, *e = NULL;
-    char *dn = NULL, *name = NULL;
-
-    ret = LDAP_principal2message(context, db, entry->entry.principal, &msg);
-    if (ret == 0)
-	e = ldap_first_entry(HDB2LDAP(db), msg);
-
-    ret = krb5_unparse_name(context, entry->entry.principal, &name);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = hdb_seal_keys(context, db, &entry->entry);
-    if (ret)
-	goto out;
-
-    /* turn new entry into LDAPMod array */
-    ret = LDAP_entry2mods(context, db, entry, e, &mods);
-    if (ret)
-	goto out;
-
-    if (e == NULL) {
-	ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db));
-	if (ret < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-    } else if (flags & HDB_F_REPLACE) {
-	/* Entry exists, and we're allowed to replace it. */
-	dn = ldap_get_dn(HDB2LDAP(db), e);
-    } else {
-	/* Entry exists, but we're not allowed to replace it. Bail. */
-	ret = HDB_ERR_EXISTS;
-	goto out;
-    }
-
-    /* write entry into directory */
-    if (e == NULL) {
-	/* didn't exist before */
-	rc = ldap_add_s(HDB2LDAP(db), dn, mods);
-	errfn = "ldap_add_s";
-    } else {
-	/* already existed, send deltas only */
-	rc = ldap_modify_s(HDB2LDAP(db), dn, mods);
-	errfn = "ldap_modify_s";
-    }
-
-    if (check_ldap(context, db, rc)) {
-	char *ld_error = NULL;
-	ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING,
-			&ld_error);
-	krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s", 
-			      errfn, name, dn, ldap_err2string(rc), ld_error);
-	ret = HDB_ERR_CANT_LOCK_DB;
-    } else
-	ret = 0;
-
-  out:
-    /* free stuff */
-    if (dn)
-	free(dn);
-    if (msg)
-	ldap_msgfree(msg);
-    if (mods)
-	ldap_mods_free(mods, 1);
-    if (name)
-	free(name);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal)
-{
-    krb5_error_code ret;
-    LDAPMessage *msg, *e;
-    char *dn = NULL;
-    int rc, limit = LDAP_NO_LIMIT;
-
-    ret = LDAP_principal2message(context, db, principal, &msg);
-    if (ret)
-	goto out;
-
-    e = ldap_first_entry(HDB2LDAP(db), msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    dn = ldap_get_dn(HDB2LDAP(db), e);
-    if (dn == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(rc));
-	ret = HDB_ERR_BADVERSION;
-	goto out;
-    }
-
-    rc = ldap_delete_s(HDB2LDAP(db), dn);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_delete_s: %s", 
-			      ldap_err2string(rc));
-	ret = HDB_ERR_CANT_LOCK_DB;
-    } else
-	ret = 0;
-
-  out:
-    if (dn != NULL)
-	free(dn);
-    if (msg != NULL)
-	ldap_msgfree(msg);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_destroy(krb5_context context, HDB * db)
-{
-    krb5_error_code ret;
-
-    LDAP_close(context, db);
-
-    ret = hdb_clear_master_key(context, db);
-    if (HDB2BASE(db))
-	free(HDB2BASE(db));
-    if (HDB2CREATE(db))
-	free(HDB2CREATE(db));
-    if (HDB2URL(db))
-	free(HDB2URL(db));
-    if (db->hdb_name)
-	free(db->hdb_name);
-    free(db->hdb_db);
-    free(db);
-
-    return ret;
-}
-
-krb5_error_code
-hdb_ldap_common(krb5_context context,
-		HDB ** db,
-		const char *search_base,
-		const char *url)
-{
-    struct hdbldapdb *h;
-    const char *create_base = NULL;
-
-    if (search_base == NULL && search_base[0] == '\0') {
-	krb5_set_error_string(context, "ldap search base not configured");
-	return ENOMEM; /* XXX */
-    }
-
-    if (structural_object == NULL) {
-	const char *p;
-
-	p = krb5_config_get_string(context, NULL, "kdc", 
-				   "hdb-ldap-structural-object", NULL);
-	if (p == NULL)
-	    p = default_structural_object;
-	structural_object = strdup(p);
-	if (structural_object == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-
-    samba_forwardable = 
-	krb5_config_get_bool_default(context, NULL, TRUE,
-				     "kdc", "hdb-samba-forwardable", NULL);
-
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(*db, 0, sizeof(**db));
-
-    h = calloc(1, sizeof(*h));
-    if (h == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_db = h;
-
-    /* XXX */
-    if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    h->h_url = strdup(url);
-    h->h_base = strdup(search_base);
-    if (h->h_url == NULL || h->h_base == NULL) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    create_base = krb5_config_get_string(context, NULL, "kdc", 
-					 "hdb-ldap-create-base", NULL);
-    if (create_base == NULL)
-	create_base = h->h_base;
-
-    h->h_createbase = strdup(create_base);
-    if (h->h_createbase == NULL) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = LDAP_open;
-    (*db)->hdb_close = LDAP_close;
-    (*db)->hdb_fetch = LDAP_fetch;
-    (*db)->hdb_store = LDAP_store;
-    (*db)->hdb_remove = LDAP_remove;
-    (*db)->hdb_firstkey = LDAP_firstkey;
-    (*db)->hdb_nextkey = LDAP_nextkey;
-    (*db)->hdb_lock = LDAP_lock;
-    (*db)->hdb_unlock = LDAP_unlock;
-    (*db)->hdb_rename = NULL;
-    (*db)->hdb__get = NULL;
-    (*db)->hdb__put = NULL;
-    (*db)->hdb__del = NULL;
-    (*db)->hdb_destroy = LDAP_destroy;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
-{
-    return hdb_ldap_common(context, db, arg, "ldapi:///");
-}
-
-krb5_error_code
-hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg)
-{
-    krb5_error_code ret;
-    char *search_base, *p;
-
-    asprintf(&p, "ldapi:%s", arg);
-    if (p == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-    search_base = strchr(p + strlen("ldapi://"), ':');
-    if (search_base == NULL) {
-	krb5_set_error_string(context, "search base missing");
-	*db = NULL;
-	return HDB_ERR_BADVERSION;
-    }
-    *search_base = '\0';
-    search_base++;
-
-    ret = hdb_ldap_common(context, db, search_base, p);
-    free(p);
-    return ret;
-}
-
-#ifdef OPENLDAP_MODULE
-
-struct hdb_so_method hdb_ldap_interface = {
-    HDB_INTERFACE_VERSION,
-    "ldap",
-    hdb_ldap_create
-};
-
-struct hdb_so_method hdb_ldapi_interface = {
-    HDB_INTERFACE_VERSION,
-    "ldapi",
-    hdb_ldapi_create
-};
-
-#endif
-
-#endif				/* OPENLDAP */
diff --git a/crypto/heimdal/lib/hdb/hdb-private.h b/crypto/heimdal/lib/hdb/hdb-private.h
deleted file mode 100644
index 5147d8b..0000000
--- a/crypto/heimdal/lib/hdb/hdb-private.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_private_h__
-#define __hdb_private_h__
-
-#include <stdarg.h>
-
-krb5_error_code
-_hdb_fetch (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_const_principal /*principal*/,
-	unsigned /*flags*/,
-	hdb_entry_ex */*entry*/);
-
-hdb_master_key
-_hdb_find_master_key (
-	uint32_t */*mkvno*/,
-	hdb_master_key /*mkey*/);
-
-int
-_hdb_mkey_decrypt (
-	krb5_context /*context*/,
-	hdb_master_key /*key*/,
-	krb5_key_usage /*usage*/,
-	void */*ptr*/,
-	size_t /*size*/,
-	krb5_data */*res*/);
-
-int
-_hdb_mkey_encrypt (
-	krb5_context /*context*/,
-	hdb_master_key /*key*/,
-	krb5_key_usage /*usage*/,
-	const void */*ptr*/,
-	size_t /*size*/,
-	krb5_data */*res*/);
-
-int
-_hdb_mkey_version (hdb_master_key /*mkey*/);
-
-krb5_error_code
-_hdb_remove (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_const_principal /*principal*/);
-
-krb5_error_code
-_hdb_store (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_entry_ex */*entry*/);
-
-#endif /* __hdb_private_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb-protos.h b/crypto/heimdal/lib/hdb/hdb-protos.h
deleted file mode 100644
index 4c3d3eb..0000000
--- a/crypto/heimdal/lib/hdb/hdb-protos.h
+++ /dev/null
@@ -1,400 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_protos_h__
-#define __hdb_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-krb5_error_code
-hdb_add_master_key (
-	krb5_context /*context*/,
-	krb5_keyblock */*key*/,
-	hdb_master_key */*inout*/);
-
-krb5_error_code
-hdb_check_db_format (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_clear_extension (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	int /*type*/);
-
-krb5_error_code
-hdb_clear_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_db_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-const char *
-hdb_db_dir (krb5_context /*context*/);
-
-const char *
-hdb_dbinfo_get_acl_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const krb5_config_binding *
-hdb_dbinfo_get_binding (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_dbname (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_label (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_log_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_mkey_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-struct hdb_dbinfo *
-hdb_dbinfo_get_next (
-	struct hdb_dbinfo */*dbp*/,
-	struct hdb_dbinfo */*dbprevp*/);
-
-const char *
-hdb_dbinfo_get_realm (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_default_db (krb5_context /*context*/);
-
-krb5_error_code
-hdb_enctype2key (
-	krb5_context /*context*/,
-	hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-krb5_error_code
-hdb_entry2string (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	char **/*str*/);
-
-int
-hdb_entry2value (
-	krb5_context /*context*/,
-	const hdb_entry */*ent*/,
-	krb5_data */*value*/);
-
-int
-hdb_entry_alias2value (
-	krb5_context /*context*/,
-	const hdb_entry_alias */*alias*/,
-	krb5_data */*value*/);
-
-krb5_error_code
-hdb_entry_check_mandatory (
-	krb5_context /*context*/,
-	const hdb_entry */*ent*/);
-
-int
-hdb_entry_clear_password (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/);
-
-krb5_error_code
-hdb_entry_get_ConstrainedDelegACL (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_Constrained_delegation_acl **/*a*/);
-
-krb5_error_code
-hdb_entry_get_aliases (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_Aliases **/*a*/);
-
-int
-hdb_entry_get_password (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	const hdb_entry */*entry*/,
-	char **/*p*/);
-
-krb5_error_code
-hdb_entry_get_pkinit_acl (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_PKINIT_acl **/*a*/);
-
-krb5_error_code
-hdb_entry_get_pkinit_hash (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_PKINIT_hash **/*a*/);
-
-krb5_error_code
-hdb_entry_get_pw_change_time (
-	const hdb_entry */*entry*/,
-	time_t */*t*/);
-
-int
-hdb_entry_set_password (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*entry*/,
-	const char */*p*/);
-
-krb5_error_code
-hdb_entry_set_pw_change_time (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	time_t /*t*/);
-
-HDB_extension *
-hdb_find_extension (
-	const hdb_entry */*entry*/,
-	int /*type*/);
-
-krb5_error_code
-hdb_foreach (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_foreach_func_t /*func*/,
-	void */*data*/);
-
-void
-hdb_free_dbinfo (
-	krb5_context /*context*/,
-	struct hdb_dbinfo **/*dbp*/);
-
-void
-hdb_free_entry (
-	krb5_context /*context*/,
-	hdb_entry_ex */*ent*/);
-
-void
-hdb_free_key (Key */*key*/);
-
-void
-hdb_free_keys (
-	krb5_context /*context*/,
-	int /*len*/,
-	Key */*keys*/);
-
-void
-hdb_free_master_key (
-	krb5_context /*context*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_generate_key_set (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	Key **/*ret_key_set*/,
-	size_t */*nkeyset*/,
-	int /*no_salt*/);
-
-krb5_error_code
-hdb_generate_key_set_password (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*password*/,
-	Key **/*keys*/,
-	size_t */*num_keys*/);
-
-int
-hdb_get_dbinfo (
-	krb5_context /*context*/,
-	struct hdb_dbinfo **/*dbp*/);
-
-krb5_error_code
-hdb_init_db (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-int
-hdb_key2principal (
-	krb5_context /*context*/,
-	krb5_data */*key*/,
-	krb5_principal /*p*/);
-
-krb5_error_code
-hdb_ldap_common (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*search_base*/,
-	const char */*url*/);
-
-krb5_error_code
-hdb_ldap_create (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*arg*/);
-
-krb5_error_code
-hdb_ldapi_create (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*arg*/);
-
-krb5_error_code
-hdb_list_builtin (
-	krb5_context /*context*/,
-	char **/*list*/);
-
-krb5_error_code
-hdb_lock (
-	int /*fd*/,
-	int /*operation*/);
-
-krb5_error_code
-hdb_ndbm_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_next_enctype2key (
-	krb5_context /*context*/,
-	const hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-int
-hdb_principal2key (
-	krb5_context /*context*/,
-	krb5_const_principal /*p*/,
-	krb5_data */*key*/);
-
-krb5_error_code
-hdb_print_entry (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry_ex */*entry*/,
-	void */*data*/);
-
-krb5_error_code
-hdb_process_master_key (
-	krb5_context /*context*/,
-	int /*kvno*/,
-	krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_read_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_replace_extension (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	const HDB_extension */*ext*/);
-
-krb5_error_code
-hdb_seal_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	Key */*k*/);
-
-krb5_error_code
-hdb_seal_key_mkey (
-	krb5_context /*context*/,
-	Key */*k*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_seal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_seal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_set_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-hdb_set_master_keyfile (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	const char */*keyfile*/);
-
-krb5_error_code
-hdb_unlock (int /*fd*/);
-
-krb5_error_code
-hdb_unseal_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	Key */*k*/);
-
-krb5_error_code
-hdb_unseal_key_mkey (
-	krb5_context /*context*/,
-	Key */*k*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_unseal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_unseal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-int
-hdb_value2entry (
-	krb5_context /*context*/,
-	krb5_data */*value*/,
-	hdb_entry */*ent*/);
-
-int
-hdb_value2entry_alias (
-	krb5_context /*context*/,
-	krb5_data */*value*/,
-	hdb_entry_alias */*ent*/);
-
-krb5_error_code
-hdb_write_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key /*mkey*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __hdb_protos_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb.asn1 b/crypto/heimdal/lib/hdb/hdb.asn1
deleted file mode 100644
index acd8f61..0000000
--- a/crypto/heimdal/lib/hdb/hdb.asn1
+++ /dev/null
@@ -1,127 +0,0 @@
--- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $
-HDB DEFINITIONS ::=
-BEGIN
-
-IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5;
-
-HDB_DB_FORMAT INTEGER ::= 2	-- format of database, 
-				-- update when making changes
-
--- these must have the same value as the pa-* counterparts
-hdb-pw-salt	INTEGER	::= 3
-hdb-afs3-salt	INTEGER	::= 10
-
-Salt ::= SEQUENCE {
-	type[0]		INTEGER (0..4294967295),
-	salt[1]		OCTET STRING
-}
-
-Key ::= SEQUENCE {
-	mkvno[0]	INTEGER (0..4294967295) OPTIONAL, -- master key version number
-	key[1]		EncryptionKey,
-	salt[2]		Salt OPTIONAL
-}
-
-Event ::= SEQUENCE {
-	time[0]		KerberosTime,
-	principal[1]	Principal OPTIONAL
-}
-
-HDBFlags ::= BIT STRING {
-	initial(0),			-- require as-req
-	forwardable(1),			-- may issue forwardable
-	proxiable(2),			-- may issue proxiable
-	renewable(3),			-- may issue renewable
-	postdate(4),			-- may issue postdatable
-	server(5),			-- may be server
-	client(6),			-- may be client
-	invalid(7),			-- entry is invalid
-	require-preauth(8),		-- must use preauth
-	change-pw(9),			-- change password service
-	require-hwauth(10),		-- must use hwauth
-	ok-as-delegate(11),		-- as in TicketFlags
-	user-to-user(12),		-- may use user-to-user auth
-	immutable(13),			-- may not be deleted
-	trusted-for-delegation(14),	-- Trusted to print forwardabled tickets
-	allow-kerberos4(15),		-- Allow Kerberos 4 requests
-	allow-digest(16)		-- Allow digest requests
-}
-
-GENERATION ::= SEQUENCE {
-	time[0]		KerberosTime,			-- timestamp
-	usec[1]		INTEGER (0..4294967295),	-- microseconds
-	gen[2]		INTEGER (0..4294967295)		-- generation number
-}
-
-HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
-	subject[0]	UTF8String,
-	issuer[1]	UTF8String OPTIONAL,
-	anchor[2]	UTF8String OPTIONAL
-}
-
-HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
-	digest-type[0] OBJECT IDENTIFIER,
-	digest[1] OCTET STRING
-}
-
-HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
-
--- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA
-
-HDB-Ext-Lan-Manager-OWF ::= OCTET STRING
-
-HDB-Ext-Password ::= SEQUENCE {
-	mkvno[0]	INTEGER (0..4294967295) OPTIONAL, -- master key version number
-	password	OCTET STRING
-}
-
-HDB-Ext-Aliases ::= SEQUENCE {
-	case-insensitive[0]	BOOLEAN, -- case insensitive name allowed
-	aliases[1]		SEQUENCE OF Principal -- all names, inc primary
-}
-
-
-HDB-extension ::= SEQUENCE {
-        mandatory[0]    BOOLEAN,        -- kdc MUST understand this extension,
-                                        --   if not the whole entry must
-                                        --   be rejected
-        data[1]          CHOICE {
-	        pkinit-acl[0]			HDB-Ext-PKINIT-acl,
-	        pkinit-cert-hash[1]  		HDB-Ext-PKINIT-hash,
-		allowed-to-delegate-to[2]   HDB-Ext-Constrained-delegation-acl,
---		referral-info[3]		HDB-Ext-Referrals,
-		lm-owf[4]			HDB-Ext-Lan-Manager-OWF,
-		password[5]			HDB-Ext-Password,
-		aliases[6]			HDB-Ext-Aliases,
-		last-pw-change[7]		KerberosTime,
-		...
-	},
-	...
-}
-
-HDB-extensions ::= SEQUENCE OF HDB-extension
-
-
-hdb_entry ::= SEQUENCE {
-	principal[0]	Principal  OPTIONAL, -- this is optional only 
-					     -- for compatibility with libkrb5
-	kvno[1]		INTEGER (0..4294967295),
-	keys[2]		SEQUENCE OF Key,
-	created-by[3]	Event,
-	modified-by[4]	Event OPTIONAL,
-	valid-start[5]	KerberosTime OPTIONAL,
-	valid-end[6]	KerberosTime OPTIONAL,
-	pw-end[7]	KerberosTime OPTIONAL,
-	max-life[8]	INTEGER (0..4294967295) OPTIONAL,
-	max-renew[9]	INTEGER (0..4294967295) OPTIONAL,
-	flags[10]	HDBFlags,
-	etypes[11]	SEQUENCE OF INTEGER (0..4294967295) OPTIONAL,
-	generation[12]	GENERATION OPTIONAL,
-        extensions[13]  HDB-extensions OPTIONAL
-}
-
-hdb_entry_alias ::= [APPLICATION 0] SEQUENCE {
-	principal[0]	Principal  OPTIONAL
-}
-
-END
diff --git a/crypto/heimdal/lib/hdb/hdb.c b/crypto/heimdal/lib/hdb/hdb.c
deleted file mode 100644
index a515709..0000000
--- a/crypto/heimdal/lib/hdb/hdb.c
+++ /dev/null
@@ -1,412 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $");
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-struct hdb_method {
-    const char *prefix;
-    krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
-static struct hdb_method methods[] = {
-#if HAVE_DB1 || HAVE_DB3
-    {"db:",	hdb_db_create},
-#endif
-#if HAVE_NDBM
-    {"ndbm:",	hdb_ndbm_create},
-#endif
-#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
-    {"ldap:",	hdb_ldap_create},
-    {"ldapi:",	hdb_ldapi_create},
-#endif
-#ifdef HAVE_LDB /* Used for integrated samba build */
-    {"ldb:",	hdb_ldb_create},
-#endif
-    {NULL,	NULL}
-};
-
-#if HAVE_DB1 || HAVE_DB3
-static struct hdb_method dbmetod = {"",	hdb_db_create };
-#elif defined(HAVE_NDBM)
-static struct hdb_method dbmetod = {"",	hdb_ndbm_create };
-#endif
-
-
-krb5_error_code
-hdb_next_enctype2key(krb5_context context,
-		     const hdb_entry *e,
-		     krb5_enctype enctype,
-		     Key **key)
-{
-    Key *k;
-    
-    for (k = *key ? (*key) + 1 : e->keys.val;
-	 k < e->keys.val + e->keys.len; 
-	 k++) 
-    {
-	if(k->key.keytype == enctype){
-	    *key = k;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "No next enctype %d for hdb-entry", 
-			  (int)enctype);
-    return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
-}
-
-krb5_error_code
-hdb_enctype2key(krb5_context context, 
-		hdb_entry *e, 
-		krb5_enctype enctype, 
-		Key **key)
-{
-    *key = NULL;
-    return hdb_next_enctype2key(context, e, enctype, key);
-}
-
-void
-hdb_free_key(Key *key)
-{
-    memset(key->key.keyvalue.data, 
-	   0,
-	   key->key.keyvalue.length);
-    free_Key(key);
-    free(key);
-}
-
-
-krb5_error_code
-hdb_lock(int fd, int operation)
-{
-    int i, code = 0;
-
-    for(i = 0; i < 3; i++){
-	code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB);
-	if(code == 0 || errno != EWOULDBLOCK)
-	    break;
-	sleep(1);
-    }
-    if(code == 0)
-	return 0;
-    if(errno == EWOULDBLOCK)
-	return HDB_ERR_DB_INUSE;
-    return HDB_ERR_CANT_LOCK_DB;
-}
-
-krb5_error_code
-hdb_unlock(int fd)
-{
-    int code;
-    code = flock(fd, LOCK_UN);
-    if(code)
-	return 4711 /* XXX */;
-    return 0;
-}
-
-void
-hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
-{
-    int i;
-
-    if (ent->free_entry)
-	(*ent->free_entry)(context, ent);
-
-    for(i = 0; i < ent->entry.keys.len; ++i) {
-	Key *k = &ent->entry.keys.val[i];
-
-	memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    }
-    free_hdb_entry(&ent->entry);
-}
-
-krb5_error_code
-hdb_foreach(krb5_context context,
-	    HDB *db,
-	    unsigned flags,
-	    hdb_foreach_func_t func,
-	    void *data)
-{
-    krb5_error_code ret;
-    hdb_entry_ex entry;
-    ret = db->hdb_firstkey(context, db, flags, &entry);
-    if (ret == 0)
-	krb5_clear_error_string(context);
-    while(ret == 0){
-	ret = (*func)(context, db, &entry, data);
-	hdb_free_entry(context, &entry);
-	if(ret == 0)
-	    ret = db->hdb_nextkey(context, db, flags, &entry);
-    }
-    if(ret == HDB_ERR_NOENTRY)
-	ret = 0;
-    return ret;
-}
-
-krb5_error_code
-hdb_check_db_format(krb5_context context, HDB *db)
-{
-    krb5_data tag;
-    krb5_data version;
-    krb5_error_code ret, ret2;
-    unsigned ver;
-    int foo;
-
-    ret = db->hdb_lock(context, db, HDB_RLOCK);
-    if (ret)
-	return ret;
-
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    ret = (*db->hdb__get)(context, db, tag, &version);
-    ret2 = db->hdb_unlock(context, db);
-    if(ret)
-	return ret;
-    if (ret2)
-	return ret2;
-    foo = sscanf(version.data, "%u", &ver);
-    krb5_data_free (&version);
-    if (foo != 1)
-	return HDB_ERR_BADVERSION;
-    if(ver != HDB_DB_FORMAT)
-	return HDB_ERR_BADVERSION;
-    return 0;
-}
-
-krb5_error_code
-hdb_init_db(krb5_context context, HDB *db)
-{
-    krb5_error_code ret, ret2;
-    krb5_data tag;
-    krb5_data version;
-    char ver[32];
-    
-    ret = hdb_check_db_format(context, db);
-    if(ret != HDB_ERR_NOENTRY)
-	return ret;
-    
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if (ret)
-	return ret;
-
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
-    version.data = ver;
-    version.length = strlen(version.data) + 1; /* zero terminated */
-    ret = (*db->hdb__put)(context, db, 0, tag, version);
-    ret2 = db->hdb_unlock(context, db);
-    if (ret) {
-	if (ret2)
-	    krb5_clear_error_string(context);
-	return ret;
-    }
-    return ret2;
-}
-
-#ifdef HAVE_DLOPEN
-
- /*
- * Load a dynamic backend from /usr/heimdal/lib/hdb_NAME.so,
- * looking for the hdb_NAME_create symbol.
- */
-
-static const struct hdb_method *
-find_dynamic_method (krb5_context context,
-		     const char *filename, 
-		     const char **rest)
-{
-    static struct hdb_method method;
-    struct hdb_so_method *mso;
-    char *prefix, *path, *symbol;
-    const char *p;
-    void *dl;
-    size_t len;
-    
-    p = strchr(filename, ':');
-
-    /* if no prefix, don't know what module to load, just ignore it */
-    if (p == NULL)
-	return NULL;
-
-    len = p - filename;
-    *rest = filename + len + 1;
-    
-    prefix = strndup(filename, len);
-    if (prefix == NULL)
-	krb5_errx(context, 1, "out of memory");
-    
-    if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1)
-	krb5_errx(context, 1, "out of memory");
-
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-    dl = dlopen(path, RTLD_NOW | RTLD_GLOBAL);
-    if (dl == NULL) {
-	krb5_warnx(context, "error trying to load dynamic module %s: %s\n",
-		   path, dlerror());
-	free(prefix);
-	free(path);
-	return NULL;
-    }
-    
-    if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
-	krb5_errx(context, 1, "out of memory");
-	
-    mso = dlsym(dl, symbol);
-    if (mso == NULL) {
-	krb5_warnx(context, "error finding symbol %s in %s: %s\n", 
-		   symbol, path, dlerror());
-	dlclose(dl);
-	free(symbol);
-	free(prefix);
-	free(path);
-	return NULL;
-    }
-    free(path);
-    free(symbol);
-
-    if (mso->version != HDB_INTERFACE_VERSION) {
-	krb5_warnx(context, 
-		   "error wrong version in shared module %s "
-		   "version: %d should have been %d\n", 
-		   prefix, mso->version, HDB_INTERFACE_VERSION);
-	dlclose(dl);
-	free(prefix);
-	return NULL;
-    }
-
-    if (mso->create == NULL) {
-	krb5_errx(context, 1,
-		  "no entry point function in shared mod %s ",
-		   prefix);
-	dlclose(dl);
-	free(prefix);
-	return NULL;
-    }
-
-    method.create = mso->create;
-    method.prefix = prefix;
-
-    return &method;
-}
-#endif /* HAVE_DLOPEN */
-
-/*
- * find the relevant method for `filename', returning a pointer to the
- * rest in `rest'.
- * return NULL if there's no such method.
- */
-
-static const struct hdb_method *
-find_method (const char *filename, const char **rest)
-{
-    const struct hdb_method *h;
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) {
-	    *rest = filename + strlen(h->prefix);
-	    return h;
-	}
-    }
-#if defined(HAVE_DB1) || defined(HAVE_DB3) || defined(HAVE_NDBM)
-    if (strncmp(filename, "/", 1) == 0
-	|| strncmp(filename, "./", 2) == 0
-	|| strncmp(filename, "../", 3) == 0)
-    {
-	*rest = filename;
-	return &dbmetod;
-    }
-#endif
-
-    return NULL;
-}
-
-krb5_error_code
-hdb_list_builtin(krb5_context context, char **list)
-{
-    const struct hdb_method *h;
-    size_t len = 0;
-    char *buf = NULL;
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (h->prefix[0] == '\0')
-	    continue;
-	len += strlen(h->prefix) + 2;
-    }
-
-    len += 1;
-    buf = malloc(len);
-    if (buf == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    buf[0] = '\0';
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (h != methods)
-	    strlcat(buf, ", ", len);
-	strlcat(buf, h->prefix, len);
-    }
-    *list = buf;
-    return 0;
-}
-
-krb5_error_code
-hdb_create(krb5_context context, HDB **db, const char *filename)
-{
-    const struct hdb_method *h;
-    const char *residual;
-
-    if(filename == NULL)
-	filename = HDB_DEFAULT_DB;
-    krb5_add_et_list(context, initialize_hdb_error_table_r);
-    h = find_method (filename, &residual);
-#ifdef HAVE_DLOPEN
-    if (h == NULL)
-	h = find_dynamic_method (context, filename, &residual);
-#endif
-    if (h == NULL)
-	krb5_errx(context, 1, "No database support for %s", filename);
-    return (*h->create)(context, db, residual);
-}
diff --git a/crypto/heimdal/lib/hdb/hdb.h b/crypto/heimdal/lib/hdb/hdb.h
deleted file mode 100644
index 742b924..0000000
--- a/crypto/heimdal/lib/hdb/hdb.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */
-
-#ifndef __HDB_H__
-#define __HDB_H__
-
-#include <hdb_err.h>
-
-#include <heim_asn1.h>
-#include <hdb_asn1.h>
-
-struct hdb_dbinfo;
-
-enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
-
-/* flags for various functions */
-#define HDB_F_DECRYPT		1	/* decrypt keys */
-#define HDB_F_REPLACE		2	/* replace entry */
-#define HDB_F_GET_CLIENT	4	/* fetch client */
-#define HDB_F_GET_SERVER	8	/* fetch server */
-#define HDB_F_GET_KRBTGT	16	/* fetch krbtgt */
-#define HDB_F_GET_ANY		28	/* fetch any of client,server,krbtgt */
-#define HDB_F_CANON		32	/* want canonicalition */
-
-/* key usage for master key */
-#define HDB_KU_MKEY	0x484442
-
-typedef struct hdb_master_key_data *hdb_master_key;
-
-typedef struct hdb_entry_ex {
-    void *ctx;
-    hdb_entry entry;
-    void (*free_entry)(krb5_context, struct hdb_entry_ex *);
-} hdb_entry_ex;
-
-
-typedef struct HDB{
-    void *hdb_db;
-    void *hdb_dbc;
-    char *hdb_name;
-    int hdb_master_key_set;
-    hdb_master_key hdb_master_key;
-    int hdb_openp;
-
-    krb5_error_code (*hdb_open)(krb5_context,
-				struct HDB*,
-				int,
-				mode_t);
-    krb5_error_code (*hdb_close)(krb5_context, 
-				 struct HDB*);
-    void	    (*hdb_free)(krb5_context,
-				struct HDB*,
-				hdb_entry_ex*);
-    krb5_error_code (*hdb_fetch)(krb5_context,
-				 struct HDB*,
-				 krb5_const_principal,
-				 unsigned,
-				 hdb_entry_ex*);
-    krb5_error_code (*hdb_store)(krb5_context,
-				 struct HDB*,
-				 unsigned,
-				 hdb_entry_ex*);
-    krb5_error_code (*hdb_remove)(krb5_context,
-				  struct HDB*,
-				  krb5_const_principal);
-    krb5_error_code (*hdb_firstkey)(krb5_context,
-				    struct HDB*,
-				    unsigned,
-				    hdb_entry_ex*);
-    krb5_error_code (*hdb_nextkey)(krb5_context,
-				   struct HDB*,
-				   unsigned,
-				   hdb_entry_ex*);
-    krb5_error_code (*hdb_lock)(krb5_context,
-				struct HDB*,
-				int operation);
-    krb5_error_code (*hdb_unlock)(krb5_context,
-				  struct HDB*);
-    krb5_error_code (*hdb_rename)(krb5_context,
-				  struct HDB*,
-				  const char*);
-    krb5_error_code (*hdb__get)(krb5_context,
-				struct HDB*,
-				krb5_data,
-				krb5_data*);
-    krb5_error_code (*hdb__put)(krb5_context,
-				struct HDB*,
-				int, 
-				krb5_data,
-				krb5_data);
-    krb5_error_code (*hdb__del)(krb5_context, 
-				struct HDB*,
-				krb5_data);
-    krb5_error_code (*hdb_destroy)(krb5_context,
-				   struct HDB*);
-}HDB;
-
-#define HDB_INTERFACE_VERSION	4
-
-struct hdb_so_method {
-    int version;
-    const char *prefix;
-    krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
-typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
-					      hdb_entry_ex*, void*);
-extern krb5_kt_ops hdb_kt_ops;
-
-#include <hdb-protos.h>
-
-#endif /* __HDB_H__ */
diff --git a/crypto/heimdal/lib/hdb/hdb.schema b/crypto/heimdal/lib/hdb/hdb.schema
deleted file mode 100644
index 6e5c0f7..0000000
--- a/crypto/heimdal/lib/hdb/hdb.schema
+++ /dev/null
@@ -1,139 +0,0 @@
-# Definitions for a Kerberos V KDC schema
-#
-# $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $
-#
-# This version is compatible with OpenLDAP 1.8
-#
-# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
-#
-# Syntaxes are under 1.3.6.1.4.1.5322.10.0
-# Attributes types are under 1.3.6.1.4.1.5322.10.1
-# Object classes are under 1.3.6.1.4.1.5322.10.2
-
-# Syntax definitions
-
-#krb5KDCFlagsSyntax SYNTAX ::= {
-#   WITH SYNTAX            INTEGER
-#--        initial(0),             -- require as-req
-#--        forwardable(1),         -- may issue forwardable
-#--        proxiable(2),           -- may issue proxiable
-#--        renewable(3),           -- may issue renewable
-#--        postdate(4),            -- may issue postdatable
-#--        server(5),              -- may be server
-#--        client(6),              -- may be client
-#--        invalid(7),             -- entry is invalid
-#--        require-preauth(8),     -- must use preauth
-#--        change-pw(9),           -- change password service
-#--        require-hwauth(10),     -- must use hwauth
-#--        ok-as-delegate(11),     -- as in TicketFlags
-#--        user-to-user(12),       -- may use user-to-user auth
-#--        immutable(13)           -- may not be deleted         
-#   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
-#}
-
-#krb5PrincipalNameSyntax SYNTAX ::= {
-#   WITH SYNTAX            OCTET STRING
-#-- String representations of distinguished names as per RFC1510
-#   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
-#}
-
-# Attribute type definitions
- 
-attributetype ( 1.3.6.1.4.1.5322.10.1.1
-	NAME 'krb5PrincipalName'
-	DESC 'The unparsed Kerberos principal name'
-	EQUALITY caseExactIA5Match
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.2
-	NAME 'krb5KeyVersionNumber'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.3
-	NAME 'krb5MaxLife'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.4
-	NAME 'krb5MaxRenew'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.5
-	NAME 'krb5KDCFlags'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.6
-	NAME 'krb5EncryptionType'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.7
-	NAME 'krb5ValidStart'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.8
-	NAME 'krb5ValidEnd'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.9
-	NAME 'krb5PasswordEnd'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-# this is temporary; keys will eventually
-# be child entries or compound attributes.
-attributetype ( 1.3.6.1.4.1.5322.10.1.10
-	NAME 'krb5Key'
-	DESC 'Encoded ASN1 Key as an octet string'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.11
-	NAME 'krb5PrincipalRealm'
-	DESC 'Distinguished name of krb5Realm entry'
-	SUP distinguishedName )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.12
-	NAME 'krb5RealmName'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-
-# Object class definitions
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.1
-	NAME 'krb5Principal'
-	SUP top
-	AUXILIARY
-	MUST ( krb5PrincipalName )
-	MAY ( cn $ krb5PrincipalRealm ) )
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.2
-	NAME 'krb5KDCEntry'
-	SUP krb5Principal
-	AUXILIARY
-	MUST ( krb5KeyVersionNumber )
-	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
-              krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
-              krb5EncryptionType $ krb5Key ) )
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.3
-	NAME 'krb5Realm'
-	SUP top
-	AUXILIARY
-	MUST ( krb5RealmName ) )
-
diff --git a/crypto/heimdal/lib/hdb/hdb_err.et b/crypto/heimdal/lib/hdb/hdb_err.et
deleted file mode 100644
index 5c5b80b..0000000
--- a/crypto/heimdal/lib/hdb/hdb_err.et
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# Error messages for the hdb library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $"
-
-error_table hdb
-
-prefix HDB_ERR
-
-index 1
-#error_code INUSE,		"Entry already exists in database"
-error_code UK_SERROR,		"Database store error"
-error_code UK_RERROR,		"Database read error"
-error_code NOENTRY,		"No such entry in the database"
-error_code DB_INUSE,		"Database is locked or in use--try again later"
-error_code DB_CHANGED,		"Database was modified during read"
-error_code RECURSIVELOCK,	"Attempt to lock database twice"
-error_code NOTLOCKED,		"Attempt to unlock database when not locked"
-error_code BADLOCKMODE,		"Invalid kdb lock mode"
-error_code CANT_LOCK_DB,	"Insufficient access to lock database"
-error_code EXISTS,		"Entry already exists in database"
-error_code BADVERSION,		"Wrong database version"
-error_code NO_MKEY,		"No correct master key"
-error_code MANDATORY_OPTION,	"Entry contains unknown mandatory extension"
-
-end
diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h
deleted file mode 100644
index abb4cd4..0000000
--- a/crypto/heimdal/lib/hdb/hdb_locl.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
-
-#ifndef __HDB_LOCL_H__
-#define __HDB_LOCL_H__
-
-#include <config.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <roken.h>
-
-#include "crypto-headers.h"
-#include <krb5.h>
-#include <hdb.h>
-#include <hdb-private.h>
-
-#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
-#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
-
-#endif /* __HDB_LOCL_H__ */
diff --git a/crypto/heimdal/lib/hdb/keys.c b/crypto/heimdal/lib/hdb/keys.c
deleted file mode 100644
index 60a5867..0000000
--- a/crypto/heimdal/lib/hdb/keys.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * free all the memory used by (len, keys)
- */
-
-void
-hdb_free_keys (krb5_context context, int len, Key *keys)
-{
-    int i;
-
-    for (i = 0; i < len; i++) {
-	free(keys[i].mkvno);
-	keys[i].mkvno = NULL;
-	if (keys[i].salt != NULL) {
-	    free_Salt(keys[i].salt);
-	    free(keys[i].salt);
-	    keys[i].salt = NULL;
-	}
-	krb5_free_keyblock_contents(context, &keys[i].key);
-    }
-    free (keys);
-}
-
-/* 
- * for each entry in `default_keys' try to parse it as a sequence
- * of etype:salttype:salt, syntax of this if something like:
- * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
- *      means all etypes, and if string is omitted is means the default
- * string (for that principal). Additional special values:
- *	v5 == pw-salt, and
- *	v4 == des:pw-salt:
- *	afs or afs3 == des:afs3-salt
- */
-
-/* the 3 DES types must be first */
-static const krb5_enctype all_etypes[] = { 
-    ETYPE_DES_CBC_MD5,
-    ETYPE_DES_CBC_MD4,
-    ETYPE_DES_CBC_CRC,
-    ETYPE_AES256_CTS_HMAC_SHA1_96,
-    ETYPE_ARCFOUR_HMAC_MD5,
-    ETYPE_DES3_CBC_SHA1
-};
-
-static krb5_error_code
-parse_key_set(krb5_context context, const char *key, 
-	      krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, 
-	      krb5_salt *salt, krb5_principal principal)
-{
-    const char *p;
-    char buf[3][256];
-    int num_buf = 0;
-    int i, num_enctypes = 0;
-    krb5_enctype e;
-    const krb5_enctype *enctypes = NULL;
-    krb5_error_code ret;
-    
-    p = key;
-
-    *ret_enctypes = NULL;
-    *ret_num_enctypes = 0;
-
-    /* split p in a list of :-separated strings */
-    for(num_buf = 0; num_buf < 3; num_buf++)
-	if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1)
-	    break;
-
-    salt->saltvalue.data = NULL;
-    salt->saltvalue.length = 0;
-
-    for(i = 0; i < num_buf; i++) {
-	if(enctypes == NULL && num_buf > 1) {
-	    /* this might be a etype specifier */
-	    /* XXX there should be a string_to_etypes handling
-	       special cases like `des' and `all' */
-	    if(strcmp(buf[i], "des") == 0) {
-		enctypes = all_etypes;
-		num_enctypes = 3;
-	    } else if(strcmp(buf[i], "des3") == 0) {
-		e = ETYPE_DES3_CBC_SHA1;
-		enctypes = &e;
-		num_enctypes = 1;
-	    } else {
-		ret = krb5_string_to_enctype(context, buf[i], &e);
-		if (ret == 0) {
-		    enctypes = &e;
-		    num_enctypes = 1;
-		} else
-		    return ret;
-	    }
-	    continue;
-	}
-	if(salt->salttype == 0) {
-	    /* interpret string as a salt specifier, if no etype
-	       is set, this sets default values */
-	    /* XXX should perhaps use string_to_salttype, but that
-	       interface sucks */
-	    if(strcmp(buf[i], "pw-salt") == 0) {
-		if(enctypes == NULL) {
-		    enctypes = all_etypes;
-		    num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]);
-		}
-		salt->salttype = KRB5_PW_SALT;
-	    } else if(strcmp(buf[i], "afs3-salt") == 0) {
-		if(enctypes == NULL) {
-		    enctypes = all_etypes;
-		    num_enctypes = 3;
-		}
-		salt->salttype = KRB5_AFS3_SALT;
-	    }
-	    continue;
-	}
-
-	{
-	    /* if there is a final string, use it as the string to
-	       salt with, this is mostly useful with null salt for
-	       v4 compat, and a cell name for afs compat */
-	    salt->saltvalue.data = strdup(buf[i]);
-	    if (salt->saltvalue.data == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		return ENOMEM;
-	    }
-	    salt->saltvalue.length = strlen(buf[i]);
-	}
-    }
-    
-    if(enctypes == NULL || salt->salttype == 0) {
-	krb5_set_error_string(context, "bad value for default_keys `%s'", key);
-	return EINVAL;
-    }
-    
-    /* if no salt was specified make up default salt */
-    if(salt->saltvalue.data == NULL) {
-	if(salt->salttype == KRB5_PW_SALT)
-	    ret = krb5_get_pw_salt(context, principal, salt);
-	else if(salt->salttype == KRB5_AFS3_SALT) {
-	    krb5_realm *realm = krb5_princ_realm(context, principal);
-	    salt->saltvalue.data = strdup(*realm);
-	    if(salt->saltvalue.data == NULL) {
-		krb5_set_error_string(context, "out of memory while "
-				      "parsing salt specifiers");
-		return ENOMEM;
-	    }
-	    strlwr(salt->saltvalue.data);
-	    salt->saltvalue.length = strlen(*realm);
-	}
-    }
-
-    *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes);
-    if (*ret_enctypes == NULL) {
-	krb5_free_salt(context, *salt);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes);
-    *ret_num_enctypes = num_enctypes;
-
-    return 0;
-}
-
-static krb5_error_code
-add_enctype_to_key_set(Key **key_set, size_t *nkeyset, 
-		       krb5_enctype enctype, krb5_salt *salt)
-{
-    krb5_error_code ret;
-    Key key, *tmp;
-
-    memset(&key, 0, sizeof(key));
-
-    tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0]));
-    if (tmp == NULL)
-	return ENOMEM;
-    
-    *key_set = tmp;
-
-    key.key.keytype = enctype;
-    key.key.keyvalue.length = 0;
-    key.key.keyvalue.data = NULL;
-    
-    if (salt) {
-	key.salt = malloc(sizeof(*key.salt));
-	if (key.salt == NULL) {
-	    free_Key(&key);
-	    return ENOMEM;
-	}
-	
-	key.salt->type = salt->salttype;
-	krb5_data_zero (&key.salt->salt);
-	
-	ret = krb5_data_copy(&key.salt->salt, 
-			     salt->saltvalue.data, 
-			     salt->saltvalue.length);
-	if (ret) {
-	    free_Key(&key);
-	    return ret;
-	}
-    } else
-	key.salt = NULL;
-    
-    (*key_set)[*nkeyset] = key;
-    
-    *nkeyset += 1;
-
-    return 0;
-}
-
-
-/*
- * Generate the `key_set' from the [kadmin]default_keys statement. If
- * `no_salt' is set, salt is not important (and will not be set) since
- * it's random keys that is going to be created.
- */
-
-krb5_error_code
-hdb_generate_key_set(krb5_context context, krb5_principal principal,
-		     Key **ret_key_set, size_t *nkeyset, int no_salt)
-{
-    char **ktypes, **kp;
-    krb5_error_code ret;
-    Key *k, *key_set;
-    int i, j;
-    char *default_keytypes[] = {
-	"des:pw-salt",
-	"aes256-cts-hmac-sha1-96:pw-salt",
-	"des3-cbc-sha1:pw-salt",
-	"arcfour-hmac-md5:pw-salt",
-	NULL
-    };
-    
-    ktypes = krb5_config_get_strings(context, NULL, "kadmin",
-				     "default_keys", NULL);
-    if (ktypes == NULL)
-	ktypes = default_keytypes;
-
-    if (ktypes == NULL)
-	abort();
-
-    *ret_key_set = key_set = NULL;
-    *nkeyset = 0;
-
-    ret = 0;
- 
-    for(kp = ktypes; kp && *kp; kp++) {
-	const char *p;
-	krb5_salt salt;
-	krb5_enctype *enctypes;
-	size_t num_enctypes;
-
-	p = *kp;
-	/* check alias */
-	if(strcmp(p, "v5") == 0)
-	    p = "pw-salt";
-	else if(strcmp(p, "v4") == 0)
-	    p = "des:pw-salt:";
-	else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
-	    p = "des:afs3-salt";
-	else if (strcmp(p, "arcfour-hmac-md5") == 0)
-	    p = "arcfour-hmac-md5:pw-salt";
-	    
-	memset(&salt, 0, sizeof(salt));
-
-	ret = parse_key_set(context, p,
-			    &enctypes, &num_enctypes, &salt, principal);
-	if (ret) {
-	    krb5_warn(context, ret, "bad value for default_keys `%s'", *kp);
-	    ret = 0;
-	    continue;
-	}
-
-	for (i = 0; i < num_enctypes; i++) {
-	    /* find duplicates */
-	    for (j = 0; j < *nkeyset; j++) {
-
-		k = &key_set[j];
-
-		if (k->key.keytype == enctypes[i]) {
-		    if (no_salt)
-			break;
-		    if (k->salt == NULL && salt.salttype == KRB5_PW_SALT)
-			break;
-		    if (k->salt->type == salt.salttype &&
-			k->salt->salt.length == salt.saltvalue.length &&
-			memcmp(k->salt->salt.data, salt.saltvalue.data, 
-			       salt.saltvalue.length) == 0)
-			break;
-		}
-	    }
-	    /* not a duplicate, lets add it */
-	    if (j == *nkeyset) {
-		ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], 
-					     no_salt ? NULL : &salt);
-		if (ret) {
-		    free(enctypes);
-		    krb5_free_salt(context, salt);
-		    goto out;
-		}
-	    }
-	}
-	free(enctypes);
-	krb5_free_salt(context, salt);
-    }
-    
-    *ret_key_set = key_set;
-
- out:
-    if (ktypes != default_keytypes)
-	krb5_config_free_strings(ktypes);
-
-    if (ret) {
-	krb5_warn(context, ret, 
-		  "failed to parse the [kadmin]default_keys values");
-
-	for (i = 0; i < *nkeyset; i++)
-	    free_Key(&key_set[i]);
-	free(key_set);
-    } else if (*nkeyset == 0) {
-	krb5_warnx(context, 
-		   "failed to parse any of the [kadmin]default_keys values");
-	ret = EINVAL; /* XXX */
-    }
-
-    return ret;
-}
-
-
-krb5_error_code
-hdb_generate_key_set_password(krb5_context context, 
-			      krb5_principal principal, 
-			      const char *password, 
-			      Key **keys, size_t *num_keys) 
-{
-    krb5_error_code ret;
-    int i;
-
-    ret = hdb_generate_key_set(context, principal,
-				keys, num_keys, 0);
-    if (ret)
-	return ret;
-
-    for (i = 0; i < (*num_keys); i++) {
-	krb5_salt salt;
-
-	salt.salttype = (*keys)[i].salt->type;
-	salt.saltvalue.length = (*keys)[i].salt->salt.length;
-	salt.saltvalue.data = (*keys)[i].salt->salt.data;
-
-	ret = krb5_string_to_key_salt (context,
-				       (*keys)[i].key.keytype,
-				       password,
-				       salt,
-				       &(*keys)[i].key);
-
-	if(ret)
-	    break;
-    }
-
-    if(ret) {
-	hdb_free_keys (context, *num_keys, *keys);
-	return ret;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/keytab.c b/crypto/heimdal/lib/hdb/keytab.c
deleted file mode 100644
index e319bb5..0000000
--- a/crypto/heimdal/lib/hdb/keytab.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-/* keytab backend for HDB databases */
-
-RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $");
-
-struct hdb_data {
-    char *dbname;
-    char *mkey;
-};
-
-/*
- * the format for HDB keytabs is:
- * HDB:[database:file:mkey]
- */
-
-static krb5_error_code
-hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct hdb_data *d;
-    const char *db, *mkey;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db = name;
-    mkey = strchr(name, ':');
-    if(mkey == NULL || mkey[1] == '\0') {
-	if(*name == '\0')
-	    d->dbname = NULL;
-	else {
-	    d->dbname = strdup(name);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	}
-	d->mkey = NULL;
-    } else {
-	if((mkey - db) == 0) {
-	    d->dbname = NULL;
-	} else {
-	    d->dbname = malloc(mkey - db + 1);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memmove(d->dbname, db, mkey - db);
-	    d->dbname[mkey - db] = '\0';
-	}
-	d->mkey = strdup(mkey + 1);
-	if(d->mkey == NULL) {
-	    free(d->dbname);
-	    free(d);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-hdb_close(krb5_context context, krb5_keytab id)
-{
-    struct hdb_data *d = id->data;
-
-    free(d->dbname);
-    free(d->mkey);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-hdb_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    struct hdb_data *d = id->data;
-
-    snprintf(name, namesize, "%s%s%s", 
-	     d->dbname ? d->dbname : "",
-	     (d->dbname || d->mkey) ? ":" : "",
-	     d->mkey ? d->mkey : "");
-    return 0;
-}
-
-static void
-set_config (krb5_context context,
-	    const krb5_config_binding *binding,
-	    const char **dbname,
-	    const char **mkey)
-{
-    *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
-    *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
-}
-
-/*
- * try to figure out the database (`dbname') and master-key (`mkey')
- * that should be used for `principal'.
- */
-
-static void
-find_db (krb5_context context,
-	 const char **dbname,
-	 const char **mkey,
-	 krb5_const_principal principal)
-{
-    const krb5_config_binding *top_bind = NULL;
-    const krb5_config_binding *default_binding = NULL;
-    const krb5_config_binding *db;
-    krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal));
-
-    *dbname = *mkey = NULL;
-
-    while ((db =
-	    krb5_config_get_next(context,
-				 NULL,
-				 &top_bind,
-				 krb5_config_list,
-				 "kdc",
-				 "database",
-				 NULL)) != NULL) {
-	const char *p;
-	
-	p = krb5_config_get_string (context, db, "realm", NULL);
-	if (p == NULL) {
-	    if(default_binding) {
-		krb5_warnx(context, "WARNING: more than one realm-less "
-			   "database specification");
-		krb5_warnx(context, "WARNING: using the first encountered");
-	    } else
-		default_binding = db;
-	} else if (strcmp (*prealm, p) == 0) {
-	    set_config (context, db, dbname, mkey);
-	    break;
-	}
-    }
-    if (*dbname == NULL && default_binding != NULL)
-	set_config (context, default_binding, dbname, mkey);
-    if (*dbname == NULL)
-	*dbname = HDB_DEFAULT_DB;
-}
-
-/*
- * find the keytab entry in `id' for `principal, kvno, enctype' and return
- * it in `entry'.  return 0 or an error code
- */
-
-static krb5_error_code
-hdb_get_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_const_principal principal,
-	      krb5_kvno kvno,
-	      krb5_enctype enctype,
-	      krb5_keytab_entry *entry)
-{
-    hdb_entry_ex ent;
-    krb5_error_code ret;
-    struct hdb_data *d = id->data;
-    int i;
-    HDB *db;
-    const char *dbname = d->dbname;
-    const char *mkey   = d->mkey;
-
-    memset(&ent, 0, sizeof(ent));
-
-    if (dbname == NULL)
-	find_db (context, &dbname, &mkey, principal);
-
-    ret = hdb_create (context, &db, dbname);
-    if (ret)
-	return ret;
-    ret = hdb_set_master_keyfile (context, db, mkey);
-    if (ret) {
-	(*db->hdb_destroy)(context, db);
-	return ret;
-    }
-	
-    ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
-    if (ret) {
-	(*db->hdb_destroy)(context, db);
-	return ret;
-    }
-    ret = (*db->hdb_fetch)(context, db, principal, 
-			   HDB_F_DECRYPT|
-			   HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
-			   &ent);
-
-    if(ret == HDB_ERR_NOENTRY) {
-	ret = KRB5_KT_NOTFOUND;
-	goto out;
-    }else if(ret)
-	goto out;
-
-    if(kvno && ent.entry.kvno != kvno) {
-	hdb_free_entry(context, &ent);
- 	ret = KRB5_KT_NOTFOUND;
-	goto out;
-    }
-    if(enctype == 0)
-	if(ent.entry.keys.len > 0)
-	    enctype = ent.entry.keys.val[0].key.keytype;
-    ret = KRB5_KT_NOTFOUND;
-    for(i = 0; i < ent.entry.keys.len; i++) {
-	if(ent.entry.keys.val[i].key.keytype == enctype) {
-	    krb5_copy_principal(context, principal, &entry->principal);
-	    entry->vno = ent.entry.kvno;
-	    krb5_copy_keyblock_contents(context, 
-					&ent.entry.keys.val[i].key, 
-					&entry->keyblock);
-	    ret = 0;
-	    break;
-	}
-    }
-    hdb_free_entry(context, &ent);
-out:
-    (*db->hdb_close)(context, db);
-    (*db->hdb_destroy)(context, db);
-    return ret;
-}
-
-krb5_kt_ops hdb_kt_ops = {
-    "HDB",
-    hdb_resolve,
-    hdb_get_name,
-    hdb_close,
-    hdb_get_entry,
-    NULL,		/* start_seq_get */
-    NULL,		/* next_entry */
-    NULL,		/* end_seq_get */
-    NULL,		/* add */
-    NULL		/* remove */
-};
diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c
deleted file mode 100644
index 05cf71c..0000000
--- a/crypto/heimdal/lib/hdb/mkey.c
+++ /dev/null
@@ -1,603 +0,0 @@
-/*
- * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $");
-
-struct hdb_master_key_data {
-    krb5_keytab_entry keytab;
-    krb5_crypto crypto;
-    struct hdb_master_key_data *next;
-};
-
-void
-hdb_free_master_key(krb5_context context, hdb_master_key mkey)
-{
-    struct hdb_master_key_data *ptr;
-    while(mkey) {
-	krb5_kt_free_entry(context, &mkey->keytab);
-	if (mkey->crypto)
-	    krb5_crypto_destroy(context, mkey->crypto);
-	ptr = mkey;
-	mkey = mkey->next;
-	free(ptr);
-    }
-}
-
-krb5_error_code
-hdb_process_master_key(krb5_context context,
-		       int kvno, krb5_keyblock *key, krb5_enctype etype,
-		       hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-
-    *mkey = calloc(1, sizeof(**mkey));
-    if(*mkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*mkey)->keytab.vno = kvno;
-    ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal);
-    if(ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock);
-    if(ret)
-	goto fail;
-    if(etype != 0)
-	(*mkey)->keytab.keyblock.keytype = etype;
-    (*mkey)->keytab.timestamp = time(NULL);
-    ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto);
-    if(ret)
-	goto fail;
-    return 0;
- fail:
-    hdb_free_master_key(context, *mkey);
-    *mkey = NULL;
-    return ret;
-}
-
-krb5_error_code
-hdb_add_master_key(krb5_context context, krb5_keyblock *key,
-		   hdb_master_key *inout)
-{
-    int vno = 0;
-    hdb_master_key p;
-    krb5_error_code ret;
-
-    for(p = *inout; p; p = p->next)
-	vno = max(vno, p->keytab.vno);
-    vno++;
-    ret = hdb_process_master_key(context, vno, key, 0, &p);
-    if(ret)
-	return ret;
-    p->next = *inout;
-    *inout = p;
-    return 0;
-}
-
-static krb5_error_code
-read_master_keytab(krb5_context context, const char *filename, 
-		   hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-    krb5_keytab id;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    hdb_master_key p;
-    
-    ret = krb5_kt_resolve(context, filename, &id);
-    if(ret)
-	return ret;
-
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    if(ret)
-	goto out;
-    *mkey = NULL;
-    while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) {
-	p = calloc(1, sizeof(*p));
-	if(p == NULL) {
-	    krb5_kt_end_seq_get(context, id, &cursor);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	p->keytab = entry;
-	ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto);
-	p->next = *mkey;
-	*mkey = p;
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    krb5_kt_close(context, id);
-    return ret;
-}
-
-/* read a MIT master keyfile */
-static krb5_error_code
-read_master_mit(krb5_context context, const char *filename, 
-		hdb_master_key *mkey)
-{
-    int fd;
-    krb5_error_code ret;
-    krb5_storage *sp;
-    int16_t enctype;
-    krb5_keyblock key;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", filename,
-			      strerror(save_errno));
-	return save_errno;
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	return errno;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER);
-#if 0
-    /* could possibly use ret_keyblock here, but do it with more
-       checks for now */
-    ret = krb5_ret_keyblock(sp, &key);
-#else
-    ret = krb5_ret_int16(sp, &enctype);
-    if((htons(enctype) & 0xff00) == 0x3000) {
-	krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", 
-			      filename, htons(enctype), 0x3000);
-	ret = HEIM_ERR_BAD_MKEY;
-	goto out;
-    }
-    key.keytype = enctype;
-    ret = krb5_ret_data(sp, &key.keyvalue);
-    if(ret)
-	goto out;
-#endif
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-  out:
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
-
-/* read an old master key file */
-static krb5_error_code
-read_master_encryptionkey(krb5_context context, const char *filename, 
-			  hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-    size_t ret_len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-
-    ret = decode_EncryptionKey(buf, len, &key, &ret_len);
-    memset(buf, 0, sizeof(buf));
-    if(ret)
-	return ret;
-
-    /* Originally, the keytype was just that, and later it got changed
-       to des-cbc-md5, but we always used des in cfb64 mode. This
-       should cover all cases, but will break if someone has hacked
-       this code to really use des-cbc-md5 -- but then that's not my
-       problem. */
-    if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5)
-	key.keytype = ETYPE_DES_CFB64_NONE;
-    
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-/* read a krb4 /.k style file */
-static krb5_error_code
-read_master_krb4(krb5_context context, const char *filename, 
-		 hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    if(len != 8) {
-	krb5_set_error_string(context, "bad contents of %s", filename);
-	return HEIM_ERR_EOF; /* XXX file might be too large */
-    }
-
-    memset(&key, 0, sizeof(key));
-    key.keytype = ETYPE_DES_PCBC_NONE;
-    ret = krb5_data_copy(&key.keyvalue, buf, len);
-    memset(buf, 0, sizeof(buf));
-    if(ret) 
-	return ret;
-
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-krb5_error_code
-hdb_read_master_key(krb5_context context, const char *filename, 
-		    hdb_master_key *mkey)
-{
-    FILE *f;
-    unsigned char buf[16];
-    krb5_error_code ret;
-
-    off_t len;
-
-    *mkey = NULL;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    f = fopen(filename, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    if(fread(buf, 1, 2, f) != 2) {
-	krb5_set_error_string(context, "end of file reading %s", filename);
-	fclose(f);
-	return HEIM_ERR_EOF;
-    }
-    
-    fseek(f, 0, SEEK_END);
-    len = ftell(f);
-
-    if(fclose(f) != 0)
-	return errno;
-    
-    if(len < 0)
-	return errno;
-    
-    if(len == 8) {
-	ret = read_master_krb4(context, filename, mkey);
-    } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) {
-	ret = read_master_encryptionkey(context, filename, mkey);
-    } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) {
-	ret = read_master_keytab(context, filename, mkey);
-    } else {
-	ret = read_master_mit(context, filename, mkey);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_write_master_key(krb5_context context, const char *filename, 
-		     hdb_master_key mkey)
-{
-    krb5_error_code ret;
-    hdb_master_key p;
-    krb5_keytab kt;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    ret = krb5_kt_resolve(context, filename, &kt);
-    if(ret)
-	return ret;
-
-    for(p = mkey; p; p = p->next) {
-	ret = krb5_kt_add_entry(context, kt, &p->keytab);
-    }
-
-    krb5_kt_close(context, kt);
-
-    return ret;
-}
-
-hdb_master_key
-_hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
-{
-    hdb_master_key ret = NULL;
-    while(mkey) {
-	if(ret == NULL && mkey->keytab.vno == 0)
-	    ret = mkey;
-	if(mkvno == NULL) {
-	    if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
-		ret = mkey;
-	} else if(mkey->keytab.vno == *mkvno)
-	    return mkey;
-	mkey = mkey->next;
-    }
-    return ret;
-}
-
-int
-_hdb_mkey_version(hdb_master_key mkey)
-{
-    return mkey->keytab.vno;
-}
-
-int
-_hdb_mkey_decrypt(krb5_context context, hdb_master_key key,
-		  krb5_key_usage usage,
-		  void *ptr, size_t size, krb5_data *res)
-{
-    return krb5_decrypt(context, key->crypto, usage,
-			ptr, size, res);
-}
-
-int
-_hdb_mkey_encrypt(krb5_context context, hdb_master_key key,
-		  krb5_key_usage usage,
-		  const void *ptr, size_t size, krb5_data *res)
-{
-    return krb5_encrypt(context, key->crypto, usage,
-			ptr, size, res);
-}
-
-krb5_error_code
-hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) 
-{
-	
-    krb5_error_code ret;
-    krb5_data res;
-    size_t keysize;
-
-    hdb_master_key key;
-
-    if(k->mkvno == NULL)
-	return 0;
-	
-    key = _hdb_find_master_key(k->mkvno, mkey);
-
-    if (key == NULL)
-	return HDB_ERR_NO_MKEY;
-
-    ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
-			    k->key.keyvalue.data,
-			    k->key.keyvalue.length,
-			    &res);
-    if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	/* try to decrypt with MIT key usage */
-	ret = _hdb_mkey_decrypt(context, key, 0,
-				k->key.keyvalue.data,
-				k->key.keyvalue.length,
-				&res);
-    }    
-    if (ret)
-	return ret;
-
-    /* fixup keylength if the key got padded when encrypting it */
-    ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
-    if (ret) {
-	krb5_data_free(&res);
-	return ret;
-    }
-    if (keysize > res.length) {
-	krb5_data_free(&res);
-	return KRB5_BAD_KEYSIZE;
-    }
-
-    memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    free(k->key.keyvalue.data);
-    k->key.keyvalue = res;
-    k->key.keyvalue.length = keysize;
-    free(k->mkvno);
-    k->mkvno = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-
-    for(i = 0; i < ent->keys.len; i++){
-	krb5_error_code ret;
-
-	ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey);
-	if (ret) 
-	    return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    return hdb_unseal_keys_mkey(context, ent, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_unseal_key(krb5_context context, HDB *db, Key *k)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    return hdb_unseal_key_mkey(context, k, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
-{
-    krb5_error_code ret;
-    krb5_data res;
-    hdb_master_key key;
-
-    if(k->mkvno != NULL)
-	return 0;
-
-    key = _hdb_find_master_key(k->mkvno, mkey);
-
-    if (key == NULL)
-	return HDB_ERR_NO_MKEY;
-
-    ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
-			    k->key.keyvalue.data,
-			    k->key.keyvalue.length,
-			    &res);
-    if (ret)
-	return ret;
-
-    memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    free(k->key.keyvalue.data);
-    k->key.keyvalue = res;
-
-    if (k->mkvno == NULL) {
-	k->mkvno = malloc(sizeof(*k->mkvno));
-	if (k->mkvno == NULL)
-	    return ENOMEM;
-    }
-    *k->mkvno = key->keytab.vno;
-	
-    return 0;
-}
-
-krb5_error_code
-hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-    for(i = 0; i < ent->keys.len; i++){
-	krb5_error_code ret;
-
-	ret = hdb_seal_key_mkey(context, &ent->keys.val[i], mkey);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    
-    return hdb_seal_keys_mkey(context, ent, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_seal_key(krb5_context context, HDB *db, Key *k)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    
-    return hdb_seal_key_mkey(context, k, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_set_master_key (krb5_context context,
-		    HDB *db,
-		    krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    hdb_master_key mkey;
-
-    ret = hdb_process_master_key(context, 0, key, 0, &mkey);
-    if (ret)
-	return ret;
-    db->hdb_master_key = mkey;
-#if 0 /* XXX - why? */
-    des_set_random_generator_seed(key.keyvalue.data);
-#endif
-    db->hdb_master_key_set = 1;
-    return 0;
-}
-
-krb5_error_code
-hdb_set_master_keyfile (krb5_context context,
-			HDB *db,
-			const char *keyfile)
-{
-    hdb_master_key key;
-    krb5_error_code ret;
-
-    ret = hdb_read_master_key(context, keyfile, &key);
-    if (ret) {
-	if (ret != ENOENT)
-	    return ret;
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    db->hdb_master_key = key;
-    db->hdb_master_key_set = 1;
-    return ret;
-}
-
-krb5_error_code
-hdb_clear_master_key (krb5_context context,
-		      HDB *db)
-{
-    if (db->hdb_master_key_set) {
-	hdb_free_master_key(context, db->hdb_master_key);
-	db->hdb_master_key_set = 0;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/ndbm.c b/crypto/heimdal/lib/hdb/ndbm.c
deleted file mode 100644
index 6575b8a..0000000
--- a/crypto/heimdal/lib/hdb/ndbm.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $");
-
-#if HAVE_NDBM
-
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-
-struct ndbm_db {
-    DBM *db;
-    int lock_fd;
-};
-
-static krb5_error_code
-NDBM_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return 0;
-}
-
-static krb5_error_code
-NDBM_lock(krb5_context context, HDB *db, int operation)
-{
-    struct ndbm_db *d = db->hdb_db;
-    return hdb_lock(d->lock_fd, operation);
-}
-
-static krb5_error_code
-NDBM_unlock(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->hdb_db;
-    return hdb_unlock(d->lock_fd);
-}
-
-static krb5_error_code
-NDBM_seq(krb5_context context, HDB *db, 
-	 unsigned flags, hdb_entry_ex *entry, int first)
-
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum key, value;
-    krb5_data key_data, data;
-    krb5_error_code ret = 0;
-
-    if(first)
-	key = dbm_firstkey(d->db);
-    else
-	key = dbm_nextkey(d->db);
-    if(key.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-    key_data.data = key.dptr;
-    key_data.length = key.dsize;
-    ret = db->hdb_lock(context, db, HDB_RLOCK);
-    if(ret) return ret;
-    value = dbm_fetch(d->db, key);
-    db->hdb_unlock(context, db);
-    data.data = value.dptr;
-    data.length = value.dsize;
-    memset(entry, 0, sizeof(*entry));
-    if(hdb_value2entry(context, &data, &entry->entry))
-	return NDBM_seq(context, db, flags, entry, 0);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	ret = hdb_unseal_keys (context, db, &entry->entry);
-	if (ret)
-	    hdb_free_entry (context, entry);
-    }
-    if (ret == 0 && entry->entry.principal == NULL) {
-	entry->entry.principal = malloc (sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    ret = ENOMEM;
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	} else {
-	    hdb_key2principal (context, &key_data, entry->entry.principal);
-	}
-    }
-    return ret;
-}
-
-
-static krb5_error_code
-NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 1);
-}
-
-
-static krb5_error_code
-NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 0);
-}
-
-static krb5_error_code
-NDBM_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    /* XXX this function will break */
-    struct ndbm_db *d = db->hdb_db;
-
-    int ret;
-    char *old_dir, *old_pag, *new_dir, *new_pag;
-    char *new_lock;
-    int lock_fd;
-
-    /* lock old and new databases */
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if(ret)
-	return ret;
-    asprintf(&new_lock, "%s.lock", new_name);
-    if(new_lock == NULL) {
-	db->hdb_unlock(context, db);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600);
-    if(lock_fd < 0) {
-	ret = errno;
-	db->hdb_unlock(context, db);
-	krb5_set_error_string(context, "open(%s): %s", new_lock,
-			      strerror(ret));
-	free(new_lock);
-	return ret;
-    }
-    free(new_lock);
-    ret = hdb_lock(lock_fd, HDB_WLOCK);
-    if(ret) {
-	db->hdb_unlock(context, db);
-	close(lock_fd);
-	return ret;
-    }
-
-    asprintf(&old_dir, "%s.dir", db->hdb_name);
-    asprintf(&old_pag, "%s.pag", db->hdb_name);
-    asprintf(&new_dir, "%s.dir", new_name);
-    asprintf(&new_pag, "%s.pag", new_name);
-
-    ret = rename(old_dir, new_dir) || rename(old_pag, new_pag);
-    free(old_dir);
-    free(old_pag);
-    free(new_dir);
-    free(new_pag);
-    hdb_unlock(lock_fd);
-    db->hdb_unlock(context, db);
-
-    if(ret) {
-	ret = errno;
-	close(lock_fd);
-	krb5_set_error_string(context, "rename: %s", strerror(ret));
-	return ret;
-    }
-
-    close(d->lock_fd);
-    d->lock_fd = lock_fd;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    v = dbm_fetch(d->db, k);
-    db->hdb_unlock(context, db);
-    if(v.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-
-    krb5_data_copy(reply, v.dptr, v.dsize);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    v.dptr  = value.data;
-    v.dsize = value.length;
-
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT);
-    db->hdb_unlock(context, db);
-    if(code == 1)
-	return HDB_ERR_EXISTS;
-    if (code < 0)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-NDBM__del(krb5_context context, HDB *db, krb5_data key)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k;
-    int code;
-    krb5_error_code ret;
-
-    k.dptr = key.data;
-    k.dsize = key.length;
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if(ret) return ret;
-    code = dbm_delete(d->db, k);
-    db->hdb_unlock(context, db);
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-
-static krb5_error_code
-NDBM_close(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->hdb_db;
-    dbm_close(d->db);
-    close(d->lock_fd);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code
-NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    krb5_error_code ret;
-    struct ndbm_db *d = malloc(sizeof(*d));
-    char *lock_file;
-
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    asprintf(&lock_file, "%s.lock", (char*)db->hdb_name);
-    if(lock_file == NULL) {
-	free(d);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->db = dbm_open((char*)db->hdb_name, flags, mode);
-    if(d->db == NULL){
-	ret = errno;
-	free(d);
-	free(lock_file);
-	krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name,
-			      strerror(ret));
-	return ret;
-    }
-    d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600);
-    if(d->lock_fd < 0){
-	ret = errno;
-	dbm_close(d->db);
-	free(d);
-	krb5_set_error_string(context, "open(%s): %s", lock_file,
-			      strerror(ret));
-	free(lock_file);
-	return ret;
-    }
-    free(lock_file);
-    db->hdb_db = d;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    if (ret) {
-	NDBM_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_ndbm_create(krb5_context context, HDB **db, 
-		const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = NDBM_open;
-    (*db)->hdb_close = NDBM_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = NDBM_firstkey;
-    (*db)->hdb_nextkey= NDBM_nextkey;
-    (*db)->hdb_lock = NDBM_lock;
-    (*db)->hdb_unlock = NDBM_unlock;
-    (*db)->hdb_rename = NDBM_rename;
-    (*db)->hdb__get = NDBM__get;
-    (*db)->hdb__put = NDBM__put;
-    (*db)->hdb__del = NDBM__del;
-    (*db)->hdb_destroy = NDBM_destroy;
-    return 0;
-}
-
-#endif /* HAVE_NDBM */
diff --git a/crypto/heimdal/lib/hdb/print.c b/crypto/heimdal/lib/hdb/print.c
deleted file mode 100644
index 60b7e8d..0000000
--- a/crypto/heimdal/lib/hdb/print.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 1999-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "hdb_locl.h"
-#include <hex.h>
-#include <ctype.h>
-
-RCSID("$Id: print.c 16378 2005-12-12 12:40:12Z lha $");
-
-/* 
-   This is the present contents of a dump line. This might change at
-   any time. Fields are separated by white space.
-
-  principal
-  keyblock
-  	kvno
-	keys...
-		mkvno
-		enctype
-		keyvalue
-		salt (- means use normal salt)
-  creation date and principal
-  modification date and principal
-  principal valid from date (not used)
-  principal valid end date (not used)
-  principal key expires (not used)
-  max ticket life
-  max renewable life
-  flags
-  generation number
-  */
-
-static krb5_error_code
-append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
-{
-    krb5_error_code ret;
-    char *s;
-    va_list ap;
-    va_start(ap, fmt);
-    vasprintf(&s, fmt, ap);
-    va_end(ap);
-    if(s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_write(sp, s, strlen(s));
-    free(s);
-    return ret;
-}
-
-static krb5_error_code
-append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
-{
-    int i, printable = 1;
-    char *p;
-
-    p = data->data;
-    for(i = 0; i < data->length; i++)
-	if(!isalnum((unsigned char)p[i]) && p[i] != '.'){
-	    printable = 0;
-	    break;
-	}
-    if(printable)
-	return append_string(context, sp, "\"%.*s\"",
-			     data->length, data->data);
-    hex_encode(data->data, data->length, &p);
-    append_string(context, sp, "%s", p);
-    free(p);
-    return 0;
-}
-
-static char *
-time2str(time_t t)
-{
-    static char buf[128];
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", gmtime(&t));
-    return buf;
-}
-
-static krb5_error_code
-append_event(krb5_context context, krb5_storage *sp, Event *ev)
-{
-    char *pr = NULL;
-    krb5_error_code ret;
-    if(ev == NULL)
-	return append_string(context, sp, "- ");
-    if (ev->principal != NULL) {
-       ret = krb5_unparse_name(context, ev->principal, &pr);
-       if(ret)
-           return ret;
-    }
-    ret = append_string(context, sp, "%s:%s ",
-			time2str(ev->time), pr ? pr : "UNKNOWN");
-    free(pr);
-    return ret;
-}
-
-static krb5_error_code
-entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
-{
-    char *p;
-    int i;
-    krb5_error_code ret;
-
-    /* --- principal */
-    ret = krb5_unparse_name(context, ent->principal, &p);
-    if(ret)
-	return ret;
-    append_string(context, sp, "%s ", p);
-    free(p);
-    /* --- kvno */
-    append_string(context, sp, "%d", ent->kvno);
-    /* --- keys */
-    for(i = 0; i < ent->keys.len; i++){
-	/* --- mkvno, keytype */
-	if(ent->keys.val[i].mkvno)
-	    append_string(context, sp, ":%d:%d:", 
-			  *ent->keys.val[i].mkvno, 
-			  ent->keys.val[i].key.keytype);
-	else
-	    append_string(context, sp, "::%d:", 
-			  ent->keys.val[i].key.keytype);
-	/* --- keydata */
-	append_hex(context, sp, &ent->keys.val[i].key.keyvalue);
-	append_string(context, sp, ":");
-	/* --- salt */
-	if(ent->keys.val[i].salt){
-	    append_string(context, sp, "%u/", ent->keys.val[i].salt->type);
-	    append_hex(context, sp, &ent->keys.val[i].salt->salt);
-	}else
-	    append_string(context, sp, "-");
-    }
-    append_string(context, sp, " ");
-    /* --- created by */
-    append_event(context, sp, &ent->created_by);
-    /* --- modified by */
-    append_event(context, sp, ent->modified_by);
-
-    /* --- valid start */
-    if(ent->valid_start)
-	append_string(context, sp, "%s ", time2str(*ent->valid_start));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- valid end */
-    if(ent->valid_end)
-	append_string(context, sp, "%s ", time2str(*ent->valid_end));
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- password ends */
-    if(ent->pw_end)
-	append_string(context, sp, "%s ", time2str(*ent->pw_end));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max life */
-    if(ent->max_life)
-	append_string(context, sp, "%d ", *ent->max_life);
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max renewable life */
-    if(ent->max_renew)
-	append_string(context, sp, "%d ", *ent->max_renew);
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- flags */
-    append_string(context, sp, "%d ", HDBFlags2int(ent->flags));
-
-    /* --- generation number */
-    if(ent->generation) {
-	append_string(context, sp, "%s:%d:%d ", time2str(ent->generation->time),
-		      ent->generation->usec,
-		      ent->generation->gen);
-    } else
-	append_string(context, sp, "- ");
-
-    /* --- extensions */
-    if(ent->extensions && ent->extensions->len > 0) {
-	for(i = 0; i < ent->extensions->len; i++) {
-	    void *d;
-	    size_t size, sz;
-
-	    ASN1_MALLOC_ENCODE(HDB_extension, d, size,
-			       &ent->extensions->val[i], &sz, ret);
-	    if (ret) {
-		krb5_clear_error_string(context);
-		return ret;
-	    }
-	    if(size != sz)
-		krb5_abortx(context, "internal asn.1 encoder error");
-
-	    if (hex_encode(d, size, &p) < 0) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-
-	    free(d);
-	    append_string(context, sp, "%s%s", p, 
-			  ent->extensions->len - 1 != i ? ":" : "");
-	    free(p);
-	}
-    } else
-	append_string(context, sp, "-");
-
-    
-    return 0;
-}
-
-krb5_error_code
-hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, ent);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\0", 1);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    *str = data.data;
-    return 0;
-}
-
-/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */
-
-krb5_error_code
-hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    FILE *f = data;
-
-    fflush(f);
-    sp = krb5_storage_from_fd(fileno(f));
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, &entry->entry);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\n", 1);
-    krb5_storage_free(sp);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/test_dbinfo.c b/crypto/heimdal/lib/hdb/test_dbinfo.c
deleted file mode 100644
index d92a538..0000000
--- a/crypto/heimdal/lib/hdb/test_dbinfo.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_dbinfo.c 20575 2007-04-27 20:20:32Z lha $");
-
-static int help_flag;
-static int version_flag;
-
-struct getargs args[] = {
-    { "help",		'h',	arg_flag,   &help_flag },
-    { "version",	0,	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    struct hdb_dbinfo *info, *d;
-    krb5_context context;
-    int ret, o = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &o))
-	krb5_std_usage(1, args, num_args);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = hdb_get_dbinfo(context, &info);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_get_dbinfo");
-
-    d = NULL;
-    while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
-	printf("label: %s\n", hdb_dbinfo_get_label(context, d));
-	printf("\trealm: %s\n", hdb_dbinfo_get_realm(context, d));
-	printf("\tdbname: %s\n", hdb_dbinfo_get_dbname(context, d));
-	printf("\tmkey_file: %s\n", hdb_dbinfo_get_mkey_file(context, d));
-	printf("\tacl_file: %s\n", hdb_dbinfo_get_acl_file(context, d));
-    }
-
-    hdb_free_dbinfo(context, &info);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ChangeLog b/crypto/heimdal/lib/hx509/ChangeLog
deleted file mode 100644
index cb29cee..0000000
--- a/crypto/heimdal/lib/hx509/ChangeLog
+++ /dev/null
@@ -1,2641 +0,0 @@
-2008-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_soft_pkcs11.c: use func for more C_ functions.
-	
-2008-01-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: Export hx509_free_error_string().
-
-2008-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: only export C_GetFunctionList
-
-	* test_soft_pkcs11.c: use C_GetFunctionList
-
-	* softp11.c: fix comment, remove label.
-
-	* softp11.c: Add option app-fatal to control if softtoken should
-	abort() on erroneous input from applications.
-
-2008-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_pkcs11.in: Test password less certificates too
-
-	* keyset.c: document HX509_CERTS_UNPROTECT_ALL
-
-	* ks_file.c: Support HX509_CERTS_UNPROTECT_ALL.
-
-	* hx509.h: Add HX509_CERTS_UNPROTECT_ALL.
-
-	* test_soft_pkcs11.c: Only log in if needed.
-
-2008-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* softp11.c: Support PINs to login to the store.
-
-	* Makefile.am: add java pkcs11 test
-
-	* test_java_pkcs11.in: first version of disable java test
-
-	* softp11.c: Drop unused stuff.
-
-	* cert.c: Spelling, Add hx509_cert_get_SPKI_AlgorithmIdentifier,
-	remove unused stuff, add hx509_context to some functions.
-	
-	* softp11.c: Add more glue to figure out what keytype this
-	certificate is using.
-
-2008-01-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_pkcs11.in: test debug
-
-	* Add a PKCS11 provider supporting signing and verifing sigatures.
-
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: Replace hx509_name_to_der_name with
-	hx509_name_binary.
-
-	* print.c: make print_func static
-
-2007-12-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: doxygen
-
-	* env.c: doxygen
-
-	* doxygen.c: add more groups
-
-	* ca.c: doxygen.
-
-2007-12-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: doxygen
-
-2007-12-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* error.c: doxygen
-	
-2007-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* More documentation
-	
-	* lock.c: Add page referance
-
-	* keyset.c: some more documentation.
-
-	* cms.c: Doxygen documentation.
-
-2007-12-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.[ch]: More documentation
-
-2007-12-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* handle refcount on NULL.
-
-	* test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh
-
-2007-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist2.in: Print that this is version 2 of the tests
-
-	* test_nist.in: Drop printing of $id.
-
-	* hx509.h: Add HX509_VHN_F_ALLOW_NO_MATCH.
-
-	* name.c: spelling.
-
-	* cert.c: make work the doxygen.
-
-	* name.c: fix doxygen compiling.
-
-	* Makefile.am: add doxygen.c
-
-	* doxygen.c: Add doxygen main page.
-
-	* cert.c: Add doxygen.
-
-	* revoke.c (_hx509_revoke_ref): new function.
-
-2007-11-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype.
-
-2007-08-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* data/nist-data: Make work on case senstive filesystems too.
-	
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: match rfc822 contrains better, provide better error
-	strings.
-
-2007-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: "self-signed doesn't count" doesn't apply to trust
-	anchor certificate.  make trust anchor check consistant.
-
-	* revoke.c: make compile.
-
-	* revoke.c (verify_crl): set error strings.
-	
-	* revoke.c (verify_crl): handle with the signer is the
-	CRLsigner (shortcut).
-
-	* cert.c: Fix NC, comment on how to use _hx509_check_key_usage.
-
-2007-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist2.in, Makefile, test/nist*: Add nist pkits tests. 
-
-	* revoke.c: Update to use CERT_REVOKED error, shortcut out of OCSP
-	checking when OCSP reply is a revocation reply.
-
-	* hx509_err.et: Make CERT_REVOKED error OCSP/CRL agnostic.
-
-	* name.c (_hx509_Name_to_string): make printableString handle
-	space (0x20) diffrences as required by rfc3280.
-
-	* revoke.c: Search for the right issuer when looking for the
-	issuer of the CRL signer.
-
-2007-08-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Handle CRL signing certificate better, try to not
-	revalidate invalid CRLs over and over.
-
-2007-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: remove stale comment.
-
-	* test_nist.in: Unpack PKITS_data.zip and run tests.
-	
-	* test_nist_cert.in: Adapt to new nist pkits framework.
-
-	* test_nist_pkcs12.in: Adapt to new nist pkits framework.
-
-	* Makefile.am: clean PKITS_data
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add version-script.map to EXTRA_DIST
-
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add depenency on asn1_compile for asn1 built files.
-	
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* peer.c: update (c), indent.
-
-	* Makefile.am: New library version.
-
-2007-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Add sha2 types.
-
-	* ref/pkcs11.h: Sync with scute.
-
-	* ref/pkcs11.h: Add sha2 CKM's.
-
-	* print.c: Print authorityInfoAccess.
-
-	* cert.c: Rename proxyCertInfo oid.
-
-	* ca.c: Rename proxyCertInfo oid.
-
-	* print.c: Rename proxyCertInfo oid.
-	
-2007-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Adapt to new request handling.
-
-	* req.c: Allow export some of the request parameters.
-
-	* hxtool-commands.in: Adapt to new request handling.
-
-	* hxtool.c: Adapt to new request handling.
-
-	* test_req.in: Adapt to new request handling.
-
-	* version-script.map: Add initialize_hx_error_table_r.
-
-	* req.c: Move _hx509_request_print here.
-
-	* hxtool.c: use _hx509_request_print
-
-	* version-script.map: Export more crap^W semiprivate functions.
-
-	* hxtool.c: don't _hx509_abort
-
-	* version-script.map: add missing ;
-
-2007-06-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Use hx509_crypto_random_iv.
-
-	* crypto.c: Split out the iv creation from hx509_crypto_encrypt
-	since _hx509_pbe_encrypt needs to use the iv from the s2k
-	function.
-
-	* test_cert.in: Test PEM and DER FILE writing functionallity.
-
-	* ks_file.c: Add writing DER certificates.
-
-	* hxtool.c: Update to new hx509_pem_write().
-
-	* test_cms.in: test creation of PEM signeddata.
-
-	* hx509.h: PEM struct/function declarations.
-
-	* ks_file.c: Use PEM encoding/decoding functions.
-
-	* file.c: PEM encode/decoding functions.
-
-	* ks_file.c: Use hx509_pem_write.
-
-	* version-script.map: Export some semi-private functions.
-
-	* hxtool.c: Enable writing out signed data as a pem attachment.
-
-	* hxtool-commands.in (cms-create-signed): add --pem
-
-	* file.c (hx509_pem_write): Add.
-
-	* test_ca.in: Issue and test null subject cert.
-
-	* cert.c: Match is first component is in a CN=.
-
-	* test_ca.in: Test hostname if first CN.
-
-	* Makefile.am: Add version script.
-
-	* version-script.map: Limited exported symbols.
-
-	* test_ca.in: test --hostname.
-
-	* test_chain.in: test max-depth
-
-	* hx509.h: fixate HX509_HN_HOSTNAME at 0.
-
-	* hxtool-commands.in: add --hostname add --max-depth
-
-	* cert.c: Verify hostname and max-depth.
-
-	* hxtool.c: Verify hostname and test max-depth.
-
-2007-06-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: Test --id-by-name.
-
-	* hxtool-commands.in: add cms-create-sd --id-by-name
-
-	* hxtool.c: Use HX509_CMS_SIGATURE_ID_NAME.
-
-	* cms.c: Implement and use HX509_CMS_SIGATURE_ID_NAME.
-
-	* hx509.h: Add HX509_CMS_SIGATURE_ID_NAME, use subject name for
-	CMS.Identifier.  hx509_hostname_type: add hostname type for
-	matching.
-
-	* cert.c (match_general_name): more strict rfc822Name matching.
-	(hx509_verify_hostname): add hostname type for matching.
-
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Make compile again.
-
-	* hxtool.c: Added peap-server for to make windows peap clients
-	happy.
-
-	* hxtool.c: Unify parse_oid code.
-
-	* hxtool.c: Implement --content-type.
-
-	* hxtool-commands.in: Add content-type.
-
-	* test_cert.in: more cert and keyset tests.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Avoid stomping on NULL.
-
-	* revoke.c: Avoid reusing i.
-
-	* cert.c: Provide __attribute__ for _hx509_abort.
-
-	* ks_file.c: Fail if not finding iv.
-
-	* keyset.c: Avoid useing freed memory.
-
-	* crypto.c: Free memory in failure case.
-
-	* crypto.c: Free memory in failure case.
-
-2007-06-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.c: Add hx509_cert_init_data and use everywhere
-
-	* hx_locl.h: Now that KEYCHAIN:system-anchors is fast again, use
-	that.
-
-	* ks_keychain.c: Implement trust anchor support with
-	SecTrustCopyAnchorCertificates.
-
-	* keyset.c: Set ref to 1 for the new object.
-
-	* cert.c: Fix logic for allow_default_trust_anchors
-
-	* keyset.c: Add refcounting to keystores.
-
-	* cert.c: Change logic for default trust anchors, make it be
-	either default trust anchor, the user supplied, or non at all.
-
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add data/j.pem.
-
-	* Makefile.am: Add test_windows.in.
-	
-2007-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_keychain.c: rename functions, leaks less memory and more
-	paranoia.
-
-	* test_cms.in: Test cms peer-alg.
-
-	* crypto.c (rsa_create_signature): make oid_id_pkcs1_rsaEncryption
-	mean rsa-with-sha1 but oid oid_id_pkcs1_rsaEncryption in algorithm
-	field.  XXX should probably use another algorithmIdentifier for
-	this.
-
-	* peer.c: Make free function return void.
-
-	* cms.c (hx509_cms_create_signed_1): Use hx509_peer_info to select
-	the signature algorithm too.
-
-	* hxtool-commands.in: Add cms-create-sd --peer-alg.
-
-	* req.c: Use _hx509_crypto_default_sig_alg.
-
-	* test_windows.in: Create crl, because everyone needs one.
-
-	* Makefile.am: add wcrl.crl
-	
-2007-06-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Disable KEYCHAIN for now, its slow.
-
-	* cms.c: When we are not using pkcs7-data, avoid seing
-	signedAttributes since some clients get upset by that (pkcs7 based
-	or just plain broken).
-
-	* ks_keychain.c: Provide rsa signatures.
-
-	* ks_keychain.c: Limit the searches to the selected keychain.
-
-	* ks_keychain.c: include -framework Security specific header files
-	after #ifdef
-
-	* ks_keychain.c: Find and attach private key (does not provide
-	operations yet though).
-
-	* ks_p11.c: Prefix rsa method with p11_
-
-	* ks_keychain.c: Allow opening a specific chain, making "system"
-	special and be the system X509Anchors file. By not specifing any
-	keychain ("KEYCHAIN:"), all keychains are probed.
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c (verify): Friendlier error message.
-
-	* cert.c: Read in and use default trust anchors if they exists.
-
-	* hx_locl.h: Add concept of default_trust_anchors.
-
-	* ks_keychain.c: Remove err(), remove extra empty comment, fix
-	_iter function.
-
-	* error.c (hx509_get_error_string): if the error code is not the
-	one we expect, punt and use the default com_err/strerror string
-	instead.
-
-	* keyset.c (hx509_certs_merge): its ok to merge in the NULL set of
-	certs.
-
-	* test_windows.in: Fix status string.
-
-	* ks_p12.c (store_func): free whole CertBag, not just the data
-	part.
-	
-	* print.c: Check that the self-signed cert is really self-signed.
-
-	* print.c: Use selfsigned for CRL DP whine, tell if its a
-	self-signed.
-
-	* print.c: Whine if its a non CA/proxy and doesn't have CRL DP.
-
-	* ca.c: Add cRLSign to CA certs.
-
-	* cert.c: Register NULL and KEYCHAIN.
-
-	* ks_null.c: register the NULL keystore.
-
-	* Makefile.am: Add ks_keychain.c and related libs.
-
-	* test_crypto.in: Print certificate with utf8.
-
-	* print.c: Leak less memory.
-
-	* hxtool.c: Leak less memory.
-
-	* print.c: Leak less memory, use functions that does same but
-	more.
-
-	* name.c (quote_string): don't sign extend the (signed) char to
-	avoid printing too much, add an assert to check that we didn't
-	overrun the buffer.
-
-	* name.c: Use right element out of the CHOICE for printableString
-	and utf8String
-
-	* ks_keychain.c: Certificate only KeyChain backend.
-
-	* name.c: Reset name before parsing it.
-	
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory
-	corruption.
-
-	* hxtool.c: Add lifetime to crls.
-
-	* hxtool-commands.in: Add lifetime to crls.
-
-	* revoke.c: Add lifetime to crls.
-
-	* test_ca.in: More crl checks.
-
-	* revoke.c: Add revoking certs.
-
-	* hxtool-commands.in: argument is certificates.. for crl-sign
-
-	* hxtool.c (certificate_copy): free lock
-
-	* revoke.c: Fix hx509_set_error_string calls, add
-	hx509_crl_add_revoked_certs(), implement hx509_crl_{alloc,free}.
-
-	* hxtool.c (crl_sign): free lock
-
-	* cert.c (hx509_context_free): free querystat
-	
-2007-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_chain.in: test ocsp-verify
-	
-	* revoke.c (hx509_ocsp_verify): explain what its useful for and
-	provide sane error message.
-
-	* hx509_err.et: New error code, CERT_NOT_IN_OCSP
-
-	* hxtool.c: New command ocsp-verify, check if ocsp contains all
-	certs and are valid (exist and non expired).
-
-	* hxtool-commands.in: New command ocsp-verify.
-	
-2007-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Create crl and verify that is works.
-
-	* hxtool.c: Sign CRL command.
-
-	* hx509.h: Add hx509_crl.
-
-	* hxtool-commands.in: Add crl-sign commands.
-
-	* revoke.c: Support to generate an empty CRL.
-
-	* tst-crypto-select2: Switched default types.
-
-	* tst-crypto-select1: Switched default types.
-
-	* ca.c: Use default AlgorithmIdentifier.
-
-	* cms.c: Use default AlgorithmIdentifier.
-
-	* crypto.c: Provide default AlgorithmIdentifier and use them.
-
-	* hx_locl.h: Provide default AlgorithmIdentifier.
-
-	* keyset.c (hx509_certs_find): collects stats for queries.
-
-	* cert.c: Sort and print more info.
-
-	* hx_locl.h: Add querystat to hx509_context.
-
-	* test_*.in: sprinle stat saveing
-
-	* Makefile.am: Add stat and objdir.
-
-	* collector.c (_hx509_collector_alloc): return error code instead
-	of pointer.
-
-	* hxtool.c: Add statistic hook.
-
-	* ks_file.c: Update _hx509_collector_alloc prototype.
-
-	* ks_p12.c: Update _hx509_collector_alloc prototype.
-
-	* ks_p11.c: Update _hx509_collector_alloc prototype.
-
-	* hxtool-commands.in: Add statistics hook.
-
-	* cert.c: Statistics printing.
-
-	* ks_p12.c: plug memory leak
-
-	* ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: print utf8 type SAN's
-
-	* Makefile.am: Fix windows client cert name.
-
-	* test_windows.in: Add crl-uri for the ee certs.
-
-	* print.c: Printf formating.
-
-	* ca.c: Add glue for adding CRL dps.
-
-	* test_ca.in: Readd the crl adding code, it works (somewhat) now.
-
-	* print.c: Fix printing of CRL DPnames (I hate IMPLICIT encoded
-	structures).
-
-	* hxtool-commands.in: make ca and alias of certificate-sign
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c (hx509_crypto_select): copy AI to the right place.
-
-	* hxtool-commands.in: Add ca --ms-upn.
-
-	* hxtool.c: add --ms-upn and add more EKU's for pk-init client.
-
-	* ca.c: Add hx509_ca_tbs_add_san_ms_upn and refactor code.
-
-	* test_crypto.in: Resurect killed e.
-
-	* test_crypto.in: check for aes256-cbc
-
-	* tst-crypto-select7: check for aes256-cbc
-
-	* test_windows.in: test windows stuff
-
-	* hxtool.c: add ca --domain-controller option, add secret key
-	option to avaible.
-
-	* ca.c: Add hx509_ca_tbs_set_domaincontroller.
-
-	* hxtool-commands.in: add ca --domain-controller
-
-	* hxtool.c: hook for testing secrety key algs
-
-	* crypto.c: Add selection code for secret key crypto.
-
-	* hx509.h: Add HX509_SELECT_SECRET_ENC.
-	
-2007-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: add more mechtypes
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* print.c: Indent.
-
-	* hxtool-commands.in: add test-crypto command
-
-	* hxtool.c: test crypto command
-
-	* cms.c (hx509_cms_create_signed_1): if no eContentType is given,
-	use pkcs7-data.
-
-	* print.c: add Netscape cert comment
-
-	* crypto.c: Try both the empty password and the NULL
-	password (nothing vs the octet string \x00\x00).
-
-	* print.c: Add some US Fed PKI oids.
-
-	* ks_p11.c: Add some more hashes.
-	
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c (crypto_select): stop memory leak
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* peer.c (hx509_peer_info_free): free memory used too
-
-	* hxtool.c (crypto_select): only free peer if it was used.
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: free template
-
-	* ks_mem.c (mem_free): free key array too
-
-	* hxtool.c: free private key and tbs
-
-	* hxtool.c (hxtool_ca): free signer
-
-	* hxtool.c (crypto_available): free peer too.
-
-	* ca.c (get_AuthorityKeyIdentifier): leak less memory
-
-	* hxtool.c (hxtool_ca): free SPKI
-
-	* hxtool.c (hxtool_ca): free cert
-
-	* ks_mem.c (mem_getkeys): allocate one more the we have elements
-	so its possible to store the NULL pointer at the end.
-	
-2007-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem
-	
-2007-02-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code
-	in the asn1 parser.
-
-	* print.c: Add some more \n's.
-	
-2007-02-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* file.c: Allow mapping using heim_octet_string.
-
-	* hxtool.c: Add options to generate detached signatures.
-
-	* cms.c: Add flags to generate detached signatures.
-
-	* hx509.h: Flag to generate detached signatures.
-
-	* test_cms.in: Support detached sigatures.
-
-	* name.c (hx509_general_name_unparse): unparse the other
-	GeneralName nametypes.
-
-	* print.c: Use less printf. Use hx509_general_name_unparse.
-
-	* cert.c: Fix printing and plug leak-on-error.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ca.in: Add test for ca --crl-uri.
-
-	* hxtool.c: Add ca --crl-uri.
-
-	* hxtool-commands.in: add ca --crl-uri
-
-	* ca.c: Code to set CRLDistributionPoints in certificates.
-
-	* print.c: Check CRLDistributionPointNames.
-
-	* name.c (hx509_general_name_unparse): function for unparsing
-	GeneralName, only supports GeneralName.URI
-
-	* cert.c (is_proxy_cert): free info if we wont return it.
-	
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: Try to help how to use this command.
-	
-2007-01-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* switch to sha256 as default digest for signing
-
-2007-01-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Really test sub-ca code, add basic constraints tests
-	
-2007-01-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Fix makefile problem.
-	
-2007-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Set num of bits before we generate the key.
-	
-2007-01-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cms.c (hx509_cms_create_signed_1): use hx509_cert_binary
-
-	* ks_p12.c (store_func): use hx509_cert_binary
-
-	* ks_file.c (store_func): use hx509_cert_binary
-
-	* cert.c (hx509_cert_binary): return binary encoded
-	certificate (DER format)
-	
-2007-01-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c (hx509_ca_tbs_subject_expand): new function.
-
-	* name.c (hx509_name_expand): if env is NULL, return directly
-
-	* test_ca.in: test template handling
-
-	* hx509.h: Add template flags.
-
-	* Makefile.am: clean out new files
-
-	* hxtool.c: Add certificate template processing, fix hx509_err
-	usage.
-
-	* hxtool-commands.in: Add certificate template processing.
-
-	* ca.c: Add certificate template processing. Fix return messages
-	from hx509_ca_tbs_add_eku.
-
-	* cert.c: Export more stuff from certificate.
-	
-2007-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: update (c)
-
-	* ca.c: (hx509_ca_tbs_add_eku): filter out dups.
-	
-	* hxtool.c: Add type email and add email eku when using option
-	--email.
-
-	* Makefile.am: add env.c
-
-	* name.c: Remove abort, add error handling.
-
-	* test_name.c: test name expansion
-
-	* name.c: add hx509_name_expand
-
-	* env.c: key-value pair help functions
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c: Don't issue certs with subject DN that is NULL and have no
-	SANs
-
-	* print.c: Fix previous test.
-
-	* print.c: Check there is a SAN if subject DN is NULL.
-
-	* test_ca.in: test email, null subject dn
-
-	* hxtool.c: Allow setting parameters to private key generation.
-
-	* hx_locl.h: Allow setting parameters to private key generation.
-
-	* crypto.c: Allow setting parameters to private key generation.
-
-	* hxtool.c (eval_types): add jid if user gave one
-
-	* hxtool-commands.in (certificate-sign): add --jid
-
-	* ca.c (hx509_ca_tbs_add_san_jid): Allow adding
-	id-pkix-on-xmppAddr OtherName.
-
-	* print.c: Print id-pkix-on-xmppAddr OtherName.
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* no random, no RSA/DH tests
-
-	* hxtool.c (info): print status of random generator
-
-	* Makefile.am: remove files created by tests
-
-	* error.c: constify
-
-	* name.c: constify
-
-	* revoke.c: constify
-
-	* hx_locl.h: constify
-
-	* keyset.c: constify
-
-	* ks_p11.c: constify
-
-	* hx_locl.h: make printinfo char * argument const.
-
-	* cms.c: move _hx509_set_digest_alg from cms.c to crypto.c since
-	its only used there.
-
-	* crypto.c: remove no longer used stuff, move set_digest_alg here
-	from cms.c since its only used here.
-
-	* Makefile.am: add data/test-nopw.p12 to EXTRA_DIST
-	
-2007-01-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* print.c: BasicConstraints vs criticality bit is complicated and
-	not really possible to evaluate on its own, silly RFC3280.
-
-	* ca.c: Make basicConstraints critical if this is a CA.
-
-	* print.c: fix the version vs extension test
-
-	* print.c: More validation checks.
-
-	* name.c (hx509_name_cmp): add
-	
-2007-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok
-	too (XXX why should these be fetched given they are not used).
-
-	* test_ca.in: rename all files to PEM files, since that is what
-	they are.
-
-	* hxtool.c: copy out the key with the self signed CA cert
-
-	* Factor out private key operation out of the signing, operations,
-	support import, export, and generation of private keys. Add
-	support for writing PEM and PKCS12 files with private keys in them.
- 
-	* data/gen-req.sh: Generate a no password pkcs12 file.
-	
-2007-01-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Check for internal ASN1 encoder error.
-	
-2007-01-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Drop most of the pkcs11 files.
-
-	* test_ca.in: test reissueing ca certificate (xxx time
-	validAfter).
-
-	* hxtool.c: Allow setting serialNumber (needed for reissuing
-	certificates) Change --key argument to --out-key.
-
-	* hxtool-commands.in (issue-certificate): Allow setting
-	serialNumber (needed for reissuing certificates), Change --key
-	argument to --out-key.
-
-	* ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11
-	headerfile that is compatible with GPL (file taken from scute)
-
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Test to generate key and use them.
-
-	* hxtool.c: handle other keys the pkcs10 requested keys
-
-	* hxtool-commands.in: add generate key commands
-
-	* req.c (_hx509_request_to_pkcs10): PKCS10 needs to have a subject
-
-	* hxtool-commands.in: Spelling.
-
-	* ca.c (hx509_ca_tbs_set_proxy): allow negative pathLenConstraint
-	to signal no limit
-
-	* ks_file.c: Try all formats on the binary file before giving up,
-	this way we can handle binary rsa keys too.
-
-	* data/key2.der: new test key
-
-2007-01-04  David Love  <fx@gnu.org>
-
-	* Makefile.am (hxtool_LDADD): Add libasn1.la
-
-	* hxtool.c (pcert_verify): Fix format string.
-
-2006-12-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Allow setting path length
-
-	* cert.c: Fix test for proxy certs chain length, it was too
-	restrictive.
-	
-	* data: regen
-	
-	* data/openssl.cnf: (proxy_cert) make length 0
-
-	* test_ca.in: Issue a long living cert.
-
-	* hxtool.c: add --lifetime to ca command.
-
-	* hxtool-commands.in: add --lifetime to ca command.
-
-	* ca.c: allow setting notBefore and notAfter.
-
-	* test_ca.in: Test generation of proxy certificates.
-
-	* ca.c: Allow generation of proxy certificates, always include
-	BasicConstraints, fix error codes.
-
-	* hxtool.c: Allow generation of proxy certificates.
-
-	* test_name.c: make hx509_parse_name take a hx509_context.
-
-	* name.c: Split building RDN to a separate function.
-	
-2006-12-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: clean test_ca files.
-
-	* test_ca.in: test issuing self-signed and CA certificates.
-
-	* hxtool.c: Add bits to allow issuing self-signed and CA
-	certificates.
-
-	* hxtool-commands.in: Add bits to allow issuing self-signed and CA
-	certificates.
-
-	* ca.c: Add bits to allow issuing CA certificates.
-
-	* revoke.c: use new OCSPSigning.
-
-	* ca.c: Add Subject Key Identifier.
-
-	* ca.c: Add Authority Key Identifier.
-	
-	* cert.c: Locally export _hx509_find_extension_subject_key_id.
-	Handle AuthorityKeyIdentifier where only authorityCertSerialNumber
-	and authorityCertSerialNumber is set.
-
-	* hxtool-commands.in: Add dnsname and rfc822 SANs.
-
-	* test_ca.in: Test dnsname and rfc822 SANs.
-
-	* ca.c: Add dnsname and rfc822 SANs.
-
-	* hxtool.c: Add dnsname and rfc822 SANs.
-
-	* test_ca.in: test adding eku, ku and san to the
-	certificate (https and pk-init)
-
-	* hxtool.c: Add eku, ku and san to the certificate.
-
-	* ca.c: Add eku, ku and san to the certificate.
-
-	* hxtool-commands.in: Add --type and --pk-init-principal
-
-	* ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: Add KeyUsage extension.
-
-	* Makefile.am: add ca.c, add sign-certificate tests.
-
-	* crypto.c: Add _hx509_create_signature_bitstring.
-
-	* hxtool-commands.in: Add the sign-certificate tool.
-
-	* hxtool.c: Add the sign-certificate tool.
-
-	* cert.c: Add HX509_QUERY_OPTION_KU_KEYCERTSIGN.
-
-	* hx509.h: Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN.
-
-	* test_ca.in: Basic test of generating a pkcs10 request, signing
-	it and verifying the chain.
-
-	* ca.c: Naive certificate signer.
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: add hxtool_hex
-	
-2006-12-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: use top_builddir for libasn1.la
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c (print_certificate): print serial number.
-
-	* name.c (no): add S=stateOrProvinceName
-	
-2006-12-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (_hx509_private_key_assign_rsa): set a default sig alg
-
-	* ks_file.c (try_decrypt): pass down AlgorithmIdentifier that key
-	uses to do sigatures so there is no need to hardcode RSA into this
-	function.
-	
-2006-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c: Pass filename to the parse functions and use it in
-	the error messages
-
-	* test_chain.in: test proxy cert (third level)
-	
-	* hx509_err.et: fix errorstring for PROXY_CERT_NAME_WRONG
-
-	* data: regen
-
-	* Makefile.am: EXTRA_DIST: add
-	data/proxy10-child-child-test.{key,crt}
-
-	* data/gen-req.sh: Fix names and restrictions on the proxy
-	certificates
-
-	* cert.c: Clairfy and make proxy cert handling work for multiple
-	levels, before it was too restrictive. More helpful error message.
-	
-2006-12-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cert.c (check_key_usage): tell what keyusages are missing
-
-	* print.c: Split OtherName printing code to a oid lookup and print
-	function.
-
-	* print.c (Time2string): print hour as hour not min
-
-	* Makefile.am: CLEANFILES += test
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files
-
-	* Makefile.am (EXTRA_DIST): add tst-crypto* files
-
-	* cert.c (hx509_query_match_issuer_serial): make a copy of the
-	data
-
-	* cert.c (hx509_query_match_issuer_serial): allow matching on
-	issuer and serial num
-
-	* cert.c (_hx509_calculate_path): add flag to allow leaving out
-	trust anchor
-
-	* cms.c (hx509_cms_create_signed_1): when building the path, omit
-	the trust anchors.
-
-	* crypto.c (rsa_create_signature): Abort when signature is longer,
-	not shorter.
-
-	* cms.c: Provide time to _hx509_calculate_path so we don't send no
-	longer valid certs to our peer.
-
-	* cert.c (find_parent): when checking for certs and its not a
-	trust anchor, require time be in range.
-	(_hx509_query_match_cert): Add time validity-testing to query mask
-
-	* hx_locl.h: add time validity-testing to query mask
-
-	* test_cms.in: Tests for CMS SignedData with incomplete chain from
-	the signer.
-	
-2006-11-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c (hx509_cms_verify_signed): specify what signature we
-	failed to verify
-	
-	* Makefile.am: Depend on LIB_com_err for AIX.
-
-	* keyset.c: Remove anther strndup that causes AIX to fall over.
-
-	* cert.c: Don't check the trust anchors expiration time since they
-	are transported out of band, from RFC3820.
-
-	* cms.c: sprinkle more error strings
-
-	* crypto.c: sprinkle more error strings
-
-	* hxtool.c: use unsigned int as counter to fit better with the
-	asn1 compiler
-
-	* crypto.c: use unsigned int as counter to fit better with the
-	asn1 compiler
-	
-2006-11-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cms.c: Remove trailing white space.
-
-	* crypto.c: rewrite comment to make more sense
-
-	* crypto.c (hx509_crypto_select): check sig_algs[j]->key_oid
-
-	* hxtool-commands.in (crypto-available): add --type
-
-	* crypto.c (hx509_crypto_available): let alg pass if its keyless
-
-	* hxtool-commands.in: Expand crypto-select
-
-	* cms.c: Rename hx509_select to hx509_crypto_select.
-
-	* hxtool-commands.in: Add crypto-select and crypto-available.
-
-	* hxtool.c: Add crypto-select and crypto-available.
-
-	* crypto.c (hx509_crypto_available): use right index.
-	(hx509_crypto_free_algs): new function
-
-	* crypto.c (hx509_crypto_select): improve
-	(hx509_crypto_available): new function
-	
-2006-11-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cert.c: Sprinkle more error string and hx509_contexts.
-
-	* cms.c: Sprinkle more error strings.
-
-	* crypto.c: Sprinkle error string and hx509_contexts.
-
-	* crypto.c: Add some more comments about how this works.
-
-	* crypto.c (hx509_select): new function.
-	
-	* Makefile.am: add peer.c
-
-	* hxtool.c: Update hx509_cms_create_signed_1.
-
-	* hx_locl.h: add struct hx509_peer_info
-
-	* peer.c: Allow selection of digest/sig-alg
-
-	* cms.c: Allow selection of a better digest using hx509_peer_info.
-
-	* revoke.c: Handle that _hx509_verify_signature takes a context.
-	
-	* cert.c: Handle that _hx509_verify_signature takes a context.
-	
-2006-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Sprinkle error strings.
-
-	* crypto.c: Sprinkle context and error strings.
-	
-2006-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c: Handle printing and parsing raw oids in name.
-
-2006-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c (_hx509_calculate_path): allow to calculate optimistic
-	path when we don't know the trust anchors, just follow the chain
-	upward until we no longer find a parent or we hit the max limit.
-
-	* cms.c (hx509_cms_create_signed_1): provide a best effort path to
-	the trust anchors to be stored in the SignedData packet, if find
-	parents until trust anchor or max length.
-
-	* data: regen
-
-	* data/gen-req.sh: Build pk-init proxy cert.
-	
-2006-11-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* error.c (hx509_get_error_string): Put ", " between strings in
-	error message.
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/openssl.cnf: Change realm to TEST.H5L.SE
-	
-2006-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Sprinkle error strings.
-	
-2006-11-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hx_locl.h: add context variable to cmp function.
-
-	* cert.c (hx509_query_match_cmp_func): allow setting the match
-	function.
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Return less EINVAL.
-
-	* hx509_err.et: add more pkcs11 errors
-
-	* hx509_err.et: more error-codes
-
-	* revoke.c: Return less EINVAL.
-
-	* ks_dir.c: sprinkel more hx509_set_error_string
-
-	* ks_file.c: Return less EINVAL.
-
-	* hxtool.c: Pass in context to _hx509_parse_private_key.
-
-	* ks_file.c: Sprinkle more hx509_context so we can return propper
-	errors.
-
-	* hx509_err.et: add HX509_PARSING_KEY_FAILED
-
-	* crypto.c: Sprinkle more hx509_context so we can return propper
-	errors.
-
-	* collector.c: No more EINVAL.
-
-	* hx509_err.et: add HX509_LOCAL_ATTRIBUTE_MISSING
-
-	* cert.c (hx509_cert_get_base_subject): one less EINVAL
-	(_hx509_cert_private_decrypt): one less EINVAL
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* collector.c: indent
-
-	* hxtool.c: Try to not leak memory.
-
-	* req.c: clean memory before free
-
-	* crypto.c (_hx509_private_key2SPKI): indent
-
-	* req.c: Try to not leak memory.
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Read 50 kilobyte random data
-	
-	* revoke.c: Try to not leak memory.
-
-	* hxtool.c: Try to not leak memory.
-
-	* crypto.c (hx509_crypto_destroy): free oid.
-
-	* error.c: Clean error string on failure just to make sure.
-
-	* cms.c: Try to not leak memory (again).
-
-	* hxtool.c: use a sensable content type
-
-	* cms.c: Try harder to free certificate.
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add make check data.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_list_keys): make element of search_data[0]
-	constants and set them later
-
-	* Makefile.am: Add more files.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_file.c: set ret, remember to free ivdata
-	
-2006-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Include <parse_bytes.h>.
-
-	* test_crypto.in: Test random-data.
-
-	* hxtool.c: RAND_bytes() return 1 for cryptographic strong data,
-	check for that.
-
-	* Makefile.am: clean random-data
-
-	* hxtool.c: Add random-data command, use sl_slc_help.
-
-	* hxtool-commands.in: Add random-data.
-
-	* ks_p12.c: Remember to release certs.
-
-	* ks_p11.c: Remember to release certs.
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* prefix der primitives with der_
-
-	* lock.c: Match the prompt type PROMPT exact.
-
-	* hx_locl.h: Drop heim_any.h
-	
-2006-10-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_release_module): j needs to be used as inter loop
-	index. From Douglas Engert.
-
-	* ks_file.c (parse_rsa_private_key): try all passwords and
-	prompter.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_*.in: Parameterise the invocation of hxtool, so we can make
-	it run under TESTS_ENVIRONMENT. From Andrew Bartlett
-
-2006-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Put all test stuck at 2006-09-25 since all their
-	chains where valied then.
-
-	* hxtool.c: Implement --time= option.
-
-	* hxtool-commands.in: Add option time.
-
-	* Makefile.am: test_name is a PROGRAM_TESTS
-
-	* ks_p11.c: Return HX509_PKCS11_NO_SLOT when there are no slots
-	and HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM
-	modules that want to detect when to use smartcard login and when
-	not to. Patched based on code from Douglas Engert.
-
-	* hx509_err.et: Add new pkcs11 related errors in a new section:
-	keystore related error.  Patched based on code from Douglas
-	Engert.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Make depenency for slc built files just like
-	everywhere else.
-
-	* cert.c: Add all openssl algs and init asn1 et
-	
-2006-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c (parse_rsa_private_key): free type earlier.
-
-	* ks_file.c (parse_rsa_private_key): free type after use
-
-	* name.c (_hx509_Name_to_string): remove dup const
-	
-2006-10-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add more libs to libhx509
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Fix double free's, NULL ptr de-reference, and conform
-	better to pkcs11.  From Douglas Engert.
-
-	* ref: remove ^M, it breaks solaris 10s cc. From Harald Barth
-
-2006-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp
-	Weinmann and Andrew Pyshkin, pad right.
-
-	* data: starfield test root cert and Ralf-Philipp and Andreis
-	correctly padded bad cert
-
-2006-09-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Add test for yutaka certs.
-
-	* cert.c: Add a strict rfc3280 verification flag. rfc3280 requires
-	certificates to have KeyUsage.keyCertSign if they are to be used
-	for signing of certificates, but the step in the verifiation is
-	optional.
-
-	* hxtool.c: Improve printing and error reporting.
-	
-2006-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem:
-	test bleichenbacher from eay
-
-2006-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Make common function for all getarg_strings and
-	hx509_certs_append commonly used.
-
-	* cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative
-	flag, treat it was such.
-	
-2006-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* req.c: Use the new add_GeneralNames function.
-
-	* hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
-
-	* ks_p12.c: Adapt to new signature of hx509_cms_unenvelope.
-
-	* hxtool.c: Adapt to new signature of hx509_cms_unenvelope.
-
-	* cms.c: Allow passing in encryptedContent and flag.  Add new flag
-	HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
-	
-2006-09-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: cast void * to char * when using it for %s formating
-	in printf.
-
-	* name.c: New function _hx509_Name_to_string.
-	
-2006-09-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c: Sprinkle error messages.
-
-	* cms.c: Sprinkle even more error messages.
-	
-	* cms.c: Sprinkle some error messages.
-
-	* cms.c (find_CMSIdentifier): only free string when we allocated
-	one.
-
-	* ks_p11.c: Don't build most of the pkcs11 module if there are no
-	dlopen().
-	
-2006-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c (hx509_cms_unenvelope): try to save the error string from
-	find_CMSIdentifier so we have one more bit of information what
-	went wrong.
-
-	* hxtool.c: More pretty printing, make verify_signed return the
-	error string from the library.
-
-	* cms.c: Try returning what certificates failed to parse or be
-	found.
-
-	* ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the
-	friendlyname for the certificate.
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c: check that there are no extra bytes in the checksum
-	and that the parameters are NULL or the NULL-type. All to avoid
-	having excess data that can be used to fake the signature.
-
-	* hxtool.c: print keyusage
-
-	* print.c: add hx509_cert_keyusage_print, simplify oid printing
-
-	* cert.c: add _hx509_cert_get_keyusage
-
-	* ks_p11.c: keep one session around for the whole life of the keyset
-
-	* test_query.in: tests more selection
-
-	* hxtool.c: improve pretty printing in print and query
-
-	* hxtool{.c,-commands.in}: add selection on KU and printing to query
-
-	* test_cms.in: Add cms test for digitalSignature and
-	keyEncipherment certs.
-
-	* name.c (no): Add serialNumber
-
-	* ks_p11.c (p11_get_session): return better error messages
-	
-2006-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ref: update to pkcs11 reference files 2.20
-
-	* ks_p11.c: add more mechflags
-
-	* name.c (no): add OU and sort
-
-	* revoke.c: pass context to _hx509_create_signature
-
-	* ks_p11.c (p11_printinfo): print proper plural s
-
-	* ks_p11.c: save the mechs supported when initing the token, print
-	them in printinfo.
-
-	* hx_locl.h: Include <parse_units.h>.
-
-	* cms.c: pass context to _hx509_create_signature
-
-	* req.c: pass context to _hx509_create_signature
-
-	* keyset.c (hx509_certs_info): print information about the keyset.
-
-	* hxtool.c (pcert_print) print keystore info when --info flag is
-	given.
-
-	* hxtool-commands.in: Add hxtool print --info.
-
-	* test_query.in: Test hxtool print --info.
-
-	* hx_locl.h (hx509_keyset_ops): add printinfo
-
-	* crypto.c: Start to hang the private key operations of the
-	private key, pass hx509_context to create_checksum.
-	
-2006-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Iterate over all slots, not just the first/selected
-	one.
-	
-2006-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: Add release function for certifiates so backend knowns
-	when its no longer used.
-
-	* ks_p11.c: Add reference counting on certifiates, push out
-	CK_SESSION_HANDLE from slot.
-
-	* cms.c: sprinkle more hx509_clear_error_string
-
-2006-05-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Sprinkle some hx509_set_error_strings
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: Avoid shadowing.
-
-	* revoke.c: Avoid shadowing.
-
-	* ks_file.c: Avoid shadowing.
-
-	* cert.c: Avoid shadowing.
-	
-2006-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning
-	
-	* hx509.h: Reshuffle the prompter types, remove the hidden field.
-
-	* lock.c (hx509_prompt_hidden): return if the prompt should be
-	hidden or not
-
-	* revoke.c (hx509_revoke_free): allow free of NULL.
-	
-2006-05-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c (file_init): Avoid shadowing ret (and thus avoiding
-	crashing).
-
-	* ks_dir.c: Implement DIR: caches useing FILE: caches.
-
-	* ks_p11.c: Catch more errors.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (hx509_crypto_encrypt): free correctly in error
-	path. From Andrew Bartlett.
-
-	* crypto.c: If RAND_bytes fails, then we will attempt to
-	double-free crypt->key.data.  From Andrew Bartlett.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* name.c: Rename u_intXX_t to uintXX_t
-	
-2006-05-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: More to do about the about the PKCS11 code.
-
-	* ks_p11.c: Use the prompter from the lock function.
-
-	* lock.c: Deal with that hx509_prompt.reply is no longer a
-	pointer.
-
-	* hx509.h: Make hx509_prompt.reply not a pointer.
-	
-2006-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* keyset.c: Sprinkle setting error strings.
-
-	* crypto.c: Sprinkle setting error strings.
-
-	* collector.c: Sprinkle setting error strings.
-
-	* cms.c: Sprinkle setting error strings.
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_name.c: renamed one error code
-
-	* name.c: renamed one error code
-
-	* ks_p11.c: _hx509_set_cert_attribute changed signature
-
-	* hxtool.c (pcert_print): use hx509_err so I can test it
-
-	* error.c (hx509_set_error_stringv): clear errors on malloc
-	failure
-
-	* hx509_err.et: Add some more errors
-
-	* cert.c: Sprinkle setting error strings.
-
-	* cms.c: _hx509_path_append changed signature.
-
-	* revoke.c: changed signature of _hx509_check_key_usage
-
-	* keyset.c: changed signature of _hx509_query_match_cert
-
-	* hx509.h: Add support for error strings.
-
-	* cms.c: changed signature of _hx509_check_key_usage
-
-	* Makefile.am: ibhx509_la_files += error.c
-
-	* ks_file.c: Sprinkel setting error strings.
-
-	* cert.c: Sprinkel setting error strings.
-
-	* hx_locl.h: Add support for error strings.
-
-	* error.c: Add string error handling functions.
-
-	* keyset.c (hx509_certs_init): pass the right error code back
-	
-2006-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Revert previous patch.
-	(hx509_ocsp_verify): new function that returns the expiration of
-	certificate in ocsp data-blob
-
-	* cert.c: Reverse previous patch, lets do it another way.
-
-	* cert.c (hx509_revoke_verify): update usage
-
-	* revoke.c: Make compile.
-
-	* revoke.c: Add the expiration time the crl/ocsp info expire
-
-	* name.c: Add hx509_name_is_null_p
-
-	* cert.c: remove _hx509_cert_private_sigature
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* name.c: Expose more of Name.
-
-	* hxtool.c (main): add missing argument to printf
-
-	* data/openssl.cnf: Add EKU for the KDC certificate
-
-	* cert.c (hx509_cert_get_base_subject): reject un-canon proxy
-	certs, not the reverse
-	(add_to_list): constify and fix argument order to
-	copy_octet_string
-	(hx509_cert_find_subjectAltName_otherName): make work
-	
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/{pkinit,kdc}.{crt,key}: pkinit certificates
-
-	* data/gen-req.sh: Generate pkinit certificates.
-
-	* data/openssl.cnf: Add pkinit glue.
-
-	* cert.c (hx509_verify_hostname): implement stub function
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: CRL delta support
-
-2006-04-26 Love H�rnquist �strand <lha@it.su.se>
-	
-	* data/.cvsignore: ignore leftover from OpenSSL cert generation
-
-	* hx509_err.et: Add name malformated error
-
-	* name.c (hx509_parse_name): don't abort on error, rather return
-	error
-
-	* test_name.c: Test failure parsing name.
-
-	* cert.c: When verifying certificates, store subject basename for
-	later consumption.
-
-	* test_name.c: test to parse and print name and check that they
-	are the same.
-
-	* name.c (hx509_parse_name): fix length argument to printf string
-
-	* name.c (hx509_parse_name): fix length argument to stringtooid, 1
-	too short.
-
-	* cert.c: remove debug printf's
-
-	* name.c (hx509_parse_name): make compile pre c99
-
-	* data/gen-req.sh: OpenSSL have a serious issue of user confusion
-	-subj in -ca takes the arguments in LDAP order. -subj for x509
-	takes it in x509 order.
-
-	* cert.c (hx509_verify_path): handle the case where the where two
-	proxy certs in a chain.
-
-	* test_chain.in: enable two proxy certificates in a chain test
-
-	* test_chain.in: tests proxy certificates
-
-	* data: re-gen
-
-	* data/gen-req.sh: build proxy certificates
-	
-	* data/openssl.cnf: add def for proxy10_cert
-
-	* hx509_err.et: Add another proxy certificate error.
-
-	* cert.c (hx509_verify_path): Need to mangle name to remove the CN
-	of the subject, copying issuer only works for one level but is
-	better then doing no checking at all.
-
-	* hxtool.c: Add verify --allow-proxy-certificate.
-
-	* hxtool-commands.in: add verify --allow-proxy-certificate
-
-	* hx509_err.et: Add proxy certificate errors.
-
-	* cert.c: Fix comment about subject name of proxy certificate.
-
-	* test_chain.in: tests for proxy certs
-
-	* data/gen-req.sh: gen proxy and non-proxy tests certificates
-
-	* data/openssl.cnf: Add definition for proxy certs
-
-	* data/*proxy-test.*: Add proxy certificates
-
-	* cert.c (hx509_verify_path): verify proxy certificate have no san
-	or ian
-
-	* cert.c (hx509_verify_set_proxy_certificate): Add
-	(*): rename policy cert to proxy cert
-
-	* cert.c: Initial support for proxy certificates.
-	
-2006-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: some error checking
-
-	* name.c: Switch over to asn1 generaed oids.
-
-	* TODO: merge with old todo file
-	
-2006-04-23 Love H�rnquist �strand <lha@it.su.se>
-
-	* test_query.in: make quiet
-
-	* test_req.in: SKIP test if there is no RSA support.
-
-	* hxtool.c: print dh method too
-
-	* test_chain.in: SKIP test if there is no RSA support.
-	
-	* test_cms.in: SKIP test if there is no RSA support.
-
-	* test_nist.in: SKIP test if there is no RSA support.
-	
-2006-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool-commands.in: Allow passing in pool and anchor to
-	signedData
-
-	* hxtool.c: Allow passing in pool and anchor to signedData
-
-	* test_cms.in: Test that certs in signed data is picked up.
-
-	* hx_locl.h: Expose the path building function to internal
-	functions.
-
-	* cert.c: Expose the path building function to internal functions.
-
-	* hxtool-commands.in: cms-envelope: Add support for choosing the
-	encryption type
-
-	* hxtool.c (cms_create_enveloped): Add support for choosing the
-	encryption type
-
-	* test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped
-	data
-
-	* crypto.c: Add names to cipher types.
-
-	* cert.c (hx509_query_match_friendly_name): fix return value
-
-	* data/gen-req.sh: generate tests for enveloped data using
-	des-ede3 and aes256
-
-	* test_cms.in: add tests for enveloped data using des-ede3 and
-	aes256
-
-	* cert.c (hx509_query_match_friendly_name): New function.
-	
-2006-04-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: Add support for parsing slot-number.
-
-	* crypto.c (oid_private_rc2_40): simply
-
-	* crypto.c: Use oids from asn1 generator.
-
-	* ks_file.c (file_init): reset length when done with a part
-
-	* test_cms.in: check with test.combined.crt.
-
-	* data/gen-req.sh: Create test.combined.crt.
-
-	* test_cms.in: Test signed data using keyfile that is encrypted.
-
-	* ks_file.c: Remove (commented out) debug printf
-
-	* ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname
-
-	* ks_file.c (parse_rsa_private_key): make working for one
-	password.
-
-	* ks_file.c (parse_rsa_private_key): Implement enought for
-	testing.
-
-	* hx_locl.h: Add <ctype.h>
-
-	* ks_file.c: Add glue code for PEM encrypted password files.
-
-	* test_cms.in: Add commeted out password protected PEM file,
-	remove password for those tests that doesn't need it.
-
-	* test_cms.in: adapt test now that we can use any certificate and
-	trust anchor
-
-	* collector.c: handle PEM RSA PRIVATE KEY files
-
-	* cert.c: Remove unused function.
-
-	* ks_dir.c: move code here from ks_file.c now that its no longer
-	used.
-
-	* ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY
-
-	* crypto.c: Handle rsa private keys better.
-	
-2006-04-20  Love H�rnquist �strand <lha@it.su.se>
-
-	* hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo
-
-	* cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1
-	un-aware code.
-
-	* cert.c (hx509_verify_path): if trust anchor is not self signed,
-	don't check sig From Douglas Engert.
-
-	* test_chain.in: test "sub-cert -> sub-ca"
-	
-	* crypto.c: Use the right length for the sha256 checksums.
-	
-2006-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c: Fix breakage from sha256 code.
-
-	* crypto.c: Add SHA256 support, and symbols for the other new
-	SHA-2 types.
-	
-2006-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data
-	
-	* data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2
-
-	* cms.c: Update prototypes changes for hx509_crypto_[gs]et_params.
-
-	* crypto.c: Break out the parameter handling code for encrypting
-	data to handle RC2.  Needed for Windows 2k pk-init support.
-	
-2006-04-04  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Split libhx509_la_SOURCES into build file and
-	distributed files so we can avoid building prototypes for
-	build-files.
-	
-2006-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: split certificate request into pkcs10 and CRMF
-
-	* hxtool-commands.in: Add nonce flag to ocsp-fetch
-
-	* hxtool.c: control sending nonce
-
-	* hxtool.c (request_create): store the request in a file, no in
-	bitbucket.
-
-	* cert.c: expose print_cert_subject internally
-
-	* hxtool.c: Add ocsp_print.
-
-	* hxtool-commands.in: New command "ocsp-print".
-
-	* hx_locl.h: Include <hex.h>.
-
-	* revoke.c (verify_ocsp): require issuer to match too.
-	(free_ocsp): new function
-	(hx509_revoke_ocsp_print): new function, print ocsp reply
-
-	* Makefile.am: build CRMF files
-
-	* data/key.der: needed for cert request test
-
-	* test_req.in: adapt to rename of pkcs10-create to request-create
-
-	* hxtool.c: adapt to rename of pkcs10-create to request-create
-
-	* hxtool-commands.in: Rename pkcs10-create to request-create
-
-	* crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input.
-
-	* hxtool.c (pkcs10_create): use opt->subject_string
-
-	* hxtool-commands.in: Add pkcs10-create --subject
-
-	* Makefile.am: Add test_req to tests.
-	
-	* test_req.in: Test for pkcs10 commands.
-
-	* name.c (hx509_parse_name): new function.
-
-	* hxtool.c (pkcs10_create): implement
-
-	* hxtool-commands.in (pkcs10-create): Add arguments
-
-	* crypto.c: Add _hx509_private_key2SPKI and support
-	functions (only support RSA for now).
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool-commands.in: Add pkcs10-create command.
-
-	* hx509.h: Add hx509_request.
-
-	* TODO: more stuff
-
-	* Makefile.am: Add req.c
-
-	* req.c: Create certificate requests, prototype converts the
-	request in a pkcs10 packet.
-
-	* hxtool.c: Add pkcs10_create
-
-	* name.c (hx509_name_copy): new function.
-	
-2006-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: fill out what do
-
-	* hxtool-commands.in: add pkcs10-print
-
-	* hx_locl.h: Include <pkcs10_asn1.h>.
-
-	* pkcs10.asn1: PKCS#10
-
-	* hxtool.c (pkcs10_print): new function.
-
-	* test_chain.in: test ocsp keyhash
-
-	* data: generate ocsp keyhash version too
-
-	* revoke.c (load_ocsp): test that we got back a BasicReponse
-
-	* ocsp.asn1: Add asn1_id_pkix_ocsp*.
-
-	* Makefile.am: Add asn1_id_pkix_ocsp*.
-
-	* cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
-
-	* hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
-
-	* revoke.c: Support OCSPResponderID.byKey, indent.
-
-	* revoke.c (hx509_ocsp_request): Add nonce to ocsp request.
-
-	* hxtool.c: Add nonce to ocsp request.
-
-	* test_chain.in: Added crl tests
-	
-	* data/nist-data: rename missing-crl to missing-revoke
-
-	* data: make ca use openssl ca command so we can add ocsp tests,
-	and regen certs
-
-	* test_chain.in: Add revoked ocsp cert test
-
-	* cert.c: rename missing-crl to missing-revoke
-
-	* revoke.c: refactor code, fix a un-init-ed variable
-	
-	* test_chain.in: rename missing-crl to missing-revoke add ocsp
-	tests
-
-	* test_cms.in: rename missing-crl to missing-revoke
-
-	* hxtool.c: rename missing-crl to missing-revoke
-
-	* hxtool-commands.in: rename missing-crl to missing-revoke
-	
-	* revoke.c: Plug one memory leak.
-
-	* revoke.c: Renamed generic CRL related errors.
-	
-	* hx509_err.et: Comments and renamed generic CRL related errors
-	
-	* revoke.c: Add ocsp checker.
-
-	* ocsp.asn1: Add id-kp-OCSPSigning
-
-	* hxtool-commands.in: add url-path argument to ocsp-fetch
-
-	* hxtool.c: implement ocsp-fetch
-
-	* cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF.
-	
-	* hx_locl.h: Add ocsp_time_diff to hx509_context
-
-	* crypto.c (_hx509_verify_signature_bitstring): new function,
-	commonly use when checking certificates
-
-	* cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder
-	error
-
-	* cert.c: Add ocsp glue, use new
-	_hx509_verify_signature_bitstring, add eku checking function.
-	
-2006-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add id_kp_OCSPSigning.x
-
-	* revoke.c: Pick out certs in ocsp response
-
-	* TODO: list of stuff to verify
-
-	* revoke.c: Add code to load OCSPBasicOCSPResponse files, reload
-	crl when its changed on disk.
-
-	* cert.c: Update for ocsp merge. handle building path w/o
-	subject (using subject key id)
-
-	* ks_p12.c: _hx509_map_file changed prototype.
-
-	* file.c: _hx509_map_file changed prototype, returns struct stat
-	if requested.
-
-	* ks_file.c: _hx509_map_file changed prototype.
-
-	* hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed
-	prototype, add ocsp parsing to verify command.
-
-	* hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to
-	HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue
-	
-2006-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Add <krb5-types.h> to make it compile on Solaris,
-	from Alex V. Labuta.
-	
-2006-03-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (_hx509_pbe_decrypt): try all passwords, not just the
-	first one.
-	
-2006-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c (check_altName): Print the othername oid.
-
-	* crypto.c: Manual page claims RSA_public_decrypt will return -1
-	on error, lets check for that
-	
-	* crypto.c (_hx509_pbe_decrypt): also try the empty password
-
-	* collector.c (match_localkeyid): no need to add back the cert to
-	the cert pool, its already there.
-
-	* crypto.c: Add REQUIRE_SIGNER
-
-	* cert.c (hx509_cert_free): ok to free NULL
-
-	* hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER.
-
-	* name.c (_hx509_name_ds_cmp): make DirectoryString case
-	insenstive
-	(hx509_name_to_string): less spacing
-
-	* cms.c: Check for signature error, check consitency of error
-	
-2006-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* collector.c (_hx509_collector_alloc): handle errors
-
-	* cert.c (hx509_query_alloc): allocate slight more more then a
-	sizeof(pointer)
-
-	* crypto.c (_hx509_private_key_assign_key_file): ask for password
-	if nothing matches.
-
-	* cert.c: Expose more of the hx509_query interface.
-
-	* collector.c: hx509_certs_find is now exposed.
-
-	* cms.c: hx509_certs_find is now exposed.
-
-	* revoke.c: hx509_certs_find is now exposed.
-
-	* keyset.c (hx509_certs_free): allow free-ing NULL
-	(hx509_certs_find): expose
-	(hx509_get_one_cert): new function
-
-	* hxtool.c: hx509_certs_find is now exposed.
-
-	* hx_locl.h: Remove hx509_query, its exposed now.
-
-	* hx509.h: Add hx509_query.
-	
-2006-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: Add exceptions for null (empty) subjectNames
-
-	* data/nist-data: Add some more name constraints tests.
-
-	* data/nist-data: Add some of the test from 4.13 Name Constraints.
-
-	* cert.c: Name constraits needs to be evaluated in block as they
-	appear in the certificates, they can not be joined to one
-	list. One example of this is:
-	
-	- cert is cn=foo,dc=bar,dc=baz
-	- subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz
-	- ca is dc=baz with name restriction dc=baz
-	
-	If the name restrictions are merged to a list, the certificate
-	will pass this test.
-
-2006-02-14 Love H�rnquist �strand <lha@it.su.se>
-
-	* cert.c: Handle more name constraints cases.
-
-	* crypto.c (dsa_verify_signature): if test if malloc failed
-
-2006-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Drop partial pkcs12 string2key implementation.
-	
-2006-01-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/nist-data: Add commited out DSA tests (they fail).
-
-	* data/nist-data: Add 4.2 Validity Periods.
-
-	* test_nist.in: Make less verbose to use.
-
-	* Makefile.am: Add test_nist_cert.
-
-	* data/nist-data: Add some more CRL-tests.
-
-	* test_nist.in: Print $id instead of . when running the tests.
-
-	* test_nist.in: Drop verifying certifiates, its done in another
-	test now.
-
-	* data/nist-data: fixup kill-rectangle leftovers
-
-	* data/nist-data: Drop verifying certifiates, its done in another
-	test now.  Add more crl tests. comment out all unused tests.
-
-	* test_nist_cert.in: test parse all nist certs
-	
-2006-01-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION.
-
-	* revoke.c: Check for unknown extentions in CRLs and CRLEntries.
-
-	* test_nist.in: Parse new format to handle CRL info.
-
-	* test_chain.in: Add --missing-crl.
-
-	* name.c (hx509_unparse_der_name): Rename from hx509_parse_name.
-	(_hx509_unparse_Name): Add.
-
-	* hxtool-commands.in: Add --missing-crl to verify commands.
-
-	* hx509_err.et: Add CRL errors.
-
-	* cert.c (hx509_context_set_missing_crl): new function Add CRL
-	handling.
-
-	* hx_locl.h: Add HX509_CTX_CRL_MISSING_OK.
-
-	* revoke.c: Parse and verify CRLs (simplistic).
-
-	* hxtool.c: Parse CRL info.
-
-	* data/nist-data: Change format so we can deal with CRLs, also
-	note the test-id from PKITS.
-
-	* data: regenerate test
-	
-	* data/gen-req.sh: use static-file to generate tests
-	
-	* data/static-file: new file to use for commited tests
-
-	* test_cms.in: Use static file, add --missing-crl.
-	
-2006-01-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* print.c: Its cRLReason, not cRLReasons.
-
-	* hxtool.c: Attach revoke context to verify context.
-
-	* data/nist-data: change syntax to make match better with crl
-	checks
-
-	* cert.c: Verify no certificates has been revoked with the new
-	revoke interface.
-
-	* Makefile.am: libhx509_la_SOURCES += revoke.c
-
-	* revoke.c: Add framework for handling CRLs.
-
-	* hx509.h: Add hx509_revoke_ctx.
-	
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete crypto_headers.h, use global file instead.
-
-	* crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen
-	
-2006-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto_headers.h: Need BN_is_negative too.
-	
-2006-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide
-	it. PKCS11 can't do public_decrypt, it support verify though. All
-	this doesn't matter, since the code never go though this path.
-
-	* crypto_headers.h: Provide glue to compile with less warnings
-	with OpenSSL
-	
-2006-01-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Depend on LIB_des
-
-	* lock.c: Use "crypto_headers.h".
-
-	* crypto_headers.h: Include the two diffrent implementation of
-	crypto headers.
-
-	* cert.c: Use "crypto-headers.h". Load ENGINE configuration.
-
-	* crypto.c: Make compile with both OpenSSL and heimdal libdes.
-
-	* ks_p11.c: Add code for public key decryption (not supported yet)
-	and use "crypto-headers.h".
-	
-
-2006-01-04 Love H�rnquist �strand <lha@it.su.se>
-	
-	* add a hx509_context where we can store configuration
-
-	* p11.c,Makefile.am: pkcs11 is now supported by library, remove
-	old files.
-
-	* ks_p11.c: more paranoid on refcount, set refcounter ealier,
-	reset pointers after free
-
-	* collector.c (struct private_key): remove temporary key data
-	storage, convert directly to a key
-	(match_localkeyid): match certificate and key using localkeyid
-	(match_keys): match certificate and key using _hx509_match_keys
-	(_hx509_collector_collect): rewrite to use match_keys and
-	match_localkeyid
-
-	* crypto.c (_hx509_match_keys): function that determins if a
-	private key matches a certificate, used when there is no
-	localkeyid.
-	(*) reset free pointer
-
-	* ks_file.c: Rewrite to use collector and mapping support
-	function.
-
-	* ks_p11.c (rsa_pkcs1_method): constify
-
-	* ks_p11.c: drop extra wrapping of p11_init
-
-	* crypto.c (_hx509_private_key_assign_key_file): use function to
-	extact rsa key
-
-	* cert.c: Revert previous, refcounter is unsigned, so it can never
-	be negative.
-
-	* cert.c (hx509_cert_ref): more refcount paranoia
-
-	* ks_p11.c: Implement rsa_private_decrypt and add stubs for public
-	ditto.
-
-	* ks_p11.c: Less printf, less memory leaks.
-
-	* ks_p11.c: Implement signing using pkcs11.
-	
-	* ks_p11.c: Partly assign private key, enough to complete
-	collection, but not any crypto functionallity.
-
-	* collector.c: Use hx509_private_key to assign private keys.
-
-	* crypto.c: Remove most of the EVP_PKEY code, and use RSA
-	directly, this temporary removes DSA support.
-
-	* hxtool.c (print_f): print if there is a friendly name and if
-	there is a private key
-	
-2006-01-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c: Avoid warning from missing __attribute__((noreturn))
-
-	* lock.c (_hx509_lock_unlock_certs): return unlock certificates
-
-	* crypto.c (_hx509_private_key_assign_ptr): new function, exposes
-	EVP_PKEY
-	(_hx509_private_key_assign_key_file): remember to free private key
-	if there is one.
-
-	* cert.c (_hx509_abort): add newline to output and flush stdout
-
-	* Makefile.am: libhx509_la_SOURCES += collector.c
-
-	* hx_locl.h: forward type declaration of struct hx509_collector.
-
-	* collector.c: Support functions to collect certificates and
-	private keys and then match them.
-
-	* ks_p12.c: Use the new hx509_collector support functions.
-
-	* ks_p11.c: Add enough glue to support certificate iteration.
-
-	* test_nist_pkcs12.in: Less verbose.
-
-	* cert.c (hx509_cert_free): if there is a private key assosited
-	with this cert, free it
-
-	* print.c: Use _hx509_abort.
-
-	* ks_p12.c: Use _hx509_abort.
-
-	* hxtool.c: Use _hx509_abort.
-
-	* crypto.c: Use _hx509_abort.
-
-	* cms.c: Use _hx509_abort.
-
-	* cert.c: Use _hx509_abort.
-
-	* name.c: use _hx509_abort
-	
-2006-01-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c (hx509_name_to_string): don't cut bmpString in half.
-
-	* name.c (hx509_name_to_string): don't overwrite with 1 byte with
-	bmpString.
-
-	* ks_file.c (parse_certificate): avoid stomping before array
-
-	* name.c (oidtostring): avoid leaking memory
-
-	* keyset.c: Add _hx509_ks_dir_register.
-
-	* Makefile.am (libhx509_la_SOURCES): += ks_dir.c
-
-	* hxtool-commands.in: Remove pkcs11.
-
-	* hxtool.c: Remove pcert_pkcs11.
-
-	* ks_file.c: Factor out certificate parsing code.
-
-	* ks_dir.c: Add new keystore that treats all files in a directory
-	a keystore, useful for regression tests.
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist_pkcs12.in: Test parse PKCS12 files from NIST.
-
-	* data/nist-data: Can handle DSA certificate.
-	
-	* hxtool.c: Print error code on failure.
-	
-2005-10-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c: Support DSA signature operations.
-	
-2005-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: Validate that issuerAltName and subjectAltName isn't
-	empty.
-	
-2005-09-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* p11.c: Cast to unsigned char to avoid warning.
-
-	* keyset.c: Register pkcs11 module.
-
-	* Makefile.am: Add ks_p11.c, install hxtool.
-	
-	* ks_p11.c: Starting point of a pkcs11 module.
-	
-2005-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lock.c: Implement prompter.
-
-	* hxtool-commands.in: add --content to print
-
-	* hxtool.c: Split verify and print.
-
-	* cms.c: _hx509_pbe_decrypt now takes a hx509_lock.
-
-	* crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
-	for empty password.
-
-	* name.c: Add DC, handle all Directory strings, fix signless
-	problems.
-	
-2005-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_query.in: Pass in --pass to all commands.
-
-	* hxtool.c: Use option --pass.
-
-	* hxtool-commands.in: Add --pass to all commands.
-
-	* hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
-
-	* test_cms.in: pass in password to cms-create-sd
-
-	* crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
-	later.  Avoid signess warnings with OpenSSL.
-
-	* cms.c: Use void * instead of char * for to avoid signedness
-	issues
-
-	* cert.c (hx509_cert_get_attribute): remove const, its not
-
-	* ks_p12.c: Cast size_t to unsigned long when print.
-
-	* name.c: Fix signedness warning.
-
-	* test_query.in: Use echo, the function check isn't defined here.
-	
-2005-08-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool-commands.in: Add more options that was missing.
-
-2005-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: Use --certificate= for enveloped/unenvelope.
-
-	* hxtool.c: Use --certificate= for enveloped/unenvelope.  Clean
-	up.
-
-	* test_cms.in: add EnvelopeData tests
-	
-	* hxtool.c: use id-envelopedData for ContentInfo
-	
-	* hxtool-commands.in: add contentinfo wrapping for create/unwrap
-	enveloped data
-
-	* hxtool.c: add contentinfo wrapping for create/unwrap enveloped
-	data
-
-	* data/gen-req.sh: add enveloped data (aes128)
-	
-	* crypto.c: add "new" RC2 oid
-	
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
-	caller to match by function, note that this doesn't not work
-	directly for backends that implements ->query, they must do their
-	own processing. (I'm running out of flags, only 12 left now)
-
-	* test_cms.in: verify ContentInfo wrapping code in hxtool
-	
-	* hxtool-commands.in (cms_create_sd): support wrapping in content
-	info spelling
-
-	* hxtool.c (cms_create_sd): support wrapping in content info
-
-	* test_cms.in: test more cms signeddata messages
-	
-	* data/gen-req.sh: generate SignedData
-	
-	* hxtool.c (cms_create_sd): support certificate store, add support
-	to unwrap a ContentInfo the SignedData inside.
-
-	* crypto.c: sprinkel rk_UNCONST
-
-	* crypto.c: add DER NULL to the digest oid's
-
-	* hxtool-commands.in: add --content-info to cms-verify-sd
-
-	* cms.c (hx509_cms_create_signed_1): pass in a full
-	AlgorithmIdentifier instead of heim_oid for digest_alg
-
-	* crypto.c: make digest_alg a digest_oid, it's not needed right
-	now
-
-	* hx509_err.et: add CERT_NOT_FOUND
-	
-	* keyset.c (_hx509_certs_find): add error code for cert not
-	found
-
-	* cms.c (hx509_cms_verify_signed): add external store of
-	certificates, use the right digest algorithm identifier.
-
-	* cert.c: fix const warning
-
-	* ks_p12.c: slightly less verbose
-	
-	* cert.c: add hx509_cert_find_subjectAltName_otherName, add
-	HX509_QUERY_MATCH_FRIENDLY_NAME
-	
-	* hx509.h: add hx509_octet_string_list, remove bad comment
-	
-	* hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME
-
-	* keyset.c (hx509_certs_append): needs a hx509_lock, add one
-
-	* Makefile.am: add test cases tempfiles to CLEANFILES
-	
-	* Makefile.am: add test_query to TESTS, fix dependency on hxtool
-	sources on hxtool-commands.h
-
-	* hxtool-commands.in: explain what signer is for create-sd
-
-	* hxtool.c: add query, add more options to verify-sd and create-sd
-
-	* test_cms.in: add more cms tests
-	
-	* hxtool-commands.in: add query, add more options to verify-sd
-
-	* test_query.in: test query interface
-	
-	* data: fix filenames for ds/ke files, add pkcs12 files, regen
-	
-	* hxtool.c,Makefile.am,hxtool-commands.in: switch to slc
-
-2005-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c (hx509_verify_destroy_ctx): add
-	
-	* hxtool.c: free hx509_verify_ctx
-	
-	* name.c (_hx509_name_ds_cmp): make sure all strings are not equal
-
-2005-07-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: return error
-	
-	* keyset.c: return errors from iterations
-	
-	* test_chain.in: clean up checks
-	
-	* ks_file.c (parse_certificate): return errno's not 1 in case of
-	error
-	
-	* ks_file.c (file_iter): make sure endpointer is NULL
-
-	* ks_mem.c (mem_iter): follow conversion and return NULL when we
-	get to the end, not ENOENT.
-	
-	* Makefile.am: test_chain depends on hxtool
-	
-	* data: test certs that lasts 10 years
-	
-	* data/gen-req.sh: script to generate test certs
-	
-	* Makefile.am: Add regression tests.
-
-	* data: test certificate and keys
-
-	* test_chain.in: test chain
-
-	* hxtool.c (cms_create_sd): add KU digitalSigature as a
-	requirement to the query
-
-	* hx_locl.h: add KeyUsage query bits
-
-	* hx509_err.et: add KeyUsage error
-
-	* cms.c: add checks for KeyUsage
-
-	* cert.c: more checks on KeyUsage, allow to query on them too
-
-2005-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Add missing break.
-	
-	* hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId
-
-	* hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
-	_hx509_write_file.
-
-	* file.c (_hx509_write_file): in case of write error, return errno
-
-	* file.c (_hx509_write_file): add a function that write a data
-	blob to disk too
-
-	* Fix id-tags
-
-	* Import mostly complete X.509 and CMS library. Handles, PEM, DER,
-	PKCS12 encoded certicates.  Verificate RSA chains and handled
-	CMS's SignedData, and EnvelopedData.
-
-
diff --git a/crypto/heimdal/lib/hx509/Makefile.am b/crypto/heimdal/lib/hx509/Makefile.am
deleted file mode 100644
index 3144a71..0000000
--- a/crypto/heimdal/lib/hx509/Makefile.am
+++ /dev/null
@@ -1,388 +0,0 @@
-# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES = libhx509.la
-libhx509_la_LDFLAGS = -version-info 3:0:0
-
-BUILT_SOURCES =				\
-	$(gen_files_ocsp:.x=.c)		\
-	$(gen_files_pkcs10:.x=.c)	\
-	hx509_err.c			\
-	hx509_err.h
-
-gen_files_ocsp = 			\
-	asn1_OCSPBasicOCSPResponse.x	\
-	asn1_OCSPCertID.x		\
-	asn1_OCSPCertStatus.x		\
-	asn1_OCSPInnerRequest.x		\
-	asn1_OCSPKeyHash.x		\
-	asn1_OCSPRequest.x		\
-	asn1_OCSPResponderID.x		\
-	asn1_OCSPResponse.x		\
-	asn1_OCSPResponseBytes.x	\
-	asn1_OCSPResponseData.x		\
-	asn1_OCSPResponseStatus.x	\
-	asn1_OCSPSignature.x		\
-	asn1_OCSPSingleResponse.x	\
-	asn1_OCSPTBSRequest.x		\
-	asn1_OCSPVersion.x		\
-	asn1_id_pkix_ocsp.x		\
-	asn1_id_pkix_ocsp_basic.x	\
-	asn1_id_pkix_ocsp_nonce.x
-
-gen_files_pkcs10 = 			\
-	asn1_CertificationRequestInfo.x	\
-	asn1_CertificationRequest.x
-
-gen_files_crmf = 			\
-	asn1_CRMFRDNSequence.x		\
-	asn1_CertReqMessages.x		\
-	asn1_CertReqMsg.x		\
-	asn1_CertRequest.x		\
-	asn1_CertTemplate.x		\
-	asn1_Controls.x			\
-	asn1_PBMParameter.x		\
-	asn1_PKMACValue.x		\
-	asn1_POPOPrivKey.x		\
-	asn1_POPOSigningKey.x		\
-	asn1_POPOSigningKeyInput.x	\
-	asn1_ProofOfPossession.x	\
-	asn1_SubsequentMessage.x	
-
-dist_libhx509_la_SOURCES = \
-	ca.c \
-	cert.c \
-	cms.c \
-	collector.c \
-	crypto.c \
-	doxygen.c \
-	error.c \
-	env.c \
-	file.c \
-	hx509-private.h \
-	hx509-protos.h \
-	hx509.h \
-	hx_locl.h \
-	keyset.c \
-	ks_dir.c \
-	ks_file.c \
-	ks_mem.c \
-	ks_null.c \
-	ks_p11.c \
-	ks_p12.c \
-	ks_keychain.c \
-	lock.c \
-	name.c \
-	peer.c \
-	print.c \
-	softp11.c \
-	ref/pkcs11.h \
-	req.c \
-	revoke.c
-
-libhx509_la_LIBADD = \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_dlopen)
-
-if FRAMEWORK_SECURITY
-libhx509_la_LDFLAGS += -framework Security -framework CoreFoundation
-endif
-
-if versionscript
-libhx509_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
-
-libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
-nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
-
-$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
-$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
-$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
-
-asn1_compile = ../asn1/asn1_compile$(EXEEXT)
-
-ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
-	$(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
-
-pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
-	$(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
-
-crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
-	$(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
-
-$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
-
-$(srcdir)/hx509-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
-
-$(srcdir)/hx509-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
-
-dist_include_HEADERS = hx509.h hx509-protos.h
-nodist_include_HEADERS = hx509_err.h
-
-SLC = $(top_builddir)/lib/sl/slc
-
-bin_PROGRAMS = hxtool
-
-hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
-	$(SLC) $(srcdir)/hxtool-commands.in
-
-dist_hxtool_SOURCES = hxtool.c
-nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
-
-$(hxtool_OBJECTS): hxtool-commands.h
-
-hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
-hxtool_LDADD = \
-	libhx509.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(top_builddir)/lib/sl/libsl.la
-
-CLEANFILES = $(BUILT_SOURCES) \
-	$(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
-	$(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
-	$(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
-	$(TESTS) \
-	hxtool-commands.c hxtool-commands.h *.tmp \
-	request.out \
-	out.pem out2.pem \
-	sd.data sd.data.out \
-	ev.data ev.data.out \
-	cert-null.pem cert-sub-ca2.pem \
-	cert-ee.pem cert-ca.pem \
-	cert-sub-ee.pem cert-sub-ca.pem \
-	cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
-	wca.pem wuser.pem wdc.pem wcrl.crl \
-	random-data statfile crl.crl \
-	test p11dbg.log pkcs11.cfg \
-	test-rc-file.rc
-
-clean-local:
-	@echo "cleaning PKITS" ; rm -rf PKITS_data
-
-#
-# regression tests
-#
-
-check_SCRIPTS = $(SCRIPT_TESTS)
-check_PROGRAMS = $(PROGRAM_TESTS) test_soft_pkcs11
-
-LDADD = libhx509.la
-
-test_soft_pkcs11_LDADD = libhx509.la
-test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
-
-TESTS = $(SCRIPT_TESTS) $(PROGRAM_TESTS)
-
-PROGRAM_TESTS = 		\
-	test_name
-
-SCRIPT_TESTS = 			\
-	test_ca			\
-	test_cert		\
-	test_chain		\
-	test_cms		\
-	test_crypto		\
-	test_nist		\
-	test_nist2		\
-	test_pkcs11		\
-	test_java_pkcs11	\
-	test_nist_cert		\
-	test_nist_pkcs12	\
-	test_req		\
-	test_windows		\
-	test_query
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
-
-test_ca: test_ca.in Makefile
-	$(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
-	chmod +x test_ca.tmp
-	mv test_ca.tmp test_ca
-
-test_cert: test_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
-	chmod +x test_cert.tmp
-	mv test_cert.tmp test_cert
-
-test_chain: test_chain.in Makefile
-	$(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
-	chmod +x test_chain.tmp
-	mv test_chain.tmp test_chain
-
-test_cms: test_cms.in Makefile
-	$(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
-	chmod +x test_cms.tmp
-	mv test_cms.tmp test_cms
-
-test_crypto: test_crypto.in Makefile
-	$(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
-	chmod +x test_crypto.tmp
-	mv test_crypto.tmp test_crypto
-
-test_nist: test_nist.in Makefile
-	$(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
-	chmod +x test_nist.tmp
-	mv test_nist.tmp test_nist
-
-test_nist2: test_nist2.in Makefile
-	$(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
-	chmod +x test_nist2.tmp
-	mv test_nist2.tmp test_nist2
-
-test_pkcs11: test_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
-	chmod +x test_pkcs11.tmp
-	mv test_pkcs11.tmp test_pkcs11
-
-test_java_pkcs11: test_java_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
-	chmod +x test_java_pkcs11.tmp
-	mv test_java_pkcs11.tmp test_java_pkcs11
-
-test_nist_cert: test_nist_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
-	chmod +x test_nist_cert.tmp
-	mv test_nist_cert.tmp test_nist_cert
-
-test_nist_pkcs12: test_nist_pkcs12.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
-	chmod +x test_nist_pkcs12.tmp
-	mv test_nist_pkcs12.tmp test_nist_pkcs12
-
-test_req: test_req.in Makefile
-	$(do_subst) < $(srcdir)/test_req.in > test_req.tmp
-	chmod +x test_req.tmp
-	mv test_req.tmp test_req
-
-test_windows: test_windows.in Makefile
-	$(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
-	chmod +x test_windows.tmp
-	mv test_windows.tmp test_windows
-
-test_query: test_query.in Makefile
-	$(do_subst) < $(srcdir)/test_query.in > test_query.tmp
-	chmod +x test_query.tmp
-	mv test_query.tmp test_query
-
-EXTRA_DIST = \
-	version-script.map \
-	crmf.asn1 \
-	data/bleichenbacher-bad.pem \
-	hx509_err.et \
-	hxtool-commands.in \
-	ocsp.asn1 \
-	pkcs10.asn1 \
-	test_ca.in \
-	test_chain.in \
-	test_cert.in \
-	test_cms.in \
-	test_crypto.in \
-	test_nist.in \
-	test_nist2.in \
-	test_nist_cert.in \
-	test_nist_pkcs12.in \
-	test_pkcs11.in \
-	test_java_pkcs11.in \
-	test_query.in \
-	test_req.in \
-	test_windows.in \
-	tst-crypto-available1 \
-	tst-crypto-available2 \
-	tst-crypto-available3 \
-	tst-crypto-select \
-	tst-crypto-select1 \
-	tst-crypto-select2 \
-	tst-crypto-select3 \
-	tst-crypto-select4 \
-	tst-crypto-select5 \
-	tst-crypto-select6 \
-	tst-crypto-select7 \
-	data/bleichenbacher-good.pem \
-	data/bleichenbacher-sf-pad-correct.pem \
-	data/ca.crt \
-	data/ca.key \
-	data/crl1.crl \
-	data/crl1.der \
-	data/gen-req.sh \
-	data/j.pem \
-	data/kdc.crt \
-	data/kdc.key \
-	data/key.der \
-	data/key2.der \
-	data/nist-data \
-	data/nist-data2 \
-	data/no-proxy-test.crt \
-	data/no-proxy-test.key \
-	data/ocsp-req1.der \
-	data/ocsp-req2.der \
-	data/ocsp-resp1-2.der \
-	data/ocsp-resp1-3.der \
-	data/ocsp-resp1-ca.der \
-	data/ocsp-resp1-keyhash.der \
-	data/ocsp-resp1-ocsp-no-cert.der \
-	data/ocsp-resp1-ocsp.der \
-	data/ocsp-resp1.der \
-	data/ocsp-resp2.der \
-	data/ocsp-responder.crt \
-	data/ocsp-responder.key \
-	data/openssl.cnf \
-	data/pkinit-proxy-chain.crt \
-	data/pkinit-proxy.crt \
-	data/pkinit-proxy.key \
-	data/pkinit-pw.key \
-	data/pkinit.crt \
-	data/pkinit.key \
-	data/proxy-level-test.crt \
-	data/proxy-level-test.key \
-	data/proxy-test.crt \
-	data/proxy-test.key \
-	data/proxy10-child-test.crt \
-	data/proxy10-child-test.key \
-	data/proxy10-child-child-test.crt \
-	data/proxy10-child-child-test.key \
-	data/proxy10-test.crt \
-	data/proxy10-test.key \
-	data/revoke.crt \
-	data/revoke.key \
-	data/sf-class2-root.pem \
-	data/static-file \
-	data/sub-ca.crt \
-	data/sub-ca.key \
-	data/sub-cert.crt \
-	data/sub-cert.key \
-	data/sub-cert.p12 \
-	data/test-ds-only.crt \
-	data/test-ds-only.key \
-	data/test-enveloped-aes-128 \
-	data/test-enveloped-aes-256 \
-	data/test-enveloped-des \
-	data/test-enveloped-des-ede3 \
-	data/test-enveloped-rc2-128 \
-	data/test-enveloped-rc2-40 \
-	data/test-enveloped-rc2-64 \
-	data/test-ke-only.crt \
-	data/test-ke-only.key \
-	data/test-nopw.p12 \
-	data/test-pw.key \
-	data/test-signed-data \
-	data/test-signed-data-noattr \
-	data/test-signed-data-noattr-nocerts \
-	data/test.combined.crt \
-	data/test.crt \
-	data/test.key \
-	data/test.p12 \
-	data/yutaka-pad-broken-ca.pem \
-	data/yutaka-pad-broken-cert.pem \
-	data/yutaka-pad-ok-ca.pem \
-	data/yutaka-pad-ok-cert.pem \
-	data/yutaka-pad.key
diff --git a/crypto/heimdal/lib/hx509/Makefile.in b/crypto/heimdal/lib/hx509/Makefile.in
deleted file mode 100644
index b564a49..0000000
--- a/crypto/heimdal/lib/hx509/Makefile.in
+++ /dev/null
@@ -1,1530 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog TODO
-@FRAMEWORK_SECURITY_TRUE@am__append_1 = -framework Security -framework CoreFoundation
-@versionscript_TRUE@am__append_2 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-bin_PROGRAMS = hxtool$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1) test_soft_pkcs11$(EXEEXT)
-TESTS = $(SCRIPT_TESTS) $(am__EXEEXT_1)
-subdir = lib/hx509
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libhx509_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-dist_libhx509_la_OBJECTS = libhx509_la-ca.lo libhx509_la-cert.lo \
-	libhx509_la-cms.lo libhx509_la-collector.lo \
-	libhx509_la-crypto.lo libhx509_la-doxygen.lo \
-	libhx509_la-error.lo libhx509_la-env.lo libhx509_la-file.lo \
-	libhx509_la-keyset.lo libhx509_la-ks_dir.lo \
-	libhx509_la-ks_file.lo libhx509_la-ks_mem.lo \
-	libhx509_la-ks_null.lo libhx509_la-ks_p11.lo \
-	libhx509_la-ks_p12.lo libhx509_la-ks_keychain.lo \
-	libhx509_la-lock.lo libhx509_la-name.lo libhx509_la-peer.lo \
-	libhx509_la-print.lo libhx509_la-softp11.lo libhx509_la-req.lo \
-	libhx509_la-revoke.lo
-am__objects_1 = libhx509_la-asn1_OCSPBasicOCSPResponse.lo \
-	libhx509_la-asn1_OCSPCertID.lo \
-	libhx509_la-asn1_OCSPCertStatus.lo \
-	libhx509_la-asn1_OCSPInnerRequest.lo \
-	libhx509_la-asn1_OCSPKeyHash.lo \
-	libhx509_la-asn1_OCSPRequest.lo \
-	libhx509_la-asn1_OCSPResponderID.lo \
-	libhx509_la-asn1_OCSPResponse.lo \
-	libhx509_la-asn1_OCSPResponseBytes.lo \
-	libhx509_la-asn1_OCSPResponseData.lo \
-	libhx509_la-asn1_OCSPResponseStatus.lo \
-	libhx509_la-asn1_OCSPSignature.lo \
-	libhx509_la-asn1_OCSPSingleResponse.lo \
-	libhx509_la-asn1_OCSPTBSRequest.lo \
-	libhx509_la-asn1_OCSPVersion.lo \
-	libhx509_la-asn1_id_pkix_ocsp.lo \
-	libhx509_la-asn1_id_pkix_ocsp_basic.lo \
-	libhx509_la-asn1_id_pkix_ocsp_nonce.lo
-am__objects_2 = libhx509_la-asn1_CertificationRequestInfo.lo \
-	libhx509_la-asn1_CertificationRequest.lo
-am__objects_3 = $(am__objects_1) $(am__objects_2) \
-	libhx509_la-hx509_err.lo
-nodist_libhx509_la_OBJECTS = $(am__objects_3)
-libhx509_la_OBJECTS = $(dist_libhx509_la_OBJECTS) \
-	$(nodist_libhx509_la_OBJECTS)
-libhx509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libhx509_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_name$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-dist_hxtool_OBJECTS = hxtool-hxtool.$(OBJEXT)
-nodist_hxtool_OBJECTS = hxtool-hxtool-commands.$(OBJEXT)
-hxtool_OBJECTS = $(dist_hxtool_OBJECTS) $(nodist_hxtool_OBJECTS)
-hxtool_DEPENDENCIES = libhx509.la $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/sl/libsl.la
-test_name_SOURCES = test_name.c
-test_name_OBJECTS = test_name.$(OBJEXT)
-test_name_LDADD = $(LDADD)
-test_name_DEPENDENCIES = libhx509.la
-test_soft_pkcs11_SOURCES = test_soft_pkcs11.c
-test_soft_pkcs11_OBJECTS =  \
-	test_soft_pkcs11-test_soft_pkcs11.$(OBJEXT)
-test_soft_pkcs11_DEPENDENCIES = libhx509.la
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libhx509_la_SOURCES) $(nodist_libhx509_la_SOURCES) \
-	$(dist_hxtool_SOURCES) $(nodist_hxtool_SOURCES) test_name.c \
-	test_soft_pkcs11.c
-DIST_SOURCES = $(dist_libhx509_la_SOURCES) $(dist_hxtool_SOURCES) \
-	test_name.c test_soft_pkcs11.c
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libhx509.la
-libhx509_la_LDFLAGS = -version-info 3:0:0 $(am__append_1) \
-	$(am__append_2)
-BUILT_SOURCES = \
-	$(gen_files_ocsp:.x=.c)		\
-	$(gen_files_pkcs10:.x=.c)	\
-	hx509_err.c			\
-	hx509_err.h
-
-gen_files_ocsp = \
-	asn1_OCSPBasicOCSPResponse.x	\
-	asn1_OCSPCertID.x		\
-	asn1_OCSPCertStatus.x		\
-	asn1_OCSPInnerRequest.x		\
-	asn1_OCSPKeyHash.x		\
-	asn1_OCSPRequest.x		\
-	asn1_OCSPResponderID.x		\
-	asn1_OCSPResponse.x		\
-	asn1_OCSPResponseBytes.x	\
-	asn1_OCSPResponseData.x		\
-	asn1_OCSPResponseStatus.x	\
-	asn1_OCSPSignature.x		\
-	asn1_OCSPSingleResponse.x	\
-	asn1_OCSPTBSRequest.x		\
-	asn1_OCSPVersion.x		\
-	asn1_id_pkix_ocsp.x		\
-	asn1_id_pkix_ocsp_basic.x	\
-	asn1_id_pkix_ocsp_nonce.x
-
-gen_files_pkcs10 = \
-	asn1_CertificationRequestInfo.x	\
-	asn1_CertificationRequest.x
-
-gen_files_crmf = \
-	asn1_CRMFRDNSequence.x		\
-	asn1_CertReqMessages.x		\
-	asn1_CertReqMsg.x		\
-	asn1_CertRequest.x		\
-	asn1_CertTemplate.x		\
-	asn1_Controls.x			\
-	asn1_PBMParameter.x		\
-	asn1_PKMACValue.x		\
-	asn1_POPOPrivKey.x		\
-	asn1_POPOSigningKey.x		\
-	asn1_POPOSigningKeyInput.x	\
-	asn1_ProofOfPossession.x	\
-	asn1_SubsequentMessage.x	
-
-dist_libhx509_la_SOURCES = \
-	ca.c \
-	cert.c \
-	cms.c \
-	collector.c \
-	crypto.c \
-	doxygen.c \
-	error.c \
-	env.c \
-	file.c \
-	hx509-private.h \
-	hx509-protos.h \
-	hx509.h \
-	hx_locl.h \
-	keyset.c \
-	ks_dir.c \
-	ks_file.c \
-	ks_mem.c \
-	ks_null.c \
-	ks_p11.c \
-	ks_p12.c \
-	ks_keychain.c \
-	lock.c \
-	name.c \
-	peer.c \
-	print.c \
-	softp11.c \
-	ref/pkcs11.h \
-	req.c \
-	revoke.c
-
-libhx509_la_LIBADD = \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_dlopen)
-
-libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
-nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
-asn1_compile = ../asn1/asn1_compile$(EXEEXT)
-dist_include_HEADERS = hx509.h hx509-protos.h
-nodist_include_HEADERS = hx509_err.h
-SLC = $(top_builddir)/lib/sl/slc
-dist_hxtool_SOURCES = hxtool.c
-nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
-hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
-hxtool_LDADD = \
-	libhx509.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(top_builddir)/lib/sl/libsl.la
-
-CLEANFILES = $(BUILT_SOURCES) \
-	$(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
-	$(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
-	$(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
-	$(TESTS) \
-	hxtool-commands.c hxtool-commands.h *.tmp \
-	request.out \
-	out.pem out2.pem \
-	sd.data sd.data.out \
-	ev.data ev.data.out \
-	cert-null.pem cert-sub-ca2.pem \
-	cert-ee.pem cert-ca.pem \
-	cert-sub-ee.pem cert-sub-ca.pem \
-	cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
-	wca.pem wuser.pem wdc.pem wcrl.crl \
-	random-data statfile crl.crl \
-	test p11dbg.log pkcs11.cfg \
-	test-rc-file.rc
-
-
-#
-# regression tests
-#
-check_SCRIPTS = $(SCRIPT_TESTS)
-LDADD = libhx509.la
-test_soft_pkcs11_LDADD = libhx509.la
-test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
-PROGRAM_TESTS = \
-	test_name
-
-SCRIPT_TESTS = \
-	test_ca			\
-	test_cert		\
-	test_chain		\
-	test_cms		\
-	test_crypto		\
-	test_nist		\
-	test_nist2		\
-	test_pkcs11		\
-	test_java_pkcs11	\
-	test_nist_cert		\
-	test_nist_pkcs12	\
-	test_req		\
-	test_windows		\
-	test_query
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
-
-EXTRA_DIST = \
-	version-script.map \
-	crmf.asn1 \
-	data/bleichenbacher-bad.pem \
-	hx509_err.et \
-	hxtool-commands.in \
-	ocsp.asn1 \
-	pkcs10.asn1 \
-	test_ca.in \
-	test_chain.in \
-	test_cert.in \
-	test_cms.in \
-	test_crypto.in \
-	test_nist.in \
-	test_nist2.in \
-	test_nist_cert.in \
-	test_nist_pkcs12.in \
-	test_pkcs11.in \
-	test_java_pkcs11.in \
-	test_query.in \
-	test_req.in \
-	test_windows.in \
-	tst-crypto-available1 \
-	tst-crypto-available2 \
-	tst-crypto-available3 \
-	tst-crypto-select \
-	tst-crypto-select1 \
-	tst-crypto-select2 \
-	tst-crypto-select3 \
-	tst-crypto-select4 \
-	tst-crypto-select5 \
-	tst-crypto-select6 \
-	tst-crypto-select7 \
-	data/bleichenbacher-good.pem \
-	data/bleichenbacher-sf-pad-correct.pem \
-	data/ca.crt \
-	data/ca.key \
-	data/crl1.crl \
-	data/crl1.der \
-	data/gen-req.sh \
-	data/j.pem \
-	data/kdc.crt \
-	data/kdc.key \
-	data/key.der \
-	data/key2.der \
-	data/nist-data \
-	data/nist-data2 \
-	data/no-proxy-test.crt \
-	data/no-proxy-test.key \
-	data/ocsp-req1.der \
-	data/ocsp-req2.der \
-	data/ocsp-resp1-2.der \
-	data/ocsp-resp1-3.der \
-	data/ocsp-resp1-ca.der \
-	data/ocsp-resp1-keyhash.der \
-	data/ocsp-resp1-ocsp-no-cert.der \
-	data/ocsp-resp1-ocsp.der \
-	data/ocsp-resp1.der \
-	data/ocsp-resp2.der \
-	data/ocsp-responder.crt \
-	data/ocsp-responder.key \
-	data/openssl.cnf \
-	data/pkinit-proxy-chain.crt \
-	data/pkinit-proxy.crt \
-	data/pkinit-proxy.key \
-	data/pkinit-pw.key \
-	data/pkinit.crt \
-	data/pkinit.key \
-	data/proxy-level-test.crt \
-	data/proxy-level-test.key \
-	data/proxy-test.crt \
-	data/proxy-test.key \
-	data/proxy10-child-test.crt \
-	data/proxy10-child-test.key \
-	data/proxy10-child-child-test.crt \
-	data/proxy10-child-child-test.key \
-	data/proxy10-test.crt \
-	data/proxy10-test.key \
-	data/revoke.crt \
-	data/revoke.key \
-	data/sf-class2-root.pem \
-	data/static-file \
-	data/sub-ca.crt \
-	data/sub-ca.key \
-	data/sub-cert.crt \
-	data/sub-cert.key \
-	data/sub-cert.p12 \
-	data/test-ds-only.crt \
-	data/test-ds-only.key \
-	data/test-enveloped-aes-128 \
-	data/test-enveloped-aes-256 \
-	data/test-enveloped-des \
-	data/test-enveloped-des-ede3 \
-	data/test-enveloped-rc2-128 \
-	data/test-enveloped-rc2-40 \
-	data/test-enveloped-rc2-64 \
-	data/test-ke-only.crt \
-	data/test-ke-only.key \
-	data/test-nopw.p12 \
-	data/test-pw.key \
-	data/test-signed-data \
-	data/test-signed-data-noattr \
-	data/test-signed-data-noattr-nocerts \
-	data/test.combined.crt \
-	data/test.crt \
-	data/test.key \
-	data/test.p12 \
-	data/yutaka-pad-broken-ca.pem \
-	data/yutaka-pad-broken-cert.pem \
-	data/yutaka-pad-ok-ca.pem \
-	data/yutaka-pad-ok-cert.pem \
-	data/yutaka-pad.key
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/hx509/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/hx509/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libhx509.la: $(libhx509_la_OBJECTS) $(libhx509_la_DEPENDENCIES) 
-	$(libhx509_la_LINK) -rpath $(libdir) $(libhx509_la_OBJECTS) $(libhx509_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-hxtool$(EXEEXT): $(hxtool_OBJECTS) $(hxtool_DEPENDENCIES) 
-	@rm -f hxtool$(EXEEXT)
-	$(LINK) $(hxtool_OBJECTS) $(hxtool_LDADD) $(LIBS)
-test_name$(EXEEXT): $(test_name_OBJECTS) $(test_name_DEPENDENCIES) 
-	@rm -f test_name$(EXEEXT)
-	$(LINK) $(test_name_OBJECTS) $(test_name_LDADD) $(LIBS)
-test_soft_pkcs11$(EXEEXT): $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_DEPENDENCIES) 
-	@rm -f test_soft_pkcs11$(EXEEXT)
-	$(LINK) $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libhx509_la-ca.lo: ca.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c
-
-libhx509_la-cert.lo: cert.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c
-
-libhx509_la-cms.lo: cms.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c
-
-libhx509_la-collector.lo: collector.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c
-
-libhx509_la-crypto.lo: crypto.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-
-libhx509_la-doxygen.lo: doxygen.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
-
-libhx509_la-error.lo: error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
-
-libhx509_la-env.lo: env.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c
-
-libhx509_la-file.lo: file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
-
-libhx509_la-keyset.lo: keyset.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c
-
-libhx509_la-ks_dir.lo: ks_dir.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c
-
-libhx509_la-ks_file.lo: ks_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c
-
-libhx509_la-ks_mem.lo: ks_mem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c
-
-libhx509_la-ks_null.lo: ks_null.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c
-
-libhx509_la-ks_p11.lo: ks_p11.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c
-
-libhx509_la-ks_p12.lo: ks_p12.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c
-
-libhx509_la-ks_keychain.lo: ks_keychain.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c
-
-libhx509_la-lock.lo: lock.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c
-
-libhx509_la-name.lo: name.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c
-
-libhx509_la-peer.lo: peer.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c
-
-libhx509_la-print.lo: print.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
-
-libhx509_la-softp11.lo: softp11.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c
-
-libhx509_la-req.lo: req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c
-
-libhx509_la-revoke.lo: revoke.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c
-
-libhx509_la-asn1_OCSPBasicOCSPResponse.lo: asn1_OCSPBasicOCSPResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c
-
-libhx509_la-asn1_OCSPCertID.lo: asn1_OCSPCertID.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c
-
-libhx509_la-asn1_OCSPCertStatus.lo: asn1_OCSPCertStatus.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c
-
-libhx509_la-asn1_OCSPInnerRequest.lo: asn1_OCSPInnerRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c
-
-libhx509_la-asn1_OCSPKeyHash.lo: asn1_OCSPKeyHash.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c
-
-libhx509_la-asn1_OCSPRequest.lo: asn1_OCSPRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c
-
-libhx509_la-asn1_OCSPResponderID.lo: asn1_OCSPResponderID.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c
-
-libhx509_la-asn1_OCSPResponse.lo: asn1_OCSPResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c
-
-libhx509_la-asn1_OCSPResponseBytes.lo: asn1_OCSPResponseBytes.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c
-
-libhx509_la-asn1_OCSPResponseData.lo: asn1_OCSPResponseData.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c
-
-libhx509_la-asn1_OCSPResponseStatus.lo: asn1_OCSPResponseStatus.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c
-
-libhx509_la-asn1_OCSPSignature.lo: asn1_OCSPSignature.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c
-
-libhx509_la-asn1_OCSPSingleResponse.lo: asn1_OCSPSingleResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c
-
-libhx509_la-asn1_OCSPTBSRequest.lo: asn1_OCSPTBSRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c
-
-libhx509_la-asn1_OCSPVersion.lo: asn1_OCSPVersion.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c
-
-libhx509_la-asn1_id_pkix_ocsp.lo: asn1_id_pkix_ocsp.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c
-
-libhx509_la-asn1_id_pkix_ocsp_basic.lo: asn1_id_pkix_ocsp_basic.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c
-
-libhx509_la-asn1_id_pkix_ocsp_nonce.lo: asn1_id_pkix_ocsp_nonce.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c
-
-libhx509_la-asn1_CertificationRequestInfo.lo: asn1_CertificationRequestInfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c
-
-libhx509_la-asn1_CertificationRequest.lo: asn1_CertificationRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c
-
-libhx509_la-hx509_err.lo: hx509_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c
-
-hxtool-hxtool.o: hxtool.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c
-
-hxtool-hxtool.obj: hxtool.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi`
-
-hxtool-hxtool-commands.o: hxtool-commands.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c
-
-hxtool-hxtool-commands.obj: hxtool-commands.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi`
-
-test_soft_pkcs11-test_soft_pkcs11.o: test_soft_pkcs11.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c
-
-test_soft_pkcs11-test_soft_pkcs11.obj: test_soft_pkcs11.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi`
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS \
-	install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool clean-local \
-	ctags dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook \
-	install-dist_includeHEADERS install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-dist_includeHEADERS uninstall-hook \
-	uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
-
-$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
-$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
-$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
-
-ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
-	$(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
-
-pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
-	$(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
-
-crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
-	$(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
-
-$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
-
-$(srcdir)/hx509-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
-
-$(srcdir)/hx509-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
-
-hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
-	$(SLC) $(srcdir)/hxtool-commands.in
-
-$(hxtool_OBJECTS): hxtool-commands.h
-
-clean-local:
-	@echo "cleaning PKITS" ; rm -rf PKITS_data
-
-test_ca: test_ca.in Makefile
-	$(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
-	chmod +x test_ca.tmp
-	mv test_ca.tmp test_ca
-
-test_cert: test_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
-	chmod +x test_cert.tmp
-	mv test_cert.tmp test_cert
-
-test_chain: test_chain.in Makefile
-	$(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
-	chmod +x test_chain.tmp
-	mv test_chain.tmp test_chain
-
-test_cms: test_cms.in Makefile
-	$(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
-	chmod +x test_cms.tmp
-	mv test_cms.tmp test_cms
-
-test_crypto: test_crypto.in Makefile
-	$(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
-	chmod +x test_crypto.tmp
-	mv test_crypto.tmp test_crypto
-
-test_nist: test_nist.in Makefile
-	$(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
-	chmod +x test_nist.tmp
-	mv test_nist.tmp test_nist
-
-test_nist2: test_nist2.in Makefile
-	$(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
-	chmod +x test_nist2.tmp
-	mv test_nist2.tmp test_nist2
-
-test_pkcs11: test_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
-	chmod +x test_pkcs11.tmp
-	mv test_pkcs11.tmp test_pkcs11
-
-test_java_pkcs11: test_java_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
-	chmod +x test_java_pkcs11.tmp
-	mv test_java_pkcs11.tmp test_java_pkcs11
-
-test_nist_cert: test_nist_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
-	chmod +x test_nist_cert.tmp
-	mv test_nist_cert.tmp test_nist_cert
-
-test_nist_pkcs12: test_nist_pkcs12.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
-	chmod +x test_nist_pkcs12.tmp
-	mv test_nist_pkcs12.tmp test_nist_pkcs12
-
-test_req: test_req.in Makefile
-	$(do_subst) < $(srcdir)/test_req.in > test_req.tmp
-	chmod +x test_req.tmp
-	mv test_req.tmp test_req
-
-test_windows: test_windows.in Makefile
-	$(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
-	chmod +x test_windows.tmp
-	mv test_windows.tmp test_windows
-
-test_query: test_query.in Makefile
-	$(do_subst) < $(srcdir)/test_query.in > test_query.tmp
-	chmod +x test_query.tmp
-	mv test_query.tmp test_query
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hx509/ca.c b/crypto/heimdal/lib/hx509/ca.c
deleted file mode 100644
index 4026070..0000000
--- a/crypto/heimdal/lib/hx509/ca.c
+++ /dev/null
@@ -1,1518 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include <pkinit_asn1.h>
-RCSID("$Id: ca.c 22456 2008-01-15 20:22:53Z lha $");
-
-/**
- * @page page_ca Hx509 CA functions
- *
- * See the library functions here: @ref hx509_ca
- */
-
-struct hx509_ca_tbs {
-    hx509_name subject;
-    SubjectPublicKeyInfo spki;
-    ExtKeyUsage eku;
-    GeneralNames san;
-    unsigned key_usage;
-    heim_integer serial;
-    struct {
-	unsigned int proxy:1;
-	unsigned int ca:1;
-	unsigned int key:1;
-	unsigned int serial:1;
-	unsigned int domaincontroller:1;
-    } flags;
-    time_t notBefore;
-    time_t notAfter;
-    int pathLenConstraint; /* both for CA and Proxy */
-    CRLDistributionPoints crldp;
-};
-
-/**
- * Allocate an to-be-signed certificate object that will be converted
- * into an certificate.
- *
- * @param context A hx509 context.
- * @param tbs returned to-be-signed certicate object, free with
- * hx509_ca_tbs_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
-{
-    *tbs = calloc(1, sizeof(**tbs));
-    if (*tbs == NULL)
-	return ENOMEM;
-
-    (*tbs)->subject = NULL;
-    (*tbs)->san.len = 0;
-    (*tbs)->san.val = NULL;
-    (*tbs)->eku.len = 0;
-    (*tbs)->eku.val = NULL;
-    (*tbs)->pathLenConstraint = 0;
-    (*tbs)->crldp.len = 0;
-    (*tbs)->crldp.val = NULL;
-
-    return 0;
-}
-
-/**
- * Free an To Be Signed object.
- *
- * @param tbs object to free.
- *
- * @ingroup hx509_ca
- */
-
-void
-hx509_ca_tbs_free(hx509_ca_tbs *tbs)
-{
-    if (tbs == NULL || *tbs == NULL)
-	return;
-
-    free_SubjectPublicKeyInfo(&(*tbs)->spki);
-    free_GeneralNames(&(*tbs)->san);
-    free_ExtKeyUsage(&(*tbs)->eku);
-    der_free_heim_integer(&(*tbs)->serial);
-    free_CRLDistributionPoints(&(*tbs)->crldp);
-
-    hx509_name_free(&(*tbs)->subject);
-
-    memset(*tbs, 0, sizeof(**tbs));
-    free(*tbs);
-    *tbs = NULL;
-}
-
-/**
- * Set the absolute time when the certificate is valid from. If not
- * set the current time will be used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time the certificated will start to be valid
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notBefore(hx509_context context,
-			   hx509_ca_tbs tbs,
-			   time_t t)
-{
-    tbs->notBefore = t;
-    return 0;
-}
-
-/**
- * Set the absolute time when the certificate is valid to.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time when the certificate will expire
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter(hx509_context context,
-			   hx509_ca_tbs tbs,
-			   time_t t)
-{
-    tbs->notAfter = t;
-    return 0;
-}
-
-/**
- * Set the relative time when the certificiate is going to expire.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param delta seconds to the certificate is going to expire.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter_lifetime(hx509_context context,
-				   hx509_ca_tbs tbs,
-				   time_t delta)
-{
-    return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta);
-}
-
-static const struct units templatebits[] = {
-    { "ExtendedKeyUsage", HX509_CA_TEMPLATE_EKU },
-    { "KeyUsage", HX509_CA_TEMPLATE_KU },
-    { "SPKI", HX509_CA_TEMPLATE_SPKI },
-    { "notAfter", HX509_CA_TEMPLATE_NOTAFTER },
-    { "notBefore", HX509_CA_TEMPLATE_NOTBEFORE },
-    { "serial", HX509_CA_TEMPLATE_SERIAL },
-    { "subject", HX509_CA_TEMPLATE_SUBJECT },
-    { NULL, 0 }
-};
-
-/**
- * Make of template units, use to build flags argument to
- * hx509_ca_tbs_set_template() with parse_units().
- *
- * @return an units structure.
- *
- * @ingroup hx509_ca
- */
-
-const struct units *
-hx509_ca_tbs_template_units(void)
-{
-    return templatebits;
-}
-
-/**
- * Initialize the to-be-signed certificate object from a template certifiate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param flags bit field selecting what to copy from the template
- * certifiate.
- * @param cert template certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_template(hx509_context context,
-			  hx509_ca_tbs tbs,
-			  int flags,
-			  hx509_cert cert)
-{
-    int ret;
-
-    if (flags & HX509_CA_TEMPLATE_SUBJECT) {
-	if (tbs->subject)
-	    hx509_name_free(&tbs->subject);
-	ret = hx509_cert_get_subject(cert, &tbs->subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to get subject from template");
-	    return ret;
-	}
-    }
-    if (flags & HX509_CA_TEMPLATE_SERIAL) {
-	der_free_heim_integer(&tbs->serial);
-	ret = hx509_cert_get_serialnumber(cert, &tbs->serial);
-	tbs->flags.serial = !ret;
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to copy serial number");
-	    return ret;
-	}
-    }
-    if (flags & HX509_CA_TEMPLATE_NOTBEFORE)
-	tbs->notBefore = hx509_cert_get_notBefore(cert);
-    if (flags & HX509_CA_TEMPLATE_NOTAFTER)
-	tbs->notAfter = hx509_cert_get_notAfter(cert);
-    if (flags & HX509_CA_TEMPLATE_SPKI) {
-	free_SubjectPublicKeyInfo(&tbs->spki);
-	ret = hx509_cert_get_SPKI(context, cert, &tbs->spki);
-	tbs->flags.key = !ret;
-	if (ret)
-	    return ret;
-    }
-    if (flags & HX509_CA_TEMPLATE_KU) {
-	KeyUsage ku;
-	ret = _hx509_cert_get_keyusage(context, cert, &ku);
-	if (ret)
-	    return ret;
-	tbs->key_usage = KeyUsage2int(ku);
-    }
-    if (flags & HX509_CA_TEMPLATE_EKU) {
-	ExtKeyUsage eku;
-	int i;
-	ret = _hx509_cert_get_eku(context, cert, &eku);
-	if (ret)
-	    return ret;
-	for (i = 0; i < eku.len; i++) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, &eku.val[i]);
-	    if (ret) {
-		free_ExtKeyUsage(&eku);
-		return ret;
-	    }
-	}
-	free_ExtKeyUsage(&eku);
-    }
-    return 0;
-}
-
-/**
- * Make the to-be-signed certificate object a CA certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_ca(hx509_context context,
-		    hx509_ca_tbs tbs,
-		    int pathLenConstraint)
-{
-    tbs->flags.ca = 1;
-    tbs->pathLenConstraint = pathLenConstraint;
-    return 0;
-}
-
-/**
- * Make the to-be-signed certificate object a proxy certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_proxy(hx509_context context,
-		       hx509_ca_tbs tbs,
-		       int pathLenConstraint)
-{
-    tbs->flags.proxy = 1;
-    tbs->pathLenConstraint = pathLenConstraint;
-    return 0;
-}
-
-
-/**
- * Make the to-be-signed certificate object a windows domain controller certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_domaincontroller(hx509_context context,
-				  hx509_ca_tbs tbs)
-{
-    tbs->flags.domaincontroller = 1;
-    return 0;
-}
-
-/**
- * Set the subject public key info (SPKI) in the to-be-signed certificate
- * object. SPKI is the public key and key related parameters in the
- * certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param spki subject public key info to use for the to-be-signed certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_spki(hx509_context context,
-		      hx509_ca_tbs tbs,
-		      const SubjectPublicKeyInfo *spki)
-{
-    int ret;
-    free_SubjectPublicKeyInfo(&tbs->spki);
-    ret = copy_SubjectPublicKeyInfo(spki, &tbs->spki);
-    tbs->flags.key = !ret;
-    return ret;
-}
-
-/**
- * Set the serial number to use for to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param serialNumber serial number to use for the to-be-signed
- * certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_serialnumber(hx509_context context,
-			      hx509_ca_tbs tbs,
-			      const heim_integer *serialNumber)
-{
-    int ret;
-    der_free_heim_integer(&tbs->serial);
-    ret = der_copy_heim_integer(serialNumber, &tbs->serial);
-    tbs->flags.serial = !ret;
-    return ret;
-}
-
-/**
- * An an extended key usage to the to-be-signed certificate object.
- * Duplicates will detected and not added.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid extended key usage to add.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_eku(hx509_context context,
-		     hx509_ca_tbs tbs,
-		     const heim_oid *oid)
-{
-    void *ptr;
-    int ret;
-    unsigned i;
-
-    /* search for duplicates */
-    for (i = 0; i < tbs->eku.len; i++) {
-	if (der_heim_oid_cmp(oid, &tbs->eku.val[i]) == 0)
-	    return 0;
-    }
-
-    ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    tbs->eku.val = ptr;
-    ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-    tbs->eku.len += 1;
-    return 0;
-}
-
-/**
- * Add CRL distribution point URI to the to-be-signed certificate
- * object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param uri uri to the CRL.
- * @param issuername name of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *uri,
-			    hx509_name issuername)
-{
-    DistributionPoint dp;
-    int ret;
-
-    memset(&dp, 0, sizeof(dp));
-    
-    dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
-
-    {
-	DistributionPointName name;
-	GeneralName gn;
-	size_t size;
-
-	name.element = choice_DistributionPointName_fullName;
-	name.u.fullName.len = 1;
-	name.u.fullName.val = &gn;
-
-	gn.element = choice_GeneralName_uniformResourceIdentifier;
-	gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
-
-	ASN1_MALLOC_ENCODE(DistributionPointName, 
-			   dp.distributionPoint->data, 
-			   dp.distributionPoint->length,
-			   &name, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to encoded DistributionPointName");
-	    goto out;
-	}
-	if (dp.distributionPoint->length != size)
-	    _hx509_abort("internal ASN.1 encoder error");
-    }
-
-    if (issuername) {
-#if 1
-	/**
-	 * issuername not supported
-	 */
-	hx509_set_error_string(context, 0, EINVAL,
-			       "CRLDistributionPoints.name.issuername not yet supported");
-	return EINVAL;
-#else 
-	GeneralNames *crlissuer;
-	GeneralName gn;
-	Name n;
-
-	crlissuer = calloc(1, sizeof(*crlissuer));
-	if (crlissuer == NULL) {
-	    return ENOMEM;
-	}
-	memset(&gn, 0, sizeof(gn));
-
-	gn.element = choice_GeneralName_directoryName;
-	ret = hx509_name_to_Name(issuername, &n);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    goto out;
-	}
-
-	gn.u.directoryName.element = n.element;
-	gn.u.directoryName.u.rdnSequence = n.u.rdnSequence;
-
-	ret = add_GeneralNames(&crlissuer, &gn);
-	free_Name(&n);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    goto out;
-	}
-
-	dp.cRLIssuer = &crlissuer;
-#endif
-    }
-
-    ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-out:
-    free_DistributionPoint(&dp);
-
-    return ret;
-}
-
-/**
- * Add Subject Alternative Name otherName to the to-be-signed
- * certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid the oid of the OtherName.
- * @param os data in the other name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_otherName(hx509_context context,
-			       hx509_ca_tbs tbs,
-			       const heim_oid *oid,
-			       const heim_octet_string *os)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_otherName;
-    gn.u.otherName.type_id = *oid;
-    gn.u.otherName.value = *os;
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Add Kerberos Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Kerberos principal to add to the certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_pkinit(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *principal)
-{
-    heim_octet_string os;
-    KRB5PrincipalName p;
-    size_t size;
-    int ret;
-    char *s = NULL;
-
-    memset(&p, 0, sizeof(p));
-
-    /* parse principal */
-    {
-	const char *str;
-	char *q;
-	int n;
-	
-	/* count number of component */
-	n = 1;
-	for(str = principal; *str != '\0' && *str != '@'; str++){
-	    if(*str=='\\'){
-		if(str[1] == '\0' || str[1] == '@') {
-		    ret = HX509_PARSING_NAME_FAILED;
-		    hx509_set_error_string(context, 0, ret, 
-					   "trailing \\ in principal name");
-		    goto out;
-		}
-		str++;
-	    } else if(*str == '/')
-		n++;
-	}
-	p.principalName.name_string.val = 
-	    calloc(n, sizeof(*p.principalName.name_string.val));
-	if (p.principalName.name_string.val == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc: out of memory");
-	    goto out;
-	}
-	p.principalName.name_string.len = n;
-	
-	p.principalName.name_type = KRB5_NT_PRINCIPAL;
-	q = s = strdup(principal);
-	if (q == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc: out of memory");
-	    goto out;
-	}
-	p.realm = strrchr(q, '@');
-	if (p.realm == NULL) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, "Missing @ in principal");
-	    goto out;
-	};
-	*p.realm++ = '\0';
-
-	n = 0;
-	while (q) {
-	    p.principalName.name_string.val[n++] = q;
-	    q = strchr(q, '/');
-	    if (q)
-		*q++ = '\0';
-	}
-    }
-    
-    ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    if (size != os.length)
-	_hx509_abort("internal ASN.1 encoder error");
-    
-    ret = hx509_ca_tbs_add_san_otherName(context,
-					 tbs,
-					 oid_id_pkinit_san(),
-					 &os);
-    free(os.data);
-out:
-    if (p.principalName.name_string.val)
-	free (p.principalName.name_string.val);
-    if (s)
-	free(s);
-    return ret;
-}
-    
-/*
- *
- */
-
-static int
-add_utf8_san(hx509_context context,
-	     hx509_ca_tbs tbs,
-	     const heim_oid *oid,
-	     const char *string)
-{
-    const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
-    heim_octet_string os;
-    size_t size;
-    int ret;
-
-    os.length = 0;
-    os.data = NULL;
-
-    ASN1_MALLOC_ENCODE(PKIXXmppAddr, os.data, os.length, &ustring, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    if (size != os.length)
-	_hx509_abort("internal ASN.1 encoder error");
-    
-    ret = hx509_ca_tbs_add_san_otherName(context,
-					 tbs,
-					 oid,
-					 &os);
-    free(os.data);
-out:
-    return ret;
-}
-
-/**
- * Add Microsoft UPN Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Microsoft UPN string.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_ms_upn(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *principal)
-{
-    return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal);
-}
-
-/**
- * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
- * certificate object. The jid is an UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param jid string of an a jabber id in UTF8.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_jid(hx509_context context,
-			 hx509_ca_tbs tbs,
-			 const char *jid)
-{
-    return add_utf8_san(context, tbs, oid_id_pkix_on_xmppAddr(), jid);
-}
-
-
-/**
- * Add a Subject Alternative Name hostname to to-be-signed certificate
- * object. A domain match starts with ., an exact match does not.
- *
- * Example of a an domain match: .domain.se matches the hostname
- * host.domain.se.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param dnsname a hostame.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_hostname(hx509_context context,
-			      hx509_ca_tbs tbs,
-			      const char *dnsname)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_dNSName;
-    gn.u.dNSName = rk_UNCONST(dnsname);
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Add a Subject Alternative Name rfc822 (email address) to
- * to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param rfc822Name a string to a email address.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_rfc822name(hx509_context context,
-				hx509_ca_tbs tbs,
-				const char *rfc822Name)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_rfc822Name;
-    gn.u.rfc822Name = rk_UNCONST(rfc822Name);
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Set the subject name of a to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param subject the name to set a subject.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_subject(hx509_context context,
-			 hx509_ca_tbs tbs,
-			 hx509_name subject)
-{
-    if (tbs->subject)
-	hx509_name_free(&tbs->subject);
-    return hx509_name_copy(context, subject, &tbs->subject);
-}
-
-/**
- * Expand the the subject name in the to-be-signed certificate object
- * using hx509_name_expand().
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param env enviroment variable to expand variables in the subject
- * name, see hx509_env_init().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_subject_expand(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    hx509_env env)
-{
-    return hx509_name_expand(context, tbs->subject, env);
-}
-
-static int
-add_extension(hx509_context context,
-	      TBSCertificate *tbsc,
-	      int critical_flag,
-	      const heim_oid *oid,
-	      const heim_octet_string *data)
-{
-    Extension ext;
-    int ret;
-
-    memset(&ext, 0, sizeof(ext));
-
-    if (critical_flag) {
-	ext.critical = malloc(sizeof(*ext.critical));
-	if (ext.critical == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	*ext.critical = TRUE;
-    }
-
-    ret = der_copy_oid(oid, &ext.extnID);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    ret = der_copy_octet_string(data, &ext.extnValue);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    ret = add_Extensions(tbsc->extensions, &ext);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-out:
-    free_Extension(&ext);
-    return ret;
-}
-
-static int
-build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject)
-{
-    char *tstr;
-    time_t t;
-    int ret;
-
-    ret = copy_Name(issuer, subject);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy subject name");
-	return ret;
-    }
-
-    t = time(NULL);
-    asprintf(&tstr, "ts-%lu", (unsigned long)t);
-    if (tstr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "Failed to copy subject name");
-	return ENOMEM;
-    }
-    /* prefix with CN=<ts>,...*/
-    ret = _hx509_name_modify(context, subject, 1, oid_id_at_commonName(), tstr);
-    free(tstr);
-    if (ret)
-	free_Name(subject);
-    return ret;
-}
-
-static int
-ca_sign(hx509_context context,
-	hx509_ca_tbs tbs,
-	hx509_private_key signer,
-	const AuthorityKeyIdentifier *ai,
-	const Name *issuername,
-	hx509_cert *certificate)
-{
-    heim_octet_string data;
-    Certificate c;
-    TBSCertificate *tbsc;
-    size_t size;
-    int ret;
-    const AlgorithmIdentifier *sigalg;
-    time_t notBefore;
-    time_t notAfter;
-    unsigned key_usage;
-
-    sigalg = _hx509_crypto_default_sig_alg;
-
-    memset(&c, 0, sizeof(c));
-
-    /*
-     * Default values are: Valid since 24h ago, valid one year into
-     * the future, KeyUsage digitalSignature and keyEncipherment set,
-     * and keyCertSign for CA certificates.
-     */
-    notBefore = tbs->notBefore;
-    if (notBefore == 0)
-	notBefore = time(NULL) - 3600 * 24;
-    notAfter = tbs->notAfter;
-    if (notAfter == 0)
-	notAfter = time(NULL) + 3600 * 24 * 365;
-
-    key_usage = tbs->key_usage;
-    if (key_usage == 0) {
-	KeyUsage ku;
-	memset(&ku, 0, sizeof(ku));
-	ku.digitalSignature = 1;
-	ku.keyEncipherment = 1;
-	key_usage = KeyUsage2int(ku);
-    }
-
-    if (tbs->flags.ca) {
-	KeyUsage ku;
-	memset(&ku, 0, sizeof(ku));
-	ku.keyCertSign = 1;
-	ku.cRLSign = 1;
-	key_usage |= KeyUsage2int(ku);
-    }
-
-    /*
-     *
-     */
-
-    tbsc = &c.tbsCertificate;
-
-    if (tbs->flags.key == 0) {
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret, "No public key set");
-	return ret;
-    }
-    /*
-     * Don't put restrictions on proxy certificate's subject name, it
-     * will be generated below.
-     */
-    if (!tbs->flags.proxy) {
-	if (tbs->subject == NULL) {
-	    hx509_set_error_string(context, 0, EINVAL, "No subject name set");
-	    return EINVAL;
-	}
-	if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) {
-	    hx509_set_error_string(context, 0, EINVAL, 
-				   "NULL subject and no SubjectAltNames");
-	    return EINVAL;
-	}
-    }
-    if (tbs->flags.ca && tbs->flags.proxy) {
-	hx509_set_error_string(context, 0, EINVAL, "Can't be proxy and CA "
-			       "at the same time");
-	return EINVAL;
-    }
-    if (tbs->flags.proxy) {
-	if (tbs->san.len > 0) {
-	    hx509_set_error_string(context, 0, EINVAL, 
-				   "Proxy certificate is not allowed "
-				   "to have SubjectAltNames");
-	    return EINVAL;
-	}
-    }
-
-    /* version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, */
-    tbsc->version = calloc(1, sizeof(*tbsc->version));
-    if (tbsc->version == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    *tbsc->version = rfc3280_version_3;
-    /* serialNumber         CertificateSerialNumber, */
-    if (tbs->flags.serial) {
-	ret = der_copy_heim_integer(&tbs->serial, &tbsc->serialNumber);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    } else {
-	tbsc->serialNumber.length = 20;
-	tbsc->serialNumber.data = malloc(tbsc->serialNumber.length);
-	if (tbsc->serialNumber.data == NULL){
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	/* XXX diffrent */
-	RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
-	((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
-    }
-    /* signature            AlgorithmIdentifier, */
-    ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy sigature alg");
-	goto out;
-    }
-    /* issuer               Name, */
-    if (issuername)
-	ret = copy_Name(issuername, &tbsc->issuer);
-    else
-	ret = hx509_name_to_Name(tbs->subject, &tbsc->issuer);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy issuer name");
-	goto out;
-    }
-    /* validity             Validity, */
-    tbsc->validity.notBefore.element = choice_Time_generalTime;
-    tbsc->validity.notBefore.u.generalTime = notBefore;
-    tbsc->validity.notAfter.element = choice_Time_generalTime;
-    tbsc->validity.notAfter.u.generalTime = notAfter;
-    /* subject              Name, */
-    if (tbs->flags.proxy) {
-	ret = build_proxy_prefix(context, &tbsc->issuer, &tbsc->subject);
-	if (ret)
-	    goto out;
-    } else {
-	ret = hx509_name_to_Name(tbs->subject, &tbsc->subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to copy subject name");
-	    goto out;
-	}
-    }
-    /* subjectPublicKeyInfo SubjectPublicKeyInfo, */
-    ret = copy_SubjectPublicKeyInfo(&tbs->spki, &tbsc->subjectPublicKeyInfo);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy spki");
-	goto out;
-    }
-    /* issuerUniqueID  [1]  IMPLICIT BIT STRING OPTIONAL */
-    /* subjectUniqueID [2]  IMPLICIT BIT STRING OPTIONAL */
-    /* extensions      [3]  EXPLICIT Extensions OPTIONAL */
-    tbsc->extensions = calloc(1, sizeof(*tbsc->extensions));
-    if (tbsc->extensions == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    
-    /* Add the text BMP string Domaincontroller to the cert */
-    if (tbs->flags.domaincontroller) {
-	data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d"
-			       "\x00\x61\x00\x69\x00\x6e\x00\x43"
-			       "\x00\x6f\x00\x6e\x00\x74\x00\x72"
-			       "\x00\x6f\x00\x6c\x00\x6c\x00\x65"
-			       "\x00\x72");
-	data.length = 34;
-
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_ms_cert_enroll_domaincontroller(),
-			    &data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add KeyUsage */
-    {
-	KeyUsage ku;
-
-	ku = int2KeyUsage(key_usage);
-	ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 1,
-			    oid_id_x509_ce_keyUsage(), &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add ExtendedKeyUsage */
-    if (tbs->eku.len > 0) {
-	ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, 
-			   &tbs->eku, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_extKeyUsage(), &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add Subject Alternative Name */
-    if (tbs->san.len > 0) {
-	ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, 
-			   &tbs->san, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_subjectAltName(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add Authority Key Identifier */
-    if (ai) {
-	ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, 
-			   ai, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_authorityKeyIdentifier(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add Subject Key Identifier */
-    {
-	SubjectKeyIdentifier si;
-	unsigned char hash[SHA_DIGEST_LENGTH];
-
-	{
-	    SHA_CTX m;
-	    
-	    SHA1_Init(&m);
-	    SHA1_Update(&m, tbs->spki.subjectPublicKey.data,
-			tbs->spki.subjectPublicKey.length / 8);
-	    SHA1_Final (hash, &m);
-	}
-
-	si.data = hash;
-	si.length = sizeof(hash);
-
-	ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, 
-			   &si, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_subjectKeyIdentifier(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add BasicConstraints */ 
-    {
-	BasicConstraints bc;
-	int aCA = 1;
-	uint32_t path;
-
-	memset(&bc, 0, sizeof(bc));
-
-	if (tbs->flags.ca) {
-	    bc.cA = &aCA;
-	    if (tbs->pathLenConstraint >= 0) {
-		path = tbs->pathLenConstraint;
-		bc.pathLenConstraint = &path;
-	    }
-	}
-
-	ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, 
-			   &bc, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	/* Critical if this is a CA */
-	ret = add_extension(context, tbsc, tbs->flags.ca,
-			    oid_id_x509_ce_basicConstraints(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add Proxy */
-    if (tbs->flags.proxy) {
-	ProxyCertInfo info;
-
-	memset(&info, 0, sizeof(info));
-
-	if (tbs->pathLenConstraint >= 0) {
-	    info.pCPathLenConstraint = 
-		malloc(sizeof(*info.pCPathLenConstraint));
-	    if (info.pCPathLenConstraint == NULL) {
-		ret = ENOMEM;
-		hx509_set_error_string(context, 0, ret, "Out of memory");
-		goto out;
-	    }
-	    *info.pCPathLenConstraint = tbs->pathLenConstraint;
-	}
-
-	ret = der_copy_oid(oid_id_pkix_ppl_inheritAll(),
-			   &info.proxyPolicy.policyLanguage);
-	if (ret) {
-	    free_ProxyCertInfo(&info);
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, 
-			   &info, &size, ret);
-	free_ProxyCertInfo(&info);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_pkix_pe_proxyCertInfo(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    if (tbs->crldp.len) {
-
-	ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
-			   &tbs->crldp, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, FALSE,
-			    oid_id_x509_ce_cRLDistributionPoints(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	goto out;
-    }
-    if (data.length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    ret = _hx509_create_signature_bitstring(context,
-					    signer,
-					    sigalg,
-					    &data,
-					    &c.signatureAlgorithm,
-					    &c.signatureValue);
-    free(data.data);
-    if (ret)
-	goto out;
-
-    ret = hx509_cert_init(context, &c, certificate);
-    if (ret)
-	goto out;
-
-    free_Certificate(&c);
-
-    return 0;
-
-out:
-    free_Certificate(&c);
-    return ret;
-}
-
-static int
-get_AuthorityKeyIdentifier(hx509_context context,
-			   const Certificate *certificate,
-			   AuthorityKeyIdentifier *ai)
-{
-    SubjectKeyIdentifier si;
-    int ret;
-
-    ret = _hx509_find_extension_subject_key_id(certificate, &si);
-    if (ret == 0) {
-	ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier));
-	if (ai->keyIdentifier == NULL) {
-	    free_SubjectKeyIdentifier(&si);
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	ret = der_copy_octet_string(&si, ai->keyIdentifier);
-	free_SubjectKeyIdentifier(&si);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    } else {
-	GeneralNames gns;
-	GeneralName gn;
-	Name name;
-
-	memset(&gn, 0, sizeof(gn));
-	memset(&gns, 0, sizeof(gns));
-	memset(&name, 0, sizeof(name));
-
-	ai->authorityCertIssuer = 
-	    calloc(1, sizeof(*ai->authorityCertIssuer));
-	if (ai->authorityCertIssuer == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	ai->authorityCertSerialNumber = 
-	    calloc(1, sizeof(*ai->authorityCertSerialNumber));
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	/* 
-	 * XXX unbreak when asn1 compiler handle IMPLICIT
-	 *
-	 * This is so horrible.
-	 */
-
-	ret = copy_Name(&certificate->tbsCertificate.subject, &name);
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	memset(&gn, 0, sizeof(gn));
-	gn.element = choice_GeneralName_directoryName;
-	gn.u.directoryName.element = 
-	    choice_GeneralName_directoryName_rdnSequence;
-	gn.u.directoryName.u.rdnSequence = name.u.rdnSequence;
-
-	ret = add_GeneralNames(&gns, &gn);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	ai->authorityCertIssuer->val = gns.val;
-	ai->authorityCertIssuer->len = gns.len;
-
-	ret = der_copy_heim_integer(&certificate->tbsCertificate.serialNumber,
-				    ai->authorityCertSerialNumber);
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    }
-out:
-    if (ret)
-	free_AuthorityKeyIdentifier(ai);
-    return ret;
-}
-
-
-/**
- * Sign a to-be-signed certificate object with a issuer certificate. 
- *
- * The caller needs to at least have called the following functions on the
- * to-be-signed certificate object:
- * - hx509_ca_tbs_init()
- * - hx509_ca_tbs_set_subject()
- * - hx509_ca_tbs_set_spki()
- *
- * When done the to-be-signed certificate object should be freed with
- * hx509_ca_tbs_free().
- *
- * When creating self-signed certificate use hx509_ca_sign_self() instead.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer the CA certificate object to sign with (need private key).
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign(hx509_context context,
-	      hx509_ca_tbs tbs,
-	      hx509_cert signer,
-	      hx509_cert *certificate)
-{
-    const Certificate *signer_cert;
-    AuthorityKeyIdentifier ai;
-    int ret;
-
-    memset(&ai, 0, sizeof(ai));
-
-    signer_cert = _hx509_get_cert(signer);
-
-    ret = get_AuthorityKeyIdentifier(context, signer_cert, &ai);
-    if (ret)
-	goto out;
-
-    ret = ca_sign(context,
-		  tbs, 
-		  _hx509_cert_private_key(signer),
-		  &ai,
-		  &signer_cert->tbsCertificate.subject,
-		  certificate);
-
-out:
-    free_AuthorityKeyIdentifier(&ai);
-
-    return ret;
-}
-
-/**
- * Work just like hx509_ca_sign() but signs it-self.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer private key to sign with.
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign_self(hx509_context context,
-		   hx509_ca_tbs tbs,
-		   hx509_private_key signer,
-		   hx509_cert *certificate)
-{
-    return ca_sign(context,
-		   tbs, 
-		   signer,
-		   NULL,
-		   NULL,
-		   certificate);
-}
diff --git a/crypto/heimdal/lib/hx509/cert.c b/crypto/heimdal/lib/hx509/cert.c
deleted file mode 100644
index 1520e23..0000000
--- a/crypto/heimdal/lib/hx509/cert.c
+++ /dev/null
@@ -1,3108 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: cert.c 22450 2008-01-15 19:39:14Z lha $");
-#include "crypto-headers.h"
-#include <rtbl.h>
-
-/**
- * @page page_cert The basic certificate
- *
- * The basic hx509 cerificate object in hx509 is hx509_cert. The
- * hx509_cert object is representing one X509/PKIX certificate and
- * associated attributes; like private key, friendly name, etc.
- *
- * A hx509_cert object is usully found via the keyset interfaces (@ref
- * page_keyset), but its also possible to create a certificate
- * directly from a parsed object with hx509_cert_init() and
- * hx509_cert_init_data().
- *
- * See the library functions here: @ref hx509_cert
- */
-
-struct hx509_verify_ctx_data {
-    hx509_certs trust_anchors;
-    int flags;
-#define HX509_VERIFY_CTX_F_TIME_SET			1
-#define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE	2
-#define HX509_VERIFY_CTX_F_REQUIRE_RFC3280		4
-#define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS		8
-#define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS		16
-    time_t time_now;
-    unsigned int max_depth;
-#define HX509_VERIFY_MAX_DEPTH 30
-    hx509_revoke_ctx revoke_ctx;
-};
-
-#define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280)
-#define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS)
-#define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0)
-
-struct _hx509_cert_attrs {
-    size_t len;
-    hx509_cert_attribute *val;
-};
-
-struct hx509_cert_data {
-    unsigned int ref;
-    char *friendlyname;
-    Certificate *data;
-    hx509_private_key private_key;
-    struct _hx509_cert_attrs attrs;
-    hx509_name basename;
-    _hx509_cert_release_func release;
-    void *ctx;
-};
-
-typedef struct hx509_name_constraints {
-    NameConstraints *val;
-    size_t len;
-} hx509_name_constraints;
-
-#define GeneralSubtrees_SET(g,var) \
-	(g)->len = (var)->len, (g)->val = (var)->val;
-
-/**
- * Creates a hx509 context that most functions in the library
- * uses. The context is only allowed to be used by one thread at each
- * moment. Free the context with hx509_context_free().
- *
- * @param context Returns a pointer to new hx509 context.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509
- */
-
-int
-hx509_context_init(hx509_context *context)
-{
-    *context = calloc(1, sizeof(**context));
-    if (*context == NULL)
-	return ENOMEM;
-
-    _hx509_ks_null_register(*context);
-    _hx509_ks_mem_register(*context);
-    _hx509_ks_file_register(*context);
-    _hx509_ks_pkcs12_register(*context);
-    _hx509_ks_pkcs11_register(*context);
-    _hx509_ks_dir_register(*context);
-    _hx509_ks_keychain_register(*context);
-
-    ENGINE_add_conf_module();
-    OpenSSL_add_all_algorithms();
-
-    (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF;
-
-    initialize_hx_error_table_r(&(*context)->et_list);
-    initialize_asn1_error_table_r(&(*context)->et_list);
-
-#ifdef HX509_DEFAULT_ANCHORS
-    (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0,
-			   NULL, &(*context)->default_trust_anchors);
-#endif
-
-    return 0;
-}
-
-/**
- * Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OSCP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
- * call hx509_revoke_verify().
- * 
- * @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_context_set_missing_revoke(hx509_context context, int flag)
-{
-    if (flag)
-	context->flags |= HX509_CTX_VERIFY_MISSING_OK;
-    else
-	context->flags &= ~HX509_CTX_VERIFY_MISSING_OK;
-}
-
-/**
- * Free the context allocated by hx509_context_init().
- * 
- * @param context context to be freed.
- *
- * @ingroup hx509
- */
-
-void
-hx509_context_free(hx509_context *context)
-{
-    hx509_clear_error_string(*context);
-    if ((*context)->ks_ops) {
-	free((*context)->ks_ops);
-	(*context)->ks_ops = NULL;
-    }
-    (*context)->ks_num_ops = 0;
-    free_error_table ((*context)->et_list);
-    if ((*context)->querystat)
-	free((*context)->querystat);
-    memset(*context, 0, sizeof(**context));
-    free(*context);
-    *context = NULL;
-}
-
-/*
- *
- */
-
-Certificate *
-_hx509_get_cert(hx509_cert cert)
-{
-    return cert->data;
-}
-
-/*
- *
- */
-
-int
-_hx509_cert_get_version(const Certificate *t)
-{
-    return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1;
-}
-
-/**
- * Allocate and init an hx509 certificate object from the decoded
- * certificate `c�.
- *
- * @param context A hx509 context.
- * @param c
- * @param cert
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
-{
-    int ret;
-
-    *cert = malloc(sizeof(**cert));
-    if (*cert == NULL)
-	return ENOMEM;
-    (*cert)->ref = 1;
-    (*cert)->friendlyname = NULL;
-    (*cert)->attrs.len = 0;
-    (*cert)->attrs.val = NULL;
-    (*cert)->private_key = NULL;
-    (*cert)->basename = NULL;
-    (*cert)->release = NULL;
-    (*cert)->ctx = NULL;
-
-    (*cert)->data = calloc(1, sizeof(*(*cert)->data));
-    if ((*cert)->data == NULL) {
-	free(*cert);
-	return ENOMEM;
-    }
-    ret = copy_Certificate(c, (*cert)->data);
-    if (ret) {
-	free((*cert)->data);
-	free(*cert);
-	*cert = NULL;
-    }
-    return ret;
-}
-
-/**
- * Just like hx509_cert_init(), but instead of a decode certificate
- * takes an pointer and length to a memory region that contains a
- * DER/BER encoded certificate.
- *
- * If the memory region doesn't contain just the certificate and
- * nothing more the function will fail with
- * HX509_EXTRA_DATA_AFTER_STRUCTURE.
- *
- * @param context A hx509 context.
- * @param ptr pointer to memory region containing encoded certificate.
- * @param len length of memory region.
- * @param cert a return pointer to a hx509 certificate object, will
- * contain NULL on error.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_init_data(hx509_context context, 
-		     const void *ptr,
-		     size_t len,
-		     hx509_cert *cert)
-{
-    Certificate t;
-    size_t size;
-    int ret;
-
-    ret = decode_Certificate(ptr, len, &t, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
-	return ret;
-    }
-    if (size != len) {
-	hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
-			       "Extra data after certificate");
-	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
-    }
-
-    ret = hx509_cert_init(context, &t, cert);
-    free_Certificate(&t);
-    return ret;
-}
-
-void
-_hx509_cert_set_release(hx509_cert cert, 
-			_hx509_cert_release_func release,
-			void *ctx)
-{
-    cert->release = release;
-    cert->ctx = ctx;
-}
-
-
-/* Doesn't make a copy of `private_key'. */
-
-int
-_hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
-{
-    if (cert->private_key)
-	_hx509_private_key_free(&cert->private_key);
-    cert->private_key = _hx509_private_key_ref(private_key);
-    return 0;
-}
-
-/**
- * Free reference to the hx509 certificate object, if the refcounter
- * reaches 0, the object if freed. Its allowed to pass in NULL.
- *
- * @param cert the cert to free.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_cert_free(hx509_cert cert)
-{
-    int i;
-
-    if (cert == NULL)
-	return;
-
-    if (cert->ref <= 0)
-	_hx509_abort("cert refcount <= 0 on free");
-    if (--cert->ref > 0)
-	return;
-
-    if (cert->release)
-	(cert->release)(cert, cert->ctx);
-
-    if (cert->private_key)
-	_hx509_private_key_free(&cert->private_key);
-
-    free_Certificate(cert->data);
-    free(cert->data);
-
-    for (i = 0; i < cert->attrs.len; i++) {
-	der_free_octet_string(&cert->attrs.val[i]->data);
-	der_free_oid(&cert->attrs.val[i]->oid);
-	free(cert->attrs.val[i]);
-    }
-    free(cert->attrs.val);
-    free(cert->friendlyname);
-    if (cert->basename)
-	hx509_name_free(&cert->basename);
-    memset(cert, 0, sizeof(cert));
-    free(cert);
-}
-
-/**
- * Add a reference to a hx509 certificate object.
- *
- * @param cert a pointer to an hx509 certificate object.
- *
- * @return the same object as is passed in.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert
-hx509_cert_ref(hx509_cert cert)
-{
-    if (cert == NULL)
-	return NULL;
-    if (cert->ref <= 0)
-	_hx509_abort("cert refcount <= 0");
-    cert->ref++;
-    if (cert->ref == 0)
-	_hx509_abort("cert refcount == 0");
-    return cert;
-}
-
-/**
- * Allocate an verification context that is used fo control the
- * verification process. 
- *
- * @param context A hx509 context.
- * @param ctx returns a pointer to a hx509_verify_ctx object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
-{
-    hx509_verify_ctx c;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL)
-	return ENOMEM;
-
-    c->max_depth = HX509_VERIFY_MAX_DEPTH;
-
-    *ctx = c;
-    
-    return 0;
-}
-
-/**
- * Free an hx509 verification context.
- *
- * @param ctx the context to be freed.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
-{
-    if (ctx) {
-	hx509_certs_free(&ctx->trust_anchors);
-	hx509_revoke_free(&ctx->revoke_ctx);
-	memset(ctx, 0, sizeof(*ctx));
-    }
-    free(ctx);
-}
-
-/**
- * Set the trust anchors in the verification context, makes an
- * reference to the keyset, so the consumer can free the keyset
- * independent of the destruction of the verification context (ctx).
- *
- * @param ctx a verification context
- * @param set a keyset containing the trust anchors.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
-{
-    ctx->trust_anchors = _hx509_certs_ref(set);
-}
-
-/**
- * Attach an revocation context to the verfication context, , makes an
- * reference to the revoke context, so the consumer can free the
- * revoke context independent of the destruction of the verification
- * context. If there is no revoke context, the verification process is
- * NOT going to check any verification status.
- *
- * @param ctx a verification context.
- * @param revoke_ctx a revoke context.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)
-{
-    if (ctx->revoke_ctx)
-	hx509_revoke_free(&ctx->revoke_ctx);
-    ctx->revoke_ctx = _hx509_revoke_ref(revoke_ctx);
-}
-
-/**
- * Set the clock time the the verification process is going to
- * use. Used to check certificate in the past and future time. If not
- * set the current time will be used.
- *
- * @param ctx a verification context.
- * @param t the time the verifiation is using.
- *
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_time(hx509_verify_ctx ctx, time_t t)
-{
-    ctx->flags |= HX509_VERIFY_CTX_F_TIME_SET;
-    ctx->time_now = t;
-}
-
-/**
- * Set the maximum depth of the certificate chain that the path
- * builder is going to try.
- *
- * @param ctx a verification context
- * @param max_depth maxium depth of the certificate chain, include
- * trust anchor.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth)
-{
-    ctx->max_depth = max_depth;
-}
-
-/**
- * Allow or deny the use of proxy certificates
- *
- * @param ctx a verification context
- * @param boolean if non zero, allow proxy certificates.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags |= HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
-    else
-	ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
-}
-
-/**
- * Select strict RFC3280 verification of certificiates. This means
- * checking key usage on CA certificates, this will make version 1
- * certificiates unuseable.
- *
- * @param ctx a verification context
- * @param boolean if non zero, use strict verification.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags |= HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
-    else
-	ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
-}
-
-/**
- * Allow using the operating system builtin trust anchors if no other
- * trust anchors are configured.
- *
- * @param ctx a verification context
- * @param boolean if non zero, useing the operating systems builtin
- * trust anchors.
- *
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags &= ~HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
-    else
-	ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
-}
-
-static const Extension *
-find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
-{
-    const TBSCertificate *c = &cert->tbsCertificate;
-
-    if (c->version == NULL || *c->version < 2 || c->extensions == NULL)
-	return NULL;
-    
-    for (;*idx < c->extensions->len; (*idx)++) {
-	if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
-	    return &c->extensions->val[(*idx)++];
-    }
-    return NULL;
-}
-
-static int
-find_extension_auth_key_id(const Certificate *subject, 
-			   AuthorityKeyIdentifier *ai)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(ai, 0, sizeof(*ai));
-
-    e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_AuthorityKeyIdentifier(e->extnValue.data, 
-					 e->extnValue.length, 
-					 ai, &size);
-}
-
-int
-_hx509_find_extension_subject_key_id(const Certificate *issuer,
-				     SubjectKeyIdentifier *si)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(si, 0, sizeof(*si));
-
-    e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_SubjectKeyIdentifier(e->extnValue.data, 
-				       e->extnValue.length,
-				       si, &size);
-}
-
-static int
-find_extension_name_constraints(const Certificate *subject, 
-				NameConstraints *nc)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(nc, 0, sizeof(*nc));
-
-    e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_NameConstraints(e->extnValue.data, 
-				  e->extnValue.length, 
-				  nc, &size);
-}
-
-static int
-find_extension_subject_alt_name(const Certificate *cert, int *i,
-				GeneralNames *sa)
-{
-    const Extension *e;
-    size_t size;
-
-    memset(sa, 0, sizeof(*sa));
-
-    e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_GeneralNames(e->extnValue.data, 
-			       e->extnValue.length,
-			       sa, &size);
-}
-
-static int
-find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(eku, 0, sizeof(*eku));
-
-    e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_ExtKeyUsage(e->extnValue.data, 
-			      e->extnValue.length,
-			      eku, &size);
-}
-
-static int
-add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
-{
-    void *p;
-    int ret;
-
-    p = realloc(list->val, (list->len + 1) * sizeof(list->val[0]));
-    if (p == NULL)
-	return ENOMEM;
-    list->val = p;
-    ret = der_copy_octet_string(entry, &list->val[list->len]);
-    if (ret)
-	return ret;
-    list->len++;
-    return 0;
-}
-
-/**
- * Free a list of octet strings returned by another hx509 library
- * function.
- *
- * @param list list to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_free_octet_string_list(hx509_octet_string_list *list)
-{
-    int i;
-    for (i = 0; i < list->len; i++)
-	der_free_octet_string(&list->val[i]);
-    free(list->val);
-    list->val = NULL;
-    list->len = 0;
-}
-
-/**
- * Return a list of subjectAltNames specified by oid in the
- * certificate. On error the 
- *
- * The returned list of octet string should be freed with
- * hx509_free_octet_string_list().
- *
- * @param context A hx509 context.
- * @param cert a hx509 certificate object.
- * @param oid an oid to for SubjectAltName.
- * @param list list of matching SubjectAltName.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_find_subjectAltName_otherName(hx509_context context,
-					 hx509_cert cert,
-					 const heim_oid *oid,
-					 hx509_octet_string_list *list)
-{
-    GeneralNames sa;
-    int ret, i, j;
-
-    list->val = NULL;
-    list->len = 0;
-
-    i = 0;
-    while (1) {
-	ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
-	i++;
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0) {
-	    hx509_set_error_string(context, 0, ret, "Error searching for SAN");
-	    hx509_free_octet_string_list(list);
-	    return ret;
-	}
-
-	for (j = 0; j < sa.len; j++) {
-	    if (sa.val[j].element == choice_GeneralName_otherName &&
-		der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0) 
-	    {
-		ret = add_to_list(list, &sa.val[j].u.otherName.value);
-		if (ret) {
-		    hx509_set_error_string(context, 0, ret, 
-					   "Error adding an exra SAN to "
-					   "return list");
-		    hx509_free_octet_string_list(list);
-		    free_GeneralNames(&sa);
-		    return ret;
-		}
-	    }
-	}
-	free_GeneralNames(&sa);
-    }
-    return 0;
-}
-
-
-static int
-check_key_usage(hx509_context context, const Certificate *cert, 
-		unsigned flags, int req_present)
-{
-    const Extension *e;
-    KeyUsage ku;
-    size_t size;
-    int ret, i = 0;
-    unsigned ku_flags;
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
-    if (e == NULL) {
-	if (req_present) {
-	    hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
-				   "Required extension key "
-				   "usage missing from certifiate");
-	    return HX509_KU_CERT_MISSING;
-	}
-	return 0;
-    }
-    
-    ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
-    if (ret)
-	return ret;
-    ku_flags = KeyUsage2int(ku);
-    if ((ku_flags & flags) != flags) {
-	unsigned missing = (~ku_flags) & flags;
-	char buf[256], *name;
-
-	unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf));
-	_hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
-	hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
-			       "Key usage %s required but missing "
-			       "from certifiate %s", buf, name);
-	free(name);
-	return HX509_KU_CERT_MISSING;
-    }
-    return 0;
-}
-
-/*
- * Return 0 on matching key usage 'flags' for 'cert', otherwise return
- * an error code. If 'req_present' the existance is required of the
- * KeyUsage extension.
- */
-
-int
-_hx509_check_key_usage(hx509_context context, hx509_cert cert, 
-		       unsigned flags, int req_present)
-{
-    return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
-}
-
-enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
-
-static int
-check_basic_constraints(hx509_context context, const Certificate *cert, 
-			enum certtype type, int depth)
-{
-    BasicConstraints bc;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_basicConstraints(), &i);
-    if (e == NULL) {
-	switch(type) {
-	case PROXY_CERT:
-	case EE_CERT:
-	    return 0;
-	case CA_CERT: {
-	    char *name;
-	    ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
-	    assert(ret == 0);
-	    hx509_set_error_string(context, 0, HX509_EXTENSION_NOT_FOUND,
-				   "basicConstraints missing from "
-				   "CA certifiacte %s", name);
-	    free(name);
-	    return HX509_EXTENSION_NOT_FOUND;
-	}
-	}
-    }
-    
-    ret = decode_BasicConstraints(e->extnValue.data, 
-				  e->extnValue.length, &bc,
-				  &size);
-    if (ret)
-	return ret;
-    switch(type) {
-    case PROXY_CERT:
-	if (bc.cA != NULL && *bc.cA)
-	    ret = HX509_PARENT_IS_CA;
-	break;
-    case EE_CERT:
-	ret = 0;
-	break;
-    case CA_CERT:
-	if (bc.cA == NULL || !*bc.cA)
-	    ret = HX509_PARENT_NOT_CA;
-	else if (bc.pathLenConstraint)
-	    if (depth - 1 > *bc.pathLenConstraint)
-		ret = HX509_CA_PATH_TOO_DEEP;
-	break;
-    }
-    free_BasicConstraints(&bc);
-    return ret;
-}
-
-int
-_hx509_cert_is_parent_cmp(const Certificate *subject,
-			  const Certificate *issuer,
-			  int allow_self_signed)
-{
-    int diff;
-    AuthorityKeyIdentifier ai;
-    SubjectKeyIdentifier si;
-    int ret_ai, ret_si;
-
-    diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, 
-			   &subject->tbsCertificate.issuer);
-    if (diff)
-	return diff;
-    
-    memset(&ai, 0, sizeof(ai));
-    memset(&si, 0, sizeof(si));
-
-    /*
-     * Try to find AuthorityKeyIdentifier, if it's not present in the
-     * subject certificate nor the parent.
-     */
-
-    ret_ai = find_extension_auth_key_id(subject, &ai);
-    if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND)
-	return 1;
-    ret_si = _hx509_find_extension_subject_key_id(issuer, &si);
-    if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND)
-	return -1;
-
-    if (ret_si && ret_ai)
-	goto out;
-    if (ret_ai)
-	goto out;
-    if (ret_si) {
-	if (allow_self_signed) {
-	    diff = 0;
-	    goto out;
-	} else if (ai.keyIdentifier) {
-	    diff = -1;
-	    goto out;
-	}
-    }
-    
-    if (ai.keyIdentifier == NULL) {
-	Name name;
-
-	if (ai.authorityCertIssuer == NULL)
-	    return -1;
-	if (ai.authorityCertSerialNumber == NULL)
-	    return -1;
-
-	diff = der_heim_integer_cmp(ai.authorityCertSerialNumber, 
-				    &issuer->tbsCertificate.serialNumber);
-	if (diff)
-	    return diff;
-	if (ai.authorityCertIssuer->len != 1)
-	    return -1;
-	if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
-	    return -1;
-	
-	name.element = 
-	    ai.authorityCertIssuer->val[0].u.directoryName.element;
-	name.u.rdnSequence = 
-	    ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence;
-
-	diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, 
-			       &name);
-	if (diff)
-	    return diff;
-	diff = 0;
-    } else
-	diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si);
-    if (diff)
-	goto out;
-
- out:
-    free_AuthorityKeyIdentifier(&ai);
-    free_SubjectKeyIdentifier(&si);
-    return diff;
-}
-
-static int
-certificate_is_anchor(hx509_context context,
-		      hx509_certs trust_anchors,
-		      const hx509_cert cert)
-{
-    hx509_query q;
-    hx509_cert c;
-    int ret;
-
-    if (trust_anchors == NULL)
-	return 0;
-
-    _hx509_query_clear(&q);
-
-    q.match = HX509_QUERY_MATCH_CERTIFICATE;
-    q.certificate = _hx509_get_cert(cert);
-
-    ret = hx509_certs_find(context, trust_anchors, &q, &c);
-    if (ret == 0)
-	hx509_cert_free(c);
-    return ret == 0;
-}
-
-static int
-certificate_is_self_signed(const Certificate *cert)
-{
-    return _hx509_name_cmp(&cert->tbsCertificate.subject, 
-			   &cert->tbsCertificate.issuer) == 0;
-}
-
-/*
- * The subjectName is "null" when it's empty set of relative DBs.
- */
-
-static int
-subject_null_p(const Certificate *c)
-{
-    return c->tbsCertificate.subject.u.rdnSequence.len == 0;
-}
-
-
-static int
-find_parent(hx509_context context,
-	    time_t time_now,
-	    hx509_certs trust_anchors,
-	    hx509_path *path,
-	    hx509_certs pool, 
-	    hx509_cert current,
-	    hx509_cert *parent)
-{
-    AuthorityKeyIdentifier ai;
-    hx509_query q;
-    int ret;
-
-    *parent = NULL;
-    memset(&ai, 0, sizeof(ai));
-    
-    _hx509_query_clear(&q);
-
-    if (!subject_null_p(current->data)) {
-	q.match |= HX509_QUERY_FIND_ISSUER_CERT;
-	q.subject = _hx509_get_cert(current);
-    } else {
-	ret = find_extension_auth_key_id(current->data, &ai);
-	if (ret) {
-	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
-				   "Subjectless certificate missing AuthKeyID");
-	    return HX509_CERTIFICATE_MALFORMED;
-	}
-
-	if (ai.keyIdentifier == NULL) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
-				   "Subjectless certificate missing keyIdentifier "
-				   "inside AuthKeyID");
-	    return HX509_CERTIFICATE_MALFORMED;
-	}
-
-	q.subject_id = ai.keyIdentifier;
-	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
-    }
-
-    q.path = path;
-    q.match |= HX509_QUERY_NO_MATCH_PATH;
-
-    if (pool) {
-	q.timenow = time_now;
-	q.match |= HX509_QUERY_MATCH_TIME;
-
-	ret = hx509_certs_find(context, pool, &q, parent);
-	if (ret == 0) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    return 0;
-	}
-	q.match &= ~HX509_QUERY_MATCH_TIME;
-    }
-
-    if (trust_anchors) {
-	ret = hx509_certs_find(context, trust_anchors, &q, parent);
-	if (ret == 0) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    return ret;
-	}
-    }
-    free_AuthorityKeyIdentifier(&ai);
-
-    {
-	hx509_name name;
-	char *str;
-
-	ret = hx509_cert_get_subject(current, &name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return HX509_ISSUER_NOT_FOUND;
-	}
-	ret = hx509_name_to_string(name, &str);
-	hx509_name_free(&name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return HX509_ISSUER_NOT_FOUND;
-	}
-	
-	hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
-			       "Failed to find issuer for "
-			       "certificate with subject: '%s'", str);
-	free(str);
-    }
-    return HX509_ISSUER_NOT_FOUND;
-}
-
-/*
- *
- */
-
-static int
-is_proxy_cert(hx509_context context, 
-	      const Certificate *cert, 
-	      ProxyCertInfo *rinfo)
-{
-    ProxyCertInfo info;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    if (rinfo)
-	memset(rinfo, 0, sizeof(*rinfo));
-
-    e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
-    if (e == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_EXTENSION_NOT_FOUND;
-    }
-
-    ret = decode_ProxyCertInfo(e->extnValue.data, 
-			       e->extnValue.length, 
-			       &info,
-			       &size);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    if (size != e->extnValue.length) {
-	free_ProxyCertInfo(&info);
-	hx509_clear_error_string(context);
-	return HX509_EXTRA_DATA_AFTER_STRUCTURE; 
-    }
-    if (rinfo == NULL)
-	free_ProxyCertInfo(&info);
-    else
-	*rinfo = info;
-
-    return 0;
-}
-
-/*
- * Path operations are like MEMORY based keyset, but with exposed
- * internal so we can do easy searches.
- */
-
-int
-_hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert)
-{
-    hx509_cert *val;
-    val = realloc(path->val, (path->len + 1) * sizeof(path->val[0]));
-    if (val == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    path->val = val;
-    path->val[path->len] = hx509_cert_ref(cert);
-    path->len++;
-
-    return 0;
-}
-
-void
-_hx509_path_free(hx509_path *path)
-{
-    unsigned i;
-    
-    for (i = 0; i < path->len; i++)
-	hx509_cert_free(path->val[i]);
-    free(path->val);
-    path->val = NULL;
-    path->len = 0;
-}
-
-/*
- * Find path by looking up issuer for the top certificate and continue
- * until an anchor certificate is found or max limit is found. A
- * certificate never included twice in the path.
- *
- * If the trust anchors are not given, calculate optimistic path, just
- * follow the chain upward until we no longer find a parent or we hit
- * the max path limit. In this case, a failure will always be returned
- * depending on what error condition is hit first.
- *
- * The path includes a path from the top certificate to the anchor
- * certificate.
- *
- * The caller needs to free `path� both on successful built path and
- * failure.
- */
-
-int
-_hx509_calculate_path(hx509_context context,
-		      int flags,
-		      time_t time_now,
-		      hx509_certs anchors,
-		      unsigned int max_depth,
-		      hx509_cert cert,
-		      hx509_certs pool,
-		      hx509_path *path)
-{
-    hx509_cert parent, current;
-    int ret;
-
-    if (max_depth == 0)
-	max_depth = HX509_VERIFY_MAX_DEPTH;
-
-    ret = _hx509_path_append(context, path, cert);
-    if (ret)
-	return ret;
-
-    current = hx509_cert_ref(cert);
-
-    while (!certificate_is_anchor(context, anchors, current)) {
-
-	ret = find_parent(context, time_now, anchors, path, 
-			  pool, current, &parent);
-	hx509_cert_free(current);
-	if (ret)
-	    return ret;
-
-	ret = _hx509_path_append(context, path, parent);
-	if (ret)
-	    return ret;
-	current = parent;
-
-	if (path->len > max_depth) {
-	    hx509_cert_free(current);
-	    hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG,
-				   "Path too long while bulding "
-				   "certificate chain");
-	    return HX509_PATH_TOO_LONG;
-	}
-    }
-
-    if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && 
-	path->len > 0 && 
-	certificate_is_anchor(context, anchors, path->val[path->len - 1]))
-    {
-	hx509_cert_free(path->val[path->len - 1]);
-	path->len--;
-    }
-
-    hx509_cert_free(current);
-    return 0;
-}
-
-int
-_hx509_AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p,
-			       const AlgorithmIdentifier *q)
-{
-    int diff;
-    diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm);
-    if (diff)
-	return diff;
-    if (p->parameters) {
-	if (q->parameters)
-	    return heim_any_cmp(p->parameters,
-				q->parameters);
-	else
-	    return 1;
-    } else {
-	if (q->parameters)
-	    return -1;
-	else
-	    return 0;
-    }
-}
-
-int
-_hx509_Certificate_cmp(const Certificate *p, const Certificate *q)
-{
-    int diff;
-    diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue);
-    if (diff)
-	return diff;
-    diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm, 
-					  &q->signatureAlgorithm);
-    if (diff)
-	return diff;
-    diff = der_heim_octet_string_cmp(&p->tbsCertificate._save,
-				     &q->tbsCertificate._save);
-    return diff;
-}
-
-/**
- * Compare to hx509 certificate object, useful for sorting.
- *
- * @param p a hx509 certificate object.
- * @param q a hx509 certificate object.
- *
- * @return 0 the objects are the same, returns > 0 is p is "larger"
- * then q, < 0 if p is "smaller" then q.
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_cmp(hx509_cert p, hx509_cert q)
-{
-    return _hx509_Certificate_cmp(p->data, q->data);
-}
-
-/**
- * Return the name of the issuer of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
-{
-    return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
-}
-
-/**
- * Return the name of the subject of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_base_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_subject(hx509_cert p, hx509_name *name)
-{
-    return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
-}
-
-/**
- * Return the name of the base subject of the hx509 certificate. If
- * the certiicate is a verified proxy certificate, the this function
- * return the base certificate (root of the proxy chain). If the proxy
- * certificate is not verified with the base certificate
- * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
- *
- * @param context a hx509 context.
- * @param c a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_base_subject(hx509_context context, hx509_cert c,
-			    hx509_name *name)
-{
-    if (c->basename)
-	return hx509_name_copy(context, c->basename, name);
-    if (is_proxy_cert(context, c->data, NULL) == 0) {
-	int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
-	hx509_set_error_string(context, 0, ret,
-			       "Proxy certificate have not been "
-			       "canonicalize yet, no base name");
-	return ret;
-    }
-    return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name);
-}
-
-/**
- * Get serial number of the certificate.
- *
- * @param p a hx509 certificate object.
- * @param i serial number, should be freed ith der_free_heim_integer().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
-{
-    return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
-}
-
-/**
- * Get notBefore time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not before time
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notBefore(hx509_cert p)
-{
-    return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore);
-}
-
-/**
- * Get notAfter time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not after time.
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notAfter(hx509_cert p)
-{
-    return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter);
-}
-
-/**
- * Get the SubjectPublicKeyInfo structure from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param spki SubjectPublicKeyInfo, should be freed with
- * free_SubjectPublicKeyInfo().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)
-{
-    int ret;
-
-    ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki);
-    if (ret)
-	hx509_set_error_string(context, 0, ret, "Failed to copy SPKI");
-    return ret;
-}
-
-/**
- * Get the AlgorithmIdentifier from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param alg AlgorithmIdentifier, should be freed with
- * free_AlgorithmIdentifier().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
-					hx509_cert p, 
-					AlgorithmIdentifier *alg)
-{
-    int ret;
-
-    ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg);
-    if (ret)
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy SPKI AlgorithmIdentifier");
-    return ret;
-}
-
-
-hx509_private_key
-_hx509_cert_private_key(hx509_cert p)
-{
-    return p->private_key;
-}
-
-int
-hx509_cert_have_private_key(hx509_cert p)
-{
-    return p->private_key ? 1 : 0;
-}
-
-
-int
-_hx509_cert_private_key_exportable(hx509_cert p)
-{
-    if (p->private_key == NULL)
-	return 0;
-    return _hx509_private_key_exportable(p->private_key);
-}
-
-int
-_hx509_cert_private_decrypt(hx509_context context,
-			    const heim_octet_string *ciphertext,
-			    const heim_oid *encryption_oid,
-			    hx509_cert p,
-			    heim_octet_string *cleartext)
-{
-    cleartext->data = NULL;
-    cleartext->length = 0;
-
-    if (p->private_key == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private key missing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    return _hx509_private_key_private_decrypt(context,
-					      ciphertext,
-					      encryption_oid,
-					      p->private_key, 
-					      cleartext);
-}
-
-int
-_hx509_cert_public_encrypt(hx509_context context,
-			   const heim_octet_string *cleartext,
-			   const hx509_cert p,
-			   heim_oid *encryption_oid,
-			   heim_octet_string *ciphertext)
-{
-    return _hx509_public_encrypt(context,
-				 cleartext, p->data,
-				 encryption_oid, ciphertext);
-}
-
-/*
- *
- */
-
-time_t
-_hx509_Time2time_t(const Time *t)
-{
-    switch(t->element) {
-    case choice_Time_utcTime:
-	return t->u.utcTime;
-    case choice_Time_generalTime:
-	return t->u.generalTime;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-init_name_constraints(hx509_name_constraints *nc)
-{
-    memset(nc, 0, sizeof(*nc));
-    return 0;
-}
-
-static int
-add_name_constraints(hx509_context context, const Certificate *c, int not_ca,
-		     hx509_name_constraints *nc)
-{
-    NameConstraints tnc;
-    int ret;
-
-    ret = find_extension_name_constraints(c, &tnc);
-    if (ret == HX509_EXTENSION_NOT_FOUND)
-	return 0;
-    else if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints");
-	return ret;
-    } else if (not_ca) {
-	ret = HX509_VERIFY_CONSTRAINTS;
-	hx509_set_error_string(context, 0, ret, "Not a CA and "
-			       "have NameConstraints");
-    } else {
-	NameConstraints *val;
-	val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1));
-	if (val == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	nc->val = val;
-	ret = copy_NameConstraints(&tnc, &nc->val[nc->len]);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	nc->len += 1;
-    }
-out:
-    free_NameConstraints(&tnc);
-    return ret;
-}
-
-static int
-match_RDN(const RelativeDistinguishedName *c,
-	  const RelativeDistinguishedName *n)
-{
-    int i;
-
-    if (c->len != n->len)
-	return HX509_NAME_CONSTRAINT_ERROR;
-    
-    for (i = 0; i < n->len; i++) {
-	if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-    }
-    return 0;
-}
-
-static int
-match_X501Name(const Name *c, const Name *n)
-{
-    int i, ret;
-
-    if (c->element != choice_Name_rdnSequence
-	|| n->element != choice_Name_rdnSequence)
-	return 0;
-    if (c->u.rdnSequence.len > n->u.rdnSequence.len)
-	return HX509_NAME_CONSTRAINT_ERROR;
-    for (i = 0; i < c->u.rdnSequence.len; i++) {
-	ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-} 
-
-
-static int
-match_general_name(const GeneralName *c, const GeneralName *n, int *match)
-{
-    /* 
-     * Name constraints only apply to the same name type, see RFC3280,
-     * 4.2.1.11.
-     */
-    assert(c->element == n->element);
-
-    switch(c->element) {
-    case choice_GeneralName_otherName:
-	if (der_heim_oid_cmp(&c->u.otherName.type_id,
-			 &n->u.otherName.type_id) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (heim_any_cmp(&c->u.otherName.value,
-			 &n->u.otherName.value) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	*match = 1;
-	return 0;
-    case choice_GeneralName_rfc822Name: {
-	const char *s;
-	size_t len1, len2;
-	s = strchr(c->u.rfc822Name, '@');
-	if (s) {
-	    if (strcasecmp(c->u.rfc822Name, n->u.rfc822Name) != 0)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	} else {
-	    s = strchr(n->u.rfc822Name, '@');
-	    if (s == NULL)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    len1 = strlen(c->u.rfc822Name);
-	    len2 = strlen(s + 1);
-	    if (len1 > len2)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    if (len1 < len2 && s[len2 - len1 + 1] != '.')
-		return HX509_NAME_CONSTRAINT_ERROR;
-	}
-	*match = 1;
-	return 0;
-    }
-    case choice_GeneralName_dNSName: {
-	size_t lenc, lenn;
-
-	lenc = strlen(c->u.dNSName);
-	lenn = strlen(n->u.dNSName);
-	if (lenc > lenn)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (lenc != lenn && n->u.dNSName[lenn - lenc - 1] != '.')
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	*match = 1;
-	return 0;
-    }
-    case choice_GeneralName_directoryName: {
-	Name c_name, n_name;
-	int ret;
-
-	c_name._save.data = NULL;
-	c_name._save.length = 0;
-	c_name.element = c->u.directoryName.element;
-	c_name.u.rdnSequence = c->u.directoryName.u.rdnSequence;
-
-	n_name._save.data = NULL;
-	n_name._save.length = 0;
-	n_name.element = n->u.directoryName.element;
-	n_name.u.rdnSequence = n->u.directoryName.u.rdnSequence;
-
-	ret = match_X501Name(&c_name, &n_name);
-	if (ret == 0)
-	    *match = 1;
-	return ret;
-    }
-    case choice_GeneralName_uniformResourceIdentifier:
-    case choice_GeneralName_iPAddress:
-    case choice_GeneralName_registeredID:
-    default:
-	return HX509_NAME_CONSTRAINT_ERROR;
-    }
-}
-
-static int
-match_alt_name(const GeneralName *n, const Certificate *c, 
-	       int *same, int *match)
-{
-    GeneralNames sa;
-    int ret, i, j;
-
-    i = 0;
-    do {
-	ret = find_extension_subject_alt_name(c, &i, &sa);
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0)
-	    break;
-
-	for (j = 0; j < sa.len; j++) {
-	    if (n->element == sa.val[j].element) {
-		*same = 1;
-		ret = match_general_name(n, &sa.val[j], match);
-	    }
-	}
-	free_GeneralNames(&sa);
-    } while (1);
-    return ret;
-}
-
-
-static int
-match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
-{
-    int name, alt_name, same;
-    unsigned int i;
-    int ret = 0;
-
-    name = alt_name = same = *match = 0;
-    for (i = 0; i < t->len; i++) {
-	if (t->val[i].minimum && t->val[i].maximum)
-	    return HX509_RANGE;
-
-	/*
-	 * If the constraint apply to directoryNames, test is with
-	 * subjectName of the certificate if the certificate have a
-	 * non-null (empty) subjectName.
-	 */
-
-	if (t->val[i].base.element == choice_GeneralName_directoryName
-	    && !subject_null_p(c))
-	{
-	    GeneralName certname;
-	    
-	    memset(&certname, 0, sizeof(certname));
-	    certname.element = choice_GeneralName_directoryName;
-	    certname.u.directoryName.element = 
-		c->tbsCertificate.subject.element;
-	    certname.u.directoryName.u.rdnSequence = 
-		c->tbsCertificate.subject.u.rdnSequence;
-    
-	    ret = match_general_name(&t->val[i].base, &certname, &name);
-	}
-
-	/* Handle subjectAltNames, this is icky since they
-	 * restrictions only apply if the subjectAltName is of the
-	 * same type. So if there have been a match of type, require
-	 * altname to be set.
-	 */
-	ret = match_alt_name(&t->val[i].base, c, &same, &alt_name);
-    }
-    if (name && (!same || alt_name))
-	*match = 1;
-    return ret;
-}
-
-static int
-check_name_constraints(hx509_context context, 
-		       const hx509_name_constraints *nc,
-		       const Certificate *c)
-{
-    int match, ret;
-    int i;
-
-    for (i = 0 ; i < nc->len; i++) {
-	GeneralSubtrees gs;
-
-	if (nc->val[i].permittedSubtrees) {
-	    GeneralSubtrees_SET(&gs, nc->val[i].permittedSubtrees);
-	    ret = match_tree(&gs, c, &match);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		return ret;
-	    }
-	    /* allow null subjectNames, they wont matches anything */
-	    if (match == 0 && !subject_null_p(c)) {
-		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
-				       "certificate didn't match any "
-				       "permitted subtree");
-		return HX509_VERIFY_CONSTRAINTS;
-	    }
-	}
-	if (nc->val[i].excludedSubtrees) {
-	    GeneralSubtrees_SET(&gs, nc->val[i].excludedSubtrees);
-	    ret = match_tree(&gs, c, &match);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		return ret;
-	    }
-	    if (match) {
-		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
-				       "certificate included in excluded "
-				       "subtree");
-		return HX509_VERIFY_CONSTRAINTS;
-	    }
-	}
-    }
-    return 0;
-}
-
-static void
-free_name_constraints(hx509_name_constraints *nc)
-{
-    int i;
-
-    for (i = 0 ; i < nc->len; i++)
-	free_NameConstraints(&nc->val[i]);
-    free(nc->val);
-}
-
-/**
- * Build and verify the path for the certificate to the trust anchor
- * specified in the verify context. The path is constructed from the
- * certificate, the pool and the trust anchors.
- *
- * @param context A hx509 context.
- * @param ctx A hx509 verification context.
- * @param cert the certificate to build the path from.
- * @param pool A keyset of certificates to build the chain from.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_path(hx509_context context,
-		  hx509_verify_ctx ctx,
-		  hx509_cert cert,
-		  hx509_certs pool)
-{
-    hx509_name_constraints nc;
-    hx509_path path;
-#if 0
-    const AlgorithmIdentifier *alg_id;
-#endif
-    int ret, i, proxy_cert_depth, selfsigned_depth;
-    enum certtype type;
-    Name proxy_issuer;
-    hx509_certs anchors = NULL;
-
-    memset(&proxy_issuer, 0, sizeof(proxy_issuer));
-
-    ret = init_name_constraints(&nc);
-    if (ret)	
-	return ret;
-
-    path.val = NULL;
-    path.len = 0;
-
-    if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0)
-	ctx->time_now = time(NULL);
-
-    /*
-     *
-     */
-    if (ctx->trust_anchors)
-	anchors = _hx509_certs_ref(ctx->trust_anchors);
-    else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
-	anchors = _hx509_certs_ref(context->default_trust_anchors);
-    else {
-	ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
-	if (ret)
-	    goto out;
-    }
-
-    /*
-     * Calculate the path from the certificate user presented to the
-     * to an anchor.
-     */
-    ret = _hx509_calculate_path(context, 0, ctx->time_now,
-				anchors, ctx->max_depth,
-				cert, pool, &path);
-    if (ret)
-	goto out;
-
-#if 0
-    alg_id = path.val[path->len - 1]->data->tbsCertificate.signature;
-#endif
-
-    /*
-     * Check CA and proxy certificate chain from the top of the
-     * certificate chain. Also check certificate is valid with respect
-     * to the current time.
-     *
-     */
-
-    proxy_cert_depth = 0;
-    selfsigned_depth = 0;
-
-    if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE)
-	type = PROXY_CERT;
-    else
-	type = EE_CERT;
-
-    for (i = 0; i < path.len; i++) {
-	Certificate *c;
-	time_t t;
-
-	c = _hx509_get_cert(path.val[i]);
-	
-	/*
-	 * Lets do some basic check on issuer like
-	 * keyUsage.keyCertSign and basicConstraints.cA bit depending
-	 * on what type of certificate this is.
-	 */
-
-	switch (type) {
-	case CA_CERT:
-	    /* XXX make constants for keyusage */
-	    ret = check_key_usage(context, c, 1 << 5,
-				  REQUIRE_RFC3280(ctx) ? TRUE : FALSE);
-	    if (ret) {
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Key usage missing from CA certificate");
-		goto out;
-	    }
-
-	    if (i + 1 != path.len && certificate_is_self_signed(c)) 
-		selfsigned_depth++;
-
-	    break;
-	case PROXY_CERT: {
-	    ProxyCertInfo info;	    
-
-	    if (is_proxy_cert(context, c, &info) == 0) {
-		int j;
-
-		if (info.pCPathLenConstraint != NULL &&
-		    *info.pCPathLenConstraint < i)
-		{
-		    free_ProxyCertInfo(&info);
-		    ret = HX509_PATH_TOO_LONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy certificate chain "
-					   "longer then allowed");
-		    goto out;
-		}
-		/* XXX MUST check info.proxyPolicy */
-		free_ProxyCertInfo(&info);
-		
-		j = 0;
-		if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) {
-		    ret = HX509_PROXY_CERT_INVALID;
-		    hx509_set_error_string(context, 0, ret, 
-					   "Proxy certificate have explicity "
-					   "forbidden subjectAltName");
-		    goto out;
-		}
-
-		j = 0;
-		if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) {
-		    ret = HX509_PROXY_CERT_INVALID;
-		    hx509_set_error_string(context, 0, ret, 
-					   "Proxy certificate have explicity "
-					   "forbidden issuerAltName");
-		    goto out;
-		}
-			
-		/* 
-		 * The subject name of the proxy certificate should be
-		 * CN=XXX,<proxy issuer>, prune of CN and check if its
-		 * the same over the whole chain of proxy certs and
-		 * then check with the EE cert when we get to it.
-		 */
-
-		if (proxy_cert_depth) {
-		    ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject);
-		    if (ret) {
-			ret = HX509_PROXY_CERT_NAME_WRONG;
-			hx509_set_error_string(context, 0, ret,
-					       "Base proxy name not right");
-			goto out;
-		    }
-		}
-
-		free_Name(&proxy_issuer);
-
-		ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer);
-		if (ret) {
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-
-		j = proxy_issuer.u.rdnSequence.len;
-		if (proxy_issuer.u.rdnSequence.len < 2 
-		    || proxy_issuer.u.rdnSequence.val[j - 1].len > 1
-		    || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type,
-					oid_id_at_commonName()))
-		{
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy name too short or "
-					   "does not have Common name "
-					   "at the top");
-		    goto out;
-		}
-
-		free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]);
-		proxy_issuer.u.rdnSequence.len -= 1;
-
-		ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer);
-		if (ret != 0) {
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy issuer name not as expected");
-		    goto out;
-		}
-
-		break;
-	    } else {
-		/* 
-		 * Now we are done with the proxy certificates, this
-		 * cert was an EE cert and we we will fall though to
-		 * EE checking below.
-		 */
-		type = EE_CERT;
-		/* FALLTHOUGH */
-	    }
-	}
-	case EE_CERT:
-	    /*
-	     * If there where any proxy certificates in the chain
-	     * (proxy_cert_depth > 0), check that the proxy issuer
-	     * matched proxy certificates "base" subject.
-	     */
-	    if (proxy_cert_depth) {
-
-		ret = _hx509_name_cmp(&proxy_issuer,
-				      &c->tbsCertificate.subject);
-		if (ret) {
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-		if (cert->basename)
-		    hx509_name_free(&cert->basename);
-		
-		ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
-		if (ret) {
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-	    }
-
-	    break;
-	}
-
-	ret = check_basic_constraints(context, c, type, 
-				      i - proxy_cert_depth - selfsigned_depth);
-	if (ret)
-	    goto out;
-	    
-	/*
-	 * Don't check the trust anchors expiration time since they
-	 * are transported out of band, from RFC3820.
-	 */
-	if (i + 1 != path.len || CHECK_TA(ctx)) {
-
-	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
-	    if (t > ctx->time_now) {
-		ret = HX509_CERT_USED_BEFORE_TIME;
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
-	    if (t < ctx->time_now) {
-		ret = HX509_CERT_USED_AFTER_TIME;
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	}
-
-	if (type == EE_CERT)
-	    type = CA_CERT;
-	else if (type == PROXY_CERT)
-	    proxy_cert_depth++;
-    }
-
-    /*
-     * Verify constraints, do this backward so path constraints are
-     * checked in the right order.
-     */
-
-    for (ret = 0, i = path.len - 1; i >= 0; i--) {
-	Certificate *c;
-
-	c = _hx509_get_cert(path.val[i]);
-
-	/* verify name constraints, not for selfsigned and anchor */
-	if (!certificate_is_self_signed(c) || i + 1 != path.len) {
-	    ret = check_name_constraints(context, &nc, c);
-	    if (ret) {
-		goto out;
-	    }
-	}
-	ret = add_name_constraints(context, c, i == 0, &nc);
-	if (ret)
-	    goto out;
-
-	/* XXX verify all other silly constraints */
-
-    }
-
-    /*
-     * Verify that no certificates has been revoked.
-     */
-
-    if (ctx->revoke_ctx) {
-	hx509_certs certs;
-
-	ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0,
-			       NULL, &certs);
-	if (ret)
-	    goto out;
-
-	for (i = 0; i < path.len; i++) {
-	    ret = hx509_certs_add(context, certs, path.val[i]);
-	    if (ret) {
-		hx509_certs_free(&certs);
-		goto out;
-	    }
-	}
-	ret = hx509_certs_merge(context, certs, pool);
-	if (ret) {
-	    hx509_certs_free(&certs);
-	    goto out;
-	}
-
-	for (i = 0; i < path.len - 1; i++) {
-	    int parent = (i < path.len - 1) ? i + 1 : i;
-
-	    ret = hx509_revoke_verify(context,
-				      ctx->revoke_ctx, 
-				      certs,
-				      ctx->time_now,
-				      path.val[i],
-				      path.val[parent]);
-	    if (ret) {
-		hx509_certs_free(&certs);
-		goto out;
-	    }
-	}
-	hx509_certs_free(&certs);
-    }
-
-    /*
-     * Verify signatures, do this backward so public key working
-     * parameter is passed up from the anchor up though the chain.
-     */
-
-    for (i = path.len - 1; i >= 0; i--) {
-	Certificate *signer, *c;
-
-	c = _hx509_get_cert(path.val[i]);
-
-	/* is last in chain (trust anchor) */
-	if (i + 1 == path.len) {
-	    signer = path.val[i]->data;
-
-	    /* if trust anchor is not self signed, don't check sig */
-	    if (!certificate_is_self_signed(signer))
-		continue;
-	} else {
-	    /* take next certificate in chain */
-	    signer = path.val[i + 1]->data;
-	}
-
-	/* verify signatureValue */
-	ret = _hx509_verify_signature_bitstring(context,
-						signer,
-						&c->signatureAlgorithm,
-						&c->tbsCertificate._save,
-						&c->signatureValue);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to verify signature of certificate");
-	    goto out;
-	}
-    }
-
-out:
-    hx509_certs_free(&anchors);
-    free_Name(&proxy_issuer);
-    free_name_constraints(&nc);
-    _hx509_path_free(&path);
-
-    return ret;
-}
-
-/**
- * Verify a signature made using the private key of an certificate.
- *
- * @param context A hx509 context.
- * @param signer the certificate that made the signature.
- * @param alg algorthm that was used to sign the data.
- * @param data the data that was signed.
- * @param sig the sigature to verify.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_crypto
- */
-
-int
-hx509_verify_signature(hx509_context context,
-		       const hx509_cert signer,
-		       const AlgorithmIdentifier *alg,
-		       const heim_octet_string *data,
-		       const heim_octet_string *sig)
-{
-    return _hx509_verify_signature(context, signer->data, alg, data, sig);
-}
-
-
-/**
- * Verify that the certificate is allowed to be used for the hostname
- * and address.
- *
- * @param context A hx509 context.
- * @param cert the certificate to match with
- * @param flags Flags to modify the behavior:
- * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
- * @param type type of hostname:
- * - HX509_HN_HOSTNAME for plain hostname.
- * - HX509_HN_DNSSRV for DNS SRV names.
- * @param hostname the hostname to check
- * @param sa address of the host
- * @param sa_size length of address
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_verify_hostname(hx509_context context,
-		      const hx509_cert cert,
-		      int flags,
-		      hx509_hostname_type type,
-		      const char *hostname,
-		      const struct sockaddr *sa,
-		      /* XXX krb5_socklen_t */ int sa_size) 
-{
-    GeneralNames san;
-    int ret, i, j;
-
-    if (sa && sa_size <= 0)
-	return EINVAL;
-
-    memset(&san, 0, sizeof(san));
-
-    i = 0;
-    do {
-	ret = find_extension_subject_alt_name(cert->data, &i, &san);
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0)
-	    break;
-
-	for (j = 0; j < san.len; j++) {
-	    switch (san.val[j].element) {
-	    case choice_GeneralName_dNSName:
-		if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) {
-		    free_GeneralNames(&san);
-		    return 0;
-		}
-		break;
-	    default:
-		break;
-	    }
-	}
-	free_GeneralNames(&san);
-    } while (1);
-
-    {
-	Name *name = &cert->data->tbsCertificate.subject;
-
-	/* match if first component is a CN= */
-	if (name->u.rdnSequence.len > 0
-	    && name->u.rdnSequence.val[0].len == 1
-	    && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type,
-				oid_id_at_commonName()) == 0)
-	{
-	    DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value;
-
-	    switch (ds->element) {
-	    case choice_DirectoryString_printableString:
-		if (strcasecmp(ds->u.printableString, hostname) == 0)
-		    return 0;
-		break;
-	    case choice_DirectoryString_ia5String:
-		if (strcasecmp(ds->u.ia5String, hostname) == 0)
-		    return 0;
-		break;
-	    case choice_DirectoryString_utf8String:
-		if (strcasecmp(ds->u.utf8String, hostname) == 0)
-		    return 0;
-	    default:
-		break;
-	    }
-	}
-    }
-
-    if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0)
-	ret = HX509_NAME_CONSTRAINT_ERROR;
-
-    return ret;
-}
-
-int
-_hx509_set_cert_attribute(hx509_context context,
-			  hx509_cert cert, 
-			  const heim_oid *oid, 
-			  const heim_octet_string *attr)
-{
-    hx509_cert_attribute a;
-    void *d;
-
-    if (hx509_cert_get_attribute(cert, oid) != NULL)
-	return 0;
-
-    d = realloc(cert->attrs.val, 
-		sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
-    if (d == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    cert->attrs.val = d;
-
-    a = malloc(sizeof(*a));
-    if (a == NULL)
-	return ENOMEM;
-
-    der_copy_octet_string(attr, &a->data);
-    der_copy_oid(oid, &a->oid);
-    
-    cert->attrs.val[cert->attrs.len] = a;
-    cert->attrs.len++;
-
-    return 0;
-}
-
-/**
- * Get an external attribute for the certificate, examples are
- * friendly name and id.
- *
- * @param cert hx509 certificate object to search
- * @param oid an oid to search for.
- *
- * @return an hx509_cert_attribute, only valid as long as the
- * certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert_attribute
-hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
-{
-    int i;
-    for (i = 0; i < cert->attrs.len; i++)
-	if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
-	    return cert->attrs.val[i];
-    return NULL;
-}
-
-/**
- * Set the friendly name on the certificate.
- *
- * @param cert The certificate to set the friendly name on
- * @param name Friendly name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_set_friendly_name(hx509_cert cert, const char *name)
-{
-    if (cert->friendlyname)
-	free(cert->friendlyname);
-    cert->friendlyname = strdup(name);
-    if (cert->friendlyname == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-/**
- * Get friendly name of the certificate.
- *
- * @param cert cert to get the friendly name from.
- *
- * @return an friendly name or NULL if there is. The friendly name is
- * only valid as long as the certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-const char *
-hx509_cert_get_friendly_name(hx509_cert cert)
-{
-    hx509_cert_attribute a;
-    PKCS9_friendlyName n;
-    size_t sz;
-    int ret, i;
-
-    if (cert->friendlyname)
-	return cert->friendlyname;
-
-    a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName());
-    if (a == NULL) {
-	/* XXX use subject name ? */
-	return NULL; 
-    }
-
-    ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
-    if (ret)
-	return NULL;
-	
-    if (n.len != 1) {
-	free_PKCS9_friendlyName(&n);
-	return NULL;
-    }
-    
-    cert->friendlyname = malloc(n.val[0].length + 1);
-    if (cert->friendlyname == NULL) {
-	free_PKCS9_friendlyName(&n);
-	return NULL;
-    }
-    
-    for (i = 0; i < n.val[0].length; i++) {
-	if (n.val[0].data[i] <= 0xff)
-	    cert->friendlyname[i] = n.val[0].data[i] & 0xff;
-	else
-	    cert->friendlyname[i] = 'X';
-    }
-    cert->friendlyname[i] = '\0';
-    free_PKCS9_friendlyName(&n);
-
-    return cert->friendlyname;
-}
-
-void
-_hx509_query_clear(hx509_query *q)
-{
-    memset(q, 0, sizeof(*q));
-}
-
-/**
- * Allocate an query controller. Free using hx509_query_free().
- *
- * @param context A hx509 context.
- * @param q return pointer to a hx509_query.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_alloc(hx509_context context, hx509_query **q)
-{
-    *q = calloc(1, sizeof(**q));
-    if (*q == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-/**
- * Set match options for the hx509 query controller.
- *
- * @param q query controller.
- * @param option options to control the query controller.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_match_option(hx509_query *q, hx509_query_option option)
-{
-    switch(option) {
-    case HX509_QUERY_OPTION_PRIVATE_KEY:
-	q->match |= HX509_QUERY_PRIVATE_KEY;
-	break;
-    case HX509_QUERY_OPTION_KU_ENCIPHERMENT:
-	q->match |= HX509_QUERY_KU_ENCIPHERMENT;
-	break;
-    case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE:
-	q->match |= HX509_QUERY_KU_DIGITALSIGNATURE;
-	break;
-    case HX509_QUERY_OPTION_KU_KEYCERTSIGN:
-	q->match |= HX509_QUERY_KU_KEYCERTSIGN;
-	break;
-    case HX509_QUERY_OPTION_END:
-    default:
-	break;
-    }
-}
-
-/**
- * Set the issuer and serial number of match in the query
- * controller. The function make copies of the isser and serial number.
- *
- * @param q a hx509 query controller
- * @param issuer issuer to search for
- * @param serialNumber the serialNumber of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_issuer_serial(hx509_query *q,
-				const Name *issuer, 
-				const heim_integer *serialNumber)
-{
-    int ret;
-    if (q->serial) {
-	der_free_heim_integer(q->serial);
-	free(q->serial);
-    }
-    q->serial = malloc(sizeof(*q->serial));
-    if (q->serial == NULL)
-	return ENOMEM;
-    ret = der_copy_heim_integer(serialNumber, q->serial);
-    if (ret) {
-	free(q->serial);
-	q->serial = NULL;
-	return ret;
-    }
-    if (q->issuer_name) {
-	free_Name(q->issuer_name);
-	free(q->issuer_name);
-    }
-    q->issuer_name = malloc(sizeof(*q->issuer_name));
-    if (q->issuer_name == NULL)
-	return ENOMEM;
-    ret = copy_Name(issuer, q->issuer_name);
-    if (ret) {
-	free(q->issuer_name);
-	q->issuer_name = NULL;
-	return ret;
-    }
-    q->match |= HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
-    return 0;
-}
-
-/**
- * Set the query controller to match on a friendly name
- *
- * @param q a hx509 query controller.
- * @param name a friendly name to match on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_friendly_name(hx509_query *q, const char *name)
-{
-    if (q->friendlyname)
-	free(q->friendlyname);
-    q->friendlyname = strdup(name);
-    if (q->friendlyname == NULL)
-	return ENOMEM;
-    q->match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
-    return 0;
-}
-
-/**
- * Set the query controller to match using a specific match function.
- *
- * @param q a hx509 query controller.
- * @param func function to use for matching, if the argument is NULL,
- * the match function is removed.
- * @param ctx context passed to the function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_cmp_func(hx509_query *q,
-			   int (*func)(void *, hx509_cert),
-			   void *ctx)
-{
-    if (func)
-	q->match |= HX509_QUERY_MATCH_FUNCTION;
-    else
-	q->match &= ~HX509_QUERY_MATCH_FUNCTION;
-    q->cmp_func = func;
-    q->cmp_func_ctx = ctx;
-    return 0;
-}
-
-/**
- * Free the query controller.
- *
- * @param context A hx509 context.
- * @param q a pointer to the query controller.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_free(hx509_context context, hx509_query *q)
-{
-    if (q->serial) {
-	der_free_heim_integer(q->serial);
-	free(q->serial);
-	q->serial = NULL;
-    }
-    if (q->issuer_name) {
-	free_Name(q->issuer_name);
-	free(q->issuer_name);
-	q->issuer_name = NULL;
-    }
-    if (q) {
-	free(q->friendlyname);
-	memset(q, 0, sizeof(*q));
-    }
-    free(q);
-}
-
-int
-_hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert)
-{
-    Certificate *c = _hx509_get_cert(cert);
-
-    _hx509_query_statistic(context, 1, q);
-
-    if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) &&
-	_hx509_cert_is_parent_cmp(q->subject, c, 0) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_CERTIFICATE) &&
-	_hx509_Certificate_cmp(q->certificate, c) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_SERIALNUMBER)
-	&& der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME)
-	&& _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME)
-	&& _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0)
-	return 0;
-
-    if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) {
-	SubjectKeyIdentifier si;
-	int ret;
-
-	ret = _hx509_find_extension_subject_key_id(c, &si);
-	if (ret == 0) {
-	    if (der_heim_octet_string_cmp(&si, q->subject_id) != 0)
-		ret = 1;
-	    free_SubjectKeyIdentifier(&si);
-	}
-	if (ret)
-	    return 0;
-    }
-    if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
-	return 0;
-    if ((q->match & HX509_QUERY_PRIVATE_KEY) && 
-	_hx509_cert_private_key(cert) == NULL)
-	return 0;
-
-    {
-	unsigned ku = 0;
-	if (q->match & HX509_QUERY_KU_DIGITALSIGNATURE)
-	    ku |= (1 << 0);
-	if (q->match & HX509_QUERY_KU_NONREPUDIATION)
-	    ku |= (1 << 1);
-	if (q->match & HX509_QUERY_KU_ENCIPHERMENT)
-	    ku |= (1 << 2);
-	if (q->match & HX509_QUERY_KU_DATAENCIPHERMENT)
-	    ku |= (1 << 3);
-	if (q->match & HX509_QUERY_KU_KEYAGREEMENT)
-	    ku |= (1 << 4);
-	if (q->match & HX509_QUERY_KU_KEYCERTSIGN)
-	    ku |= (1 << 5);
-	if (q->match & HX509_QUERY_KU_CRLSIGN)
-	    ku |= (1 << 6);
-	if (ku && check_key_usage(context, c, ku, TRUE))
-	    return 0;
-    }
-    if ((q->match & HX509_QUERY_ANCHOR))
-	return 0;
-
-    if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) {
-	hx509_cert_attribute a;
-
-	a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_localKeyId());
-	if (a == NULL)
-	    return 0;
-	if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_NO_MATCH_PATH) {
-	size_t i;
-
-	for (i = 0; i < q->path->len; i++)
-	    if (hx509_cert_cmp(q->path->val[i], cert) == 0)
-		return 0;
-    }
-    if (q->match & HX509_QUERY_MATCH_FRIENDLY_NAME) {
-	const char *name = hx509_cert_get_friendly_name(cert);
-	if (name == NULL)
-	    return 0;
-	if (strcasecmp(q->friendlyname, name) != 0)
-	    return 0;
-    }
-    if (q->match & HX509_QUERY_MATCH_FUNCTION) {
-	int ret = (*q->cmp_func)(q->cmp_func_ctx, cert);
-	if (ret != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
-	heim_octet_string os;
-	int ret;
-
-	os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-	os.length = 
-	    c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      hx509_signature_sha1(),
-				      &os,
-				      q->keyhash_sha1);
-	if (ret != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_MATCH_TIME) {
-	time_t t;
-	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
-	if (t > q->timenow)
-	    return 0;
-	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
-	if (t < q->timenow)
-	    return 0;
-    }
-
-    if (q->match & ~HX509_QUERY_MASK)
-	return 0;
-
-    return 1;
-}
-
-/**
- * Set a statistic file for the query statistics.
- *
- * @param context A hx509 context.
- * @param fn statistics file name
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_statistic_file(hx509_context context, const char *fn)
-{
-    if (context->querystat)
-	free(context->querystat);
-    context->querystat = strdup(fn);
-}
-
-void
-_hx509_query_statistic(hx509_context context, int type, const hx509_query *q)
-{
-    FILE *f;
-    if (context->querystat == NULL)
-	return;
-    f = fopen(context->querystat, "a");
-    if (f == NULL)
-	return;
-    fprintf(f, "%d %d\n", type, q->match);
-    fclose(f);
-}
-
-static const char *statname[] = {
-    "find issuer cert",
-    "match serialnumber",
-    "match issuer name",
-    "match subject name",
-    "match subject key id",
-    "match issuer id",
-    "private key",
-    "ku encipherment",
-    "ku digitalsignature",
-    "ku keycertsign",
-    "ku crlsign",
-    "ku nonrepudiation",
-    "ku keyagreement",
-    "ku dataencipherment",
-    "anchor",
-    "match certificate",
-    "match local key id",
-    "no match path",
-    "match friendly name",
-    "match function",
-    "match key hash sha1",
-    "match time"
-};
-
-struct stat_el {
-    unsigned long stats;
-    unsigned int index;
-};
-
-
-static int
-stat_sort(const void *a, const void *b)
-{
-    const struct stat_el *ae = a;
-    const struct stat_el *be = b;
-    return be->stats - ae->stats;
-}
-
-/**
- * Unparse the statistics file and print the result on a FILE descriptor.
- *
- * @param context A hx509 context.
- * @param printtype tyep to print
- * @param out the FILE to write the data on.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
-{
-    rtbl_t t;
-    FILE *f;
-    int type, mask, i, num;
-    unsigned long multiqueries = 0, totalqueries = 0;
-    struct stat_el stats[32];
-
-    if (context->querystat == NULL)
-	return;
-    f = fopen(context->querystat, "r");
-    if (f == NULL) {
-	fprintf(out, "No statistic file %s: %s.\n", 
-		context->querystat, strerror(errno));
-	return;
-    }
-    
-    for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
-	stats[i].index = i;
-	stats[i].stats = 0;
-    }
-
-    while (fscanf(f, "%d %d\n", &type, &mask) == 2) {
-	if (type != printtype)
-	    continue;
-	num = i = 0;
-	while (mask && i < sizeof(stats)/sizeof(stats[0])) {
-	    if (mask & 1) {
-		stats[i].stats++;
-		num++;
-	    }
-	    mask = mask >>1 ;
-	    i++;
-	}
-	if (num > 1)
-	    multiqueries++;
-	totalqueries++;
-    }
-    fclose(f);
-
-    qsort(stats, sizeof(stats)/sizeof(stats[0]), sizeof(stats[0]), stat_sort);
-
-    t = rtbl_create();
-    if (t == NULL)
-	errx(1, "out of memory");
-
-    rtbl_set_separator (t, "  ");
-    
-    rtbl_add_column_by_id (t, 0, "Name", 0);
-    rtbl_add_column_by_id (t, 1, "Counter", 0);
-
-
-    for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
-	char str[10];
-
-	if (stats[i].index < sizeof(statname)/sizeof(statname[0])) 
-	    rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]);
-	else {
-	    snprintf(str, sizeof(str), "%d", stats[i].index);
-	    rtbl_add_column_entry_by_id (t, 0, str);
-	}
-	snprintf(str, sizeof(str), "%lu", stats[i].stats);
-	rtbl_add_column_entry_by_id (t, 1, str);
-    }
-
-    rtbl_format(t, out);
-    rtbl_destroy(t);
-
-    fprintf(out, "\nQueries: multi %lu total %lu\n", 
-	    multiqueries, totalqueries);
-}
-
-/**
- * Check the extended key usage on the hx509 certificate.
- *
- * @param context A hx509 context.
- * @param cert A hx509 context.
- * @param eku the EKU to check for
- * @param allow_any_eku if the any EKU is set, allow that to be a
- * substitute.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_check_eku(hx509_context context, hx509_cert cert,
-		     const heim_oid *eku, int allow_any_eku)
-{
-    ExtKeyUsage e;
-    int ret, i;
-
-    ret = find_extension_eku(_hx509_get_cert(cert), &e);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-
-    for (i = 0; i < e.len; i++) {
-	if (der_heim_oid_cmp(eku, &e.val[i]) == 0) {
-	    free_ExtKeyUsage(&e);
-	    return 0;
-	}
-	if (allow_any_eku) {
-#if 0
-	    if (der_heim_oid_cmp(id_any_eku, &e.val[i]) == 0) {
-		free_ExtKeyUsage(&e);
-		return 0;
-	    }
-#endif
-	}
-    }
-    free_ExtKeyUsage(&e);
-    hx509_clear_error_string(context);
-    return HX509_CERTIFICATE_MISSING_EKU;
-}
-
-int
-_hx509_cert_get_keyusage(hx509_context context,
-			 hx509_cert c,
-			 KeyUsage *ku)
-{
-    Certificate *cert;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    memset(ku, 0, sizeof(*ku));
-
-    cert = _hx509_get_cert(c);
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
-    if (e == NULL)
-	return HX509_KU_CERT_MISSING;
-    
-    ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
-    if (ret)
-	return ret;
-    return 0;
-}
-
-int
-_hx509_cert_get_eku(hx509_context context,
-		    hx509_cert cert,
-		    ExtKeyUsage *e)
-{
-    int ret;
-
-    memset(e, 0, sizeof(*e));
-
-    ret = find_extension_eku(_hx509_get_cert(cert), e);
-    if (ret && ret != HX509_EXTENSION_NOT_FOUND) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    return 0;
-}
-
-/**
- * Encodes the hx509 certificate as a DER encode binary.
- *
- * @param context A hx509 context.
- * @param c the certificate to encode.
- * @param os the encode certificate, set to NULL, 0 on case of
- * error. Free the returned structure with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os)
-{
-    size_t size;
-    int ret;
-
-    os->data = NULL;
-    os->length = 0;
-
-    ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, 
-		       _hx509_get_cert(c), &size, ret);
-    if (ret) {
-	os->data = NULL;
-	os->length = 0;
-	return ret;
-    }
-    if (os->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return ret;
-}
-
-/*
- * Last to avoid lost __attribute__s due to #undef.
- */
-
-#undef __attribute__
-#define __attribute__(X)
-
-void
-_hx509_abort(const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 1, 2)))
-{
-    va_list ap;
-    va_start(ap, fmt);
-    vprintf(fmt, ap);
-    va_end(ap);
-    printf("\n");
-    fflush(stdout);
-    abort();
-}
-
-/**
- * Free a data element allocated in the library.
- *
- * @param ptr data to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_xfree(void *ptr)
-{
-    free(ptr);
-}
diff --git a/crypto/heimdal/lib/hx509/cms.c b/crypto/heimdal/lib/hx509/cms.c
deleted file mode 100644
index 80bcaac..0000000
--- a/crypto/heimdal/lib/hx509/cms.c
+++ /dev/null
@@ -1,1426 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hx_locl.h"
-RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $");
-
-/**
- * @page page_cms CMS/PKCS7 message functions.
- *
- * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
- * standard PKCS7. The basic messages in CMS is 
- *
- * - SignedData
- *   Data signed with private key (RSA, DSA, ECDSA) or secret
- *   (symmetric) key
- * - EnvelopedData
- *   Data encrypted with private key (RSA)
- * - EncryptedData
- *   Data encrypted with secret (symmetric) key.
- * - ContentInfo
- *   Wrapper structure including type and data.
- *
- *
- * See the library functions here: @ref hx509_cms
- */
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
-
-/**
- * Wrap data and oid in a ContentInfo and encode it.
- *
- * @param oid type of the content.
- * @param buf data to be wrapped. If a NULL pointer is passed in, the
- * optional content field in the ContentInfo is not going be filled
- * in.
- * @param res the encoded buffer, the result should be freed with
- * der_free_octet_string().
- *
- * @return Returns an hx509 error code.
- * 
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_wrap_ContentInfo(const heim_oid *oid,
-			   const heim_octet_string *buf,
-			   heim_octet_string *res)
-{
-    ContentInfo ci;
-    size_t size;
-    int ret;
-
-    memset(res, 0, sizeof(*res));
-    memset(&ci, 0, sizeof(ci));
-
-    ret = der_copy_oid(oid, &ci.contentType);
-    if (ret)
-	return ret;
-    if (buf) {
-	ALLOC(ci.content, 1);
-	if (ci.content == NULL) {
-	    free_ContentInfo(&ci);
-	    return ENOMEM;
-	}
-	ci.content->data = malloc(buf->length);
-	if (ci.content->data == NULL) {
-	    free_ContentInfo(&ci);
-	    return ENOMEM;
-	}
-	memcpy(ci.content->data, buf->data, buf->length);
-	ci.content->length = buf->length;
-    }
-
-    ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
-    free_ContentInfo(&ci);
-    if (ret)
-	return ret;
-    if (res->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-}
-
-/**
- * Decode an ContentInfo and unwrap data and oid it.
- *
- * @param in the encoded buffer.
- * @param oid type of the content.
- * @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
- *
- * @return Returns an hx509 error code.
- * 
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
-			     heim_oid *oid,
-			     heim_octet_string *out,
-			     int *have_data)
-{
-    ContentInfo ci;
-    size_t size;
-    int ret;
-
-    memset(oid, 0, sizeof(*oid));
-    memset(out, 0, sizeof(*out));
-
-    ret = decode_ContentInfo(in->data, in->length, &ci, &size);
-    if (ret)
-	return ret;
-
-    ret = der_copy_oid(&ci.contentType, oid);
-    if (ret) {
-	free_ContentInfo(&ci);
-	return ret;
-    }
-    if (ci.content) {
-	ret = der_copy_octet_string(ci.content, out);
-	if (ret) {
-	    der_free_oid(oid);
-	    free_ContentInfo(&ci);
-	    return ret;
-	}
-    } else
-	memset(out, 0, sizeof(*out));
-
-    if (have_data)
-	*have_data = (ci.content != NULL) ? 1 : 0;
-
-    free_ContentInfo(&ci);
-
-    return 0;
-}
-
-#define CMS_ID_SKI	0
-#define CMS_ID_NAME	1
-
-static int
-fill_CMSIdentifier(const hx509_cert cert,
-		   int type,
-		   CMSIdentifier *id)
-{
-    int ret;
-
-    switch (type) {
-    case CMS_ID_SKI:
-	id->element = choice_CMSIdentifier_subjectKeyIdentifier;
-	ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
-						   &id->u.subjectKeyIdentifier);
-	if (ret == 0)
-	    break;
-	/* FALL THOUGH */
-    case CMS_ID_NAME: {
-	hx509_name name;
-
-	id->element = choice_CMSIdentifier_issuerAndSerialNumber;
-	ret = hx509_cert_get_issuer(cert, &name);
-	if (ret)
-	    return ret;
-	ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
-	hx509_name_free(&name);
-	if (ret)
-	    return ret;
-
-	ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
-	break;
-    }
-    default:
-	_hx509_abort("CMS fill identifier with unknown type");
-    }
-    return ret;
-}
-
-static int
-unparse_CMSIdentifier(hx509_context context,
-		      CMSIdentifier *id,
-		      char **str)
-{
-    int ret;
-
-    *str = NULL;
-    switch (id->element) {
-    case choice_CMSIdentifier_issuerAndSerialNumber: {
-	IssuerAndSerialNumber *iasn;
-	char *serial, *name;
-
-	iasn = &id->u.issuerAndSerialNumber;
-
-	ret = _hx509_Name_to_string(&iasn->issuer, &name);
-	if(ret)
-	    return ret;
-	ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
-	if (ret) {
-	    free(name);
-	    return ret;
-	}
-	asprintf(str, "certificate issued by %s with serial number %s",
-		 name, serial);
-	free(name);
-	free(serial);
-	break;
-    }
-    case choice_CMSIdentifier_subjectKeyIdentifier: {
-	KeyIdentifier *ki  = &id->u.subjectKeyIdentifier;
-	char *keyid;
-	ssize_t len;
-
-	len = hex_encode(ki->data, ki->length, &keyid);
-	if (len < 0)
-	    return ENOMEM;
-
-	asprintf(str, "certificate with id %s", keyid);
-	free(keyid);
-	break;
-    }
-    default:
-	asprintf(str, "certificate have unknown CMSidentifier type");
-	break;
-    }
-    if (*str == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-static int
-find_CMSIdentifier(hx509_context context,
-		   CMSIdentifier *client,
-		   hx509_certs certs,
-		   hx509_cert *signer_cert,
-		   int match)
-{
-    hx509_query q;
-    hx509_cert cert;
-    Certificate c;
-    int ret;
-
-    memset(&c, 0, sizeof(c));
-    _hx509_query_clear(&q);
-
-    *signer_cert = NULL;
-
-    switch (client->element) {
-    case choice_CMSIdentifier_issuerAndSerialNumber:
-	q.serial = &client->u.issuerAndSerialNumber.serialNumber;
-	q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
-	q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
-	break;
-    case choice_CMSIdentifier_subjectKeyIdentifier:
-	q.subject_id = &client->u.subjectKeyIdentifier;
-	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
-	break;
-    default:
-	hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-			       "unknown CMS identifier element");
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    }
-
-    q.match |= match;
-
-    q.match |= HX509_QUERY_MATCH_TIME;
-    q.timenow = time(NULL);
-
-    ret = hx509_certs_find(context, certs, &q, &cert);
-    if (ret == HX509_CERT_NOT_FOUND) {
-	char *str;
-
-	ret = unparse_CMSIdentifier(context, client, &str);
-	if (ret == 0) {
-	    hx509_set_error_string(context, 0,
-				   HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-				   "Failed to find %s", str);
-	} else
-	    hx509_clear_error_string(context);
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    } else if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND,
-			       HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-			       "Failed to find CMS id in cert store");
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    }
-
-    *signer_cert = cert;
-
-    return 0;
-}
-
-/**
- * Decode and unencrypt EnvelopedData.
- *
- * Extract data and parameteres from from the EnvelopedData. Also
- * supports using detached EnvelopedData.
- *
- * @param context A hx509 context.
- * @param certs Certificate that can decrypt the EnvelopedData
- * encryption key.
- * @param flags HX509_CMS_UE flags to control the behavior.
- * @param data pointer the structure the contains the DER/BER encoded
- * EnvelopedData stucture.
- * @param length length of the data that data point to.
- * @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
- * @param contentType output type oid, should be freed with der_free_oid().
- * @param content the data, free with der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unenvelope(hx509_context context,
-		     hx509_certs certs,
-		     int flags,
-		     const void *data,
-		     size_t length,
-		     const heim_octet_string *encryptedContent,
-		     heim_oid *contentType,
-		     heim_octet_string *content)
-{
-    heim_octet_string key;
-    EnvelopedData ed;
-    hx509_cert cert;
-    AlgorithmIdentifier *ai;
-    const heim_octet_string *enccontent;
-    heim_octet_string *params, params_data;
-    heim_octet_string ivec;
-    size_t size;
-    int ret, i, matched = 0, findflags = 0;
-
-
-    memset(&key, 0, sizeof(key));
-    memset(&ed, 0, sizeof(ed));
-    memset(&ivec, 0, sizeof(ivec));
-    memset(content, 0, sizeof(*content));
-    memset(contentType, 0, sizeof(*contentType));
-
-    if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
-	findflags |= HX509_QUERY_KU_ENCIPHERMENT;
-
-    ret = decode_EnvelopedData(data, length, &ed, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode EnvelopedData");
-	return ret;
-    }
-
-    if (ed.recipientInfos.len == 0) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, 0, ret,
-			       "No recipient info in enveloped data");
-	goto out;
-    }
-
-    enccontent = ed.encryptedContentInfo.encryptedContent;
-    if (enccontent == NULL) {
-	if (encryptedContent == NULL) {
-	    ret = HX509_CMS_NO_DATA_AVAILABLE;
-	    hx509_set_error_string(context, 0, ret,
-				   "Content missing from encrypted data");
-	    goto out;
-	}
-	enccontent = encryptedContent;
-    } else if (encryptedContent != NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "Both internal and external encrypted data");
-	goto out;
-    }
-
-    cert = NULL;
-    for (i = 0; i < ed.recipientInfos.len; i++) {
-	KeyTransRecipientInfo *ri;
-	char *str;
-	int ret2;
-
-	ri = &ed.recipientInfos.val[i];
-
-	ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
-				 HX509_QUERY_PRIVATE_KEY|findflags);
-	if (ret)
-	    continue;
-
-	matched = 1; /* found a matching certificate, let decrypt */
-
-	ret = _hx509_cert_private_decrypt(context,
-					  &ri->encryptedKey,
-					  &ri->keyEncryptionAlgorithm.algorithm,
-					  cert, &key);
-
-	hx509_cert_free(cert);
-	if (ret == 0)
-	    break; /* succuessfully decrypted cert */
-	cert = NULL;
-	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
-	if (ret2 == 0) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to decrypt with %s", str);
-	    free(str);
-	}
-    }
-
-    if (!matched) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, 0, ret,
-			       "No private key matched any certificate");
-	goto out;
-    }
-
-    if (cert == NULL) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "No private key decrypted the transfer key");
-	goto out;
-    }
-
-    ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy EnvelopedData content oid");
-	goto out;
-    }
-
-    ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-    if (ai->parameters) {
-	params_data.data = ai->parameters->data;
-	params_data.length = ai->parameters->length;
-	params = &params_data;
-    } else
-	params = NULL;
-
-    {
-	hx509_crypto crypto;
-
-	ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
-	if (ret)
-	    goto out;
-	
-	if (params) {
-	    ret = hx509_crypto_set_params(context, crypto, params, &ivec);
-	    if (ret) {
-		hx509_crypto_destroy(crypto);
-		goto out;
-	    }
-	}
-
-	ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
-	if (ret) {
-	    hx509_crypto_destroy(crypto);
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to set key for decryption "
-				   "of EnvelopedData");
-	    goto out;
-	}
-	
-	ret = hx509_crypto_decrypt(crypto,
-				   enccontent->data,
-				   enccontent->length,
-				   ivec.length ? &ivec : NULL,
-				   content);
-	hx509_crypto_destroy(crypto);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to decrypt EnvelopedData");
-	    goto out;
-	}
-    }
-
-out:
-
-    free_EnvelopedData(&ed);
-    der_free_octet_string(&key);
-    if (ivec.length)
-	der_free_octet_string(&ivec);
-    if (ret) {
-	der_free_oid(contentType);
-	der_free_octet_string(content);
-    }
-
-    return ret;
-}
-
-/**
- * Encrypt end encode EnvelopedData.
- *
- * Encrypt and encode EnvelopedData. The data is encrypted with a
- * random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
- * used to RSA.
- *
- * @param context A hx509 context.
- * @param flags flags to control the behavior, no flags today
- * @param cert Certificate to encrypt the EnvelopedData encryption key
- * with.
- * @param data pointer the data to encrypt.
- * @param length length of the data that data point to.
- * @param encryption_type Encryption cipher to use for the bulk data,
- * use NULL to get default.
- * @param contentType type of the data that is encrypted
- * @param content the output of the function,
- * free with der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_envelope_1(hx509_context context,
-		     int flags,
-		     hx509_cert cert,
-		     const void *data,
-		     size_t length,
-		     const heim_oid *encryption_type,
-		     const heim_oid *contentType,
-		     heim_octet_string *content)
-{
-    KeyTransRecipientInfo *ri;
-    heim_octet_string ivec;
-    heim_octet_string key;
-    hx509_crypto crypto = NULL;
-    EnvelopedData ed;
-    size_t size;
-    int ret;
-
-    memset(&ivec, 0, sizeof(ivec));
-    memset(&key, 0, sizeof(key));
-    memset(&ed, 0, sizeof(ed));
-    memset(content, 0, sizeof(*content));
-
-    if (encryption_type == NULL)
-	encryption_type = oid_id_aes_256_cbc();
-
-    ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_set_random_key(crypto, &key);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Create random key for EnvelopedData content");
-	goto out;
-    }
-
-    ret = hx509_crypto_random_iv(crypto, &ivec);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to create a random iv");
-	goto out;
-    }
-
-    ret = hx509_crypto_encrypt(crypto,
-			       data,
-			       length,
-			       &ivec,
-			       &ed.encryptedContentInfo.encryptedContent);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to encrypt EnvelopedData content");
-	goto out;
-    }
-
-    {
-	AlgorithmIdentifier *enc_alg;
-	enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-	ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to set crypto oid "
-				   "for EnvelopedData");
-	    goto out;
-	}	
-	ALLOC(enc_alg->parameters, 1);
-	if (enc_alg->parameters == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to allocate crypto paramaters "
-				   "for EnvelopedData");
-	    goto out;
-	}
-
-	ret = hx509_crypto_get_params(context,
-				      crypto,
-				      &ivec,
-				      enc_alg->parameters);
-	if (ret) {
-	    goto out;
-	}
-    }
-
-    ALLOC_SEQ(&ed.recipientInfos, 1);
-    if (ed.recipientInfos.val == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to allocate recipients info "
-			       "for EnvelopedData");
-	goto out;
-    }
-
-    ri = &ed.recipientInfos.val[0];
-
-    ri->version = 0;
-    ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to set CMS identifier info "
-			       "for EnvelopedData");
-	goto out;
-    }
-
-    ret = _hx509_cert_public_encrypt(context,
-				     &key, cert,
-				     &ri->keyEncryptionAlgorithm.algorithm,
-				     &ri->encryptedKey);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "Failed to encrypt transport key for "
-			       "EnvelopedData");
-	goto out;
-    }
-
-    /*
-     *
-     */
-
-    ed.version = 0;
-    ed.originatorInfo = NULL;
-
-    ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy content oid for "
-			       "EnvelopedData");
-	goto out;
-    }
-
-    ed.unprotectedAttrs = NULL;
-
-    ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
-		       &ed, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to encode EnvelopedData");
-	goto out;
-    }
-    if (size != content->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-out:
-    if (crypto)
-	hx509_crypto_destroy(crypto);
-    if (ret)
-	der_free_octet_string(content);
-    der_free_octet_string(&key);
-    der_free_octet_string(&ivec);
-    free_EnvelopedData(&ed);
-
-    return ret;
-}
-
-static int
-any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
-{
-    int ret, i;
-
-    if (sd->certificates == NULL)
-	return 0;
-
-    for (i = 0; i < sd->certificates->len; i++) {
-	hx509_cert c;
-
-	ret = hx509_cert_init_data(context, 
-				   sd->certificates->val[i].data, 
-				   sd->certificates->val[i].length,
-				   &c);
-	if (ret)
-	    return ret;
-	ret = hx509_certs_add(context, certs, c);
-	hx509_cert_free(c);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-static const Attribute *
-find_attribute(const CMSAttributes *attr, const heim_oid *oid)
-{
-    int i;
-    for (i = 0; i < attr->len; i++)
-	if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
-	    return &attr->val[i];
-    return NULL;
-}
-
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param ctx a hx509 version context
- * @param data
- * @param length length of the data that data point to.
- * @param signedContent
- * @param pool certificate pool to build certificates paths.
- * @param contentType free with der_free_oid()
- * @param content the output of the function, free with
- * der_free_octet_string().
- * @param signer_certs list of the cerficates used to sign this
- * request, free with hx509_certs_free().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_verify_signed(hx509_context context,
-			hx509_verify_ctx ctx,
-			const void *data,
-			size_t length,
-			const heim_octet_string *signedContent,
-			hx509_certs pool,
-			heim_oid *contentType,
-			heim_octet_string *content,
-			hx509_certs *signer_certs)
-{
-    SignerInfo *signer_info;
-    hx509_cert cert = NULL;
-    hx509_certs certs = NULL;
-    SignedData sd;
-    size_t size;
-    int ret, i, found_valid_sig;
-
-    *signer_certs = NULL;
-    content->data = NULL;
-    content->length = 0;
-    contentType->length = 0;
-    contentType->components = NULL;
-
-    memset(&sd, 0, sizeof(sd));
-
-    ret = decode_SignedData(data, length, &sd, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode SignedData");
-	goto out;
-    }
-
-    if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "No content data in SignedData");
-	goto out;
-    }
-    if (sd.encapContentInfo.eContent && signedContent) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "Both external and internal SignedData");
-	goto out;
-    }
-    if (sd.encapContentInfo.eContent)
-	signedContent = sd.encapContentInfo.eContent;
-
-    ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
-			   0, NULL, &certs);
-    if (ret)
-	goto out;
-
-    ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
-			   0, NULL, signer_certs);
-    if (ret)
-	goto out;
-
-    /* XXX Check CMS version */
-
-    ret = any_to_certs(context, &sd, certs);
-    if (ret)
-	goto out;
-
-    if (pool) {
-	ret = hx509_certs_merge(context, certs, pool);
-	if (ret)
-	    goto out;
-    }
-
-    for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
-	heim_octet_string *signed_data;
-	const heim_oid *match_oid;
-	heim_oid decode_oid;
-
-	signer_info = &sd.signerInfos.val[i];
-	match_oid = NULL;
-
-	if (signer_info->signature.length == 0) {
-	    ret = HX509_CMS_MISSING_SIGNER_DATA;
-	    hx509_set_error_string(context, 0, ret,
-				   "SignerInfo %d in SignedData "
-				   "missing sigature", i);
-	    continue;
-	}
-
-	ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
-				 HX509_QUERY_KU_DIGITALSIGNATURE);
-	if (ret)
-	    continue;
-
-	if (signer_info->signedAttrs) {
-	    const Attribute *attr;
-	
-	    CMSAttributes sa;
-	    heim_octet_string os;
-
-	    sa.val = signer_info->signedAttrs->val;
-	    sa.len = signer_info->signedAttrs->len;
-
-	    /* verify that sigature exists */
-	    attr = find_attribute(&sa, oid_id_pkcs9_messageDigest());
-	    if (attr == NULL) {
-		ret = HX509_CRYPTO_SIGNATURE_MISSING;
-		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have signed attributes "
-				       "but messageDigest (signature) "
-				       "is missing");
-		goto next_sigature;
-	    }
-	    if (attr->value.len != 1) {
-		ret = HX509_CRYPTO_SIGNATURE_MISSING;
-		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have more then one "
-				       "messageDigest (signature)");
-		goto next_sigature;
-	    }
-	
-	    ret = decode_MessageDigest(attr->value.val[0].data,
-				       attr->value.val[0].length,
-				       &os,
-				       &size);
-	    if (ret) {
-		hx509_set_error_string(context, 0, ret,
-				       "Failed to decode "
-				       "messageDigest (signature)");
-		goto next_sigature;
-	    }
-
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &signer_info->digestAlgorithm,
-					  signedContent,
-					  &os);
-	    der_free_octet_string(&os);
-	    if (ret) {
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Failed to verify messageDigest");
-		goto next_sigature;
-	    }
-
-	    /*
-	     * Fetch content oid inside signedAttrs or set it to
-	     * id-pkcs7-data.
-	     */
-	    attr = find_attribute(&sa, oid_id_pkcs9_contentType());
-	    if (attr == NULL) {
-		match_oid = oid_id_pkcs7_data();
-	    } else {
-		if (attr->value.len != 1) {
-		    ret = HX509_CMS_DATA_OID_MISMATCH;
-		    hx509_set_error_string(context, 0, ret,
-					   "More then one oid in signedAttrs");
-		    goto next_sigature;
-
-		}
-		ret = decode_ContentType(attr->value.val[0].data,
-					 attr->value.val[0].length,
-					 &decode_oid,
-					 &size);
-		if (ret) {
-		    hx509_set_error_string(context, 0, ret,
-					   "Failed to decode "
-					   "oid in signedAttrs");
-		    goto next_sigature;
-		}
-		match_oid = &decode_oid;
-	    }
-
-	    ALLOC(signed_data, 1);
-	    if (signed_data == NULL) {
-		if (match_oid == &decode_oid)
-		    der_free_oid(&decode_oid);
-		ret = ENOMEM;
-		hx509_clear_error_string(context);
-		goto next_sigature;
-	    }
-	
-	    ASN1_MALLOC_ENCODE(CMSAttributes,
-			       signed_data->data,
-			       signed_data->length,
-			       &sa,
-			       &size, ret);
-	    if (ret) {
-		if (match_oid == &decode_oid)
-		    der_free_oid(&decode_oid);
-		free(signed_data);
-		hx509_clear_error_string(context);
-		goto next_sigature;
-	    }
-	    if (size != signed_data->length)
-		_hx509_abort("internal ASN.1 encoder error");
-
-	} else {
-	    signed_data = rk_UNCONST(signedContent);
-	    match_oid = oid_id_pkcs7_data();
-	}
-
-	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) {
-	    ret = HX509_CMS_DATA_OID_MISMATCH;
-	    hx509_set_error_string(context, 0, ret,
-				   "Oid in message mismatch from the expected");
-	}
-	if (match_oid == &decode_oid)
-	    der_free_oid(&decode_oid);
-
-	if (ret == 0) {
-	    ret = hx509_verify_signature(context,
-					 cert,
-					 &signer_info->signatureAlgorithm,
-					 signed_data,
-					 &signer_info->signature);
-	    if (ret)
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Failed to verify sigature in "
-				       "CMS SignedData");
-	}
-	if (signed_data != signedContent) {
-	    der_free_octet_string(signed_data);
-	    free(signed_data);
-	}
-	if (ret)
-	    goto next_sigature;
-
-	ret = hx509_verify_path(context, ctx, cert, certs);
-	if (ret)
-	    goto next_sigature;
-
-	ret = hx509_certs_add(context, *signer_certs, cert);
-	if (ret)
-	    goto next_sigature;
-
-	found_valid_sig++;
-
-    next_sigature:
-	if (cert)
-	    hx509_cert_free(cert);
-	cert = NULL;
-    }
-    if (found_valid_sig == 0) {
-	if (ret == 0) {
-	    ret = HX509_CMS_SIGNER_NOT_FOUND;
-	    hx509_set_error_string(context, 0, ret,
-				   "No signers where found");
-	}
-	goto out;
-    }
-
-    ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    content->data = malloc(signedContent->length);
-    if (content->data == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-    content->length = signedContent->length;
-    memcpy(content->data, signedContent->data, content->length);
-
-out:
-    free_SignedData(&sd);
-    if (certs)
-	hx509_certs_free(&certs);
-    if (ret) {
-	if (*signer_certs)
-	    hx509_certs_free(signer_certs);
-	der_free_oid(contentType);
-	der_free_octet_string(content);
-    }
-
-    return ret;
-}
-
-static int
-add_one_attribute(Attribute **attr,
-		  unsigned int *len,
-		  const heim_oid *oid,
-		  heim_octet_string *data)
-{
-    void *d;
-    int ret;
-
-    d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
-    if (d == NULL)
-	return ENOMEM;
-    (*attr) = d;
-
-    ret = der_copy_oid(oid, &(*attr)[*len].type);
-    if (ret)
-	return ret;
-
-    ALLOC_SEQ(&(*attr)[*len].value, 1);
-    if ((*attr)[*len].value.val == NULL) {
-	der_free_oid(&(*attr)[*len].type);
-	return ENOMEM;
-    }
-
-    (*attr)[*len].value.val[0].data = data->data;
-    (*attr)[*len].value.val[0].length = data->length;
-
-    *len += 1;
-
-    return 0;
-}
-	
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param flags
- * @param eContentType the type of the data.
- * @param data data to sign
- * @param length length of the data that data point to.
- * @param digest_alg digest algorithm to use, use NULL to get the
- * default or the peer determined algorithm.
- * @param cert certificate to use for sign the data.
- * @param peer info about the peer the message to send the message to,
- * like what digest algorithm to use.
- * @param anchors trust anchors that the client will use, used to
- * polulate the certificates included in the message
- * @param pool certificates to use in try to build the path to the
- * trust anchors.
- * @param signed_data the output of the function, free with
- * der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_create_signed_1(hx509_context context,
-			  int flags,
-			  const heim_oid *eContentType,
-			  const void *data, size_t length,
-			  const AlgorithmIdentifier *digest_alg,
-			  hx509_cert cert,
-			  hx509_peer_info peer,
-			  hx509_certs anchors,
-			  hx509_certs pool,
-			  heim_octet_string *signed_data)
-{
-    AlgorithmIdentifier digest;
-    hx509_name name;
-    SignerInfo *signer_info;
-    heim_octet_string buf, content, sigdata = { 0, NULL };
-    SignedData sd;
-    int ret;
-    size_t size;
-    hx509_path path;
-    int cmsidflag = CMS_ID_SKI;
-
-    memset(&sd, 0, sizeof(sd));
-    memset(&name, 0, sizeof(name));
-    memset(&path, 0, sizeof(path));
-    memset(&digest, 0, sizeof(digest));
-
-    content.data = rk_UNCONST(data);
-    content.length = length;
-
-    if (flags & HX509_CMS_SIGATURE_ID_NAME)
-	cmsidflag = CMS_ID_NAME;
-
-    if (_hx509_cert_private_key(cert) == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private key missing for signing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    if (digest_alg == NULL) {
-	ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
-				  _hx509_cert_private_key(cert), peer, &digest);
-    } else {
-	ret = copy_AlgorithmIdentifier(digest_alg, &digest);
-	if (ret)
-	    hx509_clear_error_string(context);
-    }
-    if (ret)
-	goto out;
-
-    sd.version = CMSVersion_v3;
-
-    if (eContentType == NULL)
-	eContentType = oid_id_pkcs7_data();
-
-    der_copy_oid(eContentType, &sd.encapContentInfo.eContentType);
-
-    /* */
-    if ((flags & HX509_CMS_SIGATURE_DETACHED) == 0) {
-	ALLOC(sd.encapContentInfo.eContent, 1);
-	if (sd.encapContentInfo.eContent == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	
-	sd.encapContentInfo.eContent->data = malloc(length);
-	if (sd.encapContentInfo.eContent->data == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	memcpy(sd.encapContentInfo.eContent->data, data, length);
-	sd.encapContentInfo.eContent->length = length;
-    }
-
-    ALLOC_SEQ(&sd.signerInfos, 1);
-    if (sd.signerInfos.val == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-
-    signer_info = &sd.signerInfos.val[0];
-
-    signer_info->version = 1;
-
-    ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }			
-
-    signer_info->signedAttrs = NULL;
-    signer_info->unsignedAttrs = NULL;
-
-
-    ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    /*
-     * If it isn't pkcs7-data send signedAttributes
-     */
-
-    if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
-	CMSAttributes sa;	
-	heim_octet_string sig;
-
-	ALLOC(signer_info->signedAttrs, 1);
-	if (signer_info->signedAttrs == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = _hx509_create_signature(context,
-				      NULL,
-				      &digest,
-				      &content,
-				      NULL,
-				      &sig);
-	if (ret)
-	    goto out;
-
-	ASN1_MALLOC_ENCODE(MessageDigest,
-			   buf.data,
-			   buf.length,
-			   &sig,
-			   &size,
-			   ret);
-	der_free_octet_string(&sig);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	if (size != buf.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-
-	ret = add_one_attribute(&signer_info->signedAttrs->val,
-				&signer_info->signedAttrs->len,
-				oid_id_pkcs9_messageDigest(),
-				&buf);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-
-
-	ASN1_MALLOC_ENCODE(ContentType,
-			   buf.data,
-			   buf.length,
-			   eContentType,
-			   &size,
-			   ret);
-	if (ret)
-	    goto out;
-	if (size != buf.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-
-	ret = add_one_attribute(&signer_info->signedAttrs->val,
-				&signer_info->signedAttrs->len,
-				oid_id_pkcs9_contentType(),
-				&buf);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-
-	sa.val = signer_info->signedAttrs->val;
-	sa.len = signer_info->signedAttrs->len;
-	
-	ASN1_MALLOC_ENCODE(CMSAttributes,
-			   sigdata.data,
-			   sigdata.length,
-			   &sa,
-			   &size,
-			   ret);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	if (size != sigdata.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-    } else {
-	sigdata.data = content.data;
-	sigdata.length = content.length;
-    }
-
-
-    {
-	AlgorithmIdentifier sigalg;
-
-	ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
-				  _hx509_cert_private_key(cert), peer,
-				  &sigalg);
-	if (ret)
-	    goto out;
-
-	ret = _hx509_create_signature(context,
-				      _hx509_cert_private_key(cert),
-				      &sigalg,
-				      &sigdata,
-				      &signer_info->signatureAlgorithm,
-				      &signer_info->signature);
-	free_AlgorithmIdentifier(&sigalg);
-	if (ret)
-	    goto out;
-    }
-
-    ALLOC_SEQ(&sd.digestAlgorithms, 1);
-    if (sd.digestAlgorithms.val == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = copy_AlgorithmIdentifier(&digest, &sd.digestAlgorithms.val[0]);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    /*
-     * Provide best effort path
-     */
-    if (pool) {
-	_hx509_calculate_path(context,
-			      HX509_CALCULATE_PATH_NO_ANCHOR,			      
-			      time(NULL),
-			      anchors,
-			      0,
-			      cert,
-			      pool,
-			      &path);
-    } else
-	_hx509_path_append(context, &path, cert);
-
-
-    if (path.len) {
-	int i;
-
-	ALLOC(sd.certificates, 1);
-	if (sd.certificates == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ALLOC_SEQ(sd.certificates, path.len);
-	if (sd.certificates->val == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	for (i = 0; i < path.len; i++) {
-	    ret = hx509_cert_binary(context, path.val[i],
-				    &sd.certificates->val[i]);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(SignedData,
-		       signed_data->data, signed_data->length,
-		       &sd, &size, ret);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-    if (signed_data->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-out:
-    if (sigdata.data != content.data)
-	der_free_octet_string(&sigdata);
-    free_AlgorithmIdentifier(&digest);
-    _hx509_path_free(&path);
-    free_SignedData(&sd);
-
-    return ret;
-}
-
-int
-hx509_cms_decrypt_encrypted(hx509_context context,
-			    hx509_lock lock,
-			    const void *data,
-			    size_t length,
-			    heim_oid *contentType,
-			    heim_octet_string *content)
-{
-    heim_octet_string cont;
-    CMSEncryptedData ed;
-    AlgorithmIdentifier *ai;
-    int ret;
-
-    memset(content, 0, sizeof(*content));
-    memset(&cont, 0, sizeof(cont));
-
-    ret = decode_CMSEncryptedData(data, length, &ed, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode CMSEncryptedData");
-	return ret;
-    }
-
-    if (ed.encryptedContentInfo.encryptedContent == NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "No content in EncryptedData");
-	goto out;
-    }
-
-    ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-    if (ai->parameters == NULL) {
-	ret = HX509_ALG_NOT_SUPP;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = _hx509_pbe_decrypt(context,
-			     lock,
-			     ai,
-			     ed.encryptedContentInfo.encryptedContent,
-			     &cont);
-    if (ret)
-	goto out;
-
-    *content = cont;
-
-out:
-    if (ret) {
-	if (cont.data)
-	    free(cont.data);
-    }
-    free_CMSEncryptedData(&ed);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/collector.c b/crypto/heimdal/lib/hx509/collector.c
deleted file mode 100644
index 8b6ffcb..0000000
--- a/crypto/heimdal/lib/hx509/collector.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $");
-
-struct private_key {
-    AlgorithmIdentifier alg;
-    hx509_private_key private_key;
-    heim_octet_string localKeyId;
-};
-
-struct hx509_collector {
-    hx509_lock lock;
-    hx509_certs unenvelop_certs;
-    hx509_certs certs;
-    struct {
-	struct private_key **data;
-	size_t len;
-    } val;
-};
-
-
-int
-_hx509_collector_alloc(hx509_context context, hx509_lock lock, struct hx509_collector **collector)
-{
-    struct hx509_collector *c;
-    int ret;
-
-    *collector = NULL;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    c->lock = lock;
-
-    ret = hx509_certs_init(context, "MEMORY:collector-unenvelop-cert",
-			   0,NULL, &c->unenvelop_certs);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-    c->val.data = NULL;
-    c->val.len = 0;
-    ret = hx509_certs_init(context, "MEMORY:collector-tmp-store",
-			   0, NULL, &c->certs);
-    if (ret) {
-	hx509_certs_free(&c->unenvelop_certs);
-	free(c);
-	return ret;
-    }
-
-    *collector = c;
-    return 0;
-}
-
-hx509_lock
-_hx509_collector_get_lock(struct hx509_collector *c)
-{
-    return c->lock;
-}
-
-
-int
-_hx509_collector_certs_add(hx509_context context,
-			   struct hx509_collector *c,
-			   hx509_cert cert)
-{
-    return hx509_certs_add(context, c->certs, cert);
-}
-
-static void
-free_private_key(struct private_key *key)
-{
-    free_AlgorithmIdentifier(&key->alg);
-    if (key->private_key)
-	_hx509_private_key_free(&key->private_key);
-    der_free_octet_string(&key->localKeyId);
-    free(key);
-}
-
-int
-_hx509_collector_private_key_add(hx509_context context,
-				 struct hx509_collector *c, 
-				 const AlgorithmIdentifier *alg,
-				 hx509_private_key private_key,
-				 const heim_octet_string *key_data,
-				 const heim_octet_string *localKeyId)
-{
-    struct private_key *key;
-    void *d;
-    int ret;
-
-    key = calloc(1, sizeof(*key));
-    if (key == NULL)
-	return ENOMEM;
-
-    d = realloc(c->val.data, (c->val.len + 1) * sizeof(c->val.data[0]));
-    if (d == NULL) {
-	free(key);
-	hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
-	return ENOMEM;
-    }
-    c->val.data = d;
-	
-    ret = copy_AlgorithmIdentifier(alg, &key->alg);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy "
-			       "AlgorithmIdentifier");
-	goto out;
-    }
-    if (private_key) {
-	key->private_key = private_key;
-    } else {
-	ret = _hx509_parse_private_key(context, &alg->algorithm,
-				       key_data->data, key_data->length,
-				       &key->private_key);
-	if (ret)
-	    goto out;
-    }
-    if (localKeyId) {
-	ret = der_copy_octet_string(localKeyId, &key->localKeyId);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to copy localKeyId");
-	    goto out;
-	}
-    } else
-	memset(&key->localKeyId, 0, sizeof(key->localKeyId));
-
-    c->val.data[c->val.len] = key;
-    c->val.len++;
-
-out:
-    if (ret)
-	free_private_key(key);
-
-    return ret;
-}
-
-static int
-match_localkeyid(hx509_context context,
-		 struct private_key *value,
-		 hx509_certs certs)
-{
-    hx509_cert cert;
-    hx509_query q;
-    int ret;
-
-    if (value->localKeyId.length == 0) {
-	hx509_set_error_string(context, 0, HX509_LOCAL_ATTRIBUTE_MISSING,
-			       "No local key attribute on private key");
-	return HX509_LOCAL_ATTRIBUTE_MISSING;
-    }
-
-    _hx509_query_clear(&q);
-    q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID;
-    
-    q.local_key_id = &value->localKeyId;
-    
-    ret = hx509_certs_find(context, certs, &q, &cert);
-    if (ret == 0) {
-	
-	if (value->private_key)
-	    _hx509_cert_assign_key(cert, value->private_key);
-	hx509_cert_free(cert);
-    }
-    return ret;
-}
-
-static int
-match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret, found = HX509_CERT_NOT_FOUND;
-
-    if (value->private_key == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, 
-			       "No private key to compare with");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    c = NULL;
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL)
-	    break;
-	if (_hx509_cert_private_key(c)) {
-	    hx509_cert_free(c);
-	    continue;
-	}
-
-	ret = _hx509_match_keys(c, value->private_key);
-	if (ret) {
-	    _hx509_cert_assign_key(c, value->private_key);
-	    hx509_cert_free(c);
-	    found = 0;
-	    break;
-	}
-	hx509_cert_free(c);
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-
-    if (found)
-	hx509_clear_error_string(context);
-
-    return found;
-}
-
-int
-_hx509_collector_collect_certs(hx509_context context, 
-			       struct hx509_collector *c,
-			       hx509_certs *ret_certs)
-{
-    hx509_certs certs;
-    int ret, i;
-
-    *ret_certs = NULL;
-
-    ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
-    if (ret)
-	return ret;
-
-    ret = hx509_certs_merge(context, certs, c->certs);
-    if (ret) {
-	hx509_certs_free(&certs);
-	return ret;
-    }
-
-    for (i = 0; i < c->val.len; i++) {
-	ret = match_localkeyid(context, c->val.data[i], certs);
-	if (ret == 0)
-	    continue;
-	ret = match_keys(context, c->val.data[i], certs);
-	if (ret == 0)
-	    continue;
-    }
-
-    *ret_certs = certs;
-
-    return 0;
-}
-
-int
-_hx509_collector_collect_private_keys(hx509_context context, 
-				      struct hx509_collector *c,
-				      hx509_private_key **keys)
-{
-    int i, nkeys;
-
-    *keys = NULL;
-
-    for (i = 0, nkeys = 0; i < c->val.len; i++)
-	if (c->val.data[i]->private_key)
-	    nkeys++;
-
-    *keys = calloc(nkeys + 1, sizeof(**keys));
-    if (*keys == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    for (i = 0, nkeys = 0; i < c->val.len; i++) {
- 	if (c->val.data[i]->private_key) {
-	    (*keys)[nkeys++] = c->val.data[i]->private_key;
-	    c->val.data[i]->private_key = NULL;
-	}
-    }
-    (*keys)[nkeys++] = NULL;
-
-    return 0;
-}
-
-
-void
-_hx509_collector_free(struct hx509_collector *c)
-{
-    int i;
-
-    if (c->unenvelop_certs)
-	hx509_certs_free(&c->unenvelop_certs);
-    if (c->certs)
-	hx509_certs_free(&c->certs);
-    for (i = 0; i < c->val.len; i++)
-	free_private_key(c->val.data[i]);
-    if (c->val.data)
-	free(c->val.data);
-    free(c);
-}
diff --git a/crypto/heimdal/lib/hx509/crmf.asn1 b/crypto/heimdal/lib/hx509/crmf.asn1
deleted file mode 100644
index 97ade26..0000000
--- a/crypto/heimdal/lib/hx509/crmf.asn1
+++ /dev/null
@@ -1,113 +0,0 @@
--- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $
-PKCS10 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS
-	Time,
-	GeneralName,
-	SubjectPublicKeyInfo,
-	RelativeDistinguishedName,
-	AttributeTypeAndValue,
-	Extension,
-	AlgorithmIdentifier
-	FROM rfc2459
-	heim_any
-	FROM heim;
-
-CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Controls  ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
-
--- XXX IMPLICIT brokenness
-POPOSigningKey ::= SEQUENCE {
-	poposkInput           [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
-	algorithmIdentifier   AlgorithmIdentifier,
-	signature             BIT STRING }
-
-PKMACValue ::= SEQUENCE {
-	algId  AlgorithmIdentifier,
-	value  BIT STRING
-}
-
--- XXX IMPLICIT brokenness
-POPOSigningKeyInput ::= SEQUENCE {
-	authInfo            CHOICE {
-		sender              [0] IMPLICIT GeneralName,
-		publicKeyMAC        PKMACValue
-	},
-	publicKey           SubjectPublicKeyInfo
-}  -- from CertTemplate
-
-
-PBMParameter ::= SEQUENCE {
-   salt                OCTET STRING,
-   owf                 AlgorithmIdentifier,
-   iterationCount      INTEGER,
-   mac                 AlgorithmIdentifier
-}
-
-SubsequentMessage ::= INTEGER {
-	encrCert (0),
-	challengeResp (1)
-}
-
--- XXX IMPLICIT brokenness
-POPOPrivKey ::= CHOICE {
-	thisMessage       [0] BIT STRING,         -- Deprecated
-	subsequentMessage [1] IMPLICIT SubsequentMessage,
-	dhMAC             [2] BIT STRING,         -- Deprecated
-	agreeMAC          [3] IMPLICIT PKMACValue,
-	encryptedKey      [4] heim_any
-}
-
--- XXX IMPLICIT brokenness
-ProofOfPossession ::= CHOICE {
-	raVerified        [0] NULL,
-	signature         [1] POPOSigningKey,
-	keyEncipherment   [2] POPOPrivKey,
-	keyAgreement      [3] POPOPrivKey
-}
-
-CertTemplate ::= SEQUENCE {
-	version      [0] INTEGER OPTIONAL,
-	serialNumber [1] INTEGER OPTIONAL,
-	signingAlg   [2] SEQUENCE {
-		algorithm	OBJECT IDENTIFIER,
-		parameters	heim_any OPTIONAL
-	} -- AlgorithmIdentifier --   OPTIONAL,
-	issuer       [3] IMPLICIT CHOICE {
-		rdnSequence  CRMFRDNSequence
-	} -- Name --  OPTIONAL,
-	validity     [4] SEQUENCE {
-		notBefore  [0] Time OPTIONAL,
-		notAfter   [1] Time OPTIONAL
-	} -- OptionalValidity -- OPTIONAL,
-	subject      [5] IMPLICIT CHOICE {
-		rdnSequence  CRMFRDNSequence
-	} -- Name -- OPTIONAL,
-	publicKey    [6] IMPLICIT SEQUENCE  {
-		algorithm            AlgorithmIdentifier,
-		subjectPublicKey     BIT STRING OPTIONAL
-	} -- SubjectPublicKeyInfo -- OPTIONAL,
-	issuerUID    [7] IMPLICIT BIT STRING OPTIONAL,
-	subjectUID   [8] IMPLICIT BIT STRING OPTIONAL,
-	extensions   [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
-}
-
-CertRequest ::= SEQUENCE {
-	certReqId	INTEGER,
-	certTemplate	CertTemplate,
-	controls	Controls OPTIONAL
-}
-
-CertReqMsg ::= SEQUENCE {
-	certReq		CertRequest,
-	popo		ProofOfPossession  OPTIONAL,
-	regInfo		SEQUENCE OF AttributeTypeAndValue OPTIONAL }
-
-CertReqMessages ::= SEQUENCE OF CertReqMsg
-
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/crypto.c b/crypto/heimdal/lib/hx509/crypto.c
deleted file mode 100644
index e0f00ad..0000000
--- a/crypto/heimdal/lib/hx509/crypto.c
+++ /dev/null
@@ -1,2706 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: crypto.c 22435 2008-01-14 20:53:56Z lha $");
-
-struct hx509_crypto;
-
-struct signature_alg;
-
-enum crypto_op_type {
-    COT_SIGN
-};
-
-struct hx509_generate_private_context {
-    const heim_oid *key_oid;
-    int isCA;
-    unsigned long num_bits;
-};
-
-struct hx509_private_key_ops {
-    const char *pemtype;
-    const heim_oid *(*key_oid)(void);
-    int (*get_spki)(hx509_context,
-		    const hx509_private_key,
-		    SubjectPublicKeyInfo *);
-    int (*export)(hx509_context context,
-		  const hx509_private_key,
-		  heim_octet_string *);
-    int (*import)(hx509_context,
-		  const void *data,
-		  size_t len,
-		  hx509_private_key private_key);
-    int (*generate_private_key)(hx509_context,
-				struct hx509_generate_private_context *,
-				hx509_private_key);
-    BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
-    int (*handle_alg)(const hx509_private_key,
-		      const AlgorithmIdentifier *,
-		      enum crypto_op_type);
-    int (*sign)(hx509_context context,
-		const hx509_private_key,
-		const AlgorithmIdentifier *,
-		const heim_octet_string *,
-		AlgorithmIdentifier *,
-		heim_octet_string *);
-#if 0
-    const AlgorithmIdentifier *(*preferred_sig_alg)
-	(const hx509_private_key,
-	 const hx509_peer_info);
-    int (*unwrap)(hx509_context context,
-		  const hx509_private_key,
-		  const AlgorithmIdentifier *,
-		  const heim_octet_string *,
-		  heim_octet_string *);
-#endif
-};
-
-struct hx509_private_key {
-    unsigned int ref;
-    const struct signature_alg *md;
-    const heim_oid *signature_alg;
-    union {
-	RSA *rsa;
-	void *keydata;
-    } private_key;
-    /* new crypto layer */
-    hx509_private_key_ops *ops;
-};
-
-/*
- *
- */
-
-struct signature_alg {
-    const char *name;
-    const heim_oid *(*sig_oid)(void);
-    const AlgorithmIdentifier *(*sig_alg)(void);
-    const heim_oid *(*key_oid)(void);
-    const heim_oid *(*digest_oid)(void);
-    int flags;
-#define PROVIDE_CONF 1
-#define REQUIRE_SIGNER 2
-
-#define SIG_DIGEST	0x100
-#define SIG_PUBLIC_SIG	0x200
-#define SIG_SECRET	0x400
-
-#define RA_RSA_USES_DIGEST_INFO 0x1000000
-
-
-    int (*verify_signature)(hx509_context context,
-			    const struct signature_alg *,
-			    const Certificate *,
-			    const AlgorithmIdentifier *,
-			    const heim_octet_string *,
-			    const heim_octet_string *);
-    int (*create_signature)(hx509_context,
-			    const struct signature_alg *,
-			    const hx509_private_key,
-			    const AlgorithmIdentifier *,
-			    const heim_octet_string *,
-			    AlgorithmIdentifier *,
-			    heim_octet_string *);
-};
-
-/*
- *
- */
-
-static BIGNUM *
-heim_int2BN(const heim_integer *i)
-{
-    BIGNUM *bn;
-
-    bn = BN_bin2bn(i->data, i->length, NULL);
-    BN_set_negative(bn, i->negative);
-    return bn;
-}
-
-/*
- *
- */
-
-static int
-set_digest_alg(DigestAlgorithmIdentifier *id,
-	       const heim_oid *oid,
-	       const void *param, size_t length)
-{
-    int ret;
-    if (param) {
-	id->parameters = malloc(sizeof(*id->parameters));
-	if (id->parameters == NULL)
-	    return ENOMEM;
-	id->parameters->data = malloc(length);
-	if (id->parameters->data == NULL) {
-	    free(id->parameters);
-	    id->parameters = NULL;
-	    return ENOMEM;
-	}
-	memcpy(id->parameters->data, param, length);
-	id->parameters->length = length;
-    } else
-	id->parameters = NULL;
-    ret = der_copy_oid(oid, &id->algorithm);
-    if (ret) {
-	if (id->parameters) {
-	    free(id->parameters->data);
-	    free(id->parameters);
-	    id->parameters = NULL;
-	}
-	return ret;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-rsa_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    const SubjectPublicKeyInfo *spi;
-    DigestInfo di;
-    unsigned char *to;
-    int tosize, retsize;
-    int ret;
-    RSA *rsa;
-    RSAPublicKey pk;
-    size_t size;
-
-    memset(&di, 0, sizeof(di));
-
-    spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
-	goto out;
-    }
-
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    if (rsa->n == NULL || rsa->e == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    tosize = RSA_size(rsa);
-    to = malloc(tosize);
-    if (to == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, 
-				 to, rsa, RSA_PKCS1_PADDING);
-    if (retsize <= 0) {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, 
-			       "RSA public decrypt failed: %d", retsize);
-	free(to);
-	goto out;
-    }
-    if (retsize > tosize)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
-
-	ret = decode_DigestInfo(to, retsize, &di, &size);
-	free(to);
-	if (ret) {
-	    goto out;
-	}
-	
-	/* Check for extra data inside the sigature */
-	if (size != retsize) {
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
-	    goto out;
-	}
-	
-	if (sig_alg->digest_oid &&
-	    der_heim_oid_cmp(&di.digestAlgorithm.algorithm, 
-			     (*sig_alg->digest_oid)()) != 0) 
-	{
-	    ret = HX509_CRYPTO_OID_MISMATCH;
-	    hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
-	    goto out;
-	}
-	
-	/* verify that the parameters are NULL or the NULL-type */
-	if (di.digestAlgorithm.parameters != NULL &&
-	    (di.digestAlgorithm.parameters->length != 2 ||
-	     memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
-	{
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
-	    goto out;
-	}
-
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      &di.digestAlgorithm,
-				      data,
-				      &di.digest);
-    } else {
-	if (retsize != data->length ||
-	    memcmp(to, data->data, retsize) != 0)
-	{
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
-	    goto out;
-	}
-	free(to);
-    }
-
- out:
-    free_DigestInfo(&di);
-    RSA_free(rsa);
-    return ret;
-}
-
-static int
-rsa_create_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const hx509_private_key signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     AlgorithmIdentifier *signatureAlgorithm,
-		     heim_octet_string *sig)
-{
-    const AlgorithmIdentifier *digest_alg;
-    heim_octet_string indata;
-    const heim_oid *sig_oid;
-    size_t size;
-    int ret;
-    
-    if (alg)
-	sig_oid = &alg->algorithm;
-    else
-	sig_oid = signer->signature_alg;
-
-    if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_sha256();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_md5();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_md5();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) {
-	digest_alg = NULL;
-    } else
-	return HX509_ALG_NOT_SUPP;
-
-    if (signatureAlgorithm) {
-	ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return ret;
-	}
-    }
-
-    if (digest_alg) {
-	DigestInfo di;
-	memset(&di, 0, sizeof(di));
-
-	ret = _hx509_create_signature(context,
-				      NULL,
-				      digest_alg,
-				      data,
-				      &di.digestAlgorithm,
-				      &di.digest);
-	if (ret)
-	    return ret;
-	ASN1_MALLOC_ENCODE(DigestInfo,
-			   indata.data,
-			   indata.length,
-			   &di,
-			   &size,
-			   ret);
-	free_DigestInfo(&di);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    return ret;
-	}
-	if (indata.length != size)
-	    _hx509_abort("internal ASN.1 encoder error");
-    } else {
-	indata = *data;
-    }
-
-    sig->length = RSA_size(signer->private_key.rsa);
-    sig->data = malloc(sig->length);
-    if (sig->data == NULL) {
-	der_free_octet_string(&indata);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = RSA_private_encrypt(indata.length, indata.data, 
-			      sig->data, 
-			      signer->private_key.rsa,
-			      RSA_PKCS1_PADDING);
-    if (indata.data != data->data)
-	der_free_octet_string(&indata);
-    if (ret <= 0) {
-	ret = HX509_CMS_FAILED_CREATE_SIGATURE;
-	hx509_set_error_string(context, 0, ret,
-			       "RSA private decrypt failed: %d", ret);
-	return ret;
-    }
-    if (ret > sig->length)
-	_hx509_abort("RSA signature prelen longer the output len");
-
-    sig->length = ret;
-    
-    return 0;
-}
-
-static int
-rsa_private_key_import(hx509_context context,
-		       const void *data,
-		       size_t len,
-		       hx509_private_key private_key)
-{
-    const unsigned char *p = data;
-
-    private_key->private_key.rsa = 
-	d2i_RSAPrivateKey(NULL, &p, len);
-    if (private_key->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to parse RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-
-    return 0;
-}
-
-static int
-rsa_private_key2SPKI(hx509_context context,
-		     hx509_private_key private_key,
-		     SubjectPublicKeyInfo *spki)
-{
-    int len, ret;
-
-    memset(spki, 0, sizeof(*spki));
-
-    len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
-
-    spki->subjectPublicKey.data = malloc(len);
-    if (spki->subjectPublicKey.data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
-	return ENOMEM;
-    }
-    spki->subjectPublicKey.length = len * 8;
-
-    ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(), 
-			 "\x05\x00", 2);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "malloc - out of memory");
-	free(spki->subjectPublicKey.data);
-	spki->subjectPublicKey.data = NULL;
-	spki->subjectPublicKey.length = 0;
-	return ret;
-    }
-
-    {
-	unsigned char *pp = spki->subjectPublicKey.data;
-	i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
-    }
-
-    return 0;
-}
-
-static int
-rsa_generate_private_key(hx509_context context, 
-			 struct hx509_generate_private_context *ctx,
-			 hx509_private_key private_key)
-{
-    BIGNUM *e;
-    int ret;
-    unsigned long bits;
-
-    static const int default_rsa_e = 65537;
-    static const int default_rsa_bits = 1024;
-
-    private_key->private_key.rsa = RSA_new();
-    if (private_key->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to generate RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    
-    e = BN_new();
-    BN_set_word(e, default_rsa_e);
-
-    bits = default_rsa_bits;
-
-    if (ctx->num_bits)
-	bits = ctx->num_bits;
-    else if (ctx->isCA)
-	bits *= 2;
-
-    ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
-    BN_free(e);
-    if (ret != 1) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to generate RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-
-    return 0;
-}
-
-static int 
-rsa_private_key_export(hx509_context context,
-		       const hx509_private_key key,
-		       heim_octet_string *data)
-{
-    int ret;
-
-    data->data = NULL;
-    data->length = 0;
-
-    ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
-    if (ret <= 0) {
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "Private key is not exportable");
-	return ret;
-    }
-
-    data->data = malloc(ret);
-    if (data->data == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	return ret;
-    }
-    data->length = ret;
-    
-    {
-	unsigned char *p = data->data;
-	i2d_RSAPrivateKey(key->private_key.rsa, &p);
-    }
-
-    return 0;
-}
-
-static BIGNUM *
-rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
-{
-    if (strcasecmp(type, "rsa-modulus") == 0) {
-	return BN_dup(key->private_key.rsa->n);
-    } else if (strcasecmp(type, "rsa-exponent") == 0) {
-	return BN_dup(key->private_key.rsa->e);
-    } else
-	return NULL;
-}
-
-
-
-static hx509_private_key_ops rsa_private_key_ops = {
-    "RSA PRIVATE KEY",
-    oid_id_pkcs1_rsaEncryption,
-    rsa_private_key2SPKI,
-    rsa_private_key_export,
-    rsa_private_key_import,
-    rsa_generate_private_key,
-    rsa_get_internal
-};
-
-
-/*
- *
- */
-
-static int
-dsa_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    const SubjectPublicKeyInfo *spi;
-    DSAPublicKey pk;
-    DSAParams param;
-    size_t size;
-    DSA *dsa;
-    int ret;
-
-    spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-    dsa = DSA_new();
-    if (dsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret)
-	goto out;
-
-    dsa->pub_key = heim_int2BN(&pk);
-
-    free_DSAPublicKey(&pk);
-
-    if (dsa->pub_key == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    if (spi->algorithm.parameters == NULL) {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, "DSA parameters missing");
-	goto out;
-    }
-
-    ret = decode_DSAParams(spi->algorithm.parameters->data,
-			   spi->algorithm.parameters->length,
-			   &param,
-			   &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
-	goto out;
-    }
-
-    dsa->p = heim_int2BN(&param.p);
-    dsa->q = heim_int2BN(&param.q);
-    dsa->g = heim_int2BN(&param.g);
-
-    free_DSAParams(&param);
-
-    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    ret = DSA_verify(-1, data->data, data->length,
-		     (unsigned char*)sig->data, sig->length,
-		     dsa);
-    if (ret == 1)
-	ret = 0;
-    else if (ret == 0 || ret == -1) {
-	ret = HX509_CRYPTO_BAD_SIGNATURE;
-	hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
-    } else {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
-    }
-
- out:
-    DSA_free(dsa);
-
-    return ret;
-}
-
-#if 0
-static int
-dsa_parse_private_key(hx509_context context,
-		      const void *data,
-		      size_t len,
-		      hx509_private_key private_key)
-{
-    const unsigned char *p = data;
-
-    private_key->private_key.dsa = 
-	d2i_DSAPrivateKey(NULL, &p, len);
-    if (private_key->private_key.dsa == NULL)
-	return EINVAL;
-    private_key->signature_alg = oid_id_dsa_with_sha1();
-
-    return 0;
-/* else */
-    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			   "No support to parse DSA keys");
-    return HX509_PARSING_KEY_FAILED;
-}
-#endif
-
-
-static int
-sha1_verify_signature(hx509_context context,
-		      const struct signature_alg *sig_alg,
-		      const Certificate *signer,
-		      const AlgorithmIdentifier *alg,
-		      const heim_octet_string *data,
-		      const heim_octet_string *sig)
-{
-    unsigned char digest[SHA_DIGEST_LENGTH];
-    SHA_CTX m;
-    
-    if (sig->length != SHA_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "SHA1 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data->data, data->length);
-    SHA1_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad SHA1 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-sha256_create_signature(hx509_context context,
-			const struct signature_alg *sig_alg,
-			const hx509_private_key signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			AlgorithmIdentifier *signatureAlgorithm,
-			heim_octet_string *sig)
-{
-    SHA256_CTX m;
-    
-    memset(sig, 0, sizeof(*sig));
-
-    if (signatureAlgorithm) {
-	int ret;
-	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
-			     "\x05\x00", 2);
-	if (ret)
-	    return ret;
-    }
-	    
-
-    sig->data = malloc(SHA256_DIGEST_LENGTH);
-    if (sig->data == NULL) {
-	sig->length = 0;
-	return ENOMEM;
-    }
-    sig->length = SHA256_DIGEST_LENGTH;
-
-    SHA256_Init(&m);
-    SHA256_Update(&m, data->data, data->length);
-    SHA256_Final (sig->data, &m);
-
-    return 0;
-}
-
-static int
-sha256_verify_signature(hx509_context context,
-			const struct signature_alg *sig_alg,
-			const Certificate *signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			const heim_octet_string *sig)
-{
-    unsigned char digest[SHA256_DIGEST_LENGTH];
-    SHA256_CTX m;
-    
-    if (sig->length != SHA256_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "SHA256 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    SHA256_Init(&m);
-    SHA256_Update(&m, data->data, data->length);
-    SHA256_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad SHA256 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-sha1_create_signature(hx509_context context,
-		      const struct signature_alg *sig_alg,
-		      const hx509_private_key signer,
-		      const AlgorithmIdentifier *alg,
-		      const heim_octet_string *data,
-		      AlgorithmIdentifier *signatureAlgorithm,
-		      heim_octet_string *sig)
-{
-    SHA_CTX m;
-    
-    memset(sig, 0, sizeof(*sig));
-
-    if (signatureAlgorithm) {
-	int ret;
-	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), 
-			     "\x05\x00", 2);
-	if (ret)
-	    return ret;
-    }
-	    
-
-    sig->data = malloc(SHA_DIGEST_LENGTH);
-    if (sig->data == NULL) {
-	sig->length = 0;
-	return ENOMEM;
-    }
-    sig->length = SHA_DIGEST_LENGTH;
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data->data, data->length);
-    SHA1_Final (sig->data, &m);
-
-    return 0;
-}
-
-static int
-md5_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    unsigned char digest[MD5_DIGEST_LENGTH];
-    MD5_CTX m;
-    
-    if (sig->length != MD5_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "MD5 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    MD5_Init(&m);
-    MD5_Update(&m, data->data, data->length);
-    MD5_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad MD5 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-md2_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    unsigned char digest[MD2_DIGEST_LENGTH];
-    MD2_CTX m;
-    
-    if (sig->length != MD2_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "MD2 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    MD2_Init(&m);
-    MD2_Update(&m, data->data, data->length);
-    MD2_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad MD2 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static const struct signature_alg heim_rsa_pkcs1_x509 = {
-    "rsa-pkcs1-x509",
-    oid_id_heim_rsa_pkcs1_x509,
-    hx509_signature_rsa_pkcs1_x509,
-    oid_id_pkcs1_rsaEncryption,
-    NULL,
-    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg pkcs1_rsa_sha1_alg = {
-    "rsa",
-    oid_id_pkcs1_rsaEncryption,
-    hx509_signature_rsa_with_sha1,
-    oid_id_pkcs1_rsaEncryption,
-    NULL,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_sha256_alg = {
-    "rsa-with-sha256",
-    oid_id_pkcs1_sha256WithRSAEncryption,
-    hx509_signature_rsa_with_sha256,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_sha256,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_sha1_alg = {
-    "rsa-with-sha1",
-    oid_id_pkcs1_sha1WithRSAEncryption,
-    hx509_signature_rsa_with_sha1,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_secsig_sha_1,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_md5_alg = {
-    "rsa-with-md5",
-    oid_id_pkcs1_md5WithRSAEncryption,
-    hx509_signature_rsa_with_md5,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_rsa_digest_md5,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_md2_alg = {
-    "rsa-with-md2",
-    oid_id_pkcs1_md2WithRSAEncryption,
-    hx509_signature_rsa_with_md2,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_rsa_digest_md2,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg dsa_sha1_alg = {
-    "dsa-with-sha1",
-    oid_id_dsa_with_sha1,
-    NULL,
-    oid_id_dsa, 
-    oid_id_secsig_sha_1,
-    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
-    dsa_verify_signature,
-    /* create_signature */ NULL,
-};
-
-static const struct signature_alg sha256_alg = {
-    "sha-256",
-    oid_id_sha256,
-    hx509_signature_sha256,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    sha256_verify_signature,
-    sha256_create_signature
-};
-
-static const struct signature_alg sha1_alg = {
-    "sha1",
-    oid_id_secsig_sha_1,
-    hx509_signature_sha1,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    sha1_verify_signature,
-    sha1_create_signature
-};
-
-static const struct signature_alg md5_alg = {
-    "rsa-md5",
-    oid_id_rsa_digest_md5,
-    hx509_signature_md5,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    md5_verify_signature
-};
-
-static const struct signature_alg md2_alg = {
-    "rsa-md2",
-    oid_id_rsa_digest_md2,
-    hx509_signature_md2,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    md2_verify_signature
-};
-
-/* 
- * Order matter in this structure, "best" first for each "key
- * compatible" type (type is RSA, DSA, none, etc)
- */
-
-static const struct signature_alg *sig_algs[] = {
-    &rsa_with_sha256_alg,
-    &rsa_with_sha1_alg,
-    &pkcs1_rsa_sha1_alg,
-    &rsa_with_md5_alg,
-    &rsa_with_md2_alg,
-    &heim_rsa_pkcs1_x509,
-    &dsa_sha1_alg,
-    &sha256_alg,
-    &sha1_alg,
-    &md5_alg,
-    &md2_alg,
-    NULL
-};
-
-static const struct signature_alg *
-find_sig_alg(const heim_oid *oid)
-{
-    int i;
-    for (i = 0; sig_algs[i]; i++)
-	if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
-	    return sig_algs[i];
-    return NULL;
-}
-
-/*
- *
- */
-
-static struct hx509_private_key_ops *private_algs[] = {
-    &rsa_private_key_ops,
-    NULL
-};
-
-static hx509_private_key_ops *
-find_private_alg(const heim_oid *oid)
-{
-    int i;
-    for (i = 0; private_algs[i]; i++) {
-	if (private_algs[i]->key_oid == NULL)
-	    continue;
-	if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
-	    return private_algs[i];
-    }
-    return NULL;
-}
-
-
-int
-_hx509_verify_signature(hx509_context context,
-			const Certificate *signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			const heim_octet_string *sig)
-{
-    const struct signature_alg *md;
-
-    md = find_sig_alg(&alg->algorithm);
-    if (md == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-    if (signer && (md->flags & PROVIDE_CONF) == 0) {
-	hx509_clear_error_string(context);
-	return HX509_CRYPTO_SIG_NO_CONF;
-    }
-    if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
-	    hx509_clear_error_string(context);
-	return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
-    }
-    if (md->key_oid && signer) {
-	const SubjectPublicKeyInfo *spi;
-	spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-	if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
-	    hx509_clear_error_string(context);
-	    return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
-	}
-    }
-    return (*md->verify_signature)(context, md, signer, alg, data, sig);
-}
-
-int
-_hx509_verify_signature_bitstring(hx509_context context,
-				  const Certificate *signer,
-				  const AlgorithmIdentifier *alg,
-				  const heim_octet_string *data,
-				  const heim_bit_string *sig)
-{
-    heim_octet_string os;
-
-    if (sig->length & 7) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "signature not multiple of 8 bits");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    os.data = sig->data;
-    os.length = sig->length / 8;
-    
-    return _hx509_verify_signature(context, signer, alg, data, &os);
-}
-
-int
-_hx509_create_signature(hx509_context context,
-			const hx509_private_key signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			AlgorithmIdentifier *signatureAlgorithm,
-			heim_octet_string *sig)
-{
-    const struct signature_alg *md;
-
-    if (signer && signer->ops && signer->ops->handle_alg &&
-	(*signer->ops->handle_alg)(signer, alg, COT_SIGN))
-    {
-	return (*signer->ops->sign)(context, signer, alg, data, 
-				    signatureAlgorithm, sig);
-    }
-
-    md = find_sig_alg(&alg->algorithm);
-    if (md == NULL) {
-	hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
-	    "algorithm no supported");
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    if (signer && (md->flags & PROVIDE_CONF) == 0) {
-	hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
-	    "algorithm provides no conf");
-	return HX509_CRYPTO_SIG_NO_CONF;
-    }
-
-    return (*md->create_signature)(context, md, signer, alg, data, 
-				   signatureAlgorithm, sig);
-}
-
-int
-_hx509_create_signature_bitstring(hx509_context context,
-				  const hx509_private_key signer,
-				  const AlgorithmIdentifier *alg,
-				  const heim_octet_string *data,
-				  AlgorithmIdentifier *signatureAlgorithm,
-				  heim_bit_string *sig)
-{
-    heim_octet_string os;
-    int ret;
-
-    ret = _hx509_create_signature(context, signer, alg,
-				  data, signatureAlgorithm, &os);
-    if (ret)
-	return ret;
-    sig->data = os.data;
-    sig->length = os.length * 8;
-    return 0;
-}
-
-int
-_hx509_public_encrypt(hx509_context context,
-		      const heim_octet_string *cleartext,
-		      const Certificate *cert,
-		      heim_oid *encryption_oid,
-		      heim_octet_string *ciphertext)
-{
-    const SubjectPublicKeyInfo *spi;
-    unsigned char *to;
-    int tosize;
-    int ret;
-    RSA *rsa;
-    RSAPublicKey pk;
-    size_t size;
-
-    ciphertext->data = NULL;
-    ciphertext->length = 0;
-
-    spi = &cert->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
-	return ret;
-    }
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    if (rsa->n == NULL || rsa->e == NULL) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    tosize = RSA_size(rsa);
-    to = malloc(tosize);
-    if (to == NULL) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = RSA_public_encrypt(cleartext->length, 
-			     (unsigned char *)cleartext->data, 
-			     to, rsa, RSA_PKCS1_PADDING);
-    RSA_free(rsa);
-    if (ret <= 0) {
-	free(to);
-	hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
-			       "RSA public encrypt failed with %d", ret);
-	return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
-    }
-    if (ret > tosize)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    ciphertext->length = ret;
-    ciphertext->data = to;
-
-    ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
-    if (ret) {
-	der_free_octet_string(ciphertext);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-int
-_hx509_private_key_private_decrypt(hx509_context context,
-				   const heim_octet_string *ciphertext,
-				   const heim_oid *encryption_oid,
-				   hx509_private_key p,
-				   heim_octet_string *cleartext)
-{
-    int ret;
-
-    cleartext->data = NULL;
-    cleartext->length = 0;
-
-    if (p->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private RSA key missing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    cleartext->length = RSA_size(p->private_key.rsa);
-    cleartext->data = malloc(cleartext->length);
-    if (cleartext->data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
-			      cleartext->data,
-			      p->private_key.rsa,
-			      RSA_PKCS1_PADDING);
-    if (ret <= 0) {
-	der_free_octet_string(cleartext);
-	hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
-			       "Failed to decrypt using private key: %d", ret);
-	return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
-    }
-    if (cleartext->length < ret)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    cleartext->length = ret;
-
-    return 0;
-}
-
-
-int
-_hx509_parse_private_key(hx509_context context,
-			 const heim_oid *key_oid,
-			 const void *data,
-			 size_t len,
-			 hx509_private_key *private_key)
-{
-    struct hx509_private_key_ops *ops;
-    int ret;
-
-    *private_key = NULL;
-
-    ops = find_private_alg(key_oid);
-    if (ops == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    ret = _hx509_private_key_init(private_key, ops, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-
-    ret = (*ops->import)(context, data, len, *private_key);
-    if (ret)
-	_hx509_private_key_free(private_key);
-
-    return ret;
-}
-
-/*
- *
- */
-
-int
-_hx509_private_key2SPKI(hx509_context context,
-			hx509_private_key private_key,
-			SubjectPublicKeyInfo *spki)
-{
-    const struct hx509_private_key_ops *ops = private_key->ops;
-    if (ops == NULL || ops->get_spki == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
-			       "Private key have no key2SPKI function");
-	return HX509_UNIMPLEMENTED_OPERATION;
-    }
-    return (*ops->get_spki)(context, private_key, spki);
-}
-
-int
-_hx509_generate_private_key_init(hx509_context context,
-				 const heim_oid *oid,
-				 struct hx509_generate_private_context **ctx)
-{
-    *ctx = NULL;
-
-    if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "private key not an RSA key");
-	return EINVAL;
-    }
-
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    (*ctx)->key_oid = oid;
-
-    return 0;
-}
-
-int
-_hx509_generate_private_key_is_ca(hx509_context context,
-				  struct hx509_generate_private_context *ctx)
-{
-    ctx->isCA = 1;
-    return 0;
-}
-
-int
-_hx509_generate_private_key_bits(hx509_context context,
-				 struct hx509_generate_private_context *ctx,
-				 unsigned long bits)
-{
-    ctx->num_bits = bits;
-    return 0;
-}
-
-
-void
-_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
-{
-    free(*ctx);
-    *ctx = NULL;
-}
-
-int
-_hx509_generate_private_key(hx509_context context,
-			    struct hx509_generate_private_context *ctx,
-			    hx509_private_key *private_key)
-{
-    struct hx509_private_key_ops *ops;
-    int ret;
-
-    *private_key = NULL;
-
-    ops = find_private_alg(ctx->key_oid);
-    if (ops == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    ret = _hx509_private_key_init(private_key, ops, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-
-    ret = (*ops->generate_private_key)(context, ctx, *private_key);
-    if (ret)
-	_hx509_private_key_free(private_key);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
-
-static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
-const AlgorithmIdentifier _hx509_signature_sha512_data = { 
-    { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_sha384_data = { 
-    { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
-const AlgorithmIdentifier _hx509_signature_sha256_data = { 
-    { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
-const AlgorithmIdentifier _hx509_signature_sha1_data = { 
-    { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
-const AlgorithmIdentifier _hx509_signature_md5_data = { 
-    { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_md2_data = { 
-    { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { 
-    { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { 
-    { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { 
-    { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { 
-    { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
-};
-
-static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { 
-    { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
-};
-
-static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { 
-    { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
-};
-
-static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
-const AlgorithmIdentifier _hx509_signature_rsa_data = { 
-    { 7, rk_UNCONST(rsa_oid) }, NULL
-};
-
-static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
-const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { 
-    { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
-};
-
-static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
-const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
-    { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
-};
-
-static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
-const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
-    { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
-};
-
-static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
-const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
-    { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
-};
-
-const AlgorithmIdentifier *
-hx509_signature_sha512(void)
-{ return &_hx509_signature_sha512_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha384(void)
-{ return &_hx509_signature_sha384_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha256(void)
-{ return &_hx509_signature_sha256_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha1(void)
-{ return &_hx509_signature_sha1_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_md5(void)
-{ return &_hx509_signature_md5_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_md2(void)
-{ return &_hx509_signature_md2_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha512(void)
-{ return &_hx509_signature_rsa_with_sha512_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha384(void)
-{ return &_hx509_signature_rsa_with_sha384_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha256(void)
-{ return &_hx509_signature_rsa_with_sha256_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha1(void)
-{ return &_hx509_signature_rsa_with_sha1_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md5(void)
-{ return &_hx509_signature_rsa_with_md5_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2(void)
-{ return &_hx509_signature_rsa_with_md2_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa(void)
-{ return &_hx509_signature_rsa_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_pkcs1_x509(void)
-{ return &_hx509_signature_rsa_pkcs1_x509_data; }
-
-const AlgorithmIdentifier *
-hx509_crypto_des_rsdi_ede3_cbc(void)
-{ return &_hx509_des_rsdi_ede3_cbc_oid; }
-
-const AlgorithmIdentifier *
-hx509_crypto_aes128_cbc(void)
-{ return &_hx509_crypto_aes128_cbc_data; }
-
-const AlgorithmIdentifier *
-hx509_crypto_aes256_cbc(void)
-{ return &_hx509_crypto_aes256_cbc_data; }
-
-/*
- *
- */
-
-const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = 
-    &_hx509_signature_rsa_with_sha1_data;
-const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = 
-    &_hx509_signature_sha1_data;
-const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = 
-    &_hx509_crypto_aes128_cbc_data;
-
-/*
- *
- */
-
-int
-_hx509_private_key_init(hx509_private_key *key,
-			hx509_private_key_ops *ops,
-			void *keydata)
-{
-    *key = calloc(1, sizeof(**key));
-    if (*key == NULL)
-	return ENOMEM;
-    (*key)->ref = 1;
-    (*key)->ops = ops;
-    (*key)->private_key.keydata = keydata;
-    return 0;
-}
-
-hx509_private_key
-_hx509_private_key_ref(hx509_private_key key)
-{
-    if (key->ref <= 0)
-	_hx509_abort("refcount <= 0");
-    key->ref++;
-    if (key->ref == 0)
-	_hx509_abort("refcount == 0");
-    return key;
-}
-
-const char *
-_hx509_private_pem_name(hx509_private_key key)
-{
-    return key->ops->pemtype;
-}
-
-int
-_hx509_private_key_free(hx509_private_key *key)
-{
-    if (key == NULL || *key == NULL)
-	return 0;
-
-    if ((*key)->ref <= 0)
-	_hx509_abort("refcount <= 0");
-    if (--(*key)->ref > 0)
-	return 0;
-
-    if ((*key)->private_key.rsa)
-	RSA_free((*key)->private_key.rsa);
-    (*key)->private_key.rsa = NULL;
-    free(*key);
-    *key = NULL;
-    return 0;
-}
-
-void
-_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
-{
-    if (key->private_key.rsa)
-	RSA_free(key->private_key.rsa);
-    key->private_key.rsa = ptr;
-    key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-    key->md = &pkcs1_rsa_sha1_alg;
-}
-
-int 
-_hx509_private_key_oid(hx509_context context,
-		       const hx509_private_key key,
-		       heim_oid *data)
-{
-    int ret;
-    ret = der_copy_oid((*key->ops->key_oid)(), data);
-    if (ret)
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-    return ret;
-}
-
-int
-_hx509_private_key_exportable(hx509_private_key key)
-{
-    if (key->ops->export == NULL)
-	return 0;
-    return 1;
-}
-
-BIGNUM *
-_hx509_private_key_get_internal(hx509_context context,
-				hx509_private_key key, 
-				const char *type)
-{
-    if (key->ops->get_internal == NULL)
-	return NULL;
-    return (*key->ops->get_internal)(context, key, type);
-}
-
-int 
-_hx509_private_key_export(hx509_context context,
-			  const hx509_private_key key,
-			  heim_octet_string *data)
-{
-    if (key->ops->export == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_UNIMPLEMENTED_OPERATION;
-    }
-    return (*key->ops->export)(context, key, data);
-}
-
-/*
- *
- */
-
-struct hx509cipher {
-    const char *name;
-    const heim_oid *(*oid_func)(void);
-    const AlgorithmIdentifier *(*ai_func)(void);
-    const EVP_CIPHER *(*evp_func)(void);
-    int (*get_params)(hx509_context, const hx509_crypto,
-		      const heim_octet_string *, heim_octet_string *);
-    int (*set_params)(hx509_context, const heim_octet_string *, 
-		      hx509_crypto, heim_octet_string *);
-};
-
-struct hx509_crypto_data {
-    char *name;
-    const struct hx509cipher *cipher;
-    const EVP_CIPHER *c;
-    heim_octet_string key;
-    heim_oid oid;
-    void *param;
-};
-
-/*
- *
- */
-
-static const heim_oid *
-oid_private_rc2_40(void)
-{
-    static unsigned oid_data[] = { 127, 1 };
-    static const heim_oid oid = { 2, oid_data };
-
-    return &oid;
-}
-
-
-/*
- *
- */
-
-static int
-CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
-		 const heim_octet_string *ivec, heim_octet_string *param)
-{
-    size_t size;
-    int ret;
-
-    assert(crypto->param == NULL);
-    if (ivec == NULL)
-	return 0;
-
-    ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
-		       ivec, &size, ret);
-    if (ret == 0 && size != param->length)
-	_hx509_abort("Internal asn1 encoder failure");
-    if (ret)
-	hx509_clear_error_string(context);
-    return ret;
-}
-
-static int
-CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
-		hx509_crypto crypto, heim_octet_string *ivec)
-{
-    int ret;
-    if (ivec == NULL)
-	return 0;
-
-    ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
-    if (ret)
-	hx509_clear_error_string(context);
-
-    return ret;
-}
-
-struct _RC2_params {
-    int maximum_effective_key;
-};
-
-static int
-CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
-		   const heim_octet_string *ivec, heim_octet_string *param)
-{
-    CMSRC2CBCParameter rc2params;
-    const struct _RC2_params *p = crypto->param;
-    int maximum_effective_key = 128;
-    size_t size;
-    int ret;
-
-    memset(&rc2params, 0, sizeof(rc2params));
-
-    if (p)
-	maximum_effective_key = p->maximum_effective_key;
-
-    switch(maximum_effective_key) {
-    case 40:
-	rc2params.rc2ParameterVersion = 160;
-	break;
-    case 64:
-	rc2params.rc2ParameterVersion = 120;
-	break;
-    case 128:
-	rc2params.rc2ParameterVersion = 58;
-	break;
-    }
-    rc2params.iv = *ivec;
-
-    ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
-		       &rc2params, &size, ret);
-    if (ret == 0 && size != param->length)
-	_hx509_abort("Internal asn1 encoder failure");
-
-    return ret;
-}
-
-static int
-CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
-		   hx509_crypto crypto, heim_octet_string *ivec)
-{
-    CMSRC2CBCParameter rc2param;
-    struct _RC2_params *p;
-    size_t size;
-    int ret;
-
-    ret = decode_CMSRC2CBCParameter(param->data, param->length,
-				    &rc2param, &size);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	free_CMSRC2CBCParameter(&rc2param);
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    switch(rc2param.rc2ParameterVersion) {
-    case 160:
-	crypto->c = EVP_rc2_40_cbc();
-	p->maximum_effective_key = 40;
-	break;
-    case 120:
-	crypto->c = EVP_rc2_64_cbc();
-	p->maximum_effective_key = 64;
-	break;
-    case 58:
-	crypto->c = EVP_rc2_cbc();
-	p->maximum_effective_key = 128;
-	break;
-    default:
-	free(p);
-	free_CMSRC2CBCParameter(&rc2param);
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-    if (ivec)
-	ret = der_copy_octet_string(&rc2param.iv, ivec);
-    free_CMSRC2CBCParameter(&rc2param);
-    if (ret) {
-	free(p);
-	hx509_clear_error_string(context);
-    } else
-	crypto->param = p;
-
-    return ret;
-}
-
-/*
- *
- */
-
-static const struct hx509cipher ciphers[] = {
-    {
-	"rc2-cbc",
-	oid_id_pkcs3_rc2_cbc,
-	NULL,
-	EVP_rc2_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"rc2-cbc",
-	oid_id_rsadsi_rc2_cbc,
-	NULL,
-	EVP_rc2_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"rc2-40-cbc",
-	oid_private_rc2_40,
-	NULL,
-	EVP_rc2_40_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"des-ede3-cbc",
-	oid_id_pkcs3_des_ede3_cbc,
-	NULL,
-	EVP_des_ede3_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"des-ede3-cbc",
-	oid_id_rsadsi_des_ede3_cbc,
-	hx509_crypto_des_rsdi_ede3_cbc,
-	EVP_des_ede3_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-128-cbc",
-	oid_id_aes_128_cbc,
-	hx509_crypto_aes128_cbc,
-	EVP_aes_128_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-192-cbc",
-	oid_id_aes_192_cbc,
-	NULL,
-	EVP_aes_192_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-256-cbc",
-	oid_id_aes_256_cbc,
-	hx509_crypto_aes256_cbc,
-	EVP_aes_256_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    }
-};
-
-static const struct hx509cipher *
-find_cipher_by_oid(const heim_oid *oid)
-{
-    int i;
-
-    for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
-	if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
-	    return &ciphers[i];
-
-    return NULL;
-}
-
-static const struct hx509cipher *
-find_cipher_by_name(const char *name)
-{
-    int i;
-
-    for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
-	if (strcasecmp(name, ciphers[i].name) == 0)
-	    return &ciphers[i];
-
-    return NULL;
-}
-
-
-const heim_oid *
-hx509_crypto_enctype_by_name(const char *name)
-{
-    const struct hx509cipher *cipher;
-
-    cipher = find_cipher_by_name(name);
-    if (cipher == NULL)
-	return NULL;
-    return (*cipher->oid_func)();
-}
-
-int
-hx509_crypto_init(hx509_context context,
-		  const char *provider,
-		  const heim_oid *enctype,
-		  hx509_crypto *crypto)
-{
-    const struct hx509cipher *cipher;
-
-    *crypto = NULL;
-
-    cipher = find_cipher_by_oid(enctype);
-    if (cipher == NULL) {
-	hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-			       "Algorithm not supported");
-	return HX509_ALG_NOT_SUPP;
-    }
-
-    *crypto = calloc(1, sizeof(**crypto));
-    if (*crypto == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    (*crypto)->cipher = cipher;
-    (*crypto)->c = (*cipher->evp_func)();
-
-    if (der_copy_oid(enctype, &(*crypto)->oid)) {
-	hx509_crypto_destroy(*crypto);
-	*crypto = NULL;
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-const char *
-hx509_crypto_provider(hx509_crypto crypto)
-{
-    return "unknown";
-}
-
-void
-hx509_crypto_destroy(hx509_crypto crypto)
-{
-    if (crypto->name)
-	free(crypto->name);
-    if (crypto->key.data)
-	free(crypto->key.data);
-    if (crypto->param)
-	free(crypto->param);
-    der_free_oid(&crypto->oid);
-    memset(crypto, 0, sizeof(*crypto));
-    free(crypto);
-}
-
-int
-hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
-{
-    return 0;
-}
-
-int
-hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
-{
-    if (EVP_CIPHER_key_length(crypto->c) > length)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (crypto->key.data) {
-	free(crypto->key.data);
-	crypto->key.data = NULL;
-	crypto->key.length = 0;
-    }
-    crypto->key.data = malloc(length);
-    if (crypto->key.data == NULL)
-	return ENOMEM;
-    memcpy(crypto->key.data, data, length);
-    crypto->key.length = length;
-
-    return 0;
-}
-
-int
-hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
-{
-    if (crypto->key.data) {
-	free(crypto->key.data);
-	crypto->key.length = 0;
-    }
-
-    crypto->key.length = EVP_CIPHER_key_length(crypto->c);
-    crypto->key.data = malloc(crypto->key.length);
-    if (crypto->key.data == NULL) {
-	crypto->key.length = 0;
-	return ENOMEM;
-    }
-    if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
-	free(crypto->key.data);
-	crypto->key.data = NULL;
-	crypto->key.length = 0;
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    if (key)
-	return der_copy_octet_string(&crypto->key, key);
-    else
-	return 0;
-}
-
-int
-hx509_crypto_set_params(hx509_context context,
-			hx509_crypto crypto, 
-			const heim_octet_string *param,
-			heim_octet_string *ivec)
-{
-    return (*crypto->cipher->set_params)(context, param, crypto, ivec);
-}
-
-int
-hx509_crypto_get_params(hx509_context context,
-			hx509_crypto crypto, 
-			const heim_octet_string *ivec,
-			heim_octet_string *param)
-{
-    return (*crypto->cipher->get_params)(context, crypto, ivec, param);
-}
-
-int
-hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
-{
-    ivec->length = EVP_CIPHER_iv_length(crypto->c);
-    ivec->data = malloc(ivec->length);
-    if (ivec->data == NULL) {
-	ivec->length = 0;
-	return ENOMEM;
-    }
-
-    if (RAND_bytes(ivec->data, ivec->length) <= 0) {
-	free(ivec->data);
-	ivec->data = NULL;
-	ivec->length = 0;
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    return 0;
-}
-
-int
-hx509_crypto_encrypt(hx509_crypto crypto,
-		     const void *data,
-		     const size_t length,
-		     const heim_octet_string *ivec,
-		     heim_octet_string **ciphertext)
-{
-    EVP_CIPHER_CTX evp;
-    size_t padsize;
-    int ret;
-
-    *ciphertext = NULL;
-
-    assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
-
-    EVP_CIPHER_CTX_init(&evp);
-
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
-			    crypto->key.data, ivec->data, 1);
-    if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-
-    *ciphertext = calloc(1, sizeof(**ciphertext));
-    if (*ciphertext == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    
-    if (EVP_CIPHER_block_size(crypto->c) == 1) {
-	padsize = 0;
-    } else {
-	int bsize = EVP_CIPHER_block_size(crypto->c);
-	padsize = bsize - (length % bsize);
-    }
-    (*ciphertext)->length = length + padsize;
-    (*ciphertext)->data = malloc(length + padsize);
-    if ((*ciphertext)->data == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-	
-    memcpy((*ciphertext)->data, data, length);
-    if (padsize) {
-	int i;
-	unsigned char *p = (*ciphertext)->data;
-	p += length;
-	for (i = 0; i < padsize; i++)
-	    *p++ = padsize;
-    }
-
-    ret = EVP_Cipher(&evp, (*ciphertext)->data,
-		     (*ciphertext)->data,
-		     length + padsize);
-    if (ret != 1) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-    ret = 0;
-
- out:
-    if (ret) {
-	if (*ciphertext) {
-	    if ((*ciphertext)->data) {
-		free((*ciphertext)->data);
-	    }
-	    free(*ciphertext);
-	    *ciphertext = NULL;
-	}
-    }
-    EVP_CIPHER_CTX_cleanup(&evp);
-
-    return ret;
-}
-
-int
-hx509_crypto_decrypt(hx509_crypto crypto,
-		     const void *data,
-		     const size_t length,
-		     heim_octet_string *ivec,
-		     heim_octet_string *clear)
-{
-    EVP_CIPHER_CTX evp;
-    void *idata = NULL;
-    int ret;
-
-    clear->data = NULL;
-    clear->length = 0;
-
-    if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (crypto->key.data == NULL)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (ivec)
-	idata = ivec->data;
-
-    EVP_CIPHER_CTX_init(&evp);
-
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
-			    crypto->key.data, idata, 0);
-    if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-
-    clear->length = length;
-    clear->data = malloc(length);
-    if (clear->data == NULL) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	clear->length = 0;
-	return ENOMEM;
-    }
-
-    if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    EVP_CIPHER_CTX_cleanup(&evp);
-
-    if (EVP_CIPHER_block_size(crypto->c) > 1) {
-	int padsize;
-	unsigned char *p; 
-	int j, bsize = EVP_CIPHER_block_size(crypto->c);
-
-	if (clear->length < bsize) {
-	    ret = HX509_CMS_PADDING_ERROR;
-	    goto out;
-	}
-
-	p = clear->data;
-	p += clear->length - 1;
-	padsize = *p;
-	if (padsize > bsize) {
-	    ret = HX509_CMS_PADDING_ERROR;
-	    goto out;
-	}
-	clear->length -= padsize;
-	for (j = 0; j < padsize; j++) {
-	    if (*p-- != padsize) {
-		ret = HX509_CMS_PADDING_ERROR;
-		goto out;
-	    }
-	}
-    }
-
-    return 0;
-
- out:
-    if (clear->data)
-	free(clear->data);
-    clear->data = NULL;
-    clear->length = 0;
-    return ret;
-}
-
-typedef int (*PBE_string2key_func)(hx509_context,
-				   const char *,
-				   const heim_octet_string *,
-				   hx509_crypto *, heim_octet_string *, 
-				   heim_octet_string *,
-				   const heim_oid *, const EVP_MD *);
-
-static int
-PBE_string2key(hx509_context context,
-	       const char *password,
-	       const heim_octet_string *parameters,
-	       hx509_crypto *crypto, 
-	       heim_octet_string *key, heim_octet_string *iv,
-	       const heim_oid *enc_oid,
-	       const EVP_MD *md)
-{
-    PKCS12_PBEParams p12params;
-    int passwordlen;
-    hx509_crypto c;
-    int iter, saltlen, ret;
-    unsigned char *salt;
-
-    passwordlen = password ? strlen(password) : 0;
-
-    if (parameters == NULL)
- 	return HX509_ALG_NOT_SUPP;
-
-    ret = decode_PKCS12_PBEParams(parameters->data,
-				  parameters->length,
-				  &p12params, NULL);
-    if (ret)
-	goto out;
-
-    if (p12params.iterations)
-	iter = *p12params.iterations;
-    else
-	iter = 1;
-    salt = p12params.salt.data;
-    saltlen = p12params.salt.length;
-
-    if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 
-			 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-    
-    if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 
-			 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-
-    ret = hx509_crypto_init(context, NULL, enc_oid, &c);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_set_key_data(c, key->data, key->length);
-    if (ret) {
-	hx509_crypto_destroy(c);
-	goto out;
-    }
-
-    *crypto = c;
-out:
-    free_PKCS12_PBEParams(&p12params);
-    return ret;
-}
-
-static const heim_oid *
-find_string2key(const heim_oid *oid, 
-		const EVP_CIPHER **c, 
-		const EVP_MD **md,
-		PBE_string2key_func *s2k)
-{
-    if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
-	*c = EVP_rc2_40_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_private_rc2_40();
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
-	*c = EVP_rc2_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_rc2_cbc();
-#if 0
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
-	*c = EVP_rc4_40();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return NULL;
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
-	*c = EVP_rc4();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_rc4();
-#endif
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
-	*c = EVP_des_ede3_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_des_ede3_cbc();
-    }
-
-    return NULL;
-}
-
-/*
- *
- */
-
-int
-_hx509_pbe_encrypt(hx509_context context,
-		   hx509_lock lock,
-		   const AlgorithmIdentifier *ai,
-		   const heim_octet_string *content,
-		   heim_octet_string *econtent)
-{
-    hx509_clear_error_string(context);
-    return EINVAL;
-}
-
-/*
- *
- */
-
-int
-_hx509_pbe_decrypt(hx509_context context,
-		   hx509_lock lock,
-		   const AlgorithmIdentifier *ai,
-		   const heim_octet_string *econtent,
-		   heim_octet_string *content)
-{
-    const struct _hx509_password *pw;
-    heim_octet_string key, iv;
-    const heim_oid *enc_oid;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-    PBE_string2key_func s2k;
-    int i, ret = 0;
-
-    memset(&key, 0, sizeof(key));
-    memset(&iv, 0, sizeof(iv));
-
-    memset(content, 0, sizeof(*content));
-
-    enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
-    if (enc_oid == NULL) {
-	hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-			       "String to key algorithm not supported");
-	ret = HX509_ALG_NOT_SUPP;
-	goto out;
-    }
-
-    key.length = EVP_CIPHER_key_length(c);
-    key.data = malloc(key.length);
-    if (key.data == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    iv.length = EVP_CIPHER_iv_length(c);
-    iv.data = malloc(iv.length);
-    if (iv.data == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    pw = _hx509_lock_get_passwords(lock);
-
-    ret = HX509_CRYPTO_INTERNAL_ERROR;
-    for (i = 0; i < pw->len + 1; i++) {
-	hx509_crypto crypto;
-	const char *password;
-
-	if (i < pw->len)
-	    password = pw->val[i];
-	else if (i < pw->len + 1)
-	    password = "";
-	else
-	    password = NULL;
-
-	ret = (*s2k)(context, password, ai->parameters, &crypto, 
-		     &key, &iv, enc_oid, md);
-	if (ret)
-	    goto out;
-
-	ret = hx509_crypto_decrypt(crypto,
-				   econtent->data,
-				   econtent->length,
-				   &iv,
-				   content);
-	hx509_crypto_destroy(crypto);
-	if (ret == 0)
-	    goto out;
-				   
-    }
-out:
-    if (key.data)
-	der_free_octet_string(&key);
-    if (iv.data)
-	der_free_octet_string(&iv);
-    return ret;
-}
-
-/*
- *
- */
-
-
-int
-_hx509_match_keys(hx509_cert c, hx509_private_key private_key)
-{
-    const Certificate *cert;
-    const SubjectPublicKeyInfo *spi;
-    RSAPublicKey pk;
-    RSA *rsa;
-    size_t size;
-    int ret;
-
-    if (private_key->private_key.rsa == NULL)
-	return 0;
-
-    rsa = private_key->private_key.rsa;
-    if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
-	return 0;
-
-    cert = _hx509_get_cert(c);
-    spi = &cert->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	return 0;
-
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	RSA_free(rsa);
-	return 0;
-    }
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    rsa->d = BN_dup(private_key->private_key.rsa->d);
-    rsa->p = BN_dup(private_key->private_key.rsa->p);
-    rsa->q = BN_dup(private_key->private_key.rsa->q);
-    rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
-    rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
-    rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
-
-    if (rsa->n == NULL || rsa->e == NULL || 
-	rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
-	rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
-	RSA_free(rsa);
-	return 0;
-    }
-
-    ret = RSA_check_key(rsa);
-    RSA_free(rsa);
-
-    return ret == 1;
-}
-
-static const heim_oid *
-find_keytype(const hx509_private_key key)
-{
-    const struct signature_alg *md;
-
-    if (key == NULL)
-	return NULL;
-
-    md = find_sig_alg(key->signature_alg);
-    if (md == NULL)
-	return NULL;
-    return (*md->key_oid)();
-}
-
-
-int
-hx509_crypto_select(const hx509_context context,
-		    int type,
-		    const hx509_private_key source,
-		    hx509_peer_info peer,
-		    AlgorithmIdentifier *selected)
-{
-    const AlgorithmIdentifier *def;
-    size_t i, j;
-    int ret, bits;
-
-    memset(selected, 0, sizeof(*selected));
-
-    if (type == HX509_SELECT_DIGEST) {
-	bits = SIG_DIGEST;
-	def = _hx509_crypto_default_digest_alg;
-    } else if (type == HX509_SELECT_PUBLIC_SIG) {
-	bits = SIG_PUBLIC_SIG;
-	/* XXX depend on `source� and `peer� */
-	def = _hx509_crypto_default_sig_alg;
-    } else if (type == HX509_SELECT_SECRET_ENC) {
-	bits = SIG_SECRET;
-	def = _hx509_crypto_default_secret_alg;
-    } else {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "Unknown type %d of selection", type);
-	return EINVAL;
-    }
-
-    if (peer) {
-	const heim_oid *keytype = NULL;
-
-	keytype = find_keytype(source);
-
-	for (i = 0; i < peer->len; i++) {
-	    for (j = 0; sig_algs[j]; j++) {
-		if ((sig_algs[j]->flags & bits) != bits)
-		    continue;
-		if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(), 
-				     &peer->val[i].algorithm) != 0)
-		    continue;
-		if (keytype && sig_algs[j]->key_oid && 
-		    der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
-		    continue;
-
-		/* found one, use that */
-		ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
-		if (ret)
-		    hx509_clear_error_string(context);
-		return ret;
-	    }
-	    if (bits & SIG_SECRET) {
-		const struct hx509cipher *cipher;
-
-		cipher = find_cipher_by_oid(&peer->val[i].algorithm);
-		if (cipher == NULL)
-		    continue;
-		if (cipher->ai_func == NULL)
-		    continue;
-		ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
-		if (ret)
-		    hx509_clear_error_string(context);
-		return ret;
-	    }
-	}
-    }
-
-    /* use default */
-    ret = copy_AlgorithmIdentifier(def, selected);
-    if (ret)
-	hx509_clear_error_string(context);
-    return ret;
-}
-
-int
-hx509_crypto_available(hx509_context context,
-		       int type,
-		       hx509_cert source,
-		       AlgorithmIdentifier **val,
-		       unsigned int *plen)
-{
-    const heim_oid *keytype = NULL;
-    unsigned int len, i;
-    void *ptr;
-    int bits, ret;
-
-    *val = NULL;
-
-    if (type == HX509_SELECT_ALL) {
-	bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
-    } else if (type == HX509_SELECT_DIGEST) {
-	bits = SIG_DIGEST;
-    } else if (type == HX509_SELECT_PUBLIC_SIG) {
-	bits = SIG_PUBLIC_SIG;
-    } else {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "Unknown type %d of available", type);
-	return EINVAL;
-    }
-
-    if (source)
-	keytype = find_keytype(_hx509_cert_private_key(source));
-
-    len = 0;
-    for (i = 0; sig_algs[i]; i++) {
-	if ((sig_algs[i]->flags & bits) == 0)
-	    continue;
-	if (sig_algs[i]->sig_alg == NULL)
-	    continue;
-	if (keytype && sig_algs[i]->key_oid && 
-	    der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
-	    continue;
-
-	/* found one, add that to the list */
-	ptr = realloc(*val, sizeof(**val) * (len + 1));
-	if (ptr == NULL)
-	    goto out;
-	*val = ptr;
-
-	ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
-	if (ret)
-	    goto out;
-	len++;
-    }
-
-    /* Add AES */
-    if (bits & SIG_SECRET) {
-
-	for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
-	
-	    if (ciphers[i].ai_func == NULL)
-		continue;
-
-	    ptr = realloc(*val, sizeof(**val) * (len + 1));
-	    if (ptr == NULL)
-		goto out;
-	    *val = ptr;
-	    
-	    ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
-	    if (ret)
-		goto out;
-	    len++;
-	}
-    }
-
-    *plen = len;
-    return 0;
-
-out:
-    for (i = 0; i < len; i++)
-	free_AlgorithmIdentifier(&(*val)[i]);
-    free(*val);
-    *val = NULL;
-    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-    return ENOMEM;
-}
-
-void
-hx509_crypto_free_algs(AlgorithmIdentifier *val,
-		       unsigned int len)
-{
-    unsigned int i;
-    for (i = 0; i < len; i++)
-	free_AlgorithmIdentifier(&val[i]);
-    free(val);
-}    
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem
deleted file mode 100644
index 2c71932..0000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa
-Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
-YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
-IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
-hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
-12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU
-DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ
-e20sRA==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem
deleted file mode 100644
index 409147bd..0000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa
-Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
-YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
-IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
-hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
-12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2
-4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z
-rHX/kw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
deleted file mode 100644
index 3e73f5d..0000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw
-ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7
-rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg
-QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns
-Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW
-Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed
-ST8AUooI0ey599t84P20gGRuOYIjr7c=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ca.crt b/crypto/heimdal/lib/hx509/data/ca.crt
deleted file mode 100644
index 76fa2c4..0000000
--- a/crypto/heimdal/lib/hx509/data/ca.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIJALeUXoWyGYBYMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV
-BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDcxMTE1MDY1
-ODU2WhcNMTcxMTEyMDY1ODU2WjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg
-Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcvJb
-yJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9Lv4VjQQfltNK0aovyLJa
-UdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7WULaaXxBgHo1owzmhc1Qj
-F9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQABo4GZMIGWMB0GA1UdDgQW
-BBSM5w21xd5phXUsCKHeUxUwnKHoADBaBgNVHSMEUzBRgBSM5w21xd5phXUsCKHe
-UxUwnKHoAKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD
-VQQGEwJTRYIJALeUXoWyGYBYMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G
-CSqGSIb3DQEBBQUAA4GBAIBa6mq1aytlbhixD6q4PROg7P1OGX6nr5CkC96CC+Xp
-5UTLZEVIddkrBswNAAS0p5eEorO8xD9eT5ztZ0oYITymsO1sEIfDLks+LhdBoyF7
-TX24INRwjlqsC8UlbRFoClxIMNhrMwcC3oZ4oLddV2OmA0IOG6yHXvEOQq0sTotr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ca.key b/crypto/heimdal/lib/hx509/data/ca.key
deleted file mode 100644
index 924c52d..0000000
--- a/crypto/heimdal/lib/hx509/data/ca.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDHcvJbyJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9
-Lv4VjQQfltNK0aovyLJaUdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7W
-ULaaXxBgHo1owzmhc1QjF9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQAB
-AoGAcRFgBdpr224eF+JzRganm8rMENBAnutreRUnIL+/ENFd0tBg0EIwtsTvvnzB
-odvEkDxFp+BXT1Y8Grj7rPGeuKq7537J43Go02fSC7z4i3HDhSmv1SXE59hiES4F
-ktyR2D7N+A/RPCckS4JM/zG4ZkucqKg/NnVpbdTpl0P2oSkCQQDoDkPde5vfWeXG
-wmAgm5HPbyEmDBXQMlYDgNd448TmObRpjr0dyyr5zDgFJkOpOmv6WUMUxGILam3k
-hCDqQqHPAkEA3AdgsMafqkR+OJmZT/gIDYb+mU8DFH6+WcUPxk+qbAa8JWg4VD30
-tpOKwZu4an1kExHnsVTqKOoW1cYmtYDuzQJAJ+78gsrYwhDoV9HvVO0wpG/NVozR
-3CgtYSD085rOsYfQojGsHcputNoN8eTp09934Xcm8hXxgWFpU9/hAi9BRQJACKG1
-dlnka56SQRAthoiZcEZqeIM0ALrUJttnOgVoDyLYgLMs+okPr5XsLJo6StsucN0T
-9M36/a3pRWunmxk6xQJBAOaD3sdIMLtGpFFOIQgkNUD9rOqXpi87h3ecmJCuG82w
-B6kRNvpZz33U2FowFQtGBdvUBsbzlRzYDMrWniC6YKc=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/crl1.crl b/crypto/heimdal/lib/hx509/data/crl1.crl
deleted file mode 100644
index 14aecf4..0000000
--- a/crypto/heimdal/lib/hx509/data/crl1.crl
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN X509 CRL-----
-MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
-dCBDQTELMAkGA1UEBhMCU0UXDTA3MTExNTA2NTkwMFoXDTE3MDkyMzA2NTkwMFow
-FDASAgEDFw0wNzExMTUwNjU5MDBaMA0GCSqGSIb3DQEBBQUAA4GBAGYUroSt3oVI
-0mjphSYqtpzDavF6xVM7bQrQEW+ZhzG7VynJdJaPgaJRaEHj9CNlJT1GF5WOY180
-wWuZEqXUV144snZ7YkSdsNOQRSmnHp8Fl6Sjdya3G55FoJHmhZ2JvscyZpb/Vh8N
-NoMICB27iYqCzVlK9NkT5neCmomv/mDn
------END X509 CRL-----
diff --git a/crypto/heimdal/lib/hx509/data/crl1.der b/crypto/heimdal/lib/hx509/data/crl1.der
deleted file mode 100644
index 6d29196..0000000
--- a/crypto/heimdal/lib/hx509/data/crl1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/gen-req.sh b/crypto/heimdal/lib/hx509/data/gen-req.sh
deleted file mode 100644
index 4926399..0000000
--- a/crypto/heimdal/lib/hx509/data/gen-req.sh
+++ /dev/null
@@ -1,316 +0,0 @@
-#!/bin/sh
-# $Id: gen-req.sh 21786 2007-08-01 19:37:45Z lha $
-#
-# This script need openssl 0.9.8a or newer, so it can parse the
-# otherName section for pkinit certificates.
-#
-
-openssl=$HOME/src/openssl/openssl-0.9.8e/apps/openssl
-
-gen_cert()
-{
-	${openssl} req \
-		-new \
-		-subj "$1" \
-		-config openssl.cnf \
-		-newkey rsa:1024 \
-		-sha1 \
-		-nodes \
-		-keyout out.key \
-		-out cert.req > /dev/null 2>/dev/null
-
-        if [ "$3" = "ca" ] ; then
-	    ${openssl} x509 \
-		-req \
-		-days 3650 \
-		-in cert.req \
-		-extfile openssl.cnf \
-		-extensions $4 \
-                -signkey out.key \
-		-out cert.crt
-
-		ln -s ca.crt `${openssl} x509 -hash -noout -in cert.crt`.0
-
-		name=$3
-
-        elif [ "$3" = "proxy" ] ; then
-
-	    ${openssl} x509 \
-		-req \
-		-in cert.req \
-		-days 3650 \
-		-out cert.crt \
-		-CA $2.crt \
-		-CAkey $2.key \
-		-CAcreateserial \
-		-extfile openssl.cnf \
-		-extensions $4
-
-		name=$5
-	else
-
-	    ${openssl} ca \
-		-name $4 \
-		-days 3650 \
-		-cert $2.crt \
-		-keyfile $2.key \
-		-in cert.req \
-		-out cert.crt \
-		-outdir . \
-		-batch \
-		-config openssl.cnf 
-
-		name=$3
-	fi
-
-	mv cert.crt $name.crt
-	mv out.key $name.key
-}
-
-echo "01" > serial
-> index.txt
-rm -f *.0
-
-gen_cert "/CN=hx509 Test Root CA/C=SE" "root" "ca" "v3_ca"
-gen_cert "/CN=OCSP responder/C=SE" "ca" "ocsp-responder" "ocsp"
-gen_cert "/CN=Test cert/C=SE" "ca" "test" "usr"
-gen_cert "/CN=Revoke cert/C=SE" "ca" "revoke" "usr"
-gen_cert "/CN=Test cert KeyEncipherment/C=SE" "ca" "test-ke-only" "usr_ke"
-gen_cert "/CN=Test cert DigitalSignature/C=SE" "ca" "test-ds-only" "usr_ds"
-gen_cert "/CN=pkinit/C=SE" "ca" "pkinit" "pkinit_client"
-gen_cert "/C=SE/CN=pkinit/CN=pkinit-proxy" "pkinit" "proxy" "proxy_cert" pkinit-proxy
-gen_cert "/CN=kdc/C=SE" "ca" "kdc" "pkinit_kdc"
-gen_cert "/CN=www.test.h5l.se/C=SE" "ca" "https" "https"
-gen_cert "/CN=Sub CA/C=SE" "ca" "sub-ca" "subca"
-gen_cert "/CN=Test sub cert/C=SE" "sub-ca" "sub-cert" "usr"
-gen_cert "/C=SE/CN=Test cert/CN=proxy" "test" "proxy" "proxy_cert" proxy-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy/CN=child" "proxy-test" "proxy" "proxy_cert" proxy-level-test
-gen_cert "/C=SE/CN=Test cert/CN=no-proxy" "test" "proxy" "usr_cert" no-proxy-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10" "test" "proxy" "proxy10_cert" proxy10-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child" "proxy10-test" "proxy" "proxy10_cert" proxy10-child-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child/CN=child" "proxy10-child-test" "proxy" "proxy10_cert" proxy10-child-child-test
-
-
-# combine
-cat sub-ca.crt ca.crt > sub-ca-combined.crt
-cat test.crt test.key > test.combined.crt
-cat pkinit-proxy.crt pkinit.crt > pkinit-proxy-chain.crt
-
-# password protected key
-${openssl} rsa -in test.key -aes256 -passout pass:foobar -out test-pw.key
-${openssl} rsa -in pkinit.key -aes256 -passout pass:foo -out pkinit-pw.key
-
-
-${openssl} ca \
-    -name usr \
-    -cert ca.crt \
-    -keyfile ca.key \
-    -revoke revoke.crt \
-    -config openssl.cnf 
-
-${openssl} pkcs12 \
-    -export \
-    -in test.crt \
-    -inkey test.key \
-    -passout pass:foobar \
-    -out test.p12 \
-    -name "friendlyname-test" \
-    -certfile ca.crt \
-    -caname ca
-
-${openssl} pkcs12 \
-    -export \
-    -in sub-cert.crt \
-    -inkey sub-cert.key \
-    -passout pass:foobar \
-    -out sub-cert.p12 \
-    -name "friendlyname-sub-cert" \
-    -certfile sub-ca-combined.crt \
-    -caname sub-ca \
-    -caname ca
-
-${openssl} pkcs12 \
-    -keypbe NONE \
-    -certpbe NONE \
-    -export \
-    -in test.crt \
-    -inkey test.key \
-    -passout pass:foobar \
-    -out test-nopw.p12 \
-    -name "friendlyname-cert" \
-    -certfile ca.crt \
-    -caname ca
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -outform DER \
-    -out test-signed-data
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -noattr \
-    -outform DER \
-    -out test-signed-data-noattr
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -noattr \
-    -nocerts \
-    -outform DER \
-    -out test-signed-data-noattr-nocerts
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-40 \
-    -rc2-40 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-64 \
-    -rc2-64 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-128 \
-    -rc2-128 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-des \
-    -des \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-des-ede3 \
-    -des3 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-aes-128 \
-    -aes128 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-aes-256 \
-    -aes256 \
-    test.crt
-
-echo ocsp requests
-
-${openssl} ocsp \
-    -issuer ca.crt \
-    -cert test.crt \
-    -reqout ocsp-req1.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ocsp.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ca.crt \
-    -rkey ca.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ca.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -resp_no_certs \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ocsp-no-cert.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -resp_key_id \
-    -noverify \
-    -respout ocsp-resp1-keyhash.der
-
-${openssl} ocsp \
-    -issuer ca.crt \
-    -cert revoke.crt \
-    -reqout ocsp-req2.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req2.der \
-    -noverify \
-    -respout ocsp-resp2.der
-
-${openssl} ca \
-    -gencrl \
-    -name usr \
-    -crldays 3600 \
-    -keyfile ca.key \
-    -cert ca.crt \
-    -crl_reason superseded \
-    -out crl1.crl \
-    -config openssl.cnf 
-
-${openssl} crl -in crl1.crl -outform der -out crl1.der
diff --git a/crypto/heimdal/lib/hx509/data/j.pem b/crypto/heimdal/lib/hx509/data/j.pem
deleted file mode 100644
index 45ae8e8..0000000
--- a/crypto/heimdal/lib/hx509/data/j.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEajCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJKUDEN
-MAsGA1UECgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24g
-Rm9yIEpQS0kxETAPBgNVBAsMCEJyaWRnZUNBMB4XDTAzMTIyNzA1MDgxNVoXDTEz
-MTIyNjE0NTk1OVowWjELMAkGA1UEBhMCSlAxDTALBgNVBAoMBEpQS0kxKTAnBgNV
-BAsMIFByZWZlY3R1cmFsIEFzc29jaWF0aW9uIEZvciBKUEtJMREwDwYDVQQLDAhC
-cmlkZ2VDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTnUmg7K3m8
-52vd77kwkq156euwoWm5no8E8kmaTSc7x2RABPpqNTlMKdZ6ttsyYrqREeDkcvPL
-yF7yf/I8+innasNtsytcTAy8xY8Avsbd4JkCGW9dyPjk9pzzc3yLQ64Rx2fujRn2
-agcEVdPCr/XpJygX8FD5bbhkZ0CVoiASBmlHOcC3YpFlfbT1QcpOSOb7o+VdKVEi
-MMfbBuU2IlYIaSr/R1nO7RPNtkqkFWJ1/nKjKHyzZje7j70qSxb+BTGcNgTHa1YA
-UrogKB+UpBftmb4ds+XlkEJ1dvwokiSbCDaWFKD+YD4B2s0bvjCbw8xuZFYGhNyR
-/2D5XfN1s2MCAwEAAaOCATkwggE1MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MG0GA1UdHwRmMGQwYqBgoF6kXDBaMQswCQYDVQQGEwJKUDENMAsGA1UE
-CgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24gRm9yIEpQ
-S0kxETAPBgNVBAsMCEJyaWRnZUNBMIGDBgNVHREEfDB6pHgwdjELMAkGA1UEBhMC
-SlAxJzAlBgNVBAoMHuWFrOeahOWAi+S6uuiqjeiovOOCteODvOODk+OCuTEeMBwG
-A1UECwwV6YO96YGT5bqc55yM5Y2U6K2w5LyaMR4wHAYDVQQLDBXjg5bjg6rjg4Pj
-grjoqo3oqLzlsYAwHQYDVR0OBBYEFNQXMiCqQNkR2OaZmQgLtf8mR8p8MA0GCSqG
-SIb3DQEBBQUAA4IBAQATjJo4reTNPC5CsvAKu1RYT8PyXFVYHbKsEpGt4GR8pDCg
-HEGAiAhHSNrGh9CagZMXADvlG0gmMOnXowriQQixrtpkmx0TB8tNAlZptZWkZC+R
-8TnjOkHrk2nFAEC3ezbdK0R7MR4tJLDQCnhEWbg50rf0wZ/aF8uAaVeEtHXa6W0M
-Xq3dSe0XAcrLbX4zZHQTaWvdpLAIjl6DZ3SCieRMyoWUL+LXaLFdTP5WBCd+No58
-IounD9X4xxze2aeRVaiV/WnQ0OSPNS7n7YXy6xQdnaOU4KRW/Lne1EDf5IfWC/ih
-bVAmhZMbcrkWWcsR6aCPG+2mV3zTD6AUzuKPal8Y
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/kdc.crt b/crypto/heimdal/lib/hx509/data/kdc.crt
deleted file mode 100644
index 7dc3835..0000000
--- a/crypto/heimdal/lib/hx509/data/kdc.crt
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 7 (0x7)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:58 2007 GMT
-            Not After : Nov 12 06:58:58 2017 GMT
-        Subject: C=SE, CN=kdc
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bb:fa:14:24:35:9f:cb:82:91:20:b9:44:ec:4d:
-                    f8:e4:1b:68:3f:6a:4d:d1:56:3e:28:25:6e:ab:aa:
-                    8b:6b:9c:59:ce:67:cc:27:61:4f:ff:18:a5:56:81:
-                    a1:94:c4:33:f9:20:54:e5:1f:5a:47:43:ee:8f:52:
-                    8a:9f:97:6b:73:92:a3:e1:fd:9e:0b:04:36:2b:b2:
-                    72:bd:80:ff:ae:5a:e1:9b:bb:d8:77:c8:fe:f8:3b:
-                    3f:b9:51:56:6e:97:c2:2a:76:ea:56:d8:46:67:45:
-                    33:6f:b1:74:cf:2b:dd:11:32:1f:d7:a9:e9:2a:e2:
-                    0f:a8:dd:b1:94:85:87:dd:b5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                pkkdcekuoid
-            X509v3 Subject Key Identifier: 
-                51:75:26:1A:E0:16:0F:69:A8:B4:98:80:EB:C8:49:A6:D0:C6:24:C1
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:f7:7c:cf:2d:87:aa:93:49:b1:05:2a:ea:ee:75:97:22:02:
-        5a:a1:2c:e3:e1:9d:be:48:0c:75:26:e0:84:f0:2a:90:5a:15:
-        dd:7c:58:65:ab:79:05:85:40:54:35:e1:57:58:96:aa:32:68:
-        f2:bd:cc:b5:9a:1c:f5:d7:49:01:44:ce:fc:22:55:3c:86:d6:
-        c2:ed:46:e6:dc:a7:c5:48:3f:ac:0c:10:ba:b9:e2:e8:78:37:
-        79:f7:d5:da:c0:8e:74:09:64:ff:bb:36:24:d4:c7:4d:c3:93:
-        c2:d7:3a:32:97:b9:e1:79:ea:82:3a:42:69:ec:e4:ec:48:d5:
-        3f:90
------BEGIN CERTIFICATE-----
-MIICVDCCAb2gAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OFoXDTE3
-MTExMjA2NTg1OFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAu/oUJDWfy4KRILlE7E345BtoP2pN0VY+KCVu
-q6qLa5xZzmfMJ2FP/xilVoGhlMQz+SBU5R9aR0Puj1KKn5drc5Kj4f2eCwQ2K7Jy
-vYD/rlrhm7vYd8j++Ds/uVFWbpfCKnbqVthGZ0Uzb7F0zyvdETIf16npKuIPqN2x
-lIWH3bUCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE
-CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBRRdSYa4BYPaai0mIDryEmm0MYkwTBIBgNV
-HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV
-GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAHr3fM8th6qT
-SbEFKurudZciAlqhLOPhnb5IDHUm4ITwKpBaFd18WGWreQWFQFQ14VdYlqoyaPK9
-zLWaHPXXSQFEzvwiVTyG1sLtRubcp8VIP6wMELq54uh4N3n31drAjnQJZP+7NiTU
-x03Dk8LXOjKXueF56oI6Qmns5OxI1T+Q
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/kdc.key b/crypto/heimdal/lib/hx509/data/kdc.key
deleted file mode 100644
index 01fca65..0000000
--- a/crypto/heimdal/lib/hx509/data/kdc.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC7+hQkNZ/LgpEguUTsTfjkG2g/ak3RVj4oJW6rqotrnFnOZ8wn
-YU//GKVWgaGUxDP5IFTlH1pHQ+6PUoqfl2tzkqPh/Z4LBDYrsnK9gP+uWuGbu9h3
-yP74Oz+5UVZul8IqdupW2EZnRTNvsXTPK90RMh/Xqekq4g+o3bGUhYfdtQIDAQAB
-AoGBAJXwJO65A0v+SqqyfSKME1JH9kBXF9k5lHzLVtqBP5JHdW7pZnOm8HtG+mLl
-JbCXS+mUe4MDHiyoJ/qUWVRxIFgBBEQpaYxdyW8d+SpCnR53hBa3t0yxr3yZ0XCc
-u4lkKaCCQM5aPZqlbEkyR0Hm+lXPKbW+Sgm18fm2zPJ/2EXhAkEA8RO+dydMR7LV
-8PdOvMkENwwnkUQTI3YjoRy0yV9UV+x3JDdBufOOjObrXIg/jDkg3PyOE5JBo/EZ
-u1OyFFbyPQJBAMec4B3+ZyOPeH1OodSWfL/0AFCSZyOs1UgEC7vorMJ8i0eHDIsT
-Uie1xNlrfrjnXTvMG7woFZOvNXBJkxCXKNkCQQCyMX/lnxyZGq1csdB3ZrZA4jEV
-BRaIbbikTA2tk1NKsjTWhimFA2xo5f8upF8kjM2nyt5RxRfT0FDO0Gye8C2ZAkBq
-CJYwuJwXErZBcgya/dmEqduk8TAijkO5fpSxG7bxlPDzbPSnx/qjJ3ZKvERTemtX
-QWQWPgDAM5kibaLWdEV5AkAJn7iP495Cbac0y3zihgK/M70M9y1WB0TbumpTVpg2
-taw3NwTjQlGnFj64dJIj+hgCOGYJ7H1Gt7JOi10NRtbd
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/key.der b/crypto/heimdal/lib/hx509/data/key.der
deleted file mode 100644
index e7c665e..0000000
--- a/crypto/heimdal/lib/hx509/data/key.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/key2.der b/crypto/heimdal/lib/hx509/data/key2.der
deleted file mode 100644
index fe3f413..0000000
--- a/crypto/heimdal/lib/hx509/data/key2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/nist-data b/crypto/heimdal/lib/hx509/data/nist-data
deleted file mode 100644
index 80333bb..0000000
--- a/crypto/heimdal/lib/hx509/data/nist-data
+++ /dev/null
@@ -1,91 +0,0 @@
-# $Id: nist-data 21917 2007-08-16 13:54:25Z lha $
-# id verify cert hxtool-verify-arguments...
-# p(ass) f(ail)
-# Those id's that end with i are invariants of the orignal test
-#
-# 4.1 Signature Verification
-#
-4.1.1   p ValidCertificatePathTest1EE.crt GoodCACert.crt GoodCACRL.crl
-4.1.2   f InvalidCASignatureTest2EE.crt BadSignedCACert.crt BadSignedCACRL.crl
-4.1.3   f InvalidEESignatureTest3EE.crt GoodCACert.crt GoodCACRL.crl
-#4.1.4	p ValidDSASignaturesTest4EE.crt DSACACert.crt DSACACRL.crl
-#4.1.5	p ValidDSAParameterInheritanceTest5EE.crl DSAParametersInheritedCACert.crt DSAParametersInheritedCACRL.crl DSACACert.crt DSACACRL.crl
-#4.1.6	f InvalidDSASignaturesTest6EE.crt DSACACert.crt DSACACRL.crl
-#
-# 4.2 Validity Periods
-#
-4.2.1   f InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt BadnotBeforeDateCACRL.crl
-4.2.2   f InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.3   p Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.4   p ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.5   f InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt BadnotAfterDateCACRL.crl
-4.2.6   f InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.7   f Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt GoodCACRL.crl
-#4.2.8   p ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt GoodCACRL.crl
-#
-# 4.4 CRtests
-#
-4.4.1   f InvalidMissingCRLTest1EE.crt NoCRLCACert.crt
-4.4.1i  p InvalidMissingCRLTest1EE.crt --missing-revoke NoCRLCACert.crt
-4.4.2   f InvalidRevokedEETest3EE.crt GoodCACert.crt InvalidRevokedCATest2EE.crt GoodCACRL.crl RevokedsubCACRL.crl
-4.4.2i  p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt InvalidRevokedCATest2EE.crt
-4.4.3   f InvalidRevokedEETest3EE.crt GoodCACert.crt GoodCACRL.crl
-4.4.3i  p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt
-4.4.4   f InvalidBadCRLSignatureTest4EE.crt BadCRLSignatureCACert.crt BadCRLSignatureCACRL.crl
-4.4.4i  p InvalidBadCRLSignatureTest4EE.crt --missing-revoke BadCRLSignatureCACert.crt
-4.4.5   f InvalidBadCRLIssuerNameTest5EE.crt BadCRLIssuerNameCACert.crt BadCRLIssuerNameCACRL.crl
-4.4.5i  p InvalidBadCRLIssuerNameTest5EE.crt --missing-revoke BadCRLIssuerNameCACert.crt
-4.4.6   f InvalidWrongCRLTest6EE.crt WrongCRLCACert.crt WrongCRLCACRL.crl
-4.4.7   p ValidTwoCRLsTest7EE.crt TwoCRLsCACert.crt TwoCRLsCAGoodCRL.crl TwoCRLsCABadCRL.crl
-4.4.8   f InvalidUnknownCRLEntryExtensionTest8EE.crt UnknownCRLEntryExtensionCACert.crt UnknownCRLEntryExtensionCACRL.crl
-4.4.9   f InvalidUnknownCRLExtensionTest9EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
-4.4.10  f InvalidUnknownCRLExtensionTest10EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
-4.4.11  f InvalidOldCRLnextUpdateTest11EE.crt OldCRLnextUpdateCACert.crt OldCRLnextUpdateCACRL.crl 
-4.4.12  f Invalidpre2000CRLnextUpdateTest12EE.crt pre2000CRLnextUpdateCACert.crt pre2000CRLnextUpdateCACRL.crl
-#4.4.13-xxx s ValidGeneralizedTimeCRLnextUpdateTest13EE.crt GeneralizedTimeCRLnextUpdateCACert.crt GeneralizedTimeCRLnextUpdateCACRL.crl
-4.4.14  p ValidNegativeSerialNumberTest14EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
-4.4.15  f InvalidNegativeSerialNumberTest15EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
-4.4.16  p ValidLongSerialNumberTest16EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-4.4.17  p ValidLongSerialNumberTest17EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-4.4.18  f InvalidLongSerialNumberTest18EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-#
-#
-# 4.8 Ceificate Policies
-incomplete4.8.2 p AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt NoPoliciesCACRL.crl
-incomplete4.8.10 p AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt PoliciesP12CACRL.crl
-incomplete4.8.13 p AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt PoliciesP123CACRL.crl
-incomplete4.8.11 p AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
-unknown p AnyPolicyTest14EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
-unknown f BadSignedCACert.crt
-unknown f BadnotAfterDateCACert.crt
-unknown f BadnotBeforeDateCACert.crt
-#
-# 4.13 Name Constraints
-#
-4.13.1   p ValidDNnameConstraintsTest1EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.2   f InvalidDNnameConstraintsTest2EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.3   f InvalidDNnameConstraintsTest3EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.4   p ValidDNnameConstraintsTest4EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.5   p ValidDNnameConstraintsTest5EE.crt nameConstraintsDN2CACert.crt nameConstraintsDN2CACRL.crl
-4.13.6   p ValidDNnameConstraintsTest6EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.7   f InvalidDNnameConstraintsTest7EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.8   f InvalidDNnameConstraintsTest8EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
-4.13.9   f InvalidDNnameConstraintsTest9EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
-4.13.10   f InvalidDNnameConstraintsTest10EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
-4.13.11   p ValidDNnameConstraintsTest11EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
-4.13.12   f InvalidDNnameConstraintsTest12EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.13   f InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.14   p ValidDNnameConstraintsTest14EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.15   f InvalidDNnameConstraintsTest15EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.16   f InvalidDNnameConstraintsTest16EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.17   f InvalidDNnameConstraintsTest17EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.18   p ValidDNnameConstraintsTest18EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-#
-# no crl for self issued cert
-#
-#4.13.19   p ValidDNnameConstraintsTest19EE.crt nameConstraintsDN1SelfIssuedCACert.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-# ??
-4.13.20   f InvalidDNnameConstraintsTest20EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-#4.13.21   p ValidRFC822nameConstraintsTest21EE.crt nameConstraintsRFC822CA1Cert.crt nameConstraintsRFC822CA1CRL.crl
-#page 74
-end
diff --git a/crypto/heimdal/lib/hx509/data/nist-data2 b/crypto/heimdal/lib/hx509/data/nist-data2
deleted file mode 100644
index 491beac..0000000
--- a/crypto/heimdal/lib/hx509/data/nist-data2
+++ /dev/null
@@ -1,291 +0,0 @@
-# 4.1.1 Valid Signatures Test1 - Validate Successfully
-0 ValidCertificatePathTest1EE.crt
-# 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate
-1 InvalidCASignatureTest2EE.crt
-# 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate
-1 InvalidEESignatureTest3EE.crt
-# 4.1.4 Valid DSA Signatures Test4 - Reject - Application can not process DSA signatures
-1 ValidDSASignaturesTest4EE.crt
-# 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is after the current date
-1 InvalidCAnotBeforeDateTest1EE.crt
-# 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is after the current date
-1 InvalidEEnotBeforeDateTest2EE.crt
-# 4.2.3 Valid pre2000 UTC notBefore Date Test3 - Validate Successfully
-0 Validpre2000UTCnotBeforeDateTest3EE.crt
-# 4.2.4 Valid GeneralizedTime notBefore Date Test4 - Validate Successfully
-0 ValidGeneralizedTimenotBeforeDateTest4EE.crt
-# 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is before the current date
-1 InvalidCAnotAfterDateTest5EE.crt
-# 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before the current date
-1 InvalidEEnotAfterDateTest6EE.crt
-# 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the current date
-1 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
-# 4.2.8 Valid GeneralizedTime notAfter Date Test8 - Validate Successfully
-0 ValidGeneralizedTimenotAfterDateTest8EE.crt
-# 4.3.1 Invalid Name Chaining EE Test1 - Reject - names do not chain
-1 InvalidNameChainingTest1EE.crt
-# 4.3.2 Invalid Name Chaining Order Test2 - Reject - names do not chain
-1 InvalidNameChainingOrderTest2EE.crt
-# 4.3.3 Valid Name Chaining Whitespace Test3 - Validate Successfully
-0 ValidNameChainingWhitespaceTest3EE.crt
-# 4.3.4 Valid Name Chaining Whitespace Test4 - Validate Successfully
-0 ValidNameChainingWhitespaceTest4EE.crt
-# 4.3.5 Valid Name Chaining Capitalization Test5 - Validate Successfully
-0 ValidNameChainingCapitalizationTest5EE.crt
-# 4.3.6 Valid Name Chaining UIDs Test6 - Validate Successfully
-0 ValidNameUIDsTest6EE.crt
-# 4.3.9 Valid UTF8String Encoded Names Test9 - Validate Successfully
-0 ValidUTF8StringEncodedNamesTest9EE.crt
-# 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidMissingCRLTest1EE.crt
-# 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked.
-2 InvalidRevokedCATest2EE.crt
-# 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked
-2 InvalidRevokedEETest3EE.crt
-# 4.4.4. Invalid Bad CRL Signature Test4 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidBadCRLSignatureTest4EE.crt
-# 4.4.5 Invalid Bad CRL Issuer Name Test5 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidBadCRLIssuerNameTest5EE.crt
-# 4.4.6 Invalid Wrong CRL Test6 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidWrongCRLTest6EE.crt
-# 4.4.7 Valid Two CRLs Test7 - Validate Successfully
-0 ValidTwoCRLsTest7EE.crt
-# 4.4.8 Invalid Unknown CRL Entry Extension Test8 - Reject - the end entity certificate has been revoked
-2 InvalidUnknownCRLEntryExtensionTest8EE.crt
-# 4.4.9 Invalid Unknown CRL Extension Test9 - Reject - the end entity certificate has been revoked
-2 InvalidUnknownCRLExtensionTest9EE.crt
-# 4.4.10 Invalid Unknown CRL Extension Test10 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidUnknownCRLExtensionTest10EE.crt
-# 4.4.11 Invalid Old CRL nextUpdate Test11 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidOldCRLnextUpdateTest11EE.crt
-# 4.4.12 Invalid pre2000 CRL nextUpdate Tesst12 - Reject or Warn - status of end entity certificate can not be determined
-3 Invalidpre2000CRLnextUpdateTest12EE.crt
-# 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 - Validate Successfully
-0 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
-# 4.4.14 Valid Negative Serial Number Test14 - Validate Successfully
-0 ValidNegativeSerialNumberTest14EE.crt
-# 4.4.15 Invalid Negative Serial Number Test15 - Reject - the end entity certificate has been revoked
-2 InvalidNegativeSerialNumberTest15EE.crt
-# 4.4.16 Valid Long Serial Number Test16 - Validate Successfully
-0 ValidLongSerialNumberTest16EE.crt
-# 4.4.17 Valid Long Serial Number Test17 - Validate Successfully
-0 ValidLongSerialNumberTest17EE.crt
-# 4.4.18 Invalid Long Serial Number Test18 - Reject - the end entity certificate has been revoked
-2 InvalidLongSerialNumberTest18EE.crt
-# 4.4.19 Valid Separate Certificate and CRL Keys Test19 - Validate Successfully
-0 ValidSeparateCertificateandCRLKeysTest19EE.crt
-# 4.4.20 Invalid Separate Certificate and CRL Keys Test20 - Reject - the end entity certificate has been revoked
-2 InvalidSeparateCertificateandCRLKeysTest20EE.crt
-# 4.4.21 Invalid Separate Certificate and CRL Keys Test21 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidSeparateCertificateandCRLKeysTest21EE.crt
-# 4.5.1 Valid Basic Self-Issued Old With New Test1 - Validate Successfully
-0 ValidBasicSelfIssuedOldWithNewTest1EE.crt
-# 4.5.2 Invalid Basic Self-Issued Old With New Test2 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
-# 4.5.3 Valid Basic Self-Issued New With Old Test3 - Validate Successfully
-0 ValidBasicSelfIssuedNewWithOldTest3EE.crt
-# 4.5.4 Valid Basic Self-Issued New With Old Test4 - Validate Successfully
-0 ValidBasicSelfIssuedNewWithOldTest4EE.crt
-# 4.5.5 Invalid Basic Self-Issued New With Old Test5 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
-# 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 - Validate Successfully
-0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
-# 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
-# 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 - Reject - invalid certification path
-1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
-# 4.6.1 Invalid Missing basicConstraints Test1 - Reject - invalid certification path
-1 InvalidMissingbasicConstraintsTest1EE.crt
-# 4.6.2 Invalid cA False Test2 - Reject - invalid certification path
-1 InvalidcAFalseTest2EE.crt
-# 4.6.3 Invalid cA False Test3 - Reject - invalid certification path
-1 InvalidcAFalseTest3EE.crt
-# 4.6.4 Valid basicConstraints Not Critical Test4 - Validate Successfully
-0 ValidbasicConstraintsNotCriticalTest4EE.crt
-# 4.6.5 Invalid pathLenConstraint Test5 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest5EE.crt
-# 4.6.6 Invalid pathLenConstraint Test6 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest6EE.crt
-# 4.6.7 Valid pathLenConstraint Test7 - Validate Successfully
-0 ValidpathLenConstraintTest7EE.crt
-# 4.6.8 Valid pathLenConstraint Test8 - Validate Successfully
-0 ValidpathLenConstraintTest8EE.crt
-# 4.6.9 Invalid pathLenConstraint Test9 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest9EE.crt
-# 4.6.10 Invalid pathLenConstraint Test10 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest10EE.crt
-# 4.6.11 Invalid pathLenConstraint Test11 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest11EE.crt
-# 4.6.12 Invalid pathLenConstraint Test12 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest12EE.crt
-# 4.6.13 Valid pathLenConstraint Test13 - Validate Successfully
-0 ValidpathLenConstraintTest13EE.crt
-# 4.6.14 Valid pathLenConstraint Test14 - Validate Successfully
-0 ValidpathLenConstraintTest14EE.crt
-# 4.6.15 Valid Self-Issued pathLenConstraint Test15 - Validate Successfully
-0 ValidSelfIssuedpathLenConstraintTest15EE.crt
-# 4.6.16 Invalid Self-Issued pathLenConstraint Test16 - Reject - invalid certification path
-1 InvalidSelfIssuedpathLenConstraintTest16EE.crt
-# 4.6.17 Valid Self-Issued pathLenConstraint Test17 - Validate Successfully
-0 ValidSelfIssuedpathLenConstraintTest17EE.crt
-# 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 - Reject - invalid certification path
-1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
-# 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 - Reject - invalid certification path
-1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
-# 4.7.3 Valid keyUsage Not Critical Test3 - Validate Successfully
-0 ValidkeyUsageNotCriticalTest3EE.crt
-# 4.7.4 Invalid keyUsage Critical cRLSign False Test4 - Reject - invalid certification path
-1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
-# 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 - Reject - invalid certification path
-1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
-0 UserNoticeQualifierTest19EE.crt
-# 4.10.1 Valid Policy Mapping Test1, subtest 1 - Reject - unrecognized critical extension [Test using the default settings (i.e., <i>initial-policy-set</i> = <i>any-policy</i>)
-1 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
-# 4.11.2 Valid inhibitPolicyMapping Test2 - Reject - unrecognized critical extension
-1 ValidinhibitPolicyMappingTest2EE.crt
-# 4.12.2 Valid inhibitAnyPolicy Test2 - Reject - unrecognized critical extension
-1 ValidinhibitAnyPolicyTest2EE.crt
-# 4.13.1 Valid DN nameConstraints Test1 - Validate Successfully
-0 ValidDNnameConstraintsTest1EE.crt
-# 4.13.2 Invalid DN nameConstraints Test2 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest2EE.crt
-# 4.13.3 Invalid DN nameConstraints Test3 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest3EE.crt
-# 4.13.4 Valid DN nameConstraints Test4 - Validate Successfully
-0 ValidDNnameConstraintsTest4EE.crt
-# 4.13.5 Valid DN nameConstraints Test5 - Validate Successfully
-0 ValidDNnameConstraintsTest5EE.crt
-# 4.13.6 Valid DN nameConstraints Test6 - Validate Successfully
-0 ValidDNnameConstraintsTest6EE.crt
-# 4.13.7 Invalid DN nameConstraints Test7 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest7EE.crt
-# 4.13.8 Invalid DN nameConstraints Test8 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest8EE.crt
-# 4.13.9 Invalid DN nameConstraints Test9 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest9EE.crt
-# 4.13.10 Invalid DN nameConstraints Test10 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest10EE.crt
-# 4.13.11 Valid DN nameConstraints Test11 - Validate Successfully
-0 ValidDNnameConstraintsTest11EE.crt
-# 4.13.12 Invalid DN nameConstraints Test12 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest12EE.crt
-# 4.13.13 Invalid DN nameConstraints Test13 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest13EE.crt
-# 4.13.14 Valid DN nameConstraints Test14 - Validate Successfully
-0 ValidDNnameConstraintsTest14EE.crt
-# 4.13.15 Invalid DN nameConstraints Test15 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest15EE.crt
-# 4.13.16 Invalid DN nameConstraints Test16 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest16EE.crt
-# 4.13.17 Invalid DN nameConstraints Test17 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest17EE.crt
-# 4.13.18 Valid DN nameConstraints Test18 - Validate Successfully
-0 ValidDNnameConstraintsTest18EE.crt
-# 4.13.19 Valid Self-Issued DN nameConstraints Test19 - Validate Successfully
-0 ValidDNnameConstraintsTest19EE.crt
-# 4.13.20 Invalid Self-Issued DN nameConstraints Test20 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest20EE.crt
-# 4.13.21 Valid RFC822 nameConstraints Test21 - Validate Successfully
-0 ValidRFC822nameConstraintsTest21EE.crt
-# 4.13.22 Invalid RFC822 nameConstraints Test22 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest22EE.crt
-# 4.13.23 Valid RFC822 nameConstraints Test23 - Validate Successfully
-0 ValidRFC822nameConstraintsTest23EE.crt
-# 4.13.24 Invalid RFC822 nameConstraints Test24 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest24EE.crt
-# 4.13.25 Valid RFC822 nameConstraints Test25 - Validate Successfully
-0 ValidRFC822nameConstraintsTest25EE.crt
-# 4.13.26 Invalid RFC822 nameConstraints Test26 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest26EE.crt
-# 4.13.27 Valid DN and  RFC822 nameConstraints Test27 - Validate Successfully
-0 ValidDNandRFC822nameConstraintsTest27EE.crt
-# 4.13.28 Invalid DN and  RFC822 nameConstraints Test28 - Reject - name constraints violation
-1 InvalidDNandRFC822nameConstraintsTest28EE.crt
-# 4.13.29 Invalid DN and  RFC822 nameConstraints Test29 - Reject - name constraints violation
-1 InvalidDNandRFC822nameConstraintsTest29EE.crt
-# 4.13.30 Valid DNS nameConstraints Test30 - Validate Successfully
-0 ValidDNSnameConstraintsTest30EE.crt
-# 4.13.31 Invalid DNS nameConstraints Test31 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest31EE.crt
-# 4.13.32 Valid DNS nameConstraints Test32 - Validate Successfully
-0 ValidDNSnameConstraintsTest32EE.crt
-# 4.13.33 Invalid DNS nameConstraints Test33 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest33EE.crt
-# 4.13.34 Valid URI nameConstraints Test34 - Validate Successfully
-0 ValidURInameConstraintsTest34EE.crt
-# 4.13.35 Invalid URI nameConstraints Test35 - Reject - name constraints violation
-1 InvalidURInameConstraintsTest35EE.crt
-# 4.13.36 Valid URI nameConstraints Test36 - Validate Successfully
-0 ValidURInameConstraintsTest36EE.crt
-# 4.13.37 Invalid URI nameConstraints Test37 - Reject - name constraints violation
-1 InvalidURInameConstraintsTest37EE.crt
-# 4.13.38 Invalid DNS nameConstraints Test38 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest38EE.crt
-# 4.14.1 Valid distributionPoint Test1 - Validate Successfully
-0 ValiddistributionPointTest1EE.crt
-# 4.14.2 Invalid distributionPoint Test2 - Reject - end entity certificate has been revoked
-2 InvaliddistributionPointTest2EE.crt
-# 4.14.3 Invalid distributionPoint Test3 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest3EE.crt
-# 4.14.4 Valid distributionPoint Test4 - Validate Successfully
-0 ValiddistributionPointTest4EE.crt
-# 4.14.5 Valid distributionPoint Test5 - Validate Successfully
-0 ValiddistributionPointTest5EE.crt
-# 4.14.6 Invalid distributionPoint Test6 - Reject - end entity certificate has been revoked
-2 InvaliddistributionPointTest6EE.crt
-# 4.14.7 Valid distributionPoint Test7 - Validate Successfully
-0 ValiddistributionPointTest7EE.crt
-# 4.14.8 Invalid distributionPoint Test8 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest8EE.crt
-# 4.14.9 Invalid distributionPoint Test9 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest9EE.crt
-# 4.14.10 Valid No issuingDistributionPoint Test10 - Validate Successfully
-0 ValidNoissuingDistributionPointTest10EE.crt
-# 4.14.11 Invalid onlyContainsUserCerts CRL Test11 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsUserCertsTest11EE.crt
-# 4.14.12 Invalid onlyContainsCACerts CRL Test12 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsCACertsTest12EE.crt
-# 4.14.13 Valid onlyContainsCACerts CRL Test13 - Validate Successfully
-0 ValidonlyContainsCACertsTest13EE.crt
-# 4.14.14 Invalid onlyContainsAttributeCerts Test14 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsAttributeCertsTest14EE.crt
-# 4.14.15 Invalid onlySomeReasons Test15 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest15EE.crt
-# 4.14.16 Invalid onlySomeReasons Test16 - Reject - end entity certificate is on hold
-2 InvalidonlySomeReasonsTest16EE.crt
-# 4.14.17 Invalid onlySomeReasons Test17 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlySomeReasonsTest17EE.crt
-# 4.14.18 Valid onlySomeReasons Test18 - Validate Successfully
-0 ValidonlySomeReasonsTest18EE.crt
-# 4.14.19 Valid onlySomeReasons Test19 - Validate Successfully
-0 ValidonlySomeReasonsTest19EE.crt
-# 4.14.20 Invalid onlySomeReasons Test20 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest20EE.crt
-# 4.14.21 Invalid onlySomeReasons Test21 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest21EE.crt
-# 4.14.24 Valid IDP with indirectCRL Test24 - Reject or Warn - status of end entity certificate can not be determined
-3 ValidIDPwithindirectCRLTest24EE.crt
-# 4.15.1 Invalid deltaCRLIndicator No Base Test1 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
-# 4.15.2 Valid delta-CRL Test2 - Validate Successfully
-0 ValiddeltaCRLTest2EE.crt
-# 4.15.3 Invalid delta-CRL Test3 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest3EE.crt
-# 4.15.4 Invalid delta-CRL Test4 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest4EE.crt
-# 4.15.5 Valid delta-CRL Test5 - Validate Successfully
-0 ValiddeltaCRLTest5EE.crt
-# 4.15.6 Invalid delta-CRL Test6 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest6EE.crt
-# 4.15.7 Valid delta-CRL Test7 - Validate Successfully
-0 ValiddeltaCRLTest7EE.crt
-# 4.15.8 Valid delta-CRL Test8 - Validate Successfully
-0 ValiddeltaCRLTest8EE.crt
-# 4.15.9 Invalid delta-CRL Test9 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest9EE.crt
-# 4.15.10 Invalid delta-CRL Test10 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddeltaCRLTest10EE.crt
-# 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 - Validate Successfully
-0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
-# 4.16.2 Invalid Unknown Critical Certificate Extension Test2 - Reject - unrecognized critical extension
-1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt b/crypto/heimdal/lib/hx509/data/no-proxy-test.crt
deleted file mode 100644
index d57802e..0000000
--- a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICDDCCAXWgAwIBAgIJAI8UaHGQmUvOMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
-MTEyMDY1ODU5WjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw
-DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvF58
-Sgq1QTZwsXyFvMTo2Iit/NLZupuIlJgctZJ51EOaFBmTfqt/PgxQKmgqQhgFW+HT
-8WPdvvfUxjwe4BiIORYoCX8pl/wGFCa70zUC7/5IoMmhb9XBrecOxswRNK8EvGhF
-67z2uDUS4LASuy7ng8HSuAM0PCHYnGmqeYrR6jUCAwEAAaM5MDcwCQYDVR0TBAIw
-ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJ+WD/mqMrbcBts4x0tXv0CflIcZMA0G
-CSqGSIb3DQEBBQUAA4GBAEAODiL2ZL2ZhkklFbHXSg/ZEkUs1Oewpg+bDO6xjute
-hnarKTrWFWiSgQ9yhZMa8klaNCdHjDo0Q5borQeVzp027cemLdnLyxusSuIJRqy+
-mZtNl7533q+oKWydZtvNmXRlGi5HmJV5JAjEXbadqUnlRJ/CdN1WvdwLWfvbW5DL
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.key b/crypto/heimdal/lib/hx509/data/no-proxy-test.key
deleted file mode 100644
index 1c47937..0000000
--- a/crypto/heimdal/lib/hx509/data/no-proxy-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC8XnxKCrVBNnCxfIW8xOjYiK380tm6m4iUmBy1knnUQ5oUGZN+
-q38+DFAqaCpCGAVb4dPxY92+99TGPB7gGIg5FigJfymX/AYUJrvTNQLv/kigyaFv
-1cGt5w7GzBE0rwS8aEXrvPa4NRLgsBK7LueDwdK4AzQ8Idicaap5itHqNQIDAQAB
-AoGBAJt0CnR8U8tGp0gCMMhxZIvWeGfOhnr3AodG5WJ/SGWBiLWPyeZel7rYJIxq
-vH0hH8MNIoDy3rxMAN+8G+rqs/elE8zeYv8FCP4jahz+HPKeJIjFm1MBOHZQspq7
-Y4OfoBH+EgqJjBRxuBIeCUqVhyluSsYHQFihurp3a76dHvxBAkEA7c4KjJ6mka9C
-9X+Tp2EKW+h8npEEXbLIvHet9p0pzD5PhE2aVvSEAXEqxdbuFAb4LVApUdd4Quec
-PXa0EOF7UQJBAMrIIV317rGPlmEXqt681KkHo30C2e6SpM6by42r+csTs+6KDZdf
-uDWZKb4o9bLTj+A0LC73ySESv4PlGC+8v6UCQEIRnJy091JCfzf12fAG5fni/byQ
-TcY6hcrW9V4vDA3SwgTgCqFeDc7Ywil1LXAi/5CXVOOIGcF818u7zwthmgECQCm+
-Rvgjr05IA6nbCGavsotVMjeCxcAR2fFaKu3wEAzY8npRWvjlUHNgIzKtFd8JJB4A
-P3Qvt+yiAmCxYWg6T60CQHvGW0M/usmQXEGWMx+KCkm71UKcKCxDEKzZ8mI3jQ3H
-b6Whs1NdsQJwIEXHB2Sb2GmTIlFjXczw7fp/ub3Dx84=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req1.der b/crypto/heimdal/lib/hx509/data/ocsp-req1.der
deleted file mode 100644
index 869a7dc..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-req1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req2.der b/crypto/heimdal/lib/hx509/data/ocsp-req2.der
deleted file mode 100644
index c1481e1..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-req2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der
deleted file mode 100644
index 98d88e4..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der
deleted file mode 100644
index 4c65016..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der
deleted file mode 100644
index 2450168..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der
deleted file mode 100644
index 19cf6c8..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
deleted file mode 100644
index 460b5f7..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der
deleted file mode 100644
index 87173ff..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1.der
deleted file mode 100644
index 8546eba..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp2.der
deleted file mode 100644
index 0ba588a..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt b/crypto/heimdal/lib/hx509/data/ocsp-responder.crt
deleted file mode 100644
index fb55a8a..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt
+++ /dev/null
@@ -1,56 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=OCSP responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d9:10:2f:04:de:99:10:61:02:ff:4e:b5:54:6f:
-                    98:80:70:fb:a1:e0:97:ee:a9:0f:74:47:a9:8c:a5:
-                    86:ff:b8:ea:80:d9:ae:45:07:bd:33:93:e2:f4:f1:
-                    dd:dc:86:6e:9a:6c:b7:67:11:50:ad:9c:b0:0f:68:
-                    5d:4d:74:2a:24:4e:5e:c6:c0:9e:6a:a2:ed:80:31:
-                    d9:ac:79:c7:09:07:1f:9c:c3:12:33:88:72:9d:99:
-                    c5:f4:fd:c6:a1:9f:09:04:e0:7d:b0:ed:1f:91:4c:
-                    8e:de:9b:6d:7d:cb:2e:83:32:0e:32:57:f1:16:07:
-                    ed:69:fc:0e:a8:2a:ad:82:9d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                OCSP No Check, OCSP Signing
-            X509v3 Subject Key Identifier: 
-                9C:BE:33:AF:C2:52:C6:F2:46:5F:A8:67:71:02:F1:70:4B:A7:B7:14
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:c5:8e:d6:dc:ba:e3:77:da:66:2b:be:c4:a6:4c:b0:30:6d:
-        fd:26:3d:8d:1d:ad:c5:8c:88:61:86:0a:da:48:e8:39:cf:c5:
-        83:98:e7:f9:ff:92:a7:ba:fe:b4:b4:6c:bb:84:17:fd:e3:71:
-        9e:a7:39:af:d3:08:0b:1f:05:29:cf:ef:e4:3c:82:7e:ee:aa:
-        4a:19:3b:17:e6:e9:2d:b4:f7:4f:e2:f3:6b:04:20:58:42:fa:
-        e2:b6:d4:80:c4:db:22:32:ce:cb:59:23:8b:df:ba:87:bb:bf:
-        4e:ea:b0:1e:7a:73:b4:c9:06:aa:f1:59:cf:d3:28:db:d2:6c:
-        a0:dd
------BEGIN CERTIFICATE-----
-MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u
-ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZEC8E3pkQYQL/TrVUb5iA
-cPuh4JfuqQ90R6mMpYb/uOqA2a5FB70zk+L08d3chm6abLdnEVCtnLAPaF1NdCok
-Tl7GwJ5qou2AMdmseccJBx+cwxIziHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6D
-Mg4yV/EWB+1p/A6oKq2CnQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF
-4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBScvjOv
-wlLG8kZfqGdxAvFwS6e3FDANBgkqhkiG9w0BAQUFAAOBgQCLxY7W3Lrjd9pmK77E
-pkywMG39Jj2NHa3FjIhhhgraSOg5z8WDmOf5/5Knuv60tGy7hBf943Gepzmv0wgL
-HwUpz+/kPIJ+7qpKGTsX5ukttPdP4vNrBCBYQvrittSAxNsiMs7LWSOL37qHu79O
-6rAeenO0yQaq8VnP0yjb0myg3Q==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.key b/crypto/heimdal/lib/hx509/data/ocsp-responder.key
deleted file mode 100644
index 24369bc..0000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-responder.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZEC8E3pkQYQL/TrVUb5iAcPuh4JfuqQ90R6mMpYb/uOqA2a5F
-B70zk+L08d3chm6abLdnEVCtnLAPaF1NdCokTl7GwJ5qou2AMdmseccJBx+cwxIz
-iHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6DMg4yV/EWB+1p/A6oKq2CnQIDAQAB
-AoGBALXDXowmVmgnxFnEMAWvmTVc5unL5437VayaYbkb1ysGTqBtKAg4DdBF81QH
-wS/sBmwbw4x0LGnk/m04iIDWWH4ZTH0HHthLxTiIrGHenS01V4Ucq1EjhYNJW/bk
-8FGf91UDknZrEnvPFQxvdSLHVSB+WHgqkX8WXPc7MwoJ7HblAkEA9pmjB8TXxeky
-B8+0G65u3QDWMzmfw12oHgKHnHxKyL/gamHERNPJ0NsFE4BtsSF1LJQYCw189s8m
-GDpa0uW0iwJBAOFWUiJSYYVTSdcmfjI99XUCo9rXEkaJXY0etjK5q+rK21mrkWNQ
-M7fWVZDbQZfbTP1LiUak+qjz64J9/iOogncCQEXUT6Qdi3RRiodHu5qzFFWkrQMo
-aCMsXDTTRo97arnaC7RUJv3OczGfM5rIHUexT7rl3MEUerRxCDqIG7voq+0CQQDE
-806sgvaLsoVqkFFilnbwg5M1lh96GVv0GTDEWzZg7FcWI/faJuJdPu/gwVKuaNX8
-2cWtQkt32mIw1vCGuCT3AkAfubHAXeiBHHE95jLtQ98s4KzOaZtFnQfn14c8nGS0
-2qUv1RHYZEVHYnsOZs3pLyOdxrZOlOSE6gKHCGVHoUKJ
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf
deleted file mode 100644
index 7fe3b64..0000000
--- a/crypto/heimdal/lib/hx509/data/openssl.cnf
+++ /dev/null
@@ -1,182 +0,0 @@
-oid_section             = new_oids
-
-[ new_oids ]
-pkkdcekuoid = 1.3.6.1.5.2.3.5
-
-[ca]
-
-default_ca = user
-
-[usr]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[ocsp]
-database	= index.txt
-serial		= serial
-x509_extensions = ocsp_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[usr_ke]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert_ke
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[usr_ds]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert_ds
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[pkinit_client]
-database	= index.txt
-serial		= serial
-x509_extensions = pkinit_client_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[pkinit_kdc]
-database	= index.txt
-serial		= serial
-x509_extensions = pkinit_kdc_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[https]
-database	= index.txt
-serial		= serial
-x509_extensions = https_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[subca]
-database	= index.txt
-serial		= serial
-x509_extensions = v3_ca
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-
-[ req ]
-distinguished_name	= req_distinguished_name
-x509_extensions		= v3_ca	# The extentions to add to the self signed cert
-
-string_mask = utf8only
-
-[ v3_ca ]
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
-keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-
-[ usr_cert_ke ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, keyEncipherment
-subjectKeyIdentifier	= hash
-
-[ proxy_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
-
-[pkinitc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
-
-[ pkinit_client_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
-
-[pkinitc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitc_principals
-
-[pkinitc_principals] 
-princ1 = GeneralString:bar
-
-[ https_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-#extendedKeyUsage = https-server XXX
-subjectKeyIdentifier	= hash
-
-[ pkinit_kdc_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = pkkdcekuoid
-subjectKeyIdentifier	= hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name 
-
-[pkinitkdc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
-
-[pkinitkdc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitkdc_principals
-
-[pkinitkdc_principals] 
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:TEST.H5L.SE
-
-[ proxy10_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
-
-[ usr_cert_ds ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature
-subjectKeyIdentifier	= hash
-
-[ ocsp_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-# ocsp-nocheck and kp-OCSPSigning
-extendedKeyUsage	= 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
-subjectKeyIdentifier	= hash
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= SE
-countryName_min			= 2
-countryName_max			= 2
-
-organizationalName		= Organizational Unit Name (eg, section)
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-#[ req_attributes ]
-#challengePassword              = A challenge password
-#challengePassword_min          = 4
-#challengePassword_max          = 20
-
-[ policy_match ]
-countryName		= match
-commonName		= supplied
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt
deleted file mode 100644
index 7349a62..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt
+++ /dev/null
@@ -1,70 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
-BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
-MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
-DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
-ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
-5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
-eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
-BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
-AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
-KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
-eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=pkinit
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
-                    f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
-                    b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
-                    ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
-                    b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
-                    10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
-                    e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
-                    75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
-                    a5:76:f2:f9:30:68:ec:e8:47
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
-        da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
-        e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
-        b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
-        d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
-        81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
-        ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
-        43:43
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
-Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
-FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
-dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
-BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
-IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
-AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
-q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
-rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt
deleted file mode 100644
index 3867a89..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
-BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
-MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
-DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
-ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
-5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
-eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
-BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
-AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
-KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
-eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key b/crypto/heimdal/lib/hx509/data/pkinit-proxy.key
deleted file mode 100644
index d04b009..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCZPua4hTC/XY5O+QhpvVlDd+zfhCl2by0tf4y7EG8Tlj532f2x
-z6ZyNiOBBGr0kFIK5W6S3+SGbMZQBbaJEkTqXn9TEN6MiRaJvHNVLd+8xCS9d5uK
-Y1GY6/CsvjlLFjVYnkSF1Hh8NvjcvGuct1zsoAiVg82gk3Jvp7305lbK/QIDAQAB
-AoGAKH4TbuxariYlZT6ud2o9/PLiV0lPv2ivEleiswcrooxPo1GplGNfAszFYuDs
-9gRweUqYhhy9ALwbRqfLzLpUFQUBzQ1cZlO23m48GsCPL4XJxlzE9+w/wLWWaqsK
-syFax5T//iokYVa07AvFZxWpEUixewirJrhNyUafdKk8W8ECQQDKpH/pvljO6e9J
-jC65aTYPzMXAUp54DMWu1+FXUyELxGp+GjAwwhESpSLEaAnZH97H6ZtTiJku3Z0n
-pMsrH7WtAkEAwZi2sV8I/MjFPpti/zf6OHEJo89/SgTYIHmL6pE3tuNWhw/9Dorc
-N45cMGAiGep2HQdfZFGD0OekzLGeGBj0kQJAPFdNi5HVqg945IKsqyNMKNpGDGXN
-sFvFRbIc9L7ZOULMny43KV2wbcfkmW2NeS0HTqoeSXqEerMdB+AHa5jupQJADALP
-gt2kjxpdsm6ti6wLaCkLMhCTkyINzqX72ke8LyqXmbWSO669zuyUJ6QvOXBkd5SX
-hH/SL8nPXau/ZTtXIQJBAICcJBlgxhrUn5C12wwuQw/BZi6qK9KdVcWTapnhE7eQ
-Z6k/Pbi53/aI2g1EXq7G3RrQvAhV43AW5foJWqijDdA=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-pw.key b/crypto/heimdal/lib/hx509/data/pkinit-pw.key
deleted file mode 100644
index 563ccf1..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-pw.key
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,1698161265C4033B32CEB819B5D78953
-
-vQnkfeICkS2/gIEv1zrJ+WaUOeRvKfUUFM6uH4/xm5Abp4DqGlkCvwb4u9dZuRUj
-arlvgRc0e0CoBuQ/3gmBDlmQp+4ByiypERku8MAxsUV6LEmv2f1YfhecQSntDoJH
-fNOXna8caCy4W1xhmsYgWYSVS98QkNXdLjBjLJ4/MrwzdR2SMqAzyg6eNwhWAMe1
-aUh/M9JYB04sfRUtqD67oeyBfHVhDd9kByXuRYWyNE0SW5wlmVehhnEb/YHREKHr
-yOa3eRGtA4MHi7NXww4NBzOG10N9Ajq55ouMKnejFroCpevC332ijBzjTI+fo4SX
-hegNDXzAIqRueGZlmBzHjkTzA8tEPM1dsbviJ5BYO3iZgWE8J1rIBx51HOZmlREC
-3EWflJPhd666BnBepODMBXldkmfcfxhZxuoOrrXer+NZCsXE0z0DOLsNARR/7JvW
-Ie81eQijvkur1QJO63SwT0kNm5IMJZr2Ul0QLysvjY2G/nV0bzHb8KsWqNoUPNvJ
-lBUGQ2yvpeVRNR9CMm39U/CcnkLOl+z2oLUC86TdodaY6FEBmIBaakZ1rHkANWK4
-HMcN0FgdGbcRLg5PHji84g4tT+SOZa1hWEC4PC7lmRxAZP+o8Pe0tpiJzIbLPTRb
-3rvnEEG3IawMIGcoUGcgIUPvHH93EMpDrflVYdXmvapzST3U8xBDzpkXZRof7APG
-qAFsEB4psQEDG6KmOJ245aVWN0SBjHTLlIhUTx+m7OYl34MDoyv6Yk12i9PpKQN5
-W++QayfkJzQpV4EsR08UO615+XYCzMhCU3eozH+P39RF58rYnMLv9owjx1wL0z5R
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit.crt b/crypto/heimdal/lib/hx509/data/pkinit.crt
deleted file mode 100644
index e8d485e..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit.crt
+++ /dev/null
@@ -1,56 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=pkinit
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
-                    f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
-                    b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
-                    ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
-                    b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
-                    10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
-                    e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
-                    75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
-                    a5:76:f2:f9:30:68:ec:e8:47
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
-        da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
-        e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
-        b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
-        d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
-        81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
-        ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
-        43:43
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
-Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
-FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
-dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
-BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
-IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
-AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
-q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
-rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit.key b/crypto/heimdal/lib/hx509/data/pkinit.key
deleted file mode 100644
index 12b4168..0000000
--- a/crypto/heimdal/lib/hx509/data/pkinit.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCjRLGKQp3QPzDe6GZCwfHJmI/SvetZZz1eDjXKO7iRsPzlIjot
-YoFWu1F3YKyDQ3WHzvH2vavyB8WN1bhWno5Fk73GrF0gPssU6BAHuV4HrFYTSBuE
-xzBi9OQZZ7UbOqyvC5LiAJAvgXW2Yz9Dpel27jN1dLJ2XaV28vkwaOzoRwIDAQAB
-AoGAQTAxTwnwJvDEG4xhIDB90MdITZWk/YpaF07HLVsRA6LOJtK2td5J1A5wpaCE
-4NgzeikntSPgHn/54fq+Yl9mYEAM1Uv6SimudiKe3Qk0M+bS4m/SMMlmV0eFjEh6
-ZG4NNRZmmzoaQbUiVa27fZ6362xtFGbGXJ8BjxOoTeaRn6kCQQDUwJafoKPN2dsq
-ewSCjGQhVGezw12ho2eaxj7VyNWU7V4LW2LdLClbXovSnpQ7bgHEopx1e97G2du7
-1ak3BxejAkEAxHUCpbFSbBBoIdnt+VGS/8hCWl8/6YniOFOk9Qp22moaNVVZYyTT
-Xpu45FeDKfm/xDwvPP9If0PDoM38tBvHDQJBAMTcmAOI/0lhRv1d62RpR9XXZkXe
-huskap+6xTXIqmkt4xGbNDX3wST8rWDsv7jmJ9itpxzGy/Mwb7S1FekHNQUCQDDw
-jTZFlCjDdY1pQrUnMx1w/8aPj9ZXuPkbLS616qHCaMD8gAYIuHcLB+YqPsyIINN7
-wrDJT4AUm3lFlzwu50kCQELkMFUM6rb9q/cOUQxsf023nPbObm3xJ0X4FtVhXuGi
-oUAOklX1xDLSqvWySOrTXfvfF4c3qCw9DAoDtKpbCgk=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt b/crypto/heimdal/lib/hx509/data/proxy-level-test.crt
deleted file mode 100644
index 0cab380..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIJAKfbLM8p28MgMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTA3
-MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVowQTELMAkGA1UEBhMCU0UxEjAQBgNV
-BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZM
-OGOhTtMnNlCpA/OKEpwMPIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUa
-klBRKHZm+UCJ8L6X4MgahNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q
-9oZgim2zMwvVBQIDAQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV
-HQ4EFgQUQGqZ5v4NSB5Iwo17DynPRufgbF0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEA
-MA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEFBQADgYEAxQjN9RrCdZHhGAyS
-y3/1EAyWIvmz8wKW0q4kSfNV7DAcUCKmQQ45oCEVnyTEbP8ltdIaHyIK1ujxKQC1
-QLDzjHkBBQGBrCH+gyIdpT9OZu2gT8f2j4u01YwbjLTcU2yEXVkkH18SZiawq2DF
-ETkEd/u6TKzhpwFPuZPKUeFexPA=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.key b/crypto/heimdal/lib/hx509/data/proxy-level-test.key
deleted file mode 100644
index c697b1b..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy-level-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZMOGOhTtMnNlCpA/OKEpwM
-PIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUaklBRKHZm+UCJ8L6X4Mga
-hNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q9oZgim2zMwvVBQIDAQAB
-AoGBAI7cPM/1ZK1W+rezPSErMn7FH8V61Ij26ukhbvoOAqDuLpFqjrEkTVgcReaK
-QtoCpO4ciur5N2f+qOLUNXQQTXpMN+nRxkKxLMhG99Hej+vmzPjMdimEtTJiRfKF
-KU4rKUOCPdmu9fMe/kniOKbDmq1FFP+SqCU4hRiZZv0GMdDhAkEA8I6Du8UvTZ8I
-04o05s/BlMiErASTZgq27UM6rWl2FNy5Av2suayBW7xJczdGEtbT982KwQmk0Mg9
-Hj5pWi5MDQJBAMAdorBVTMD4iFvfRhN6aSD3PzG/fsEexRuxvx2iBrrMZQ+6mS26
-8myNHPMASAiwt5H2T7Y/dNMB64iod5gFVtkCQDMJ+ddQKg4tDQFdFIZYVDlOJiAd
-RGzlHxTOK9f5RU19219QFWK7wCKHm4nvk1WR8R1lpef5NNf7dERDd7Tjl80CQAx6
-oFO15rtuKWVWVnXzcJq8lLVFjBU9S25mGFTzbl554mKoK0UGLLMSY3wBW6x81h+8
-ESd0bcE7EbKZxtLwHdkCQQDYB5HxhlPZdquY+yg7vqxUF9Lf6+smlVv3PjfhXztg
-2aV717UGinyqZgcn2J+ADWocRI3JnOhU0lswsGc+oVXp
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.crt b/crypto/heimdal/lib/hx509/data/proxy-test.crt
deleted file mode 100644
index d0d3135..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy-test.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMDCCAZmgAwIBAgIJAI8UaHGQmUvNMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
-MTEyMDY1ODU5WjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w
-DAYDVQQDDAVwcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzeKelgMO
-dEHFmfEANkv6k+HkOduzT2It++ma7Kg+6+eOWpBqWcY3AOEbSE2UJM6H+StDhNNS
-cldPd3LoZayywckvgD3/NZjB9drsxF9GGClHew+fKjiekjNR3aUuAjysJYfr9AYd
-E6AFft2qKphuPKlEjPDeOZ4RpjvQOgFRB28CAwEAAaNgMF4wCQYDVR0TBAIwADAL
-BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOGuL3xdInqdArsxly/BbLmYbzDTMCUGCCsG
-AQUFBwEOAQH/BBYwFAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUA
-A4GBADOZurVQ/lXeLADFOZbTmbRt0Nv3aPHniG1yovlSDEuNjMczeRMMIsef+jpJ
-4Z0rt65i3qpX3uXZdCgGtIbusIlM7fBLCRI5vJ27jqs2PnCvodWO05e/aL3XxRwr
-42wDWTioZuGm8Sz4hpHv74Fz/7PgvZPMFSo15ujdOTWMXj08
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.key b/crypto/heimdal/lib/hx509/data/proxy-test.key
deleted file mode 100644
index 93b609b..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDN4p6WAw50QcWZ8QA2S/qT4eQ527NPYi376ZrsqD7r545akGpZ
-xjcA4RtITZQkzof5K0OE01JyV093cuhlrLLByS+APf81mMH12uzEX0YYKUd7D58q
-OJ6SM1HdpS4CPKwlh+v0Bh0ToAV+3aoqmG48qUSM8N45nhGmO9A6AVEHbwIDAQAB
-AoGAaAv+2RDyXQ5gLkv9L3N2TwX5sMO2+odDdeu4v6DHK7D54ArbtELXyTn577BF
-DdTSIroahSXGpMI7BsKrb7a3Hw+lnbEsag0a71yMM+E/zN9e0BgZwb7ZpeezVG2O
-kaXCuVPQlmDys8UH001FWP/XxqhLfCjy25ynaXi990k0AwECQQDwI64IquGE0OCO
-bI15Z+qLM5aRQgkNPokU7bZ1oSp9Ctx0pI9IzN6DcXe1QcXBDUJrZ0medNmNjqkG
-KPkiAieDAkEA23vDr6+iiSTOIUAGj+NDY9ydk48j8oWYUeQPL8Y7hJrckJrqqfNL
-MGZUKnF/RFPRbfS543xiqlXs4j3C61cwpQJAS9DH+l6Q8tDLhMvK4sCnMSmpaNTz
-bKYIu33NdFfcxTuvnHfz8OUVf2RMigJo/+lCxgwHFysHIIUg4hv/g/gwJwJBAIfx
-UHMwxetL8KCHl4jnqoXfz3nl3s4IESAnsYBVt+eaQ6MNUOuS1a9UsizXv4wCnmUM
-f1Z3ZGU8c0xuFJzPlEECQAs9UM+v0WxhUY8iVltgaLxGP282Mg+p+pIoqXbn8Mt7
-gOomlisP+s0Hh+c+YFPIAaAeH6j7n4AxydI0Z9fKIZA=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt
deleted file mode 100644
index 95abe01..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIJAN27BSQHOOO6MA0GCSqGSIb3DQEBBQUAMEMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAxDjAM
-BgNVBAMMBWNoaWxkMB4XDTA3MTExNTA2NTkwMFoXDTE3MTExMjA2NTkwMFowUzEL
-MAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDEQMA4GA1UEAwwHcHJveHkx
-MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWR
-Dwek7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlV
-JljkmB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wID
-AQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUNBaggvaD
-C/Amnb2M8g60WKxwGn0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUA
-BANmb28wDQYJKoZIhvcNAQEFBQADgYEAmT5WYZ6FM6ceyyxTKiusYLDPJ04D7dVk
-VVMnu1q9dATMje/RKrncT0+KNEMdLWLpZgeHj4E2bi1507l3/zOUwOPpdI9MrvpY
-Or6ssQ3sZAZI60ruZ91ml6cYt+rbE1F2J+y1CM0rW/wnAIT1v2vP2Wd7PrEm8RsM
-QGbyuzcrAL4=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key
deleted file mode 100644
index 247f616..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWRDwek
-7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlVJljk
-mB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wIDAQAB
-AoGAHRo1cKtDzARXD+74H8ZHAiRJAkmCKvCGxQie25TWH+NRDS2L9HfL7XqfjSdf
-iIEmlkElSzHR2wt6wkrX54zJKxMNayc88UfInQ03a4XwFzAksTf05zpdGPbkKohi
-eeQcf3Raq+Swe4pTEwyEU8mDidM/rKJst+zMiE4UMeVGTQECQQDZPFrVTyJwGBcS
-sxJly0zXmZ8tvvsxIuplwAvbfCWbhEEgeO3LAKjcpb5HVOLfTe8+2ZO00ALidVCH
-N6/ae+iLAkEA0GwPxjlbKnL1VcpKdsegntACxlHD0TonvIEINKv9PiKzHIhQo8xJ
-Rt/2aBRAOJn+zB3FJxfQ+o6vEUwvBfEKZQJBANHMLTlG9M5nJZlkogb3YZ3y+j0W
-7cdVniRoZcsySau4/aDbyWO9nleCJpMDUxwwSzdasAD2x2JnxD7itA4AjuMCQQCP
-a+0m8M0lVtowYPYA6rpCzs05/4YKckRp2Tj2Vev8WBB87+jd7nP2S6PaVyUiTgYi
-G9JRZnguEwWxl4U8R3RpAkA5QpGHFhXNI2xA0ZKYH1tgmYfLBAAiVrIDKJddtOf/
-rKceL88RXsjnA6PTN9AdpnJ4sTToR3HDeEwAQrNHMC2M
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt
deleted file mode 100644
index c450741..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICVDCCAb2gAwIBAgIJAITDCg/e+gWyMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAwHhcN
-MDcxMTE1MDY1OTAwWhcNMTcxMTEyMDY1OTAwWjBDMQswCQYDVQQGEwJTRTESMBAG
-A1UEAwwJVGVzdCBjZXJ0MRAwDgYDVQQDDAdwcm94eTEwMQ4wDAYDVQQDDAVjaGls
-ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAroEn/MX0t84+NLivDSbN0y5r
-ZRxaiTDYkmvbdvJuBryCCLkzUT+/eh3pEK52BODXZWD4oiEMJLubH/pz+/6eAb4T
-ReAWft/wMFaOSZ37a7iLWr8vFaRfBjQREpEm0rCp7dPvWYrraRIIjMRJzAUwygXN
-KSS4f5VZkMwNfT9wwE8CAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw
-HQYDVR0OBBYEFJrcQRDczQ1P+84ND71GVT99a/2mMCUGCCsGAQUFBwEOAQH/BBYw
-FAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUAA4GBALIbzPSyUE5Q
-4TWAUfATVsADj131V1Xe+HHgwXebWbnNCJIe3OyWoFqK3X5ATKzi6MzHzA+UngFK
-KGl8m8Ogx9dYQKzP2LIw0GuvpMyc3azb/cvbWv3vmM55UEdBlqxSTFynqLdpJqtn
-9dXq2wCNdUtbGEOpaRVOiZ0wjvpTB4wA
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-test.key
deleted file mode 100644
index 70cea5d..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCugSf8xfS3zj40uK8NJs3TLmtlHFqJMNiSa9t28m4GvIIIuTNR
-P796HekQrnYE4NdlYPiiIQwku5sf+nP7/p4BvhNF4BZ+3/AwVo5JnftruItavy8V
-pF8GNBESkSbSsKnt0+9ZiutpEgiMxEnMBTDKBc0pJLh/lVmQzA19P3DATwIDAQAB
-AoGAaYkc+Odzd9IYluP2ojqMkiJpuu2p53yODgeC4+38EsDg14vB+GpYT+9U68zG
-/W5JdjtuQwc/g9ueFnnuuUEkpyMIKDdAl00ZJQU5Vvz+ooZdxp/iYm3axkV2Gc2l
-mbulzUxgpomflDd/B3RXO1jY4ZttpVHTNUvjm7DtypiqsAkCQQDgIIRBtSipM3F6
-GYKgnmsjK+19YxUdMbHS6fyfg0TDIrSrBi5EqyjgA4MzxfzimvfKCiV6SSqFnU3G
-MIWDLh2dAkEAx1IaAAi+DmED08rarKRU2Ma7KRQWlxjXTp6c9OrbzuCJrqZgscxJ
-vBjmHzbXCKumRZwqWgzM5mRxPVX6npyn2wJBALrWQIqqI3hRuzJnG78b8QJD91nE
-hHBu4eeKSZ8MBgGJ6AR+RYnXCV8dbn11eifJufECXlW/sqPqC1DBWDuP8P0CQFxg
-utglNSCo6gMw0ySMjR5jDL8/JjElPDSd4pTIfNNm0aj2R35f9hSNXao92m+UTl2Y
-wTA3Gof1KV6KCLuWU10CQCeGYU3SFAy5QLVqR0B0u19wWyS8ZMl06DjOslmu7Zp+
-x1GxxFu1MNFvcKwmFeeYcNU1t9X0tC7EhUIaLQk2kqM=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-test.crt
deleted file mode 100644
index 331c3ea..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-test.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMjCCAZugAwIBAgIJAI8UaHGQmUvPMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1OTAwWhcNMTcx
-MTEyMDY1OTAwWjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw
-DgYDVQQDDAdwcm94eTEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTeTGh
-PIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa610EeaRhB36lLhIS3aEtoG
-LKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8ZJADEe1kfMuFgKd49l4y
-PNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQABo2AwXjAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUe24gc/gLyB6DW4gELVL3axuZTbkwJQYI
-KwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEF
-BQADgYEABlvvmLwl6ZjaLdTGmxDD2eHN4/IbjYj1Vta2zQOKKA/W4qrkhmSNpy0x
-+v9tqf2fumNSpspqF+g814pXbqSMuObHEE1IeUmiGwVPC7AMWVXd2skMdkjEqhLM
-8qvDrPt+c5rGnnqM9AqrT/xDgXm7XnPLSFcrX/q8xVKVztskgEU=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.key b/crypto/heimdal/lib/hx509/data/proxy10-test.key
deleted file mode 100644
index 3bc0b45..0000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXwIBAAKBgQDTeTGhPIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa61
-0EeaRhB36lLhIS3aEtoGLKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8
-ZJADEe1kfMuFgKd49l4yPNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQAB
-AoGBANDEIiSklXQFLFD8J81CBBxEtu007cbYkbx7zSS2uVb2NrDUM/+1IBrC9FsN
-bshlctiIJ8hUqYTGOUZRh/bg/GpVOgTRAgaMBEBOYXra7r7TVcUUxpC8CzX9hevl
-H42T6Ez6+Ednfg0RX6rZTiFeCNV3ADkguO07mlgSppiQJmlxAkEA/ICw/Ar/GtJH
-/EK8jrbxzakNzFxtHUtVNwSALsiWZUfJWJgf7jDsl0XB8w/HhVDrdwfc+Aiexxc9
-SPJKKqdpswJBANZnBfxEucE1SWu9elvPNWIMYBXinfMvfnkSt81KH3AfObiUj93d
-LCii1sF/x2aDeKJseFiUycy9xQXhQMF5vu0CQQCPECs24tQfUj1PBFDpW2YtbDdR
-Lpz0GBa0EWy/FQ+BWucNt0OAJWAnZXK6UJpvQqXmzyG3tsqfat9iUUUMXcZZAkEA
-vc+PePrPCMHIMl4ZCVa0iA00s6tg8n7FlSKBHnnUw0qhq0u64kyAX6lqPvyE57jU
-/9bP5Hw0+9G1r7LvxVmnMQJBAMdphUdEYRlIZ0GTnIETDzjm3lge06cXzLvXFIps
-nCANLV4OXJZVaTUrnDINLJVHu5d+Mx1pTw6GOF+v0+LjbF4=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/revoke.crt b/crypto/heimdal/lib/hx509/data/revoke.crt
deleted file mode 100644
index 0adcc2d..0000000
--- a/crypto/heimdal/lib/hx509/data/revoke.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Revoke cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b3:24:de:14:fc:b6:80:e2:34:59:81:1f:ec:cb:
-                    00:21:75:e5:34:88:09:5e:5e:8e:f8:91:6b:ab:09:
-                    34:f8:6c:69:14:00:c5:47:f2:d7:de:a0:32:00:02:
-                    63:79:3c:14:1a:a9:4d:d1:1d:c0:fc:a7:50:72:26:
-                    96:53:d1:9f:a9:5f:f4:82:4d:4b:17:3b:fe:14:60:
-                    42:94:22:93:3e:c5:14:97:c8:a3:6a:8e:bd:90:03:
-                    22:12:9e:41:ca:a5:de:4f:57:f4:bf:f1:9e:f8:63:
-                    4f:c0:9e:c8:3c:e1:8b:89:60:3a:2b:5c:a7:b7:6e:
-                    a0:48:34:49:58:61:a0:34:6d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                F3:E2:96:20:28:53:21:92:67:A8:5C:B5:2C:7E:87:CF:7A:07:3D:84
-    Signature Algorithm: sha1WithRSAEncryption
-        90:39:f3:a6:fe:92:b9:92:4c:75:58:b2:51:36:11:07:f5:a2:
-        71:dc:90:d7:2b:b5:bc:37:c8:30:4f:a4:6b:41:11:63:3e:53:
-        42:ae:6f:59:7d:f8:b0:59:01:2f:50:4f:2d:21:7e:6a:58:bd:
-        74:f1:69:c5:62:3d:8f:fa:1a:c8:7e:a4:30:dc:01:8b:c9:f8:
-        77:44:5c:d3:a4:ab:9a:50:cc:45:d0:65:00:5c:fe:d3:b5:a3:
-        7a:f1:b1:5c:25:0f:06:16:5f:cf:e2:5d:0b:87:c0:fe:14:b8:
-        0a:10:17:55:34:15:4d:44:6b:60:80:6e:af:7b:81:30:47:5c:
-        f3:fe
------BEGIN CERTIFICATE-----
-MIIB/DCCAWWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJN4U/LaA4jRZgR/sywAhdeU0
-iAleXo74kWurCTT4bGkUAMVH8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SC
-TUsXO/4UYEKUIpM+xRSXyKNqjr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDor
-XKe3bqBINElYYaA0bQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd
-BgNVHQ4EFgQU8+KWIChTIZJnqFy1LH6Hz3oHPYQwDQYJKoZIhvcNAQEFBQADgYEA
-kDnzpv6SuZJMdViyUTYRB/WicdyQ1yu1vDfIME+ka0ERYz5TQq5vWX34sFkBL1BP
-LSF+ali9dPFpxWI9j/oayH6kMNwBi8n4d0Rc06SrmlDMRdBlAFz+07WjevGxXCUP
-BhZfz+JdC4fA/hS4ChAXVTQVTURrYIBur3uBMEdc8/4=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/revoke.key b/crypto/heimdal/lib/hx509/data/revoke.key
deleted file mode 100644
index a4c68ae..0000000
--- a/crypto/heimdal/lib/hx509/data/revoke.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCzJN4U/LaA4jRZgR/sywAhdeU0iAleXo74kWurCTT4bGkUAMVH
-8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SCTUsXO/4UYEKUIpM+xRSXyKNq
-jr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDorXKe3bqBINElYYaA0bQIDAQAB
-AoGAIDHl/5uTKQJ+Kf+8vw+UjG7lrFUuadlQlHd+BBT5ghPppoCk89M+3HGpyrqj
-KeyUKF5477YLMtzW5kztA09PBBJvMjSm92dI2uCYfipkIWZZUlq64AStI15pgeVd
-cH61hxOUCm47tqhtkaO11DnKkoJBXaAVIe2ySG2sIZQH+gECQQDjhMdCWkaO+HUe
-utqKJCq6pUkwSelgLEINDVoRVgJ+qUHb0nN06DmPfcfxwqfgP/vS6baKkGIBCiZJ
-n9Kfd23BAkEAyZHXY5iGSq9qc2ern0CcyitNozvtm6eEZYVvJxVMsVBQRo23EmGF
-68SJlHjpY+nHyPWEkbG99R/CMdr3FV9JrQJBAOG/hoKk1mvXxUYXeu4kkq0dgXBD
-diex4lvXCq423ETXJny55UtzfGGPGUwdq7rLYc/VjAUS29tSOclFppQJyUECQQDA
-J7P5UhHTaN5GHfJR4rqVUCq3Dg45cLyaO1X3ICr4bePZHogDkcylMbsmOw3jHZ5D
-SSqT6al44Em0VVVunmQRAkBUAQzHGGJnMKI9ZSdD3J6scWCVIjHVgaehYe9a8DlK
-DeZ4KYGG0+1aUdkqeYE8c6Qqp+pdjPmRMdooww6y+Xk1
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem b/crypto/heimdal/lib/hx509/data/sf-class2-root.pem
deleted file mode 100644
index d552e65..0000000
--- a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/static-file b/crypto/heimdal/lib/hx509/data/static-file
deleted file mode 100644
index 2216857..0000000
--- a/crypto/heimdal/lib/hx509/data/static-file
+++ /dev/null
@@ -1,84 +0,0 @@
-This is a static file don't change the content, it is used in the test
-
-#!/bin/sh
-#
-# Copyright (c) 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-#
-
-srcdir="@srcdir@"
-
-echo "try printing"
-./hxtool print \
-	--pass=PASS:foobar \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is found (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found  (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test-not  \
-	PKCS12:$srcdir/data/test.p12 && exit 1
-
-echo "check for ca cert (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test \
-	PKCS12:$srcdir/data/sub-cert.p12 && exit 1
-
-echo "make sure entry is found (friendlyname|private key)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found (friendlyname|private key)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 && exit 1
-
-exit 0
-
diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.crt b/crypto/heimdal/lib/hx509/data/sub-ca.crt
deleted file mode 100644
index 6cb485a..0000000
--- a/crypto/heimdal/lib/hx509/data/sub-ca.crt
+++ /dev/null
@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 9 (0x9)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:59 2007 GMT
-            Not After : Nov 12 06:58:59 2017 GMT
-        Subject: C=SE, CN=Sub CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:f3:ab:db:06:fa:f9:a1:84:35:a6:fb:a4:a9:39:
-                    5f:54:10:a2:a4:3f:1a:ae:2c:7e:bd:dd:aa:63:4a:
-                    7a:62:99:07:25:af:eb:62:b4:20:93:67:46:59:b4:
-                    30:85:81:24:41:9d:49:97:fb:a3:ce:74:61:f7:ff:
-                    d5:9e:b1:9b:d3:5a:8b:59:51:76:99:69:2a:73:02:
-                    e9:2d:39:3f:21:b8:2f:f1:af:91:1f:f1:c3:e3:4d:
-                    c0:e4:87:95:df:e7:d2:e7:27:a6:cd:c4:cf:97:e6:
-                    b8:24:31:d1:66:d3:af:f8:06:8b:9c:81:bf:66:54:
-                    53:08:0a:ee:15:71:b2:a5:a5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                36:04:CF:AD:8B:30:E2:5D:C0:43:8C:09:0B:4D:50:7B:1F:39:41:17
-            X509v3 Authority Key Identifier: 
-                keyid:8C:E7:0D:B5:C5:DE:69:85:75:2C:08:A1:DE:53:15:30:9C:A1:E8:00
-                DirName:/CN=hx509 Test Root CA/C=SE
-                serial:B7:94:5E:85:B2:19:80:58
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        5b:f9:bb:2c:d2:d6:4d:bb:20:b1:05:fc:67:45:de:9c:5e:83:
-        35:24:9a:f6:33:bc:3d:ca:27:dc:be:3c:cb:c6:d7:c5:b4:d3:
-        9e:c4:c2:60:4d:dc:21:2c:f4:88:ec:dd:41:37:58:63:45:d6:
-        9b:32:7d:f8:e0:d1:41:0f:f3:30:20:7d:15:af:49:15:2b:cb:
-        db:fe:90:6e:db:84:fa:92:a3:ac:83:25:5a:ab:49:7a:1e:2b:
-        dc:c9:74:7b:9f:2b:62:a9:6f:ef:b9:89:72:4b:ea:02:5a:27:
-        93:b7:9d:fd:e2:a3:73:04:52:d0:98:5a:a3:23:f5:02:56:b6:
-        c6:8f
------BEGIN CERTIFICATE-----
-MIICWDCCAcGgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OVoXDTE3
-MTExMjA2NTg1OVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA86vbBvr5oYQ1pvukqTlfVBCipD8arix+
-vd2qY0p6YpkHJa/rYrQgk2dGWbQwhYEkQZ1Jl/ujznRh9//VnrGb01qLWVF2mWkq
-cwLpLTk/Ibgv8a+RH/HD403A5IeV3+fS5yemzcTPl+a4JDHRZtOv+AaLnIG/ZlRT
-CAruFXGypaUCAwEAAaOBmTCBljAdBgNVHQ4EFgQUNgTPrYsw4l3AQ4wJC01Qex85
-QRcwWgYDVR0jBFMwUYAUjOcNtcXeaYV1LAih3lMVMJyh6AChLqQsMCoxGzAZBgNV
-BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0WCCQC3lF6FshmAWDAM
-BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB5jANBgkqhkiG9w0BAQUFAAOBgQBb+bss
-0tZNuyCxBfxnRd6cXoM1JJr2M7w9yifcvjzLxtfFtNOexMJgTdwhLPSI7N1BN1hj
-RdabMn344NFBD/MwIH0Vr0kVK8vb/pBu24T6kqOsgyVaq0l6HivcyXR7nytiqW/v
-uYlyS+oCWieTt5394qNzBFLQmFqjI/UCVrbGjw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.key b/crypto/heimdal/lib/hx509/data/sub-ca.key
deleted file mode 100644
index 070d21d..0000000
--- a/crypto/heimdal/lib/hx509/data/sub-ca.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDzq9sG+vmhhDWm+6SpOV9UEKKkPxquLH693apjSnpimQclr+ti
-tCCTZ0ZZtDCFgSRBnUmX+6POdGH3/9WesZvTWotZUXaZaSpzAuktOT8huC/xr5Ef
-8cPjTcDkh5Xf59LnJ6bNxM+X5rgkMdFm06/4Boucgb9mVFMICu4VcbKlpQIDAQAB
-AoGBAIoiQmgSnrERYdjnjtDf1Uqyo4C4xUc3siGwJ4diET8TwRl8QNQTiOQHB7qS
-i28jZopLwAyIerPvBhqwzUjJJqvu1z+5/MjwBJ/aonmJjJ9e3nqk/KE658xGg5E8
-V64DYRif0YboZEYJo5yzU9UEdEPI4zTyhFlR21TmOZkidnwBAkEA/IIRCcGs/FNR
-q9tEW8ARK1DEeerXhoV9Xye9xYb5UNyH4f6J31NdkvYOMA4F0+0lKecaKmPtKsu7
-gQrFZYwt/QJBAPcKgUVOJox/s/o1PXRGjifl1haehcawWNLtN/UnFZcUKslyMkxh
-qyCJJ0SuX7quQqy+++hFj/DwNdECaFRd0skCQBocdRiWL4Y0M3jbBrmaJexdwMN+
-tmTRvwItAOHBMFzdQSvsf2NZoo6E5Tiw6odcuYAYxsrlZGwNf0k7zOfQVB0CQQDy
-GWdqZhY9JoFYuYhKRULXMtTGQgBUIUpLG5L1O6Ja9rafyLwmQqkUL5U+J61FI7XP
-2TLCBDn2I1J6TGO2GmSRAkAIFsFpkrq4q+lbJ3Vr3UpfhRJsTVOD5SgZx1umn63l
-jEz5/r4HCg/Q0/yiPiYaTHutfnsChg3/AfbmWcA6j4NU
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.crt b/crypto/heimdal/lib/hx509/data/sub-cert.crt
deleted file mode 100644
index fe23a37..0000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10 (0xa)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, CN=Sub CA
-        Validity
-            Not Before: Nov 15 06:58:59 2007 GMT
-            Not After : Nov 12 06:58:59 2017 GMT
-        Subject: C=SE, CN=Test sub cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:da:41:57:e1:62:23:1b:bf:ac:1c:a9:06:c8:98:
-                    77:38:dc:33:a3:03:c0:02:6d:d8:6d:68:95:b1:ea:
-                    60:c0:c2:96:23:34:91:fb:32:44:44:cd:72:40:5b:
-                    a3:cf:57:94:3c:8d:a9:30:11:73:61:15:17:10:a6:
-                    17:7d:9d:27:f0:58:23:ee:a4:83:3c:b1:0f:20:0c:
-                    a4:3d:01:ef:de:93:cb:b5:02:c1:1e:b4:54:35:6a:
-                    8f:55:7b:5d:76:0a:f9:6d:b1:31:25:4c:fb:e2:d6:
-                    6e:94:e9:8a:c4:cc:4e:28:6b:bd:4c:80:85:2c:87:
-                    eb:31:88:6d:27:2a:d3:df:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D3:5F:89:9B:31:E6:2A:E0:C6:64:27:9F:A4:E5:42:8C:70:99:96:25
-    Signature Algorithm: sha1WithRSAEncryption
-        34:f9:9f:c5:6f:44:55:6a:15:8f:51:ab:c1:44:18:0e:eb:9a:
-        d0:c4:64:ce:ab:24:2b:77:82:f3:88:e3:9e:1f:9c:8d:28:a6:
-        be:3d:d5:3e:5e:95:01:c8:b9:d4:e2:b5:17:06:1d:10:0b:a5:
-        64:29:d9:45:b0:fd:16:ec:5d:3c:3f:58:55:25:90:d0:e4:4f:
-        3f:9f:9c:5f:d5:1e:0c:73:a5:1a:7c:71:10:b5:a3:d5:fb:0f:
-        d3:de:fc:9a:06:bc:0b:8c:72:eb:bc:fc:d1:47:87:68:44:25:
-        25:ab:51:e9:af:d8:9e:1b:04:f2:1c:4f:4c:27:a0:87:11:4a:
-        69:67
------BEGIN CERTIFICATE-----
-MIIB8jCCAVugAwIBAgIBCjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP
-MA0GA1UEAwwGU3ViIENBMB4XDTA3MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVow
-JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANpBV+FiIxu/rBypBsiYdzjcM6MDwAJt2G1olbHq
-YMDCliM0kfsyRETNckBbo89XlDyNqTARc2EVFxCmF32dJ/BYI+6kgzyxDyAMpD0B
-796Ty7UCwR60VDVqj1V7XXYK+W2xMSVM++LWbpTpisTMTihrvUyAhSyH6zGIbScq
-098fAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTT
-X4mbMeYq4MZkJ5+k5UKMcJmWJTANBgkqhkiG9w0BAQUFAAOBgQA0+Z/Fb0RVahWP
-UavBRBgO65rQxGTOqyQrd4LziOOeH5yNKKa+PdU+XpUByLnU4rUXBh0QC6VkKdlF
-sP0W7F08P1hVJZDQ5E8/n5xf1R4Mc6UafHEQtaPV+w/T3vyaBrwLjHLrvPzRR4do
-RCUlq1Hpr9ieGwTyHE9MJ6CHEUppZw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.key b/crypto/heimdal/lib/hx509/data/sub-cert.key
deleted file mode 100644
index b9faa56..0000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDaQVfhYiMbv6wcqQbImHc43DOjA8ACbdhtaJWx6mDAwpYjNJH7
-MkREzXJAW6PPV5Q8jakwEXNhFRcQphd9nSfwWCPupIM8sQ8gDKQ9Ae/ek8u1AsEe
-tFQ1ao9Ve112CvltsTElTPvi1m6U6YrEzE4oa71MgIUsh+sxiG0nKtPfHwIDAQAB
-AoGBAMPvk4h4BNK9gTL9n2RoU+fM7+Jx1GeZ24llMbZWlmOWjRiv8joTx2wJEH+s
-hWP32NF/z5qin/VQ7LL6mO4hLx8RbPysfZH2PGwGLBsL6yFKrpVLEb6Gze7bfaNC
-Zxqz2zBaUup5IN5IoQbYmhYgo7h+uca2FKZMtWZlvxsNb22hAkEA/QCwdBhlf7w9
-BUWezxxm5o/laKhvP7RYem43eJNKj1tenB1MnbjM6R3Ckp0ykbKQIEL3mjTEUR+/
-31yfSjKRrwJBANzXRXmowoaKFrjkRFjfKrSk6cIa5/32U4Shy3/1LRoHv1qcsyEv
-0Acn5aE8vdiYK4J/OqiS87KFYH6WISCEFZECQQDg4xH1wBHIfvwGiaHmGyrkWpfi
-dYWdrKLRANNR3Cr0TpVEU07dC30o4YkoZY6jr4MpCh2o9qpiKcSVuHDmtRiFAkBE
-AsvznqRhuK8su6fM0tWdElinHZAqpyyrYQSB4KjGJnKo3i9QXiArw/60/DbfOGXV
-54bSGYeRh//inCuRjvvxAkBv9rarlopkpj29aAM4e4gs5W4ssl0uOjnSBiSH+Zn/
-j/oYrQgvpITFLCdF48D44GWtupw5zCLiJAREySaNma4Z
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.p12 b/crypto/heimdal/lib/hx509/data/sub-cert.p12
deleted file mode 100644
index 90def93..0000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.crt b/crypto/heimdal/lib/hx509/data/test-ds-only.crt
deleted file mode 100644
index 78559c6..0000000
--- a/crypto/heimdal/lib/hx509/data/test-ds-only.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=Test cert DigitalSignature
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c7:40:d0:87:47:81:b2:4e:4b:36:7c:c9:8d:9d:
-                    eb:dc:65:13:20:dc:72:0f:bf:5e:44:36:aa:18:fc:
-                    09:54:8c:1a:4e:15:5a:c5:c3:0c:95:f7:55:1c:b0:
-                    93:d2:80:92:eb:7e:67:b4:2e:9c:0c:fd:65:6a:9c:
-                    d6:35:d2:c2:62:3f:a2:6c:90:9e:a6:5a:59:33:e1:
-                    3a:13:9a:9d:9a:7e:2b:a2:44:96:41:87:b3:e2:b8:
-                    62:1b:88:46:08:39:c5:7a:90:83:42:22:c9:73:9f:
-                    41:51:1d:40:34:0f:94:0e:2a:ee:27:76:6d:6d:44:
-                    d2:e7:90:ad:9c:da:f8:7f:87
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation
-            X509v3 Subject Key Identifier: 
-                B9:41:3E:C9:AB:F2:37:75:F1:F8:C7:86:BB:54:78:76:15:16:D9:BB
-    Signature Algorithm: sha1WithRSAEncryption
-        72:fc:ea:ad:ec:08:be:45:34:5e:d0:1b:d0:0d:fc:2f:70:89:
-        8e:58:fb:15:ce:7b:78:8f:db:e9:97:cc:89:10:e6:10:f5:22:
-        f9:e9:c6:0d:4e:f9:35:c6:e2:5f:ab:28:47:e3:d6:94:d0:80:
-        db:44:4a:a9:8b:86:8b:c6:09:7b:d5:eb:07:ef:92:5a:ac:9a:
-        a7:04:c5:e2:c5:3f:01:d0:c1:92:c1:14:90:50:bd:0f:38:09:
-        0e:c5:9f:96:bd:42:8b:87:ac:b1:62:ca:bc:79:1d:fc:23:06:
-        55:b3:55:f2:b8:49:67:8e:d7:63:1f:52:aa:b9:19:e0:1f:18:
-        11:ac
------BEGIN CERTIFICATE-----
-MIICCzCCAXSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE
-aWdpdGFsU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHQNCH
-R4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrFwwyV91UcsJPSgJLrfme0
-LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZBh7PiuGIbiEYIOcV6kINC
-Islzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQABozkwNzAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUuUE+yavyN3Xx+MeGu1R4dhUW2bswDQYJ
-KoZIhvcNAQEFBQADgYEAcvzqrewIvkU0XtAb0A38L3CJjlj7Fc57eI/b6ZfMiRDm
-EPUi+enGDU75NcbiX6soR+PWlNCA20RKqYuGi8YJe9XrB++SWqyapwTF4sU/AdDB
-ksEUkFC9DzgJDsWflr1Ci4essWLKvHkd/CMGVbNV8rhJZ47XYx9SqrkZ4B8YEaw=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.key b/crypto/heimdal/lib/hx509/data/test-ds-only.key
deleted file mode 100644
index 1233c34..0000000
--- a/crypto/heimdal/lib/hx509/data/test-ds-only.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDHQNCHR4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrF
-wwyV91UcsJPSgJLrfme0LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZB
-h7PiuGIbiEYIOcV6kINCIslzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQAB
-AoGAPa3Ln0S8WjSwRaKlRahP/b5wCGkVCdjkVltRlkBWpwxjjC5CFhvFxpp0h1gF
-ulDAqhNMCNOwzLiX70Ozb5/ZOcK6eIYolFDf8ldc5fSJMTIZF2V6CzICNNKFGWpI
-z5QFhfQDqru6ZaWtPuK4sJIcmBx1nMTu4z9rNjvnGqJV/ckCQQDm8HfOI6f5Dlgg
-QI9My7uDshfF2j6lo8wX32Vsgfb2PO+a6BGCCQhSjlKSZoiOH+KNz1/fp0/sbeGY
-ZbdJSMg9AkEA3OAZrLlgKId6Gs5EjDfvq2njJf4dAOk5aH8HB1u18VuRvdkWxEwo
-A7zrFZz+l1U52OMNKazPuPLju7foen9fEwJAR1URfG/RC4HdwKCQYsUvN1+ELk3a
-OemdOeZ7+ocuVCLAU9XIyqSlmHJzmNro5RV+MhVS5M9WRY4vN5Z7hbxgdQJBAJG3
-NrkAwzN5zVCJ7Cclb/SCMt0JvFCxjLInu5dbJblJU+kPozl1lKCCrgTgQgXMsBEq
-GbD41UGK3DsnpTPLfAkCQQCeZlgPiddfNhyg3SQOgj1M/3NBEfJFnX3FqlF32Pvz
-0U29o0iMSP4q2j+cyUxAmlp9I7clhq7bBRTfCHKIHETg
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128
deleted file mode 100644
index c706839..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256
deleted file mode 100644
index 1d5ef41..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des b/crypto/heimdal/lib/hx509/data/test-enveloped-des
deleted file mode 100644
index 85a08d9..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-des
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3 b/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3
deleted file mode 100644
index deb5fe1..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128
deleted file mode 100644
index ebe0b5f..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40
deleted file mode 100644
index c664b81..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64
deleted file mode 100644
index 24bd368..0000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.crt b/crypto/heimdal/lib/hx509/data/test-ke-only.crt
deleted file mode 100644
index 9239de4..0000000
--- a/crypto/heimdal/lib/hx509/data/test-ke-only.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=Test cert KeyEncipherment
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bd:6a:09:6d:65:fd:2f:a6:02:74:48:59:5a:d6:
-                    b1:cf:d2:30:60:21:92:bf:ed:94:d1:df:e9:de:b7:
-                    c2:c5:5d:c8:7b:a7:f2:b3:e0:1b:78:ba:a8:ba:4b:
-                    ee:95:5c:06:77:10:39:be:e5:4c:4a:f0:1e:96:a0:
-                    df:77:7a:7a:06:ce:95:b0:d9:fd:ac:4b:85:45:b1:
-                    7c:a5:51:af:b8:c3:82:6f:21:09:37:03:b0:61:e0:
-                    04:46:a8:71:56:a6:36:67:79:42:e1:ef:bf:28:1d:
-                    a0:ef:02:6e:26:60:e1:fe:05:95:72:87:b9:c1:08:
-                    8e:ed:dc:fd:71:06:15:80:79
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                17:F3:F4:8B:D1:CD:D4:A3:D9:9D:A0:0E:6E:52:EE:11:03:85:32:6F
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:1d:86:c2:bd:eb:c7:75:ad:b6:ec:c8:10:96:4f:8b:b2:36:
-        b4:7b:ba:c4:b5:6c:1c:2e:80:eb:d0:97:5f:71:48:8a:79:f7:
-        05:ee:2b:96:ef:b9:68:0d:fa:86:73:c7:30:3f:22:81:ea:cf:
-        46:3a:4b:4d:31:39:29:5d:1a:b8:44:ae:12:f1:18:ea:de:55:
-        47:f4:1c:77:07:34:41:cf:1c:f1:1c:f8:0d:63:c1:e8:b4:98:
-        e7:cb:c1:2d:96:b3:5a:21:6e:fa:e7:e1:15:87:84:c9:71:31:
-        5f:6f:93:98:7f:ca:00:d3:8d:96:bb:b5:03:af:c0:4d:4e:a2:
-        a5:97
------BEGIN CERTIFICATE-----
-MIICCjCCAXOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL
-ZXlFbmNpcGhlcm1lbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1qCW1l
-/S+mAnRIWVrWsc/SMGAhkr/tlNHf6d63wsVdyHun8rPgG3i6qLpL7pVcBncQOb7l
-TErwHpag33d6egbOlbDZ/axLhUWxfKVRr7jDgm8hCTcDsGHgBEaocVamNmd5QuHv
-vygdoO8CbiZg4f4FlXKHucEIju3c/XEGFYB5AgMBAAGjOTA3MAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgVgMB0GA1UdDgQWBBQX8/SL0c3Uo9mdoA5uUu4RA4UybzANBgkq
-hkiG9w0BAQUFAAOBgQBfHYbCvevHda227MgQlk+Lsja0e7rEtWwcLoDr0JdfcUiK
-efcF7iuW77loDfqGc8cwPyKB6s9GOktNMTkpXRq4RK4S8Rjq3lVH9Bx3BzRBzxzx
-HPgNY8HotJjny8EtlrNaIW765+EVh4TJcTFfb5OYf8oA042Wu7UDr8BNTqKllw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.key b/crypto/heimdal/lib/hx509/data/test-ke-only.key
deleted file mode 100644
index 878267e..0000000
--- a/crypto/heimdal/lib/hx509/data/test-ke-only.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9agltZf0vpgJ0SFla1rHP0jBgIZK/7ZTR3+net8LFXch7p/Kz
-4Bt4uqi6S+6VXAZ3EDm+5UxK8B6WoN93enoGzpWw2f2sS4VFsXylUa+4w4JvIQk3
-A7Bh4ARGqHFWpjZneULh778oHaDvAm4mYOH+BZVyh7nBCI7t3P1xBhWAeQIDAQAB
-AoGASR2vee1OqJ/6foyXAXuys7g9OD59eVzqf4Fhs7lXk/w5sZIJG+o8cIQNMayx
-8jHNxRQcVlYI9zxtclOzL1m11FPRgP6oVicPdIbKf/9JQhjlq/RgX/N66iBSPOW3
-80RtZ0G9pI+9RQN3sG1t39sXyMZJz5ApkcrsIfkX7Ej8tAkCQQD1mqP32MjUIpDc
-x15ybBXib7E/27f/aM04Zg4D1WLkYANmUKFLiNeKKEIy+R6iQ9bqcWdh/u2Pu08e
-I9eusolbAkEAxW6GQOihK5hsmKY7QdrORP6I6g8nqu/esiN1/LMtIVZdHtuaLxea
-3XUIewnK1h5d2eKXyWjMgT8o5y/XtT5xuwJAVW7mbJeHPGuNso7TZr/8WNj7cjgu
-5/R/toehhmnazZAsfpG7mbfPKirY5DxOEKnCf6jVCnyQDHhejCBxrT5DkwJBALrW
-MW7Tt1JOWNbM2V8k9fcM+fymgt+dSJ5EOK//0EGwPUeqgmr2Z7QTwQbO6YlgC2ja
-qtILvxzA7LB78iKvCWkCQQCOPkDbIzy5JM8AZtUFYb7PqJBb5fHDg3wiKWXiTh8+
-eaBxDdbBxCsamPLwfP2cguCvVv9yz3ODA9Aopny9iAv3
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-nopw.p12 b/crypto/heimdal/lib/hx509/data/test-nopw.p12
deleted file mode 100644
index 49db084..0000000
--- a/crypto/heimdal/lib/hx509/data/test-nopw.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-pw.key b/crypto/heimdal/lib/hx509/data/test-pw.key
deleted file mode 100644
index e844a98..0000000
--- a/crypto/heimdal/lib/hx509/data/test-pw.key
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,B9B1B14B38E4ED57E3F9D8DFA7FEB086
-
-mgUkuZfb6TTZ+69kLKbHpwfSYmY1tRMeIuuqcY6qdNpF70kiZ6BylMYzGG29OZJQ
-ttiYmYz1zFYVhWrnpGnK7Raa7CHaohlcPfiUBD2lRzNmj6xYAJdooiR9kWNnZZe5
-JTOpLuokpSWSqgS58AB1BLkK67JGTEhF3iDwPff/oVBjW5X/VMRd62RfDk32MJmd
-nd+xNdBeKk7nXwMITZyv3n5KayVohNSpFblIAwl/k8BDLavIKboZtJDqw9LyRpWC
-KLtToAWTO7pvZcOoK9yIhM5TtbZkp7pQrebGjoYkvdF84i4oVS85q8swwsw7BFq5
-s8AVbdC0kcj5tfSaJYxFonyj5BHiEc1k1CLkcn0Aff1DhW/vR93W28UgQBT11Lxf
-bvHxCSIGp6TKut7Jr1FGs6tzU5eTI2AlWeWJBoANDD2HaKnouRQfDEf8pHP9Odxg
-nOQ4HinpwpylimqisYqHbeocO5izz1xioze82SxYQTUGj+gCViSBIBesVaZ31DGm
-3ECN94ItCm9z6zAeMNtUdLkTY6rPeetwrXXcrWddD7p5c1HdWEEQHU1HilunQc6N
-I39udeWfW0HlINxKu7IgOepNipdw9EFUPtY1LGP+2Xa3ezi8saXPbsq0i/0looWf
-dhjvWke/uwi16zwDKL25pNSmSAKyhD+P46f5pcf1yk1MbMkFbfTrHzcxOIN1Fd5m
-rFVJTUnVonQinb8cEyqgg/2ufvOe6AnaIqjsKdFUQthYrCg6Voupis+SXRbIefhr
-diiBsOoIu8O38I9R6KmSs+CYTBeChWmt1sAJudRIgZ3v5vTm734qwlxijL4sSkYQ
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data b/crypto/heimdal/lib/hx509/data/test-signed-data
deleted file mode 100644
index ae27556..0000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr
deleted file mode 100644
index 11b008e..0000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts
deleted file mode 100644
index 0c94ab9..0000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test.combined.crt b/crypto/heimdal/lib/hx509/data/test.combined.crt
deleted file mode 100644
index 05c1e74..0000000
--- a/crypto/heimdal/lib/hx509/data/test.combined.crt
+++ /dev/null
@@ -1,68 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Test cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
-                    65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
-                    ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
-                    48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
-                    35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
-                    43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
-                    b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
-                    93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
-                    3a:45:71:fa:62:af:90:5e:c3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
-    Signature Algorithm: sha1WithRSAEncryption
-        88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
-        79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
-        f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
-        71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
-        14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
-        07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
-        98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
-        43:7a
------BEGIN CERTIFICATE-----
-MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
-DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
-pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
-/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
-VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
-7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
-Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
-fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
-LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
-/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
-AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
-4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
-0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
-iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
-pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
-aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
-RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
-1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
-OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
-r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test.crt b/crypto/heimdal/lib/hx509/data/test.crt
deleted file mode 100644
index 607605b..0000000
--- a/crypto/heimdal/lib/hx509/data/test.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Test cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
-                    65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
-                    ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
-                    48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
-                    35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
-                    43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
-                    b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
-                    93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
-                    3a:45:71:fa:62:af:90:5e:c3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
-    Signature Algorithm: sha1WithRSAEncryption
-        88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
-        79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
-        f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
-        71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
-        14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
-        07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
-        98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
-        43:7a
------BEGIN CERTIFICATE-----
-MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
-DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
-pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
-/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
-VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
-7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
-Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
-fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test.key b/crypto/heimdal/lib/hx509/data/test.key
deleted file mode 100644
index 5251ceb..0000000
--- a/crypto/heimdal/lib/hx509/data/test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
-LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
-/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
-AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
-4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
-0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
-iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
-pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
-aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
-RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
-1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
-OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
-r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test.p12 b/crypto/heimdal/lib/hx509/data/test.p12
deleted file mode 100644
index ad3e90a..0000000
--- a/crypto/heimdal/lib/hx509/data/test.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem
deleted file mode 100644
index 32685d1..0000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
-UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
-MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
-dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
-VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
-z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
-tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
-aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
-y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
-uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem
deleted file mode 100644
index b0726ea..0000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
-BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
-6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
-M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
-340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
-EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
-BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O
-Kw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem
deleted file mode 100644
index 32685d1..0000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
-UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
-MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
-dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
-VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
-z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
-tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
-aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
-y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
-uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem
deleted file mode 100644
index 9a89e59..0000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
-BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
-6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
-M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
-340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
-EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
-BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU
-cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7
-Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg
-Dw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad.key b/crypto/heimdal/lib/hx509/data/yutaka-pad.key
deleted file mode 100644
index 1763623..0000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9KlnqKD0Ol4oHrSHuKLVGK026+Sfgg058ReMKM9IXCYhsYmqf
-Ja8pOIwrOC4RiQboJkBuzHji3eS+xUN5R3lZkFGAyh5B3W00kFTgFfE4DxtXN3Cy
-3No95659C1kO8p8zh6P5+j+P2Vgf250K6DWG5o3JtwK2KPMaieR11fgkRQIDAQAB
-AoGBAJCYvwJun713uNsFTNpv46EvmMtDiWfk9ymnglVaJ03Uy6ON11Kvy6UGxJ6E
-4zIkPFNYaghH5GAGncP1pg4exHKRGJTNcQbMf9iOsCTOuvKSWbBZpnJcFllKyESK
-PTt72D6x/cuzDXVTeWvQMoOILa09szW7aqFNIdxae4Vq7a4BAkEA6MoehuRtZ4N9
-Jtc9cIpSKOOatZ1UajWEFV2yVHaDED2kkWxKjppPzRn06LzX8LWm1RT0qe3Zyasi
-iXCXlno/+QJBANAGvY+k/+OvzWnv1yTKO8OmrMqkSzh3KAhFbiVWdQaqMSCWtKYk
-GoOKnq0PB73ExhdbTFmxC4KBPHTC2guOca0CQCD78pNebnoKUYNdYCFAGCAfD97H
-6hwadRqp6gi5uhxk/5pzY6UNDF2dXexURayfsIHktD4Xq5I9o2kiAPibXdECQQDC
-KihwlL9K02JVSMl0y1XxDfclxSd4cq9o2PUv4HymVeA43LGMiRI+SPpF6Ut+ctW6
-IzsmVDu7+chl6yD9vFyZAkA3Auv9UxKL3kPtvu5G/lrCVmwzVfAzuwtnmSfp1+M5
-yTYBz+VFSsYrdlDZ3jdLnFzVOMiIm9pZca/L93QjmXJ+
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/doxygen.c b/crypto/heimdal/lib/hx509/doxygen.c
deleted file mode 100644
index 488ae4b..0000000
--- a/crypto/heimdal/lib/hx509/doxygen.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/** @mainpage Heimdal PKIX/X.509 library
- *
- * @section intro Introduction
- *
- * Heimdal libhx509 library is a implementation of the PKIX/X.509 and
- * related protocols.
- * 
- * PKIX/X.509 is ...
- *
- *
- * Sections in this manual are:
- * - @ref page_name
- * - @ref page_cert
- * - @ref page_keyset
- * - @ref page_error
- * - @ref page_lock
- * - @ref page_cms
- * - @ref page_ca
- * - @ref page_revoke
- * - @ref page_print
- * - @ref page_env
- *
- * The project web page:
- * http://www.h5l.org/
- *
- */
-
-/** @defgroup hx509 hx509 library */
-
-/** @defgroup hx509_error hx509 error functions
- * See the @ref page_error for description and examples. */
-/** @defgroup hx509_cert hx509 certificate functions
- * See the @ref page_cert for description and examples. */
-/** @defgroup hx509_keyset hx509 certificate store functions
- * See the @ref page_keyset for description and examples. */
-/** @defgroup hx509_cms hx509 CMS/pkcs7 functions
- * See the @ref page_cms for description and examples. */
-/** @defgroup hx509_crypto hx509 crypto functions */
-/** @defgroup hx509_misc hx509 misc functions */
-/** @defgroup hx509_name hx509 name functions 
- * See the @ref page_name for description and examples. */
-/** @defgroup hx509_revoke hx509 revokation checking functions
- * See the @ref page_revoke for description and examples. */
-/** @defgroup hx509_verify hx509 verification functions */
-/** @defgroup hx509_lock hx509 lock functions
- * See the @ref page_lock for description and examples. */
-/** @defgroup hx509_query hx509 query functions */
-/** @defgroup hx509_ca hx509 CA functions
- * See the @ref page_ca for description and examples. */
-/** @defgroup hx509_peer hx509 certificate selecting functions */
-/** @defgroup hx509_print hx509 printing functions */
-/** @defgroup hx509_env hx509 enviroment functions */
diff --git a/crypto/heimdal/lib/hx509/env.c b/crypto/heimdal/lib/hx509/env.c
deleted file mode 100644
index f868c22..0000000
--- a/crypto/heimdal/lib/hx509/env.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $");
-
-/**
- * @page page_env Hx509 enviroment functions
- *
- * See the library functions here: @ref hx509_env
- */
-
-struct hx509_env {
-    struct {
-	char *key;
-	char *value;
-    } *val;
-    size_t len;
-};
-
-/**
- * Allocate a new hx509_env container object.
- *
- * @param context A hx509 context.
- * @param env return a hx509_env structure, free with hx509_env_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_init(hx509_context context, hx509_env *env)
-{
-    *env = calloc(1, sizeof(**env));
-    if (*env == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Add a new key/value pair to the hx509_env.
- *
- * @param context A hx509 context.
- * @param env enviroment to add the enviroment variable too.
- * @param key key to add
- * @param value value to add
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_add(hx509_context context, hx509_env env, 
-	      const char *key, const char *value)
-{
-    void *ptr;
-
-    ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->val = ptr;
-    env->val[env->len].key = strdup(key);
-    if (env->val[env->len].key == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->val[env->len].value = strdup(value);
-    if (env->val[env->len].value == NULL) {
-	free(env->val[env->len].key);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->len++;
-    return 0;
-}
-
-/**
- * Search the hx509_env for a key.
- *
- * @param context A hx509 context.
- * @param env enviroment to add the enviroment variable too.
- * @param key key to search for.
- * @param len length of key.
- *
- * @return the value if the key is found, NULL otherwise.
- *
- * @ingroup hx509_env
- */
-
-const char *
-hx509_env_lfind(hx509_context context, hx509_env env,
-		const char *key, size_t len)
-{
-    size_t i;
-
-    for (i = 0; i < env->len; i++) {
-	char *s = env->val[i].key;
-	if (strncmp(key, s, len) == 0 && s[len] == '\0')
-	    return env->val[i].value;
-    }
-    return NULL;
-}
-
-/**
- * Free an hx509_env enviroment context.
- *
- * @param env the enviroment to free.
- *
- * @ingroup hx509_env
- */
-
-void
-hx509_env_free(hx509_env *env)
-{
-    size_t i;
-
-    for (i = 0; i < (*env)->len; i++) {
-	free((*env)->val[i].key);
-	free((*env)->val[i].value);
-    }
-    free((*env)->val);
-    free(*env);
-    *env = NULL;
-}
-
diff --git a/crypto/heimdal/lib/hx509/error.c b/crypto/heimdal/lib/hx509/error.c
deleted file mode 100644
index 25119ed..0000000
--- a/crypto/heimdal/lib/hx509/error.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $");
-
-/**
- * @page page_error Hx509 error reporting functions
- *
- * See the library functions here: @ref hx509_error
- */
-
-struct hx509_error_data {
-    hx509_error next;
-    int code;
-    char *msg;
-};
-
-static void
-free_error_string(hx509_error msg)
-{
-    while(msg) {
-	hx509_error m2 = msg->next;
-	free(msg->msg);
-	free(msg);
-	msg = m2;
-    }
-}
-
-/**
- * Resets the error strings the hx509 context.
- *
- * @param context A hx509 context.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_clear_error_string(hx509_context context)
-{
-    free_error_string(context->error);
-    context->error = NULL;
-}
-
-/**
- * Add an error message to the hx509 context.
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
-     (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ap arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_stringv(hx509_context context, int flags, int code, 
-			const char *fmt, va_list ap)
-{
-    hx509_error msg;
-
-    msg = calloc(1, sizeof(*msg));
-    if (msg == NULL) {
-	hx509_clear_error_string(context);
-	return;
-    }
-
-    if (vasprintf(&msg->msg, fmt, ap) == -1) {
-	hx509_clear_error_string(context);
-	free(msg);
-	return;
-    }
-    msg->code = code;
-
-    if (flags & HX509_ERROR_APPEND) {
-	msg->next = context->error;
-	context->error = msg;
-    } else  {
-	free_error_string(context->error);
-	context->error = msg;
-    }
-}
-
-/**
- * See hx509_set_error_stringv(). 
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
-     (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ... arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_string(hx509_context context, int flags, int code,
-		       const char *fmt, ...)
-{
-    va_list ap;
-
-    va_start(ap, fmt);
-    hx509_set_error_stringv(context, flags, code, fmt, ap);
-    va_end(ap);
-}
-
-/**
- * Get an error string from context associated with error_code.
- *
- * @param context A hx509 context.
- * @param error_code Get error message for this error code.
- *
- * @return error string, free with hx509_free_error_string().
- *
- * @ingroup hx509_error
- */
-
-char *
-hx509_get_error_string(hx509_context context, int error_code)
-{
-    struct rk_strpool *p = NULL;
-    hx509_error msg = context->error;
-
-    if (msg == NULL || msg->code != error_code) {
-	const char *cstr;
-	char *str;
-
-	cstr = com_right(context->et_list, error_code);
-	if (cstr)
-	    return strdup(cstr);
-	cstr = strerror(error_code);
-	if (cstr)
-	    return strdup(cstr);
-	if (asprintf(&str, "<unknown error: %d>", error_code) == -1)
-	    return NULL;
-	return str;
-    }
-
-    for (msg = context->error; msg; msg = msg->next)
-	p = rk_strpoolprintf(p, "%s%s", msg->msg, 
-			     msg->next != NULL ? "; " : "");
-
-    return rk_strpoolcollect(p);
-}
-
-/**
- * Free error string returned by hx509_get_error_string().
- *
- * @param str error string to free.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_free_error_string(char *str)
-{
-    free(str);
-}
-
-/**
- * Print error message and fatally exit from error code
- *
- * @param context A hx509 context.
- * @param exit_code exit() code from process.
- * @param error_code Error code for the reason to exit.
- * @param fmt format string with the exit message.
- * @param ... argument to format string.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_err(hx509_context context, int exit_code, 
-	  int error_code, const char *fmt, ...)
-{
-    va_list ap;
-    const char *msg;
-    char *str;
-
-    va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
-    va_end(ap);
-    msg = hx509_get_error_string(context, error_code);
-    if (msg == NULL)
-	msg = "no error";
-
-    errx(exit_code, "%s: %s", str, msg);
-}
diff --git a/crypto/heimdal/lib/hx509/file.c b/crypto/heimdal/lib/hx509/file.c
deleted file mode 100644
index b076b74..0000000
--- a/crypto/heimdal/lib/hx509/file.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$ID$");
-
-int
-_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb)
-{
-    size_t length;
-    void *data;
-    int ret;
-
-    ret = _hx509_map_file(fn, &data, &length, rsb);
-
-    os->data = data;
-    os->length = length;
-
-    return ret;
-}
-
-void
-_hx509_unmap_file_os(heim_octet_string *os)
-{
-    _hx509_unmap_file(os->data, os->length);
-}
-
-int
-_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb)
-{
-    struct stat sb;
-    size_t len;
-    ssize_t l;
-    int ret;
-    void *d;
-    int fd;
-
-    *data = NULL;
-    *length = 0;
-
-    fd = open(fn, O_RDONLY);
-    if (fd < 0)
-	return errno;
-    
-    if (fstat(fd, &sb) < 0) {
-	ret = errno;
-	close(fd);
-	return ret;
-    }
-
-    len = sb.st_size;
-
-    d = malloc(len);
-    if (d == NULL) {
-	close(fd);
-	return ENOMEM;
-    }
-    
-    l = read(fd, d, len);
-    close(fd);
-    if (l < 0 || l != len) {
-	free(d);
-	return EINVAL;
-    }
-
-    if (rsb)
-	*rsb = sb;
-    *data = d;
-    *length = len;
-    return 0;
-}
-
-void
-_hx509_unmap_file(void *data, size_t len)
-{
-    free(data);
-}
-
-int
-_hx509_write_file(const char *fn, const void *data, size_t length)
-{
-    ssize_t sz;
-    const unsigned char *p = data;
-    int fd;
-
-    fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644);
-    if (fd < 0)
-	return errno;
-
-    do {
-	sz = write(fd, p, length);
-	if (sz < 0) {
-	    int saved_errno = errno;
-	    close(fd);
-	    return saved_errno;
-	}
-	if (sz == 0)
-	    break;
-	length -= sz;
-    } while (length > 0);
-		
-    if (close(fd) == -1)
-	return errno;
-
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-header(FILE *f, const char *type, const char *str)
-{
-    fprintf(f, "-----%s %s-----\n", type, str);
-}
-
-int
-hx509_pem_write(hx509_context context, const char *type, 
-		hx509_pem_header *headers, FILE *f,
-		const void *data, size_t size)
-{
-    const char *p = data;
-    size_t length;
-    char *line;
-
-#define ENCODE_LINE_LENGTH	54
-    
-    header(f, "BEGIN", type);
-
-    while (headers) {
-	fprintf(f, "%s: %s\n%s", 
-		headers->header, headers->value,
-		headers->next ? "" : "\n");
-	headers = headers->next;
-    }
-
-    while (size > 0) {
-	ssize_t l;
-	
-	length = size;
-	if (length > ENCODE_LINE_LENGTH)
-	    length = ENCODE_LINE_LENGTH;
-	
-	l = base64_encode(p, length, &line);
-	if (l < 0) {
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "malloc - out of memory");
-	    return ENOMEM;
-	}
-	size -= length;
-	fprintf(f, "%s\n", line);
-	p += length;
-	free(line);
-    }
-
-    header(f, "END", type);
-
-    return 0;
-}
-
-/*
- *
- */
-
-int
-hx509_pem_add_header(hx509_pem_header **headers, 
-		     const char *header, const char *value)
-{
-    hx509_pem_header *h;
-
-    h = calloc(1, sizeof(*h));
-    if (h == NULL)
-	return ENOMEM;
-    h->header = strdup(header);
-    if (h->header == NULL) {
-	free(h);
-	return ENOMEM;
-    }
-    h->value = strdup(value);
-    if (h->value == NULL) {
-	free(h->header);
-	free(h);
-	return ENOMEM;
-    }
-
-    h->next = *headers;
-    *headers = h;
-
-    return 0;
-}
-
-void
-hx509_pem_free_header(hx509_pem_header *headers)
-{
-    hx509_pem_header *h;
-    while (headers) {
-	h = headers;
-	headers = headers->next;
-	free(h->header);
-	free(h->value);
-	free(h);
-    }
-}
-
-/*
- *
- */
-
-const char *
-hx509_pem_find_header(const hx509_pem_header *h, const char *header)
-{
-    while(h) {
-	if (strcmp(header, h->header) == 0)
-	    return h->value;
-	h = h->next;
-    }
-    return NULL;
-}
-
-
-/*
- *
- */
-
-int
-hx509_pem_read(hx509_context context,
-	       FILE *f, 
-	       hx509_pem_read_func func,
-	       void *ctx)
-{
-    hx509_pem_header *headers = NULL;
-    char *type = NULL;
-    void *data = NULL;
-    size_t len = 0;
-    char buf[1024];
-    int ret = HX509_PARSING_KEY_FAILED;
-
-    enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where;
-
-    where = BEFORE;
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-	int i;
-
-	i = strcspn(buf, "\n");
-	if (buf[i] == '\n') {
-	    buf[i] = '\0';
-	    if (i > 0)
-		i--;
-	}
-	if (buf[i] == '\r') {
-	    buf[i] = '\0';
-	    if (i > 0)
-		i--;
-	}
-	    
-	switch (where) {
-	case BEFORE:
-	    if (strncmp("-----BEGIN ", buf, 11) == 0) {
-		type = strdup(buf + 11);
-		if (type == NULL)
-		    break;
-		p = strchr(type, '-');
-		if (p)
-		    *p = '\0';
-		where = SEARCHHEADER;
-	    }
-	    break;
-	case SEARCHHEADER:
-	    p = strchr(buf, ':');
-	    if (p == NULL) {
-		where = INDATA;
-		goto indata;
-	    }
-	    /* FALLTHOUGH */
-	case INHEADER:
-	    if (buf[0] == '\0') {
-		where = INDATA;
-		break;
-	    }
-	    p = strchr(buf, ':');
-	    if (p) {
-		*p++ = '\0';
-		while (isspace((int)*p))
-		    p++;
-		ret = hx509_pem_add_header(&headers, buf, p);
-		if (ret)
-		    abort();
-	    }
-	    break;
-	case INDATA:
-	indata:
-
-	    if (strncmp("-----END ", buf, 9) == 0) {
-		where = DONE;
-		break;
-	    }
-
-	    p = emalloc(i);
-	    i = base64_decode(buf, p);
-	    if (i < 0) {
-		free(p);
-		goto out;
-	    }
-	    
-	    data = erealloc(data, len + i);
-	    memcpy(((char *)data) + len, p, i);
-	    free(p);
-	    len += i;
-	    break;
-	case DONE:
-	    abort();
-	}
-
-	if (where == DONE) {
-	    ret = (*func)(context, type, headers, data, len, ctx);
-	out:
-	    free(data);
-	    data = NULL;
-	    len = 0;
-	    free(type);
-	    type = NULL;
-	    where = BEFORE;
-	    hx509_pem_free_header(headers);
-	    headers = NULL;
-	    if (ret)
-		break;
-	}
-    }
-
-    if (where != BEFORE) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "File ends before end of PEM end tag");
-	ret = HX509_PARSING_KEY_FAILED;
-    }
-    if (data)
-	free(data);
-    if (type)
-	free(type);
-    if (headers)
-	hx509_pem_free_header(headers);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/hx509-private.h b/crypto/heimdal/lib/hx509/hx509-private.h
deleted file mode 100644
index 67bb843..0000000
--- a/crypto/heimdal/lib/hx509/hx509-private.h
+++ /dev/null
@@ -1,529 +0,0 @@
-/* This is a generated file */
-#ifndef __hx509_private_h__
-#define __hx509_private_h__
-
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-int
-_hx509_AlgorithmIdentifier_cmp (
-	const AlgorithmIdentifier */*p*/,
-	const AlgorithmIdentifier */*q*/);
-
-int
-_hx509_Certificate_cmp (
-	const Certificate */*p*/,
-	const Certificate */*q*/);
-
-int
-_hx509_Name_to_string (
-	const Name */*n*/,
-	char **/*str*/);
-
-time_t
-_hx509_Time2time_t (const Time */*t*/);
-
-void
-_hx509_abort (
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 1, 2)));
-
-int
-_hx509_calculate_path (
-	hx509_context /*context*/,
-	int /*flags*/,
-	time_t /*time_now*/,
-	hx509_certs /*anchors*/,
-	unsigned int /*max_depth*/,
-	hx509_cert /*cert*/,
-	hx509_certs /*pool*/,
-	hx509_path */*path*/);
-
-int
-_hx509_cert_assign_key (
-	hx509_cert /*cert*/,
-	hx509_private_key /*private_key*/);
-
-int
-_hx509_cert_get_eku (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	ExtKeyUsage */*e*/);
-
-int
-_hx509_cert_get_keyusage (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	KeyUsage */*ku*/);
-
-int
-_hx509_cert_get_version (const Certificate */*t*/);
-
-int
-_hx509_cert_is_parent_cmp (
-	const Certificate */*subject*/,
-	const Certificate */*issuer*/,
-	int /*allow_self_signed*/);
-
-int
-_hx509_cert_private_decrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*ciphertext*/,
-	const heim_oid */*encryption_oid*/,
-	hx509_cert /*p*/,
-	heim_octet_string */*cleartext*/);
-
-hx509_private_key
-_hx509_cert_private_key (hx509_cert /*p*/);
-
-int
-_hx509_cert_private_key_exportable (hx509_cert /*p*/);
-
-int
-_hx509_cert_public_encrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*cleartext*/,
-	const hx509_cert /*p*/,
-	heim_oid */*encryption_oid*/,
-	heim_octet_string */*ciphertext*/);
-
-void
-_hx509_cert_set_release (
-	hx509_cert /*cert*/,
-	_hx509_cert_release_func /*release*/,
-	void */*ctx*/);
-
-int
-_hx509_certs_keys_add (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_private_key /*key*/);
-
-void
-_hx509_certs_keys_free (
-	hx509_context /*context*/,
-	hx509_private_key */*keys*/);
-
-int
-_hx509_certs_keys_get (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_private_key **/*keys*/);
-
-hx509_certs
-_hx509_certs_ref (hx509_certs /*certs*/);
-
-int
-_hx509_check_key_usage (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	unsigned /*flags*/,
-	int /*req_present*/);
-
-int
-_hx509_collector_alloc (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	struct hx509_collector **/*collector*/);
-
-int
-_hx509_collector_certs_add (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_cert /*cert*/);
-
-int
-_hx509_collector_collect_certs (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_certs */*ret_certs*/);
-
-int
-_hx509_collector_collect_private_keys (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_private_key **/*keys*/);
-
-void
-_hx509_collector_free (struct hx509_collector */*c*/);
-
-hx509_lock
-_hx509_collector_get_lock (struct hx509_collector */*c*/);
-
-int
-_hx509_collector_private_key_add (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	const AlgorithmIdentifier */*alg*/,
-	hx509_private_key /*private_key*/,
-	const heim_octet_string */*key_data*/,
-	const heim_octet_string */*localKeyId*/);
-
-int
-_hx509_create_signature (
-	hx509_context /*context*/,
-	const hx509_private_key /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	AlgorithmIdentifier */*signatureAlgorithm*/,
-	heim_octet_string */*sig*/);
-
-int
-_hx509_create_signature_bitstring (
-	hx509_context /*context*/,
-	const hx509_private_key /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	AlgorithmIdentifier */*signatureAlgorithm*/,
-	heim_bit_string */*sig*/);
-
-int
-_hx509_find_extension_subject_key_id (
-	const Certificate */*issuer*/,
-	SubjectKeyIdentifier */*si*/);
-
-int
-_hx509_generate_private_key (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/,
-	hx509_private_key */*private_key*/);
-
-int
-_hx509_generate_private_key_bits (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/,
-	unsigned long /*bits*/);
-
-void
-_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/);
-
-int
-_hx509_generate_private_key_init (
-	hx509_context /*context*/,
-	const heim_oid */*oid*/,
-	struct hx509_generate_private_context **/*ctx*/);
-
-int
-_hx509_generate_private_key_is_ca (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/);
-
-Certificate *
-_hx509_get_cert (hx509_cert /*cert*/);
-
-void
-_hx509_ks_dir_register (hx509_context /*context*/);
-
-void
-_hx509_ks_file_register (hx509_context /*context*/);
-
-void
-_hx509_ks_keychain_register (hx509_context /*context*/);
-
-void
-_hx509_ks_mem_register (hx509_context /*context*/);
-
-void
-_hx509_ks_null_register (hx509_context /*context*/);
-
-void
-_hx509_ks_pkcs11_register (hx509_context /*context*/);
-
-void
-_hx509_ks_pkcs12_register (hx509_context /*context*/);
-
-void
-_hx509_ks_register (
-	hx509_context /*context*/,
-	struct hx509_keyset_ops */*ops*/);
-
-int
-_hx509_lock_find_cert (
-	hx509_lock /*lock*/,
-	const hx509_query */*q*/,
-	hx509_cert */*c*/);
-
-const struct _hx509_password *
-_hx509_lock_get_passwords (hx509_lock /*lock*/);
-
-hx509_certs
-_hx509_lock_unlock_certs (hx509_lock /*lock*/);
-
-int
-_hx509_map_file (
-	const char */*fn*/,
-	void **/*data*/,
-	size_t */*length*/,
-	struct stat */*rsb*/);
-
-int
-_hx509_map_file_os (
-	const char */*fn*/,
-	heim_octet_string */*os*/,
-	struct stat */*rsb*/);
-
-int
-_hx509_match_keys (
-	hx509_cert /*c*/,
-	hx509_private_key /*private_key*/);
-
-int
-_hx509_name_cmp (
-	const Name */*n1*/,
-	const Name */*n2*/);
-
-int
-_hx509_name_ds_cmp (
-	const DirectoryString */*ds1*/,
-	const DirectoryString */*ds2*/);
-
-int
-_hx509_name_from_Name (
-	const Name */*n*/,
-	hx509_name */*name*/);
-
-int
-_hx509_name_modify (
-	hx509_context /*context*/,
-	Name */*name*/,
-	int /*append*/,
-	const heim_oid */*oid*/,
-	const char */*str*/);
-
-int
-_hx509_parse_private_key (
-	hx509_context /*context*/,
-	const heim_oid */*key_oid*/,
-	const void */*data*/,
-	size_t /*len*/,
-	hx509_private_key */*private_key*/);
-
-int
-_hx509_path_append (
-	hx509_context /*context*/,
-	hx509_path */*path*/,
-	hx509_cert /*cert*/);
-
-void
-_hx509_path_free (hx509_path */*path*/);
-
-int
-_hx509_pbe_decrypt (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const AlgorithmIdentifier */*ai*/,
-	const heim_octet_string */*econtent*/,
-	heim_octet_string */*content*/);
-
-int
-_hx509_pbe_encrypt (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const AlgorithmIdentifier */*ai*/,
-	const heim_octet_string */*content*/,
-	heim_octet_string */*econtent*/);
-
-void
-_hx509_pi_printf (
-	int (*/*func*/)(void *, const char *),
-	void */*ctx*/,
-	const char */*fmt*/,
-	...);
-
-int
-_hx509_private_key2SPKI (
-	hx509_context /*context*/,
-	hx509_private_key /*private_key*/,
-	SubjectPublicKeyInfo */*spki*/);
-
-void
-_hx509_private_key_assign_rsa (
-	hx509_private_key /*key*/,
-	void */*ptr*/);
-
-int
-_hx509_private_key_export (
-	hx509_context /*context*/,
-	const hx509_private_key /*key*/,
-	heim_octet_string */*data*/);
-
-int
-_hx509_private_key_exportable (hx509_private_key /*key*/);
-
-int
-_hx509_private_key_free (hx509_private_key */*key*/);
-
-BIGNUM *
-_hx509_private_key_get_internal (
-	hx509_context /*context*/,
-	hx509_private_key /*key*/,
-	const char */*type*/);
-
-int
-_hx509_private_key_init (
-	hx509_private_key */*key*/,
-	hx509_private_key_ops */*ops*/,
-	void */*keydata*/);
-
-int
-_hx509_private_key_oid (
-	hx509_context /*context*/,
-	const hx509_private_key /*key*/,
-	heim_oid */*data*/);
-
-int
-_hx509_private_key_private_decrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*ciphertext*/,
-	const heim_oid */*encryption_oid*/,
-	hx509_private_key /*p*/,
-	heim_octet_string */*cleartext*/);
-
-hx509_private_key
-_hx509_private_key_ref (hx509_private_key /*key*/);
-
-const char *
-_hx509_private_pem_name (hx509_private_key /*key*/);
-
-int
-_hx509_public_encrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*cleartext*/,
-	const Certificate */*cert*/,
-	heim_oid */*encryption_oid*/,
-	heim_octet_string */*ciphertext*/);
-
-void
-_hx509_query_clear (hx509_query */*q*/);
-
-int
-_hx509_query_match_cert (
-	hx509_context /*context*/,
-	const hx509_query */*q*/,
-	hx509_cert /*cert*/);
-
-void
-_hx509_query_statistic (
-	hx509_context /*context*/,
-	int /*type*/,
-	const hx509_query */*q*/);
-
-int
-_hx509_request_add_dns_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const char */*hostname*/);
-
-int
-_hx509_request_add_eku (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const heim_oid */*oid*/);
-
-int
-_hx509_request_add_email (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const char */*email*/);
-
-void
-_hx509_request_free (hx509_request */*req*/);
-
-int
-_hx509_request_get_SubjectPublicKeyInfo (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_get_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	hx509_name */*name*/);
-
-int
-_hx509_request_init (
-	hx509_context /*context*/,
-	hx509_request */*req*/);
-
-int
-_hx509_request_parse (
-	hx509_context /*context*/,
-	const char */*path*/,
-	hx509_request */*req*/);
-
-int
-_hx509_request_print (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	FILE */*f*/);
-
-int
-_hx509_request_set_SubjectPublicKeyInfo (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_set_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	hx509_name /*name*/);
-
-int
-_hx509_request_to_pkcs10 (
-	hx509_context /*context*/,
-	const hx509_request /*req*/,
-	const hx509_private_key /*signer*/,
-	heim_octet_string */*request*/);
-
-hx509_revoke_ctx
-_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/);
-
-int
-_hx509_set_cert_attribute (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/,
-	const heim_octet_string */*attr*/);
-
-void
-_hx509_unmap_file (
-	void */*data*/,
-	size_t /*len*/);
-
-void
-_hx509_unmap_file_os (heim_octet_string */*os*/);
-
-int
-_hx509_unparse_Name (
-	const Name */*aname*/,
-	char **/*str*/);
-
-int
-_hx509_verify_signature (
-	hx509_context /*context*/,
-	const Certificate */*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_octet_string */*sig*/);
-
-int
-_hx509_verify_signature_bitstring (
-	hx509_context /*context*/,
-	const Certificate */*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_bit_string */*sig*/);
-
-int
-_hx509_write_file (
-	const char */*fn*/,
-	const void */*data*/,
-	size_t /*length*/);
-
-#endif /* __hx509_private_h__ */
diff --git a/crypto/heimdal/lib/hx509/hx509-protos.h b/crypto/heimdal/lib/hx509/hx509-protos.h
deleted file mode 100644
index 50ce1b3..0000000
--- a/crypto/heimdal/lib/hx509/hx509-protos.h
+++ /dev/null
@@ -1,1049 +0,0 @@
-/* This is a generated file */
-#ifndef __hx509_protos_h__
-#define __hx509_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HX509_LIB_FUNCTION
-#if defined(_WIN32)
-#define HX509_LIB_FUNCTION _stdcall
-#else
-#define HX509_LIB_FUNCTION
-#endif
-#endif
-
-void
-hx509_bitstring_print (
-	const heim_bit_string */*b*/,
-	hx509_vprint_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_ca_sign (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_cert /*signer*/,
-	hx509_cert */*certificate*/);
-
-int
-hx509_ca_sign_self (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_private_key /*signer*/,
-	hx509_cert */*certificate*/);
-
-int
-hx509_ca_tbs_add_crl_dp_uri (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*uri*/,
-	hx509_name /*issuername*/);
-
-int
-hx509_ca_tbs_add_eku (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_oid */*oid*/);
-
-int
-hx509_ca_tbs_add_san_hostname (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*dnsname*/);
-
-int
-hx509_ca_tbs_add_san_jid (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*jid*/);
-
-int
-hx509_ca_tbs_add_san_ms_upn (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*principal*/);
-
-int
-hx509_ca_tbs_add_san_otherName (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_oid */*oid*/,
-	const heim_octet_string */*os*/);
-
-int
-hx509_ca_tbs_add_san_pkinit (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*principal*/);
-
-int
-hx509_ca_tbs_add_san_rfc822name (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*rfc822Name*/);
-
-void
-hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/);
-
-int
-hx509_ca_tbs_init (
-	hx509_context /*context*/,
-	hx509_ca_tbs */*tbs*/);
-
-int
-hx509_ca_tbs_set_ca (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*pathLenConstraint*/);
-
-int
-hx509_ca_tbs_set_domaincontroller (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/);
-
-int
-hx509_ca_tbs_set_notAfter (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*t*/);
-
-int
-hx509_ca_tbs_set_notAfter_lifetime (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*delta*/);
-
-int
-hx509_ca_tbs_set_notBefore (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*t*/);
-
-int
-hx509_ca_tbs_set_proxy (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*pathLenConstraint*/);
-
-int
-hx509_ca_tbs_set_serialnumber (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_integer */*serialNumber*/);
-
-int
-hx509_ca_tbs_set_spki (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const SubjectPublicKeyInfo */*spki*/);
-
-int
-hx509_ca_tbs_set_subject (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_name /*subject*/);
-
-int
-hx509_ca_tbs_set_template (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*flags*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_ca_tbs_subject_expand (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_env /*env*/);
-
-const struct units *
-hx509_ca_tbs_template_units (void);
-
-int
-hx509_cert_binary (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	heim_octet_string */*os*/);
-
-int
-hx509_cert_check_eku (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*eku*/,
-	int /*allow_any_eku*/);
-
-int
-hx509_cert_cmp (
-	hx509_cert /*p*/,
-	hx509_cert /*q*/);
-
-int
-hx509_cert_find_subjectAltName_otherName (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/,
-	hx509_octet_string_list */*list*/);
-
-void
-hx509_cert_free (hx509_cert /*cert*/);
-
-int
-hx509_cert_get_SPKI (
-	hx509_context /*context*/,
-	hx509_cert /*p*/,
-	SubjectPublicKeyInfo */*spki*/);
-
-int
-hx509_cert_get_SPKI_AlgorithmIdentifier (
-	hx509_context /*context*/,
-	hx509_cert /*p*/,
-	AlgorithmIdentifier */*alg*/);
-
-hx509_cert_attribute
-hx509_cert_get_attribute (
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/);
-
-int
-hx509_cert_get_base_subject (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	hx509_name */*name*/);
-
-const char *
-hx509_cert_get_friendly_name (hx509_cert /*cert*/);
-
-int
-hx509_cert_get_issuer (
-	hx509_cert /*p*/,
-	hx509_name */*name*/);
-
-time_t
-hx509_cert_get_notAfter (hx509_cert /*p*/);
-
-time_t
-hx509_cert_get_notBefore (hx509_cert /*p*/);
-
-int
-hx509_cert_get_serialnumber (
-	hx509_cert /*p*/,
-	heim_integer */*i*/);
-
-int
-hx509_cert_get_subject (
-	hx509_cert /*p*/,
-	hx509_name */*name*/);
-
-int
-hx509_cert_have_private_key (hx509_cert /*p*/);
-
-int
-hx509_cert_init (
-	hx509_context /*context*/,
-	const Certificate */*c*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_cert_init_data (
-	hx509_context /*context*/,
-	const void */*ptr*/,
-	size_t /*len*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_cert_keyusage_print (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	char **/*s*/);
-
-hx509_cert
-hx509_cert_ref (hx509_cert /*cert*/);
-
-int
-hx509_cert_set_friendly_name (
-	hx509_cert /*cert*/,
-	const char */*name*/);
-
-int
-hx509_certs_add (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_certs_append (
-	hx509_context /*context*/,
-	hx509_certs /*to*/,
-	hx509_lock /*lock*/,
-	const char */*name*/);
-
-int
-hx509_certs_end_seq (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor /*cursor*/);
-
-int
-hx509_certs_find (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	const hx509_query */*q*/,
-	hx509_cert */*r*/);
-
-void
-hx509_certs_free (hx509_certs */*certs*/);
-
-int
-hx509_certs_info (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int (*/*func*/)(void *, const char *),
-	void */*ctx*/);
-
-int
-hx509_certs_init (
-	hx509_context /*context*/,
-	const char */*name*/,
-	int /*flags*/,
-	hx509_lock /*lock*/,
-	hx509_certs */*certs*/);
-
-int
-hx509_certs_iter (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int (*/*func*/)(hx509_context, void *, hx509_cert),
-	void */*ctx*/);
-
-int
-hx509_certs_merge (
-	hx509_context /*context*/,
-	hx509_certs /*to*/,
-	hx509_certs /*from*/);
-
-int
-hx509_certs_next_cert (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor /*cursor*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_certs_start_seq (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor */*cursor*/);
-
-int
-hx509_certs_store (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int /*flags*/,
-	hx509_lock /*lock*/);
-
-int
-hx509_ci_print_names (
-	hx509_context /*context*/,
-	void */*ctx*/,
-	hx509_cert /*c*/);
-
-void
-hx509_clear_error_string (hx509_context /*context*/);
-
-int
-hx509_cms_create_signed_1 (
-	hx509_context /*context*/,
-	int /*flags*/,
-	const heim_oid */*eContentType*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const AlgorithmIdentifier */*digest_alg*/,
-	hx509_cert /*cert*/,
-	hx509_peer_info /*peer*/,
-	hx509_certs /*anchors*/,
-	hx509_certs /*pool*/,
-	heim_octet_string */*signed_data*/);
-
-int
-hx509_cms_decrypt_encrypted (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const void */*data*/,
-	size_t /*length*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_envelope_1 (
-	hx509_context /*context*/,
-	int /*flags*/,
-	hx509_cert /*cert*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_oid */*encryption_type*/,
-	const heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_unenvelope (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int /*flags*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_octet_string */*encryptedContent*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_unwrap_ContentInfo (
-	const heim_octet_string */*in*/,
-	heim_oid */*oid*/,
-	heim_octet_string */*out*/,
-	int */*have_data*/);
-
-int
-hx509_cms_verify_signed (
-	hx509_context /*context*/,
-	hx509_verify_ctx /*ctx*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_octet_string */*signedContent*/,
-	hx509_certs /*pool*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/,
-	hx509_certs */*signer_certs*/);
-
-int
-hx509_cms_wrap_ContentInfo (
-	const heim_oid */*oid*/,
-	const heim_octet_string */*buf*/,
-	heim_octet_string */*res*/);
-
-void
-hx509_context_free (hx509_context */*context*/);
-
-int
-hx509_context_init (hx509_context */*context*/);
-
-void
-hx509_context_set_missing_revoke (
-	hx509_context /*context*/,
-	int /*flag*/);
-
-int
-hx509_crl_add_revoked_certs (
-	hx509_context /*context*/,
-	hx509_crl /*crl*/,
-	hx509_certs /*certs*/);
-
-int
-hx509_crl_alloc (
-	hx509_context /*context*/,
-	hx509_crl */*crl*/);
-
-void
-hx509_crl_free (
-	hx509_context /*context*/,
-	hx509_crl */*crl*/);
-
-int
-hx509_crl_lifetime (
-	hx509_context /*context*/,
-	hx509_crl /*crl*/,
-	int /*delta*/);
-
-int
-hx509_crl_sign (
-	hx509_context /*context*/,
-	hx509_cert /*signer*/,
-	hx509_crl /*crl*/,
-	heim_octet_string */*os*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes128_cbc (void);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes256_cbc (void);
-
-int
-hx509_crypto_available (
-	hx509_context /*context*/,
-	int /*type*/,
-	hx509_cert /*source*/,
-	AlgorithmIdentifier **/*val*/,
-	unsigned int */*plen*/);
-
-int
-hx509_crypto_decrypt (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	const size_t /*length*/,
-	heim_octet_string */*ivec*/,
-	heim_octet_string */*clear*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_des_rsdi_ede3_cbc (void);
-
-void
-hx509_crypto_destroy (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_encrypt (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	const size_t /*length*/,
-	const heim_octet_string */*ivec*/,
-	heim_octet_string **/*ciphertext*/);
-
-const heim_oid *
-hx509_crypto_enctype_by_name (const char */*name*/);
-
-void
-hx509_crypto_free_algs (
-	AlgorithmIdentifier */*val*/,
-	unsigned int /*len*/);
-
-int
-hx509_crypto_get_params (
-	hx509_context /*context*/,
-	hx509_crypto /*crypto*/,
-	const heim_octet_string */*ivec*/,
-	heim_octet_string */*param*/);
-
-int
-hx509_crypto_init (
-	hx509_context /*context*/,
-	const char */*provider*/,
-	const heim_oid */*enctype*/,
-	hx509_crypto */*crypto*/);
-
-const char *
-hx509_crypto_provider (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_random_iv (
-	hx509_crypto /*crypto*/,
-	heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_select (
-	const hx509_context /*context*/,
-	int /*type*/,
-	const hx509_private_key /*source*/,
-	hx509_peer_info /*peer*/,
-	AlgorithmIdentifier */*selected*/);
-
-int
-hx509_crypto_set_key_data (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	size_t /*length*/);
-
-int
-hx509_crypto_set_key_name (
-	hx509_crypto /*crypto*/,
-	const char */*name*/);
-
-int
-hx509_crypto_set_params (
-	hx509_context /*context*/,
-	hx509_crypto /*crypto*/,
-	const heim_octet_string */*param*/,
-	heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_set_random_key (
-	hx509_crypto /*crypto*/,
-	heim_octet_string */*key*/);
-
-int
-hx509_env_add (
-	hx509_context /*context*/,
-	hx509_env /*env*/,
-	const char */*key*/,
-	const char */*value*/);
-
-void
-hx509_env_free (hx509_env */*env*/);
-
-int
-hx509_env_init (
-	hx509_context /*context*/,
-	hx509_env */*env*/);
-
-const char *
-hx509_env_lfind (
-	hx509_context /*context*/,
-	hx509_env /*env*/,
-	const char */*key*/,
-	size_t /*len*/);
-
-void
-hx509_err (
-	hx509_context /*context*/,
-	int /*exit_code*/,
-	int /*error_code*/,
-	const char */*fmt*/,
-	...);
-
-void
-hx509_free_error_string (char */*str*/);
-
-void
-hx509_free_octet_string_list (hx509_octet_string_list */*list*/);
-
-int
-hx509_general_name_unparse (
-	GeneralName */*name*/,
-	char **/*str*/);
-
-char *
-hx509_get_error_string (
-	hx509_context /*context*/,
-	int /*error_code*/);
-
-int
-hx509_get_one_cert (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cert */*c*/);
-
-int
-hx509_lock_add_cert (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_lock_add_certs (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	hx509_certs /*certs*/);
-
-int
-hx509_lock_add_password (
-	hx509_lock /*lock*/,
-	const char */*password*/);
-
-int
-hx509_lock_command_string (
-	hx509_lock /*lock*/,
-	const char */*string*/);
-
-void
-hx509_lock_free (hx509_lock /*lock*/);
-
-int
-hx509_lock_init (
-	hx509_context /*context*/,
-	hx509_lock */*lock*/);
-
-int
-hx509_lock_prompt (
-	hx509_lock /*lock*/,
-	hx509_prompt */*prompt*/);
-
-void
-hx509_lock_reset_certs (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_passwords (hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_promper (hx509_lock /*lock*/);
-
-int
-hx509_lock_set_prompter (
-	hx509_lock /*lock*/,
-	hx509_prompter_fct /*prompt*/,
-	void */*data*/);
-
-int
-hx509_name_binary (
-	const hx509_name /*name*/,
-	heim_octet_string */*os*/);
-
-int
-hx509_name_cmp (
-	hx509_name /*n1*/,
-	hx509_name /*n2*/);
-
-int
-hx509_name_copy (
-	hx509_context /*context*/,
-	const hx509_name /*from*/,
-	hx509_name */*to*/);
-
-int
-hx509_name_expand (
-	hx509_context /*context*/,
-	hx509_name /*name*/,
-	hx509_env /*env*/);
-
-void
-hx509_name_free (hx509_name */*name*/);
-
-int
-hx509_name_is_null_p (const hx509_name /*name*/);
-
-int
-hx509_name_normalize (
-	hx509_context /*context*/,
-	hx509_name /*name*/);
-
-int
-hx509_name_to_Name (
-	const hx509_name /*from*/,
-	Name */*to*/);
-
-int
-hx509_name_to_string (
-	const hx509_name /*name*/,
-	char **/*str*/);
-
-int
-hx509_ocsp_request (
-	hx509_context /*context*/,
-	hx509_certs /*reqcerts*/,
-	hx509_certs /*pool*/,
-	hx509_cert /*signer*/,
-	const AlgorithmIdentifier */*digest*/,
-	heim_octet_string */*request*/,
-	heim_octet_string */*nonce*/);
-
-int
-hx509_ocsp_verify (
-	hx509_context /*context*/,
-	time_t /*now*/,
-	hx509_cert /*cert*/,
-	int /*flags*/,
-	const void */*data*/,
-	size_t /*length*/,
-	time_t */*expiration*/);
-
-void
-hx509_oid_print (
-	const heim_oid */*oid*/,
-	hx509_vprint_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_oid_sprint (
-	const heim_oid */*oid*/,
-	char **/*str*/);
-
-int
-hx509_parse_name (
-	hx509_context /*context*/,
-	const char */*str*/,
-	hx509_name */*name*/);
-
-int
-hx509_peer_info_alloc (
-	hx509_context /*context*/,
-	hx509_peer_info */*peer*/);
-
-void
-hx509_peer_info_free (hx509_peer_info /*peer*/);
-
-int
-hx509_peer_info_set_cert (
-	hx509_peer_info /*peer*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_peer_info_set_cms_algs (
-	hx509_context /*context*/,
-	hx509_peer_info /*peer*/,
-	const AlgorithmIdentifier */*val*/,
-	size_t /*len*/);
-
-int
-hx509_pem_add_header (
-	hx509_pem_header **/*headers*/,
-	const char */*header*/,
-	const char */*value*/);
-
-const char *
-hx509_pem_find_header (
-	const hx509_pem_header */*h*/,
-	const char */*header*/);
-
-void
-hx509_pem_free_header (hx509_pem_header */*headers*/);
-
-int
-hx509_pem_read (
-	hx509_context /*context*/,
-	FILE */*f*/,
-	hx509_pem_read_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_pem_write (
-	hx509_context /*context*/,
-	const char */*type*/,
-	hx509_pem_header */*headers*/,
-	FILE */*f*/,
-	const void */*data*/,
-	size_t /*size*/);
-
-void
-hx509_print_stdout (
-	void */*ctx*/,
-	const char */*fmt*/,
-	va_list /*va*/);
-
-int
-hx509_prompt_hidden (hx509_prompt_type /*type*/);
-
-int
-hx509_query_alloc (
-	hx509_context /*context*/,
-	hx509_query **/*q*/);
-
-void
-hx509_query_free (
-	hx509_context /*context*/,
-	hx509_query */*q*/);
-
-int
-hx509_query_match_cmp_func (
-	hx509_query */*q*/,
-	int (*/*func*/)(void *, hx509_cert),
-	void */*ctx*/);
-
-int
-hx509_query_match_friendly_name (
-	hx509_query */*q*/,
-	const char */*name*/);
-
-int
-hx509_query_match_issuer_serial (
-	hx509_query */*q*/,
-	const Name */*issuer*/,
-	const heim_integer */*serialNumber*/);
-
-void
-hx509_query_match_option (
-	hx509_query */*q*/,
-	hx509_query_option /*option*/);
-
-void
-hx509_query_statistic_file (
-	hx509_context /*context*/,
-	const char */*fn*/);
-
-void
-hx509_query_unparse_stats (
-	hx509_context /*context*/,
-	int /*printtype*/,
-	FILE */*out*/);
-
-int
-hx509_revoke_add_crl (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	const char */*path*/);
-
-int
-hx509_revoke_add_ocsp (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	const char */*path*/);
-
-void
-hx509_revoke_free (hx509_revoke_ctx */*ctx*/);
-
-int
-hx509_revoke_init (
-	hx509_context /*context*/,
-	hx509_revoke_ctx */*ctx*/);
-
-int
-hx509_revoke_ocsp_print (
-	hx509_context /*context*/,
-	const char */*path*/,
-	FILE */*out*/);
-
-int
-hx509_revoke_verify (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	hx509_certs /*certs*/,
-	time_t /*now*/,
-	hx509_cert /*cert*/,
-	hx509_cert /*parent_cert*/);
-
-void
-hx509_set_error_string (
-	hx509_context /*context*/,
-	int /*flags*/,
-	int /*code*/,
-	const char */*fmt*/,
-	...);
-
-void
-hx509_set_error_stringv (
-	hx509_context /*context*/,
-	int /*flags*/,
-	int /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/);
-
-const AlgorithmIdentifier *
-hx509_signature_md2 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_pkcs1_x509 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha512 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha512 (void);
-
-int
-hx509_unparse_der_name (
-	const void */*data*/,
-	size_t /*length*/,
-	char **/*str*/);
-
-int
-hx509_validate_cert (
-	hx509_context /*context*/,
-	hx509_validate_ctx /*ctx*/,
-	hx509_cert /*cert*/);
-
-void
-hx509_validate_ctx_add_flags (
-	hx509_validate_ctx /*ctx*/,
-	int /*flags*/);
-
-void
-hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/);
-
-int
-hx509_validate_ctx_init (
-	hx509_context /*context*/,
-	hx509_validate_ctx */*ctx*/);
-
-void
-hx509_validate_ctx_set_print (
-	hx509_validate_ctx /*ctx*/,
-	hx509_vprint_func /*func*/,
-	void */*c*/);
-
-void
-hx509_verify_attach_anchors (
-	hx509_verify_ctx /*ctx*/,
-	hx509_certs /*set*/);
-
-void
-hx509_verify_attach_revoke (
-	hx509_verify_ctx /*ctx*/,
-	hx509_revoke_ctx /*revoke_ctx*/);
-
-void
-hx509_verify_ctx_f_allow_default_trustanchors (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/);
-
-int
-hx509_verify_hostname (
-	hx509_context /*context*/,
-	const hx509_cert /*cert*/,
-	int /*flags*/,
-	hx509_hostname_type /*type*/,
-	const char */*hostname*/,
-	const struct sockaddr */*sa*/,
-	int /*sa_size*/);
-
-int
-hx509_verify_init_ctx (
-	hx509_context /*context*/,
-	hx509_verify_ctx */*ctx*/);
-
-int
-hx509_verify_path (
-	hx509_context /*context*/,
-	hx509_verify_ctx /*ctx*/,
-	hx509_cert /*cert*/,
-	hx509_certs /*pool*/);
-
-void
-hx509_verify_set_max_depth (
-	hx509_verify_ctx /*ctx*/,
-	unsigned int /*max_depth*/);
-
-void
-hx509_verify_set_proxy_certificate (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_set_strict_rfc3280_verification (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_set_time (
-	hx509_verify_ctx /*ctx*/,
-	time_t /*t*/);
-
-int
-hx509_verify_signature (
-	hx509_context /*context*/,
-	const hx509_cert /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_octet_string */*sig*/);
-
-void
-hx509_xfree (void */*ptr*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __hx509_protos_h__ */
diff --git a/crypto/heimdal/lib/hx509/hx509.h b/crypto/heimdal/lib/hx509/hx509.h
deleted file mode 100644
index be02f63..0000000
--- a/crypto/heimdal/lib/hx509/hx509.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hx509.h 22464 2008-01-16 14:24:50Z lha $ */
-
-typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
-typedef struct hx509_cert_data *hx509_cert;
-typedef struct hx509_certs_data *hx509_certs;
-typedef struct hx509_context_data *hx509_context;
-typedef struct hx509_crypto_data *hx509_crypto;
-typedef struct hx509_lock_data *hx509_lock;
-typedef struct hx509_name_data *hx509_name;
-typedef struct hx509_private_key *hx509_private_key;
-typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
-typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
-typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx;
-typedef struct hx509_query_data hx509_query;
-typedef void * hx509_cursor;
-typedef struct hx509_request_data *hx509_request;
-typedef struct hx509_error_data *hx509_error;
-typedef struct hx509_peer_info *hx509_peer_info;
-typedef struct hx509_ca_tbs *hx509_ca_tbs;
-typedef struct hx509_env *hx509_env;
-typedef struct hx509_crl *hx509_crl;
-
-typedef void (*hx509_vprint_func)(void *, const char *, va_list);
-
-enum {
-    HX509_VHN_F_ALLOW_NO_MATCH = 1
-};
-
-enum {
-    HX509_VALIDATE_F_VALIDATE = 1,
-    HX509_VALIDATE_F_VERBOSE = 2
-};
-
-struct hx509_cert_attribute_data {
-    heim_oid oid;
-    heim_octet_string data;
-};
-
-typedef enum {
-    HX509_PROMPT_TYPE_PASSWORD		= 0x1,	/* password, hidden */
-    HX509_PROMPT_TYPE_QUESTION		= 0x2,	/* question, not hidden */
-    HX509_PROMPT_TYPE_INFO		= 0x4	/* infomation, reply doesn't matter */
-} hx509_prompt_type;
-
-typedef struct hx509_prompt {
-    const char *prompt;
-    hx509_prompt_type type;
-    heim_octet_string reply;
-} hx509_prompt;
-
-typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *);
-
-typedef struct hx509_octet_string_list {
-    size_t len;
-    heim_octet_string *val;
-} hx509_octet_string_list;
-
-typedef struct hx509_pem_header {
-    struct hx509_pem_header *next;
-    char *header;
-    char *value;
-} hx509_pem_header;
-
-typedef int
-(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *,
-		       const void *, size_t, void *ctx);
-
-/*
- * Options passed to hx509_query_match_option.
- */
-typedef enum {
-    HX509_QUERY_OPTION_PRIVATE_KEY = 1,
-    HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2,
-    HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3,
-    HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4,
-    HX509_QUERY_OPTION_END = 0xffff
-} hx509_query_option;
-
-/* flags to hx509_certs_init */
-#define HX509_CERTS_CREATE				0x01
-#define HX509_CERTS_UNPROTECT_ALL			0x02
-
-/* flags to hx509_set_error_string */
-#define HX509_ERROR_APPEND				0x01
-
-/* flags to hx509_cms_unenvelope */
-#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT	0x01
-
-/* selectors passed to hx509_crypto_select and hx509_crypto_available */
-#define HX509_SELECT_ALL 0
-#define HX509_SELECT_DIGEST 1
-#define HX509_SELECT_PUBLIC_SIG 2
-#define HX509_SELECT_PUBLIC_ENC 3
-#define HX509_SELECT_SECRET_ENC 4
-
-/* flags to hx509_ca_tbs_set_template */
-#define HX509_CA_TEMPLATE_SUBJECT 1
-#define HX509_CA_TEMPLATE_SERIAL 2
-#define HX509_CA_TEMPLATE_NOTBEFORE 4
-#define HX509_CA_TEMPLATE_NOTAFTER 8
-#define HX509_CA_TEMPLATE_SPKI 16
-#define HX509_CA_TEMPLATE_KU 32
-#define HX509_CA_TEMPLATE_EKU 64
-
-/* flags hx509_cms_create_signed* */
-#define HX509_CMS_SIGATURE_DETACHED 1
-#define HX509_CMS_SIGATURE_ID_NAME 2
-
-/* hx509_verify_hostname nametype */
-typedef enum  {
-    HX509_HN_HOSTNAME = 0,
-    HX509_HN_DNSSRV
-} hx509_hostname_type;
-
-#include <hx509-protos.h>
diff --git a/crypto/heimdal/lib/hx509/hx509_err.et b/crypto/heimdal/lib/hx509/hx509_err.et
deleted file mode 100644
index 8fc5cb8..0000000
--- a/crypto/heimdal/lib/hx509/hx509_err.et
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-# Error messages for the hx509 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $"
-
-error_table hx
-prefix HX509
-
-# path validateion and construction related errors
-error_code BAD_TIMEFORMAT,	"ASN.1 failed call to system time library"
-error_code EXTENSION_NOT_FOUND,	"Extension not found"
-error_code NO_PATH,		"Certification path not found"
-error_code PARENT_NOT_CA,	"Parent certificate is not a CA"
-error_code CA_PATH_TOO_DEEP,	"CA path too deep"
-error_code SIG_ALG_NO_SUPPORTED, "Signature algorithm not supported"
-error_code SIG_ALG_DONT_MATCH_KEY_ALG, "Signature algorithm doesn't match certificate key"
-error_code CERT_USED_BEFORE_TIME, "Certificate used before it became valid"
-error_code CERT_USED_AFTER_TIME, "Certificate used after it became invalid"
-error_code PRIVATE_KEY_MISSING,	"Private key required for the operation is missing"
-error_code ALG_NOT_SUPP, 	"Algorithm not supported"
-error_code ISSUER_NOT_FOUND, 	"Issuer couldn't be found"
-error_code VERIFY_CONSTRAINTS,	"Error verifing constraints"
-error_code RANGE,		"Number too large"
-error_code NAME_CONSTRAINT_ERROR, "Error while verifing name constraints"
-error_code PATH_TOO_LONG, "Path is too long, failed to find valid anchor"
-error_code KU_CERT_MISSING, "Required keyusage for this certificate is missing"
-error_code CERT_NOT_FOUND, "Certificate not found"
-error_code UNKNOWN_LOCK_COMMAND, "Unknown lock command"
-error_code PARENT_IS_CA, "Parent certificate is a CA"
-error_code EXTRA_DATA_AFTER_STRUCTURE, "Extra data was found after the structure"
-error_code PROXY_CERT_INVALID, "Proxy certificate is invalid"
-error_code PROXY_CERT_NAME_WRONG, "Proxy certificate name is wrong"
-error_code NAME_MALFORMED, "Name is malformated"
-error_code CERTIFICATE_MALFORMED, "Certificate is malformated"
-error_code CERTIFICATE_MISSING_EKU, "Certificate is missing a required EKU"
-error_code PROXY_CERTIFICATE_NOT_CANONICALIZED, "Proxy certificate not canonicalize" 
-
-# cms related errors
-index 32
-prefix HX509_CMS
-error_code FAILED_CREATE_SIGATURE, "Failed to create signature"
-error_code MISSING_SIGNER_DATA, "Missing signer data"
-error_code SIGNER_NOT_FOUND, "Couldn't find signers certificate"
-error_code NO_DATA_AVAILABLE, "No data to perform the operation on"
-error_code INVALID_DATA, "Data in the message is invalid"
-error_code PADDING_ERROR, "Padding in the message invalid"
-error_code NO_RECIPIENT_CERTIFICATE, "Couldn't find recipient certificate"
-error_code DATA_OID_MISMATCH, "Mismatch bewteen signed type and unsigned type"
-
-# crypto related errors
-index 64
-prefix HX509_CRYPTO
-error_code INTERNAL_ERROR, "Internal error in the crypto engine"
-error_code EXTERNAL_ERROR, "External error in the crypto engine"
-error_code SIGNATURE_MISSING, "Signature missing for data"
-error_code BAD_SIGNATURE, "Signature is not valid"
-error_code SIG_NO_CONF, "Sigature doesn't provide confidentiality"
-error_code SIG_INVALID_FORMAT, "Invalid format on signature"
-error_code OID_MISMATCH, "Mismatch bewteen oids"
-error_code NO_PROMPTER, "No prompter function defined"
-error_code SIGNATURE_WITHOUT_SIGNER, "Signature require signer, but non available"
-error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed"
-error_code RSA_PRIVATE_ENCRYPT, "RSA public encyption failed"
-error_code RSA_PUBLIC_DECRYPT, "RSA private decryption failed"
-error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed"
-
-# revoke related errors
-index 96
-prefix HX509
-error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid"
-error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid"
-error_code CRL_INVALID_FORMAT, "CRL have invalid format"
-error_code CERT_REVOKED, "Certificate is revoked"
-error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates"
-error_code CRL_UNKNOWN_EXTENSION, "Unknown extension"
-error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server"
-error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificates"
-error_code CERT_NOT_IN_OCSP, "Certificates not in OCSP reply"
-
-# misc error
-index 108
-error_code LOCAL_ATTRIBUTE_MISSING, "No local key attribute"
-error_code PARSING_KEY_FAILED, "Failed to parse key"
-error_code UNSUPPORTED_OPERATION, "Unsupported operation"
-error_code UNIMPLEMENTED_OPERATION, "Unimplemented operation"
-error_code PARSING_NAME_FAILED, "Failed to parse name"
-
-# keystore related error
-index 128
-prefix HX509_PKCS11
-error_code NO_SLOT,  "No smartcard reader/device found"
-error_code NO_TOKEN,  "No smartcard in reader"
-error_code NO_MECH,  "No supported mech(s)"
-error_code TOKEN_CONFUSED,  "Token or slot failed in inconsistent way"
-error_code OPEN_SESSION,  "Failed to open session to slot"
-error_code LOGIN,  "Failed to login to slot"
-error_code LOAD,  "Failed to load PKCS module"
-
-end
diff --git a/crypto/heimdal/lib/hx509/hx_locl.h b/crypto/heimdal/lib/hx509/hx_locl.h
deleted file mode 100644
index 145bfcc..0000000
--- a/crypto/heimdal/lib/hx509/hx_locl.h
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hx_locl.h 21083 2007-06-13 02:11:19Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include <strings.h>
-#include <assert.h>
-#include <stdarg.h>
-#include <err.h>
-#include <getarg.h>
-#include <base64.h>
-#include <hex.h>
-#include <roken.h>
-#include <com_err.h>
-#include <parse_units.h>
-#include <parse_bytes.h>
-
-#include <krb5-types.h>
-
-#include <rfc2459_asn1.h>
-#include <cms_asn1.h>
-#include <pkcs8_asn1.h>
-#include <pkcs9_asn1.h>
-#include <pkcs12_asn1.h>
-#include <ocsp_asn1.h>
-#include <pkcs10_asn1.h>
-#include <asn1_err.h>
-#include <pkinit_asn1.h>
-
-#include <der.h>
-
-#include "crypto-headers.h"
-
-struct hx509_keyset_ops;
-struct hx509_collector;
-struct hx509_generate_private_context;
-typedef struct hx509_path hx509_path;
-
-#include <hx509.h>
-
-typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);
-
-typedef struct hx509_private_key_ops hx509_private_key_ops;
-
-#include <hx509-private.h>
-#include <hx509_err.h>
-
-struct hx509_peer_info {
-    hx509_cert cert;
-    AlgorithmIdentifier *val;
-    size_t len;
-};
-
-#define HX509_CERTS_FIND_SERIALNUMBER		1
-#define HX509_CERTS_FIND_ISSUER			2
-#define HX509_CERTS_FIND_SUBJECT		4
-#define HX509_CERTS_FIND_ISSUER_KEY_ID		8
-#define HX509_CERTS_FIND_SUBJECT_KEY_ID		16
-
-struct hx509_name_data {
-    Name der_name;
-};
-
-struct hx509_path {
-    size_t len;
-    hx509_cert *val;
-};
-
-struct hx509_query_data {
-    int match;
-#define HX509_QUERY_FIND_ISSUER_CERT		0x000001
-#define HX509_QUERY_MATCH_SERIALNUMBER		0x000002
-#define HX509_QUERY_MATCH_ISSUER_NAME		0x000004
-#define HX509_QUERY_MATCH_SUBJECT_NAME		0x000008
-#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x000010
-#define HX509_QUERY_MATCH_ISSUER_ID		0x000020
-#define HX509_QUERY_PRIVATE_KEY			0x000040
-#define HX509_QUERY_KU_ENCIPHERMENT		0x000080
-#define HX509_QUERY_KU_DIGITALSIGNATURE		0x000100
-#define HX509_QUERY_KU_KEYCERTSIGN		0x000200
-#define HX509_QUERY_KU_CRLSIGN			0x000400
-#define HX509_QUERY_KU_NONREPUDIATION		0x000800
-#define HX509_QUERY_KU_KEYAGREEMENT		0x001000
-#define HX509_QUERY_KU_DATAENCIPHERMENT		0x002000
-#define HX509_QUERY_ANCHOR			0x004000
-#define HX509_QUERY_MATCH_CERTIFICATE		0x008000
-#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x010000
-#define HX509_QUERY_NO_MATCH_PATH		0x020000
-#define HX509_QUERY_MATCH_FRIENDLY_NAME		0x040000
-#define HX509_QUERY_MATCH_FUNCTION		0x080000
-#define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000
-#define HX509_QUERY_MATCH_TIME			0x200000
-#define HX509_QUERY_MASK			0x3fffff
-    Certificate *subject;
-    Certificate *certificate;
-    heim_integer *serial;
-    heim_octet_string *subject_id;
-    heim_octet_string *local_key_id;
-    Name *issuer_name;
-    Name *subject_name;
-    hx509_path *path;
-    char *friendlyname;
-    int (*cmp_func)(void *, hx509_cert);
-    void *cmp_func_ctx;
-    heim_octet_string *keyhash_sha1;
-    time_t timenow;
-};
-
-struct hx509_keyset_ops {
-    const char *name;
-    int flags;
-    int (*init)(hx509_context, hx509_certs, void **, 
-		int, const char *, hx509_lock);
-    int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);
-    int (*free)(hx509_certs, void *);
-    int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
-    int (*query)(hx509_context, hx509_certs, void *, 
-		 const hx509_query *, hx509_cert *);
-    int (*iter_start)(hx509_context, hx509_certs, void *, void **);
-    int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
-    int (*iter_end)(hx509_context, hx509_certs, void *, void *);
-    int (*printinfo)(hx509_context, hx509_certs, 
-		     void *, int (*)(void *, const char *), void *);
-    int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);
-    int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);
-};
-
-struct _hx509_password {
-    size_t len;
-    char **val;
-};
-
-extern hx509_lock _hx509_empty_lock;
-
-struct hx509_context_data {
-    struct hx509_keyset_ops **ks_ops;
-    int ks_num_ops;
-    int flags;
-#define HX509_CTX_VERIFY_MISSING_OK	1
-    int ocsp_time_diff;
-#define HX509_DEFAULT_OCSP_TIME_DIFF	(5*60)
-    hx509_error error;
-    struct et_list *et_list;
-    char *querystat;
-    hx509_certs default_trust_anchors;
-};
-
-/* _hx509_calculate_path flag field */
-#define HX509_CALCULATE_PATH_NO_ANCHOR 1
-
-extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;
-extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;
-extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;
-
-/*
- * Configurable options
- */
-
-#ifdef __APPLE__
-#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors"
-#endif
diff --git a/crypto/heimdal/lib/hx509/hxtool-commands.in b/crypto/heimdal/lib/hx509/hxtool-commands.in
deleted file mode 100644
index b648ecf..0000000
--- a/crypto/heimdal/lib/hx509/hxtool-commands.in
+++ /dev/null
@@ -1,707 +0,0 @@
-/*
- * Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $ */
-
-command = {
-	name = "cms-create-sd"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate stores to pull certificates from"
-	}
-	option = {
-		long = "signer"
-		short = "s"
-		type = "string"
-		argument = "signer-friendly-name"
-		help = "certificate to sign with"
-	}
-	option = {
-		long = "anchors"
-		type = "strings"
-		argument = "certificate-store"
-		help = "trust anchors"
-	}
-	option = {
-		long = "pool"
-		type = "strings"
-		argument = "certificate-pool"
-		help = "certificate store to pull certificates from"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "peer-alg"
-		type = "strings"
-		argument = "oid"
-		help = "oid that the peer support"
-	}
-	option = {
-		long = "content-type"
-		type = "string"
-		argument = "oid"
-		help = "content type oid"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	option = {
-		long = "pem"
-		type = "flag"
-		help = "wrap out-data in PEM armor"
-	}
-	option = {
-		long = "detached-signature"
-		type = "flag"
-		help = "create a detached signature"
-	}
-	option = {
-		long = "id-by-name"
-		type = "flag"
-		help = "use subject name for CMS Identifier"
-	}
-	min_args="2"
-	max_args="2"
-	argument="in-file out-file"
-	help = "Wrap a file within a SignedData object"
-}
-command = {
-	name = "cms-verify-sd"
-	option = {
-		long = "anchors"
-		type = "strings"
-		argument = "certificate-store"
-		help = "trust anchors"
-	}
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate store to pull certificates from"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "missing-revoke"
-		type = "flag"
-		help = "missing CRL/OCSP is ok"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "unwrap in-data that's in a ContentInfo"
-	}
-	option = {
-		long = "signed-content"
-		type = "string"
-		help = "file containing content"
-	}
-	min_args="2"
-	max_args="2"
-	argument="in-file out-file"
-	help = "Verify a file within a SignedData object"
-}
-command = {
-	name = "cms-unenvelope"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate used to decrypt the data"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	min_args="2"
-	argument="in-file out-file"
-	help = "Unenvelope a file containing a EnvelopedData object"
-}
-command = {
-	name = "cms-envelope"
-	function = "cms_create_enveloped"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificates used to receive the data"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "encryption-type"
-		type = "string"
-		argument = "enctype"
-		help = "enctype"
-	}
-	option = {
-		long = "content-type"
-		type = "string"
-		argument = "oid"
-		help = "content type oid"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	min_args="2"
-	argument="in-file out-file"
-	help = "Envelope a file containing a EnvelopedData object"
-}
-command = {
-	name = "verify"
-	function = "pcert_verify"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "allow-proxy-certificate"
-		type = "flag"
-		help = "allow proxy certificates"
-	}
-	option = {
-		long = "missing-revoke"
-		type = "flag"
-		help = "missing CRL/OCSP is ok"
-	}
-	option = {
-		long = "time"
-		type = "string"
-		help = "time when to validate the chain"
-	}
-	option = {
-		long = "verbose"
-		short = "v"
-		type = "flag"
-		help = "verbose logging"
-	}
-	option = {
-		long = "max-depth"
-		type = "integer"
-		help = "maximum search length of certificate trust anchor"
-	}
-	option = {
-		long = "hostname"
-		type = "string"
-		help = "match hostname to certificate"
-	}
-	argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
-	help = "Verify certificate chain"
-}
-command = {
-	name = "print"
-	function = "pcert_print"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "content"
-		type = "flag"
-		help = "print the content of the certificates"
-	}
-	option = {
-		long = "info"
-		type = "flag"
-		help = "print the information about the certificate store"
-	}
-	min_args="1"
-	argument="certificate ..."
-	help = "Print certificates"
-}
-command = {
-	name = "validate"
-	function = "pcert_validate"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="1"
-	argument="certificate ..."
-	help = "Validate content of certificates"
-}
-command = {
-	name = "certificate-copy"
-	name = "cc"
-	option = {
-		long = "in-pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "out-pass"
-		type = "string"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="2"
-	argument="in-certificates-1 ... out-certificate"
-	help = "Copy in certificates stores into out certificate store"
-}
-command = {
-	name = "ocsp-fetch"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "sign"
-		type = "string"
-		argument = "certificate"
-		help = "certificate use to sign the request"
-	}
-	option = {
-		long = "url-path"
-		type = "string"
-		argument = "url"
-		help = "part after host in url to put in the request"
-	}
-	option = {
-		long = "nonce"
-		type = "-flag"
-		default = "1"
-		help = "don't include nonce in request"
-	}
-	option = {
-		long = "pool"
-		type = "strings"
-		argument = "certificate-store"
-		help = "pool to find parent certificate in"
-	}
-	min_args="2"
-	argument="outfile certs ..."
-	help = "Fetch OCSP responses for the following certs"
-}
-command = {
-	option = {
-		long = "ocsp-file"
-		type = "string"
-		help = "OCSP file"
-	}
-	name = "ocsp-verify"
-	min_args="1"
-	argument="certificates ..."
-	help = "Check that certificates are in OCSP file and valid"
-}
-command = {
-	name = "ocsp-print"
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose"
-	}
-	min_args="1"
-	argument="ocsp-response-file ..."
-	help = "Print the OCSP responses"
-}
-command = {
-	name = "request-create"
-	option = {
-		long = "subject"
-		type = "string"
-		help = "Subject DN"
-	}
-	option = {
-		long = "email"
-		type = "strings"
-		help = "Email address in SubjectAltName"
-	}
-	option = {
-		long = "dnsname"
-		type = "strings"
-		help = "Hostname or domainname in SubjectAltName"
-	}
-	option = {
-		long = "type"
-		type = "string"
-		help = "Type of request CRMF or PKCS10, defaults to PKCS10"
-	}
-	option = {
-		long = "key"
-		type = "string"
-		help = "Key-pair"
-	}
-	option = {
-		long = "generate-key"
-		type = "string"
-		help = "keytype"
-	}
-	option = {
-	        long = "key-bits"
-		type = "integer"
-		help = "number of bits in the generated key";
-	}
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose status"
-	}
-	min_args="1"
-	max_args="1"
-	argument="output-file"
-	help = "Create a CRMF or PKCS10 request"
-}
-command = {
-	name = "request-print"
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose printing"
-	}
-	min_args="1"
-	argument="requests ..."
-	help = "Print requests"
-}
-command = {
-	name = "query"
-	option = {
-		long = "exact"
-		type = "flag"
-		help = "exact match"
-	}
-	option = {
-		long = "private-key"
-		type = "flag"
-		help = "search for private key"
-	}
-	option = {
-		long = "friendlyname"
-		type = "string"
-		argument = "name"
-		help = "match on friendly name"
-	}
-	option = {
-		long = "keyEncipherment"
-		type = "flag"
-		help = "match keyEncipherment certificates"
-	}
-	option = {
-		long = "digitalSignature"
-		type = "flag"
-		help = "match digitalSignature certificates"
-	}
-	option = {
-		long = "print"
-		type = "flag"
-		help = "print matches"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="1"
-	argument="certificates ..."
-	help = "Query the certificates for a match"
-}
-command = {
-	name = "info"
-}
-command = {
-	name = "random-data"
-	min_args="1"
-	argument="bytes"
-	help = "Generates random bytes and prints them to standard output"
-}
-command = {
-	option = {
-		long = "type"
-		type = "string"
-		help = "type of CMS algorithm"
-	}
-	name = "crypto-available"
-	min_args="0"
-	help = "Print available CMS crypto types"
-}
-command = {
-	option = {
-		long = "type"
-		type = "string"
-		help = "type of CMS algorithm"
-	}
-	option = {
-		long = "certificate"
-		type = "string"
-		help = "source certificate limiting the choices"
-	}
-	option = {
-		long = "peer-cmstype"
-		type = "strings"
-		help = "peer limiting cmstypes"
-	}
-	name = "crypto-select"
-	min_args="0"
-	help = "Print selected CMS type"
-}
-command = {
-	option = {
-		long = "decode"
-		short = "d"
-		type = "flag"
-		help = "decode instead of encode"
-	}
-	name = "hex"
-	function = "hxtool_hex"
-	min_args="0"
-	help = "Encode input to hex"
-}
-command = {
-	option = {
-		long = "issue-ca"
-		type = "flag"
-		help = "Issue a CA certificate"
-	}
-	option = {
-		long = "issue-proxy"
-		type = "flag"
-		help = "Issue a proxy certificate"
-	}
-	option = {
-		long = "domain-controller"
-		type = "flag"
-		help = "Issue a MS domaincontroller certificate"
-	}
-	option = {
-		long = "subject"
-		type = "string"
-		help = "Subject of issued certificate"
-	}
-	option = {
-		long = "ca-certificate"
-		type = "string"
-		help = "Issuing CA certificate"
-	}
-	option = {
-		long = "self-signed"
-		type = "flag"
-		help = "Issuing a self-signed certificate"
-	}
-	option = {
-		long = "ca-private-key"
-		type = "string"
-		help = "Private key for self-signed certificate"
-	}
-	option = {
-		long = "certificate"
-		type = "string"
-		help = "Issued certificate"
-	}
-	option = {
-		long = "type"
-		type = "strings"
-		help = "Type of certificate to issue"
-	}
-	option = {
-		long = "lifetime"
-		type = "string"
-		help = "Lifetime of certificate"
-	}
-	option = {
-		long = "serial-number"
-		type = "string"
-		help = "serial-number of certificate"
-	}
-	option = {
-		long = "path-length"
-		default = "-1"
-		type = "integer"
-		help = "Maximum path length (CA and proxy certificates), -1 no limit"
-	}
-	option = {
-		long = "hostname"
-		type = "strings"
-		help = "DNS names this certificate is allowed to serve"
-	}
-	option = {
-		long = "email"
-		type = "strings"
-		help = "email addresses assigned to this certificate"
-	}
-	option = {
-		long = "pk-init-principal"
-		type = "string"
-		help = "PK-INIT principal (for SAN)"
-	}
-	option = {
-		long = "ms-upn"
-		type = "string"
-		help = "Microsoft UPN (for SAN)"
-	}
-	option = {
-		long = "jid"
-		type = "string"
-		help = "XMPP jabber id (for SAN)"
-	}
-	option = {
-		long = "req"
-		type = "string"
-		help = "certificate request"
-	}
-	option = {
-		long = "certificate-private-key"
-		type = "string"
-		help = "private-key"
-	}
-	option = {
-		long = "generate-key"
-		type = "string"
-		help = "keytype"
-	}
-	option = {
-	        long = "key-bits"
-		type = "integer"
-		help = "number of bits in the generated key"
-	}
-	option = {
-	        long = "crl-uri"
-		type = "string"
-		help = "URI to CRL"
-	}
-	option = {
-		long = "template-certificate"
-		type = "string"
-		help = "certificate"
-	}
-	option = {
-		long = "template-fields"
-		type = "string"
-		help = "flag"
-	}
-	name = "certificate-sign"
-	name = "cert-sign"
-	name = "issue-certificate"
-	name = "ca"
-	function = "hxtool_ca"
-	min_args="0"
-	help = "Issue a certificate"
-}
-command = {
-	name = "test-crypto"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose printing"
-	}
-	min_args="1"
-	argument="certificates..."
-	help = "Test crypto system related to the certificates"
-}
-command = {
-	option = {
-		long = "type"
-		type = "integer"
-		help = "type of statistics"
-	}
-	name = "statistic-print"
-	min_args="0"
-	help = "Print statistics"
-}
-command = {
-	option = {
-		long = "signer"
-		type = "string"
-		help = "signer certificate"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "crl-file"
-		type = "string"
-		help = "CRL output file"
-	}
-	option = {
-		long = "lifetime"
-		type = "string"
-		help = "time the crl will be valid"
-	}
-	name = "crl-sign"
-	min_args="0"
-	argument="certificates..."
-	help = "Create a CRL"
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody"
-}
diff --git a/crypto/heimdal/lib/hx509/hxtool.c b/crypto/heimdal/lib/hx509/hxtool.c
deleted file mode 100644
index 55410b1..0000000
--- a/crypto/heimdal/lib/hx509/hxtool.c
+++ /dev/null
@@ -1,1986 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: hxtool.c 22333 2007-12-17 01:03:43Z lha $");
-
-#include <hxtool-commands.h>
-#include <sl.h>
-#include <parse_time.h>
-
-static hx509_context context;
-
-static char *stat_file_string;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "statistic-file", 0, arg_string, &stat_file_string },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    printf("Use \"%s help\" to get more help\n", getprogname());
-    exit(code);
-}
-
-/*
- *
- */
-
-static void
-lock_strings(hx509_lock lock, getarg_strings *pass)
-{
-    int i;
-    for (i = 0; i < pass->num_strings; i++) {
-	int ret = hx509_lock_command_string(lock, pass->strings[i]);
-	if (ret)
-	    errx(1, "hx509_lock_command_string: %s: %d", 
-		 pass->strings[i], ret);
-    }
-}
-
-/*
- *
- */
-
-static void
-certs_strings(hx509_context context, const char *type, hx509_certs certs,
-	      hx509_lock lock, const getarg_strings *s)
-{
-    int i, ret;
-
-    for (i = 0; i < s->num_strings; i++) {
-	ret = hx509_certs_append(context, certs, lock, s->strings[i]);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_append: %s %s", type, s->strings[i]);
-    }
-}
-
-/*
- *
- */
-
-static void
-parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
-{
-    int ret;
-    if (str)
-	ret = der_parse_heim_oid (str, " .", oid);
-    else
-	ret = der_copy_oid(def, oid);
-    if  (ret)
-	errx(1, "parse_oid failed for: %s", str ? str : "default oid");
-}
-
-/*
- *
- */
-
-static void
-peer_strings(hx509_context context,
-	     hx509_peer_info *peer, 
-	     const getarg_strings *s)
-{
-    AlgorithmIdentifier *val;
-    int ret, i;
-    
-    ret = hx509_peer_info_alloc(context, peer);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_peer_info_alloc");
-    
-    val = calloc(s->num_strings, sizeof(*val));
-    if (val == NULL)
-	err(1, "malloc");
-
-    for (i = 0; i < s->num_strings; i++)
-	parse_oid(s->strings[i], NULL, &val[i].algorithm);
-	    
-    ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs");
-
-    for (i = 0; i < s->num_strings; i++)
-	free_AlgorithmIdentifier(&val[i]);
-    free(val);
-}
-
-/*
- *
- */
-
-int
-cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
-{
-    hx509_verify_ctx ctx = NULL;
-    heim_oid type;
-    heim_octet_string c, co, signeddata, *sd = NULL;
-    hx509_certs store = NULL;
-    hx509_certs signers = NULL;
-    hx509_certs anchors = NULL;
-    hx509_lock lock;
-    int ret;
-
-    size_t sz;
-    void *p;
-
-    if (opt->missing_revoke_flag)
-	hx509_context_set_missing_revoke(context, 1);
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    if (opt->signed_content_string) {
-	ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL);
-	if (ret)
-	    err(1, "map_file: %s: %d", opt->signed_content_string, ret);
-	sd = &signeddata;
-    }
-
-    ret = hx509_verify_init_ctx(context, &ctx);
-
-    ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
-
-    certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
-    certs_strings(context, "store", store, lock, &opt->certificate_strings);
-
-    co.data = p;
-    co.length = sz;
-
-    if (opt->content_info_flag) {
-	heim_octet_string uwco;
-	heim_oid oid;
-
-	ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
-	if (ret)
-	    errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
-
-	if (der_heim_oid_cmp(&oid, oid_id_pkcs7_signedData()) != 0)
-	    errx(1, "Content is not SignedData");
-	der_free_oid(&oid);
-
-	co = uwco;
-    }
-
-    hx509_verify_attach_anchors(ctx, anchors);
-
-    ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, sd,
-				  store, &type, &c, &signers);
-    if (co.data != p)
-	der_free_octet_string(&co);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_verify_signed");
-
-    {
-	char *str;
-	der_print_heim_oid(&type, '.', &str);
-	printf("type: %s\n", str);
-	free(str);
-	der_free_oid(&type);
-    }
-    printf("signers:\n");
-    hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
-
-    hx509_verify_destroy_ctx(ctx);
-
-    hx509_certs_free(&store);
-    hx509_certs_free(&signers);
-    hx509_certs_free(&anchors);
-
-    hx509_lock_free(lock);
-
-    ret = _hx509_write_file(argv[1], c.data, c.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&c);
-    _hx509_unmap_file(p, sz);
-    if (sd)
-	_hx509_unmap_file_os(sd);
-
-    return 0;
-}
-
-int
-cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
-{
-    heim_oid contentType;
-    hx509_peer_info peer = NULL;
-    heim_octet_string o;
-    hx509_query *q;
-    hx509_lock lock;
-    hx509_certs store, pool, anchors;
-    hx509_cert cert;
-    size_t sz;
-    void *p;
-    int ret, flags = 0;
-    char *signer_name = NULL;
-
-    memset(&contentType, 0, sizeof(contentType));
-
-    if (argc < 2)
-	errx(1, "argc < 2");
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
-    ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool);
-
-    certs_strings(context, "store", store, lock, &opt->certificate_strings);
-    certs_strings(context, "pool", pool, lock, &opt->pool_strings);
-
-    if (opt->anchors_strings.num_strings) {
-	ret = hx509_certs_init(context, "MEMORY:cert-anchors", 
-			       0, NULL, &anchors);
-	certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
-    } else
-	anchors = NULL;
-
-    if (opt->detached_signature_flag)
-	flags |= HX509_CMS_SIGATURE_DETACHED;
-    if (opt->id_by_name_flag)
-	flags |= HX509_CMS_SIGATURE_ID_NAME;
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-			     
-    if (opt->signer_string)
-	hx509_query_match_friendly_name(q, opt->signer_string);
-
-    ret = hx509_certs_find(context, store, q, &cert);
-    hx509_query_free(context, q);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_find");
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    if (opt->peer_alg_strings.num_strings)
-	peer_strings(context, &peer, &opt->peer_alg_strings);
-
-    parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
-
-    ret = hx509_cms_create_signed_1(context,
-				    flags,
-				    &contentType,
-				    p,
-				    sz, 
-				    NULL,
-				    cert,
-				    peer,
-				    anchors,
-				    pool,
-				    &o);
-    if (ret)
-	errx(1, "hx509_cms_create_signed: %d", ret);
-
-    {
-	hx509_name name;
-	
-	ret = hx509_cert_get_subject(cert, &name);
-	if (ret)
-	    errx(1, "hx509_cert_get_subject");
-	
-	ret = hx509_name_to_string(name, &signer_name);
-	hx509_name_free(&name);
-	if (ret)
-	    errx(1, "hx509_name_to_string");
-    }
-
-
-    hx509_certs_free(&anchors);
-    hx509_certs_free(&pool);
-    hx509_cert_free(cert);
-    hx509_certs_free(&store);
-    _hx509_unmap_file(p, sz);
-    hx509_lock_free(lock);
-    hx509_peer_info_free(peer);
-    der_free_oid(&contentType);
-
-    if (opt->content_info_flag) {
-	heim_octet_string wo;
-
-	ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &o, &wo);
-	if (ret)
-	    errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
-
-	der_free_octet_string(&o);
-	o = wo;
-    }
-
-    if (opt->pem_flag) {
-	hx509_pem_header *header = NULL;
-	FILE *f;
-
-	hx509_pem_add_header(&header, "Content-disposition", 
-			     opt->detached_signature_flag ? "detached" : "inline");
-	hx509_pem_add_header(&header, "Signer", signer_name);
-
-	f = fopen(argv[1], "w");
-	if (f == NULL)
-	    err(1, "open %s", argv[1]);
-	
-	ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f, 
-			      o.data, o.length);
-	fclose(f);
-	hx509_pem_free_header(header);
-	if (ret)
-	    errx(1, "hx509_pem_write: %d", ret);
-
-    } else {
-	ret = _hx509_write_file(argv[1], o.data, o.length);
-	if (ret)
-	    errx(1, "hx509_write_file: %d", ret);
-    }
-
-    free(signer_name);
-    free(o.data);
-
-    return 0;
-}
-
-int
-cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
-{
-    heim_oid contentType = { 0, NULL };
-    heim_octet_string o, co;
-    hx509_certs certs;
-    size_t sz;
-    void *p;
-    int ret;
-    hx509_lock lock;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    co.data = p;
-    co.length = sz;
-
-    if (opt->content_info_flag) {
-	heim_octet_string uwco;
-	heim_oid oid;
-
-	ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
-	if (ret)
-	    errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
-
-	if (der_heim_oid_cmp(&oid, oid_id_pkcs7_envelopedData()) != 0)
-	    errx(1, "Content is not SignedData");
-	der_free_oid(&oid);
-
-	co = uwco;
-    }
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-    if (ret)
-	errx(1, "hx509_certs_init: MEMORY: %d", ret);
-
-    certs_strings(context, "store", certs, lock, &opt->certificate_strings);
-
-    ret = hx509_cms_unenvelope(context, certs, 0, co.data, co.length,
-			       NULL, &contentType, &o);
-    if (co.data != p)
-	der_free_octet_string(&co);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_unenvelope");
-
-    _hx509_unmap_file(p, sz);
-    hx509_lock_free(lock);
-    hx509_certs_free(&certs);
-    der_free_oid(&contentType);
-
-    ret = _hx509_write_file(argv[1], o.data, o.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&o);
-
-    return 0;
-}
-
-int
-cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
-{
-    heim_oid contentType;
-    heim_octet_string o;
-    const heim_oid *enctype = NULL;
-    hx509_query *q;
-    hx509_certs certs;
-    hx509_cert cert;
-    int ret;
-    size_t sz;
-    void *p;
-    hx509_lock lock;
-
-    memset(&contentType, 0, sizeof(contentType));
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-
-    certs_strings(context, "store", certs, lock, &opt->certificate_strings);
-
-    if (opt->encryption_type_string) {
-	enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string);
-	if (enctype == NULL)
-	    errx(1, "encryption type: %s no found", 
-		 opt->encryption_type_string);
-    }
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
-
-    ret = hx509_certs_find(context, certs, q, &cert);
-    hx509_query_free(context, q);
-    if (ret)
-	errx(1, "hx509_certs_find: %d", ret);
-
-    parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
-
-    ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype, 
-			       &contentType, &o);
-    if (ret)
-	errx(1, "hx509_cms_envelope_1: %d", ret);
-
-    hx509_cert_free(cert);
-    hx509_certs_free(&certs);
-    _hx509_unmap_file(p, sz);
-    der_free_oid(&contentType);
-
-    if (opt->content_info_flag) {
-	heim_octet_string wo;
-
-	ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_envelopedData(), &o, &wo);
-	if (ret)
-	    errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
-
-	der_free_octet_string(&o);
-	o = wo;
-    }
-
-    hx509_lock_free(lock);
-
-    ret = _hx509_write_file(argv[1], o.data, o.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&o);
-
-    return 0;
-}
-
-static void
-print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose)
-{
-    hx509_name name;
-    const char *fn;
-    char *str;
-    int ret;
-    
-    fn = hx509_cert_get_friendly_name(cert);
-    if (fn)
-	printf("    friendly name: %s\n", fn);
-    printf("    private key: %s\n", 
-	   _hx509_cert_private_key(cert) ? "yes" : "no");
-
-    ret = hx509_cert_get_issuer(cert, &name);
-    hx509_name_to_string(name, &str);
-    hx509_name_free(&name);
-    printf("    issuer:  \"%s\"\n", str);
-    free(str);
-
-    ret = hx509_cert_get_subject(cert, &name);
-    hx509_name_to_string(name, &str);
-    hx509_name_free(&name);
-    printf("    subject: \"%s\"\n", str);
-    free(str);
-
-    {
-	heim_integer serialNumber;
-
-	hx509_cert_get_serialnumber(cert, &serialNumber);
-	der_print_hex_heim_integer(&serialNumber, &str);
-	der_free_heim_integer(&serialNumber);
-	printf("    serial: %s\n", str);
-	free(str);
-    }
-
-    printf("    keyusage: ");
-    ret = hx509_cert_keyusage_print(hxcontext, cert, &str);
-    if (ret == 0) {
-	printf("%s\n", str);
-	free(str);
-    } else
-	printf("no");
-
-    if (verbose) {
-	hx509_validate_ctx vctx;
-
-	hx509_validate_ctx_init(hxcontext, &vctx);
-	hx509_validate_ctx_set_print(vctx, hx509_print_stdout, stdout);
-	hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VALIDATE);
-	hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VERBOSE);
-	
-	hx509_validate_cert(hxcontext, vctx, cert);
-
-	hx509_validate_ctx_free(vctx);
-    }
-}
-
-
-struct print_s {
-    int counter;
-    int verbose;
-};
-
-static int
-print_f(hx509_context hxcontext, void *ctx, hx509_cert cert)
-{
-    struct print_s *s = ctx;
-    
-    printf("cert: %d\n", s->counter++);
-    print_certificate(context, cert, s->verbose);
-
-    return 0;
-}
-
-int
-pcert_print(struct print_options *opt, int argc, char **argv)
-{
-    hx509_certs certs;
-    hx509_lock lock;
-    struct print_s s;
-
-    s.counter = 0;
-    s.verbose = opt->content_flag;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    while(argc--) {
-	int ret;
-	ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_init");
-	if (opt->info_flag)
-	    hx509_certs_info(context, certs, NULL, NULL);
-	hx509_certs_iter(context, certs, print_f, &s);
-	hx509_certs_free(&certs);
-	argv++;
-    }
-
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-
-static int
-validate_f(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    hx509_validate_cert(hxcontext, ctx, c);
-    return 0;
-}
-
-int
-pcert_validate(struct validate_options *opt, int argc, char **argv)
-{
-    hx509_validate_ctx ctx;
-    hx509_certs certs;
-    hx509_lock lock;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    hx509_validate_ctx_init(context, &ctx);
-    hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
-    hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
-
-    while(argc--) {
-	int ret;
-	ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
-	if (ret)
-	    errx(1, "hx509_certs_init: %d", ret);
-	hx509_certs_iter(context, certs, validate_f, ctx);
-	hx509_certs_free(&certs);
-	argv++;
-    }
-    hx509_validate_ctx_free(ctx);
-
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-int
-certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
-{
-    hx509_certs certs;
-    hx509_lock lock;
-    int ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->in_pass_strings);
-
-    ret = hx509_certs_init(context, argv[argc - 1], 
-			   HX509_CERTS_CREATE, lock, &certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_init");
-
-    while(argc-- > 1) {
-	int ret;
-	ret = hx509_certs_append(context, certs, lock, argv[0]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append");
-	argv++;
-    }
-
-    ret = hx509_certs_store(context, certs, 0, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_store");
-
-    hx509_certs_free(&certs);
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-struct verify {
-    hx509_verify_ctx ctx;
-    hx509_certs chain;
-    const char *hostname;
-    int errors;
-};
-
-static int
-verify_f(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    struct verify *v = ctx;
-    int ret;
-
-    ret = hx509_verify_path(hxcontext, v->ctx, c, v->chain);
-    if (ret) {
-	char *s = hx509_get_error_string(hxcontext, ret);
-	printf("verify_path: %s: %d\n", s, ret);
-	hx509_free_error_string(s);
-	v->errors++;
-    } else
-	printf("path ok\n");
-
-    if (v->hostname) {
-	ret = hx509_verify_hostname(hxcontext, c, 0, HX509_HN_HOSTNAME,
-				    v->hostname, NULL, 0);
-	if (ret) {
-	    printf("verify_hostname: %d\n", ret);
-	    v->errors++;
-	}
-    }
-
-    return 0;
-}
-
-int
-pcert_verify(struct verify_options *opt, int argc, char **argv)
-{
-    hx509_certs anchors, chain, certs;
-    hx509_revoke_ctx revoke_ctx;
-    hx509_verify_ctx ctx;
-    struct verify v;
-    int ret;
-
-    memset(&v, 0, sizeof(v));
-
-    if (opt->missing_revoke_flag)
-	hx509_context_set_missing_revoke(context, 1);
-
-    ret = hx509_verify_init_ctx(context, &ctx);
-    ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
-    ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
-    ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
-
-    if (opt->allow_proxy_certificate_flag)
-	hx509_verify_set_proxy_certificate(ctx, 1);
-
-    if (opt->time_string) {
-	const char *p;
-	struct tm tm;
-	time_t t;
-
-	memset(&tm, 0, sizeof(tm));
-
-	p = strptime (opt->time_string, "%Y-%m-%d", &tm);
-	if (p == NULL)
-	    errx(1, "Failed to parse time %s, need to be on format %%Y-%%m-%%d",
-		 opt->time_string);
-	
-	t = tm2time (tm, 0);
-
-	hx509_verify_set_time(ctx, t);
-    }
-
-    if (opt->hostname_string)
-	v.hostname = opt->hostname_string;
-    if (opt->max_depth_integer)
-	hx509_verify_set_max_depth(ctx, opt->max_depth_integer);
-
-    ret = hx509_revoke_init(context, &revoke_ctx);
-    if (ret)
-	errx(1, "hx509_revoke_init: %d", ret);
-
-    while(argc--) {
-	char *s = *argv++;
-
-	if (strncmp(s, "chain:", 6) == 0) {
-	    s += 6;
-
-	    ret = hx509_certs_append(context, chain, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: chain: %s: %d", s, ret);
-
-	} else if (strncmp(s, "anchor:", 7) == 0) {
-	    s += 7;
-
-	    ret = hx509_certs_append(context, anchors, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: anchor: %s: %d", s, ret);
-
-	} else if (strncmp(s, "cert:", 5) == 0) {
-	    s += 5;
-
-	    ret = hx509_certs_append(context, certs, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", 
-			  s, ret);
-
-	} else if (strncmp(s, "crl:", 4) == 0) {
-	    s += 4;
-
-	    ret = hx509_revoke_add_crl(context, revoke_ctx, s);
-	    if (ret)
-		errx(1, "hx509_revoke_add_crl: %s: %d", s, ret);
-
-	} else if (strncmp(s, "ocsp:", 4) == 0) {
-	    s += 5;
-
-	    ret = hx509_revoke_add_ocsp(context, revoke_ctx, s);
-	    if (ret)
-		errx(1, "hx509_revoke_add_ocsp: %s: %d", s, ret);
-
-	} else {
-	    errx(1, "unknown option to verify: `%s'\n", s);
-	}
-    }
-
-    hx509_verify_attach_anchors(ctx, anchors);
-    hx509_verify_attach_revoke(ctx, revoke_ctx);
-
-    v.ctx = ctx;
-    v.chain = chain;
-
-    hx509_certs_iter(context, certs, verify_f, &v);
-
-    hx509_verify_destroy_ctx(ctx);
-
-    hx509_certs_free(&certs);
-    hx509_certs_free(&chain);
-    hx509_certs_free(&anchors);
-
-    hx509_revoke_free(&revoke_ctx);
-
-    if (v.errors) {
-	printf("failed verifing %d checks\n", v.errors);
-	return 1;
-    }
-
-    return 0;
-}
-
-int
-query(struct query_options *opt, int argc, char **argv)
-{
-    hx509_lock lock;
-    hx509_query *q;
-    hx509_certs certs;
-    hx509_cert c;
-    int ret;
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-
-    while (argc > 0) {
-
-	ret = hx509_certs_append(context, certs, lock, argv[0]);
-	if (ret)
-	    errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
-
-	argc--;
-	argv++;
-    }
-
-    if (opt->friendlyname_string)
-	hx509_query_match_friendly_name(q, opt->friendlyname_string);
-
-    if (opt->private_key_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-
-    if (opt->keyEncipherment_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
-
-    if (opt->digitalSignature_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-
-    ret = hx509_certs_find(context, certs, q, &c);
-    hx509_query_free(context, q);
-    if (ret)
-	printf("no match found (%d)\n", ret);
-    else {
-	printf("match found\n");
-	if (opt->print_flag)
-	    print_certificate(context, c, 0);
-    }
-
-    hx509_cert_free(c);
-    hx509_certs_free(&certs);
-
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-int
-ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv)
-{
-    hx509_certs reqcerts, pool;
-    heim_octet_string req, nonce_data, *nonce = &nonce_data;
-    hx509_lock lock;
-    int i, ret;
-    char *file;
-    const char *url = "/";
-
-    memset(&nonce, 0, sizeof(nonce));
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    /* no nonce */
-    if (!opt->nonce_flag)
-	nonce = NULL;
-
-    if (opt->url_path_string)
-	url = opt->url_path_string;
-
-    ret = hx509_certs_init(context, "MEMORY:ocsp-pool", 0, NULL, &pool);
-
-    certs_strings(context, "ocsp-pool", pool, lock, &opt->pool_strings);
-
-    file = argv[0];
-
-    ret = hx509_certs_init(context, "MEMORY:ocsp-req", 0, NULL, &reqcerts);
-
-    for (i = 1; i < argc; i++) {
-	ret = hx509_certs_append(context, reqcerts, lock, argv[i]);
-	if (ret)
-	    errx(1, "hx509_certs_append: req: %s: %d", argv[i], ret);
-    }
-
-    ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce);
-    if (ret)
-	errx(1, "hx509_ocsp_request: req: %d", ret);
-	
-    {
-	FILE *f;
-
-	f = fopen(file, "w");
-	if (f == NULL)
-	    abort();
-
-	fprintf(f, 
-		"POST %s HTTP/1.0\r\n"
-		"Content-Type: application/ocsp-request\r\n"
-		"Content-Length: %ld\r\n"
-		"\r\n",
-		url,
-		(unsigned long)req.length);
-	fwrite(req.data, req.length, 1, f);
-	fclose(f);
-    }
-
-    if (nonce)
-	der_free_octet_string(nonce);
-
-    hx509_certs_free(&reqcerts);
-    hx509_certs_free(&pool);
-
-    return 0;
-}
-
-int
-ocsp_print(struct ocsp_print_options *opt, int argc, char **argv)
-{
-    hx509_revoke_ocsp_print(context, argv[0], stdout);
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-verify_o(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    heim_octet_string *os = ctx;
-    time_t expiration;
-    int ret;
-
-    ret = hx509_ocsp_verify(context, 0, c, 0, 
-			    os->data, os->length, &expiration);
-    if (ret) {
-	char *s = hx509_get_error_string(hxcontext, ret);
-	printf("ocsp_verify: %s: %d\n", s, ret);
-	hx509_free_error_string(s);
-    } else
-	printf("expire: %d\n", (int)expiration);
-
-    return ret;
-}
-
-
-int
-ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv)
-{
-    hx509_lock lock;
-    hx509_certs certs;
-    int ret, i;
-    heim_octet_string os;
-    
-    hx509_lock_init(context, &lock);
-
-    if (opt->ocsp_file_string == NULL)
-	errx(1, "no ocsp file given");
-
-    ret = _hx509_map_file(opt->ocsp_file_string, &os.data, &os.length, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-    
-    ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs);
-
-    for (i = 0; i < argc; i++) {
-	ret = hx509_certs_append(context, certs, lock, argv[i]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
-    }
-
-    ret = hx509_certs_iter(context, certs, verify_o, &os);
-
-    hx509_certs_free(&certs);
-    _hx509_unmap_file(os.data, os.length);
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-static int
-read_private_key(const char *fn, hx509_private_key *key)
-{
-    hx509_private_key *keys;
-    hx509_certs certs;
-    int ret;
-    
-    *key = NULL;
-
-    ret = hx509_certs_init(context, fn, 0, NULL, &certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_init: %s", fn);
-
-    ret = _hx509_certs_keys_get(context, certs, &keys);
-    hx509_certs_free(&certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_keys_get");
-    if (keys[0] == NULL)
-	errx(1, "no keys in key store: %s", fn);
-
-    *key = _hx509_private_key_ref(keys[0]);
-    _hx509_certs_keys_free(context, keys);
-
-    return 0;
-}
-
-static void
-get_key(const char *fn, const char *type, int optbits,
-	hx509_private_key *signer)
-{
-    int ret;
-
-    if (type) {
-	BIGNUM *e;
-	RSA *rsa;
-	unsigned char *p0, *p;
-	size_t len;
-	int bits = 1024;
-
-	if (fn == NULL)
-	    errx(1, "no key argument, don't know here to store key");
-	
-	if (strcasecmp(type, "rsa") != 0)
-	    errx(1, "can only handle rsa keys for now");
-	    
-	e = BN_new();
-	BN_set_word(e, 0x10001);
-
-	if (optbits)
-	    bits = optbits;
-
-	rsa = RSA_new();
-	if(rsa == NULL)
-	    errx(1, "RSA_new failed");
-
-	ret = RSA_generate_key_ex(rsa, bits, e, NULL);
-	if(ret != 1)
-	    errx(1, "RSA_new failed");
-
-	BN_free(e);
-
-	len = i2d_RSAPrivateKey(rsa, NULL);
-
-	p0 = p = malloc(len);
-	if (p == NULL)
-	    errx(1, "out of memory");
-	
-	i2d_RSAPrivateKey(rsa, &p);
-
-	rk_dumpdata(fn, p0, len);
-	memset(p0, 0, len);
-	free(p0);
-	
-	RSA_free(rsa);
-
-    } else if (fn == NULL)
-	err(1, "no private key");
-
-    ret = read_private_key(fn, signer);
-    if (ret)
-	err(1, "read_private_key");
-}
-
-int
-request_create(struct request_create_options *opt, int argc, char **argv)
-{
-    heim_octet_string request;
-    hx509_request req;
-    int ret, i;
-    hx509_private_key signer;
-    SubjectPublicKeyInfo key;
-    const char *outfile = argv[0];
-
-    memset(&key, 0, sizeof(key));
-
-    get_key(opt->key_string, 
-	    opt->generate_key_string,
-	    opt->key_bits_integer,
-	    &signer);
-    
-    _hx509_request_init(context, &req);
-
-    if (opt->subject_string) {
-	hx509_name name = NULL;
-
-	ret = hx509_parse_name(context, opt->subject_string, &name);
-	if (ret)
-	    errx(1, "hx509_parse_name: %d\n", ret);
-	_hx509_request_set_name(context, req, name);
-
-	if (opt->verbose_flag) {
-	    char *s;
-	    hx509_name_to_string(name, &s);
-	    printf("%s\n", s);
-	}
-	hx509_name_free(&name);
-    }
-
-    for (i = 0; i < opt->email_strings.num_strings; i++) {
-	ret = _hx509_request_add_email(context, req, 
-				       opt->email_strings.strings[i]);
-    }
-
-    for (i = 0; i < opt->dnsname_strings.num_strings; i++) {
-	ret = _hx509_request_add_dns_name(context, req, 
-					  opt->dnsname_strings.strings[i]);
-    }
-
-
-    ret = _hx509_private_key2SPKI(context, signer, &key);
-    if (ret)
-	errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-    ret = _hx509_request_set_SubjectPublicKeyInfo(context,
-						  req,
-						  &key);
-    free_SubjectPublicKeyInfo(&key);
-    if (ret)
-	hx509_err(context, 1, ret, "_hx509_request_set_SubjectPublicKeyInfo");
-
-    ret = _hx509_request_to_pkcs10(context,
-				   req,
-				   signer,
-				   &request);
-    if (ret)
-	hx509_err(context, 1, ret, "_hx509_request_to_pkcs10");
-
-    _hx509_private_key_free(&signer);
-    _hx509_request_free(&req);
-
-    if (ret == 0)
-	rk_dumpdata(outfile, request.data, request.length);
-    der_free_octet_string(&request);
-
-    return 0;
-}
-
-int
-request_print(struct request_print_options *opt, int argc, char **argv)
-{
-    int ret, i;
-
-    printf("request print\n");
-
-    for (i = 0; i < argc; i++) {
-	hx509_request req;
-
-	ret = _hx509_request_parse(context, argv[i], &req);
-	if (ret)
-	    hx509_err(context, 1, ret, "parse_request: %s", argv[i]);
-
-	ret = _hx509_request_print(context, req, stdout);
-	_hx509_request_free(&req);
-	if (ret)
-	    hx509_err(context, 1, ret, "Failed to print file %s", argv[i]);
-    }
-
-    return 0;
-}
-
-int
-info(void *opt, int argc, char **argv)
-{
-
-    ENGINE_add_conf_module();
-
-    {
-	const RSA_METHOD *m = RSA_get_default_method();
-	if (m != NULL)
-	    printf("rsa: %s\n", m->name);
-    }
-    {
-	const DH_METHOD *m = DH_get_default_method();
-	if (m != NULL)
-	    printf("dh: %s\n", m->name);
-    }
-    {
-	int ret = RAND_status();
-	printf("rand: %s\n", ret == 1 ? "ok" : "not available");
-    }
-
-    return 0;
-}
-
-int
-random_data(void *opt, int argc, char **argv)
-{
-    void *ptr;
-    int len, ret;
-
-    len = parse_bytes(argv[0], "byte");
-    if (len <= 0) {
-	fprintf(stderr, "bad argument to random-data\n");
-	return 1;
-    }
-
-    ptr = malloc(len);
-    if (ptr == NULL) {
-	fprintf(stderr, "out of memory\n");
-	return 1;
-    }
-
-    ret = RAND_bytes(ptr, len);
-    if (ret != 1) {
-	free(ptr);
-	fprintf(stderr, "did not get cryptographic strong random\n");
-	return 1;
-    }
-
-    fwrite(ptr, len, 1, stdout);
-    fflush(stdout);
-
-    free(ptr);
-
-    return 0;
-}
-
-int
-crypto_available(struct crypto_available_options *opt, int argc, char **argv)
-{
-    AlgorithmIdentifier *val;
-    unsigned int len, i;
-    int ret, type;
-
-    if (opt->type_string) {
-	if (strcmp(opt->type_string, "all") == 0)
-	    type = HX509_SELECT_ALL;
-	else if (strcmp(opt->type_string, "digest") == 0)
-	    type = HX509_SELECT_DIGEST;
-	else if (strcmp(opt->type_string, "public-sig") == 0)
-	    type = HX509_SELECT_PUBLIC_SIG;
-	else if (strcmp(opt->type_string, "secret") == 0)
-	    type = HX509_SELECT_SECRET_ENC;
-	else
-	    errx(1, "unknown type: %s", opt->type_string);
-    } else
-	type = HX509_SELECT_ALL;
-
-    ret = hx509_crypto_available(context, type, NULL, &val, &len);
-    if (ret)
-	errx(1, "hx509_crypto_available");
-
-    for (i = 0; i < len; i++) {
-	char *s;
-	der_print_heim_oid (&val[i].algorithm, '.', &s);
-	printf("%s\n", s);
-	free(s);
-    }
-
-    hx509_crypto_free_algs(val, len);
-
-    return 0;
-}
-
-int
-crypto_select(struct crypto_select_options *opt, int argc, char **argv)
-{
-    hx509_peer_info peer = NULL;
-    AlgorithmIdentifier selected;
-    int ret, type;
-    char *s;
-
-    if (opt->type_string) {
-	if (strcmp(opt->type_string, "digest") == 0)
-	    type = HX509_SELECT_DIGEST;
-	else if (strcmp(opt->type_string, "public-sig") == 0)
-	    type = HX509_SELECT_PUBLIC_SIG;
-	else if (strcmp(opt->type_string, "secret") == 0)
-	    type = HX509_SELECT_SECRET_ENC;
-	else
-	    errx(1, "unknown type: %s", opt->type_string);
-    } else
-	type = HX509_SELECT_DIGEST;
-
-    if (opt->peer_cmstype_strings.num_strings)
-	peer_strings(context, &peer, &opt->peer_cmstype_strings);
-
-    ret = hx509_crypto_select(context, type, NULL, peer, &selected);
-    if (ret)
-	errx(1, "hx509_crypto_available");
-
-    der_print_heim_oid (&selected.algorithm, '.', &s);
-    printf("%s\n", s);
-    free(s);
-    free_AlgorithmIdentifier(&selected);
-
-    hx509_peer_info_free(peer);
-
-    return 0;
-}
-
-int
-hxtool_hex(struct hex_options *opt, int argc, char **argv)
-{
-
-    if (opt->decode_flag) {
-	char buf[1024], buf2[1024], *p;
-	ssize_t len;
-
-	while(fgets(buf, sizeof(buf), stdin) != NULL) {
-	    buf[strcspn(buf, "\r\n")] = '\0';
-	    p = buf;
-	    while(isspace(*(unsigned char *)p))
-		p++;
-	    len = hex_decode(p, buf2, strlen(p));
-	    if (len < 0)
-		errx(1, "hex_decode failed");
-	    if (fwrite(buf2, 1, len, stdout) != len)
-		errx(1, "fwrite failed");
-	}
-    } else {
-	char buf[28], *p;
-	size_t len;
-
-	while((len = fread(buf, 1, sizeof(buf), stdin)) != 0) {
-	    len = hex_encode(buf, len, &p);
-	    fprintf(stdout, "%s\n", p);
-	    free(p);
-	}
-    }
-    return 0;
-}
-
-static int
-eval_types(hx509_context context, 
-	   hx509_ca_tbs tbs,
-	   const struct certificate_sign_options *opt)
-{
-    int pkinit = 0;
-    int i, ret;
-
-    for (i = 0; i < opt->type_strings.num_strings; i++) {
-	const char *type = opt->type_strings.strings[i];
-	
-	if (strcmp(type, "https-server") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_serverAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "https-client") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_clientAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "peap-server") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_serverAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "pkinit-kdc") == 0) {
-	    pkinit++;
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkkdcekuoid());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "pkinit-client") == 0) {
-	    pkinit++;
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkekuoid());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_ms_client_authentication());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkinit_ms_eku());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	} else if (strcmp(type, "email") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_emailProtection());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else
-	    errx(1, "unknown type %s", type);
-    }
-
-    if (pkinit > 1)
-	errx(1, "More the one PK-INIT type given");
-
-    if (opt->pk_init_principal_string) {
-	if (!pkinit)
-	    errx(1, "pk-init principal given but no pk-init oid");
-
-	ret = hx509_ca_tbs_add_san_pkinit(context, tbs,
-					  opt->pk_init_principal_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit");
-    }
-
-    if (opt->ms_upn_string) {
-	if (!pkinit)
-	    errx(1, "MS up given but no pk-init oid");
-
-	ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
-    }
-
-    
-    for (i = 0; i < opt->hostname_strings.num_strings; i++) {
-	const char *hostname = opt->hostname_strings.strings[i];
-
-	ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
-    }
-
-    for (i = 0; i < opt->email_strings.num_strings; i++) {
-	const char *email = opt->email_strings.strings[i];
-
-	ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
-	
-	ret = hx509_ca_tbs_add_eku(context, tbs, 
-				   oid_id_pkix_kp_emailProtection());
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-    }
-
-    if (opt->jid_string) {
-	ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid");
-    }
-
-    return 0;
-}
-
-int
-hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
-{
-    int ret;
-    hx509_ca_tbs tbs;
-    hx509_cert signer = NULL, cert = NULL;
-    hx509_private_key private_key = NULL;
-    hx509_private_key cert_key = NULL;
-    hx509_name subject = NULL;
-    SubjectPublicKeyInfo spki;
-    int delta = 0;
-
-    memset(&spki, 0, sizeof(spki));
-
-    if (opt->ca_certificate_string == NULL && !opt->self_signed_flag)
-	errx(1, "--ca-certificate argument missing (not using --self-signed)");
-    if (opt->ca_private_key_string == NULL && opt->generate_key_string == NULL && opt->self_signed_flag)
-	errx(1, "--ca-private-key argument missing (using --self-signed)");
-    if (opt->certificate_string == NULL)
-	errx(1, "--certificate argument missing");
-
-    if (opt->template_certificate_string) {
-	if (opt->template_fields_string == NULL)
-	    errx(1, "--template-certificate not no --template-fields");
-    }
-
-    if (opt->lifetime_string) {
-	delta = parse_time(opt->lifetime_string, "day");
-	if (delta < 0)
-	    errx(1, "Invalid lifetime: %s", opt->lifetime_string);
-    }
-
-    if (opt->ca_certificate_string) {
-	hx509_certs cacerts = NULL;
-	hx509_query *q;
-
-	ret = hx509_certs_init(context, opt->ca_certificate_string, 0,
-			       NULL, &cacerts);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_init: %s", opt->ca_certificate_string);
-
-	ret = hx509_query_alloc(context, &q);
-	if (ret)
-	    errx(1, "hx509_query_alloc: %d", ret);
-
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	if (!opt->issue_proxy_flag)
-	    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
-
-	ret = hx509_certs_find(context, cacerts, q, &signer);
-	hx509_query_free(context, q);
-	hx509_certs_free(&cacerts);
-	if (ret)
-	    hx509_err(context, 1, ret, "no CA certificate found");
-    } else if (opt->self_signed_flag) {
-	if (opt->generate_key_string == NULL
-	    && opt->ca_private_key_string == NULL)
-	    errx(1, "no signing private key");
-    } else
-	errx(1, "missing ca key");
-
-    if (opt->ca_private_key_string) {
-
-	ret = read_private_key(opt->ca_private_key_string, &private_key);
-	if (ret)
-	    err(1, "read_private_key");
-
-	ret = _hx509_private_key2SPKI(context, private_key, &spki);
-	if (ret)
-	    errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-	if (opt->self_signed_flag)
-	    cert_key = private_key;
-    }
-
-    if (opt->req_string) {
-	hx509_request req;
-
-	ret = _hx509_request_parse(context, opt->req_string, &req);
-	if (ret)
-	    hx509_err(context, 1, ret, "parse_request: %s", opt->req_string);
-	ret = _hx509_request_get_name(context, req, &subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "get name");
-	ret = _hx509_request_get_SubjectPublicKeyInfo(context, req, &spki);
-	if (ret)
-	    hx509_err(context, 1, ret, "get spki");
-	_hx509_request_free(&req);
-    }
-
-    if (opt->generate_key_string) {
-	struct hx509_generate_private_context *keyctx;
-
-	ret = _hx509_generate_private_key_init(context, 
-					       oid_id_pkcs1_rsaEncryption(),
-					       &keyctx);
-
-	if (opt->issue_ca_flag)
-	    _hx509_generate_private_key_is_ca(context, keyctx);
-
-	if (opt->key_bits_integer)
-	    _hx509_generate_private_key_bits(context, keyctx,
-					     opt->key_bits_integer);
-
-	ret = _hx509_generate_private_key(context, keyctx,
-					  &cert_key);
-	_hx509_generate_private_key_free(&keyctx);
-	if (ret)
-	    hx509_err(context, 1, ret, "generate private key");
-	
-	ret = _hx509_private_key2SPKI(context, cert_key, &spki);
-	if (ret)
-	    errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-	if (opt->self_signed_flag)
-	    private_key = cert_key;
-    }
-
-    if (opt->certificate_private_key_string) {
-	ret = read_private_key(opt->certificate_private_key_string, &cert_key);
-	if (ret)
-	    err(1, "read_private_key for certificate");
-    }
-
-    if (opt->subject_string) {
-	if (subject)
-	    hx509_name_free(&subject);
-	ret = hx509_parse_name(context, opt->subject_string, &subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_parse_name");
-    }
-
-    /*
-     *
-     */
-
-    ret = hx509_ca_tbs_init(context, &tbs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_ca_tbs_init");
-	
-    if (opt->template_certificate_string) {
-	hx509_cert template;
-	hx509_certs tcerts;
-	int flags;
-
-	ret = hx509_certs_init(context, opt->template_certificate_string, 0,
-			       NULL, &tcerts);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_init: %s", opt->template_certificate_string);
-
-	ret = hx509_get_one_cert(context, tcerts, &template);
-
-	hx509_certs_free(&tcerts);
-	if (ret)
-	    hx509_err(context, 1, ret, "no template certificate found");
-
-	flags = parse_units(opt->template_fields_string, 
-			    hx509_ca_tbs_template_units(), "");
-
-	ret = hx509_ca_tbs_set_template(context, tbs, flags, template);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_template");
-
-	hx509_cert_free(template);
-    }
-
-    if (opt->serial_number_string) {
-	heim_integer serialNumber;
-
-	ret = der_parse_hex_heim_integer(opt->serial_number_string,
-					 &serialNumber);
-	if (ret)
-	    err(1, "der_parse_hex_heim_integer");
-	ret = hx509_ca_tbs_set_serialnumber(context, tbs, &serialNumber);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_init");
-	der_free_heim_integer(&serialNumber);
-    }
-
-    if (spki.subjectPublicKey.length) {
-	ret = hx509_ca_tbs_set_spki(context, tbs, &spki);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_spki");
-    }
-
-    if (subject) {
-	ret = hx509_ca_tbs_set_subject(context, tbs, subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_subject");
-    }
-
-    if (opt->crl_uri_string) {
-	ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs, 
-					  opt->crl_uri_string, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_crl_dp_uri");
-    }
-
-    eval_types(context, tbs, opt);
-
-    if (opt->issue_ca_flag) {
-	ret = hx509_ca_tbs_set_ca(context, tbs, opt->path_length_integer);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_ca");
-    }
-    if (opt->issue_proxy_flag) {
-	ret = hx509_ca_tbs_set_proxy(context, tbs, opt->path_length_integer);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_proxy");
-    }
-    if (opt->domain_controller_flag) {
-	hx509_ca_tbs_set_domaincontroller(context, tbs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_domaincontroller");
-    }
-
-    if (delta) {
-	ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_notAfter_lifetime");
-    }	
-
-    if (opt->self_signed_flag) {
-	ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_sign_self");
-    } else {
-	ret = hx509_ca_sign(context, tbs, signer, &cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_sign");
-    }
-
-    if (cert_key) {
-	ret = _hx509_cert_assign_key(cert, cert_key);
-	if (ret)
-	    hx509_err(context, 1, ret, "_hx509_cert_assign_key");
-    }	    
-
-    {
-	hx509_certs certs;
-
-	ret = hx509_certs_init(context, opt->certificate_string, 
-			       HX509_CERTS_CREATE, NULL, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_init");
-
-	ret = hx509_certs_add(context, certs, cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_add");
-
-	ret = hx509_certs_store(context, certs, 0, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_store");
-
-	hx509_certs_free(&certs);
-    }
-
-    if (subject)
-	hx509_name_free(&subject);
-    if (signer)
-	hx509_cert_free(signer);
-    hx509_cert_free(cert);
-    free_SubjectPublicKeyInfo(&spki);
-
-    if (private_key != cert_key)
-	_hx509_private_key_free(&private_key);
-    _hx509_private_key_free(&cert_key);
-
-    hx509_ca_tbs_free(&tbs);
-
-    return 0;
-}
-
-static int
-test_one_cert(hx509_context hxcontext, void *ctx, hx509_cert cert)
-{
-    heim_octet_string sd, c;
-    hx509_verify_ctx vctx = ctx;
-    hx509_certs signer = NULL;
-    heim_oid type;
-    int ret;
-
-    if (_hx509_cert_private_key(cert) == NULL)
-	return 0;
-
-    ret = hx509_cms_create_signed_1(context, 0, NULL, NULL, 0,
-				    NULL, cert, NULL, NULL, NULL, &sd);
-    if (ret)
-	errx(1, "hx509_cms_create_signed_1");
-
-    ret = hx509_cms_verify_signed(context, vctx, sd.data, sd.length,
-				  NULL, NULL, &type, &c, &signer);
-    free(sd.data);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_verify_signed");
-
-    printf("create-signature verify-sigature done\n");
-
-    free(c.data);
-
-    return 0;
-}
-
-int
-test_crypto(struct test_crypto_options *opt, int argc, char ** argv)
-{
-    hx509_verify_ctx vctx;
-    hx509_certs certs;
-    hx509_lock lock;
-    int i, ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:test-crypto", 0, NULL, &certs);
-
-    for (i = 0; i < argc; i++) {
-	ret = hx509_certs_append(context, certs, lock, argv[i]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append");
-    }
-
-    ret = hx509_verify_init_ctx(context, &vctx);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_verify_init_ctx");
-
-    hx509_verify_attach_anchors(vctx, certs);
-
-    ret = hx509_certs_iter(context, certs, test_one_cert, vctx);
-
-    hx509_certs_free(&certs);
-
-    return 0;
-}
-
-int
-statistic_print(struct statistic_print_options*opt, int argc, char **argv)
-{
-    int type = 0;
-
-    if (stat_file_string == NULL)
-	errx(1, "no stat file");
-
-    if (opt->type_integer)
-	type = opt->type_integer;
-
-    hx509_query_unparse_stats(context, type, stdout);
-    return 0;
-}
-
-/*
- *
- */
-
-int
-crl_sign(struct crl_sign_options *opt, int argc, char **argv)
-{
-    hx509_crl crl;
-    heim_octet_string os;
-    hx509_cert signer = NULL;
-    hx509_lock lock;
-    int ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_crl_alloc(context, &crl);
-    if (ret)
-	errx(1, "crl alloc");
-
-    if (opt->signer_string == NULL)
-	errx(1, "signer missing");
-
-    {
-	hx509_certs certs = NULL;
-	hx509_query *q;
-
-	ret = hx509_certs_init(context, opt->signer_string, 0,
-			       NULL, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, 
-		      "hx509_certs_init: %s", opt->signer_string);
-
-	ret = hx509_query_alloc(context, &q);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_query_alloc: %d", ret);
-
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-
-	ret = hx509_certs_find(context, certs, q, &signer);
-	hx509_query_free(context, q);
-	hx509_certs_free(&certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "no signer certificate found");
-    }
-
-    if (opt->lifetime_string) {
-	int delta;
-
-	delta = parse_time(opt->lifetime_string, "day");
-	if (delta < 0)
-	    errx(1, "Invalid lifetime: %s", opt->lifetime_string);
-
-	hx509_crl_lifetime(context, crl, delta);
-    }
-
-    {
-	hx509_certs revoked = NULL;
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0,
-			       NULL, &revoked);
-
-	for (i = 0; i < argc; i++) {
-	    ret = hx509_certs_append(context, revoked, lock, argv[i]);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
-	}
-
-	hx509_crl_add_revoked_certs(context, crl, revoked);
-	hx509_certs_free(&revoked);
-    }
-
-    hx509_crl_sign(context, signer, crl, &os);
-
-    if (opt->crl_file_string)
-	rk_dumpdata(opt->crl_file_string, os.data, os.length);
-
-    free(os.data);
-
-    hx509_crl_free(context, &crl);
-    hx509_cert_free(signer);
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-/*
- *
- */
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret, optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-
-    if (argc == 0)
-	usage(1);
-
-    ret = hx509_context_init(&context);
-    if (ret)
-	errx(1, "hx509_context_init failed with %d", ret);
-
-    if (stat_file_string)
-	hx509_query_statistic_file(context, stat_file_string);
-
-    ret = sl_command(commands, argc, argv);
-    if(ret == -1)
-	warnx ("unrecognized command: %s", argv[0]);
-
-    hx509_context_free(&context);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/keyset.c b/crypto/heimdal/lib/hx509/keyset.c
deleted file mode 100644
index 2fcff7b..0000000
--- a/crypto/heimdal/lib/hx509/keyset.c
+++ /dev/null
@@ -1,677 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $");
-
-/**
- * @page page_keyset Certificate store operations
- *
- * Type of certificates store:
- * - MEMORY
- *   In memory based format. Doesnt support storing.
- * - FILE 
- *   FILE supports raw DER certicates and PEM certicates. When PEM is
- *   used the file can contain may certificates and match private
- *   keys. Support storing the certificates. DER format only supports
- *   on certificate and no private key.
- * - PEM-FILE
- *   Same as FILE, defaulting to PEM encoded certificates.
- * - PEM-FILE
- *   Same as FILE, defaulting to DER encoded certificates.
- * - PKCS11
- * - PKCS12
- * - DIR
- * - KEYCHAIN
- *   Apple Mac OS X KeyChain backed keychain object.
- *
- * See the library functions here: @ref hx509_keyset
- */
-
-struct hx509_certs_data {
-    int ref;
-    struct hx509_keyset_ops *ops;
-    void *ops_data;
-};
-
-static struct hx509_keyset_ops *
-_hx509_ks_type(hx509_context context, const char *type)
-{
-    int i;
-
-    for (i = 0; i < context->ks_num_ops; i++)
-	if (strcasecmp(type, context->ks_ops[i]->name) == 0)
-	    return context->ks_ops[i];
-
-    return NULL;
-}
-
-void
-_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
-{
-    struct hx509_keyset_ops **val;
-
-    if (_hx509_ks_type(context, ops->name))
-	return;
-
-    val = realloc(context->ks_ops, 
-		  (context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
-    if (val == NULL)
-	return;
-    val[context->ks_num_ops] = ops;
-    context->ks_ops = val;
-    context->ks_num_ops++;
-}
-
-/**
- * Open or creates a new hx509 certificate store.
- *
- * @param context A hx509 context
- * @param name name of the store, format is TYPE:type-specific-string,
- * if NULL is used the MEMORY store is used.
- * @param flags list of flags:
- * - HX509_CERTS_CREATE create a new keystore of the specific TYPE.
- * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param certs return pointer, free with hx509_certs_free().
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_init(hx509_context context,
-		 const char *name, int flags,
-		 hx509_lock lock, hx509_certs *certs)
-{
-    struct hx509_keyset_ops *ops;
-    const char *residue;
-    hx509_certs c;
-    char *type;
-    int ret;
-
-    *certs = NULL;
-
-    residue = strchr(name, ':');
-    if (residue) {
-	type = malloc(residue - name + 1);
-	if (type)
-	    strlcpy(type, name, residue - name + 1);
-	residue++;
-	if (residue[0] == '\0')
-	    residue = NULL;
-    } else {
-	type = strdup("MEMORY");
-	residue = name;
-    }
-    if (type == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    
-    ops = _hx509_ks_type(context, type);
-    if (ops == NULL) {
-	hx509_set_error_string(context, 0, ENOENT, 
-			       "Keyset type %s is not supported", type);
-	free(type);
-	return ENOENT;
-    }
-    free(type);
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    c->ops = ops;
-    c->ref = 1;
-
-    ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-
-    *certs = c;
-    return 0;
-}
-
-/**
- * Write the certificate store to stable storage.
- *
- * @param context A hx509 context.
- * @param certs a certificate store to store.
- * @param flags currently unused, use 0.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if
- * the certificate store doesn't support the store operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_store(hx509_context context,
-		  hx509_certs certs,
-		  int flags,
-		  hx509_lock lock)
-{
-    if (certs->ops->store == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "keystore if type %s doesn't support "
-			       "store operation",
-			       certs->ops->name);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    return (*certs->ops->store)(context, certs, certs->ops_data, flags, lock);
-}
-
-
-hx509_certs
-_hx509_certs_ref(hx509_certs certs)
-{
-    if (certs == NULL)
-	return NULL;
-    if (certs->ref <= 0)
-	_hx509_abort("certs refcount <= 0");
-    certs->ref++;
-    if (certs->ref == 0)
-	_hx509_abort("certs refcount == 0");
-    return certs;
-}
-
-/**
- * Free a certificate store.
- *
- * @param certs certificate store to free.
- *
- * @ingroup hx509_keyset
- */
-
-void
-hx509_certs_free(hx509_certs *certs)
-{
-    if (*certs) {
-	if ((*certs)->ref <= 0)
-	    _hx509_abort("refcount <= 0");
-	if (--(*certs)->ref > 0)
-	    return;
-
-	(*(*certs)->ops->free)(*certs, (*certs)->ops_data);
-	free(*certs);
-	*certs = NULL;
-    }
-}
-
-/**
- * Start the integration
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over
- * @param cursor cursor that will keep track of progress, free with
- * hx509_certs_end_seq().
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is
- * returned if the certificate store doesn't support the iteration
- * operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_start_seq(hx509_context context,
-		      hx509_certs certs,
-		      hx509_cursor *cursor)
-{
-    int ret;
-
-    if (certs->ops->iter_start == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, 
-			       "Keyset type %s doesn't support iteration", 
-			       certs->ops->name);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
-    if (ret)
-	return ret;
-
-    return 0;
-}
-
-/**
- * Get next ceritificate from the certificate keystore pointed out by
- * cursor.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that keeps track of progress.
- * @param cert return certificate next in store, NULL if the store
- * contains no more certificates. Free with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_next_cert(hx509_context context,
-		      hx509_certs certs,
-		      hx509_cursor cursor,
-		      hx509_cert *cert)
-{
-    *cert = NULL;
-    return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
-}
-
-/**
- * End the iteration over certificates.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that will keep track of progress, freed.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_end_seq(hx509_context context,
-		    hx509_certs certs,
-		    hx509_cursor cursor)
-{
-    (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
-    return 0;
-}
-
-/**
- * Iterate over all certificates in a keystore and call an function
- * for each fo them.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param func function to call for each certificate. The function
- * should return non-zero to abort the iteration, that value is passed
- * back to te caller of hx509_certs_iter().
- * @param ctx context variable that will passed to the function.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_iter(hx509_context context, 
-		 hx509_certs certs, 
-		 int (*func)(hx509_context, void *, hx509_cert),
-		 void *ctx)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret;
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-    
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL) {
-	    ret = 0;
-	    break;
-	}
-	ret = (*func)(context, ctx, c);
-	hx509_cert_free(c);
-	if (ret)
-	    break;
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-
-    return ret;
-}
-
-
-/**
- * Function to use to hx509_certs_iter() as a function argument, the
- * ctx variable to hx509_certs_iter() should be a FILE file descriptor.
- *
- * @param context a hx509 context.
- * @param ctx used by hx509_certs_iter().
- * @param c a certificate
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
-{
-    Certificate *cert;
-    hx509_name n;
-    char *s, *i;
-
-    cert = _hx509_get_cert(c);
-
-    _hx509_name_from_Name(&cert->tbsCertificate.subject, &n);
-    hx509_name_to_string(n, &s);
-    hx509_name_free(&n);
-    _hx509_name_from_Name(&cert->tbsCertificate.issuer, &n);
-    hx509_name_to_string(n, &i);
-    hx509_name_free(&n);
-    fprintf(ctx, "subject: %s\nissuer: %s\n", s, i);
-    free(s);
-    free(i);
-    return 0;
-}
-
-/**
- * Add a certificate to the certificiate store.
- *
- * The receiving keyset certs will either increase reference counter
- * of the cert or make a deep copy, either way, the caller needs to
- * free the cert itself.
- *
- * @param context a hx509 context.
- * @param certs certificate store to add the certificate to.
- * @param cert certificate to add.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
-{
-    if (certs->ops->add == NULL) {
-	hx509_set_error_string(context, 0, ENOENT, 
-			       "Keyset type %s doesn't support add operation", 
-			       certs->ops->name);
-	return ENOENT;
-    }
-
-    return (*certs->ops->add)(context, certs, certs->ops_data, cert);
-}
-
-/**
- * Find a certificate matching the query.
- *
- * @param context a hx509 context.
- * @param certs certificate store to search.
- * @param q query allocated with @ref hx509_query functions.
- * @param r return certificate (or NULL on error), should be freed
- * with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_find(hx509_context context,
-		 hx509_certs certs, 
-		 const hx509_query *q,
-		 hx509_cert *r)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret;
-
-    *r = NULL;
-
-    _hx509_query_statistic(context, 0, q);
-
-    if (certs->ops->query)
-	return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    c = NULL;
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL)
-	    break;
-	if (_hx509_query_match_cert(context, q, c)) {
-	    *r = c;
-	    break;
-	}
-	hx509_cert_free(c);
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-    if (ret)
-	return ret;
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_CERT_NOT_FOUND;
-    }
-
-    return 0;
-}
-
-static int
-certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    return hx509_certs_add(context, (hx509_certs)ctx, c);
-}
-
-/**
- * Merge a certificate store into another. The from store is keep
- * intact.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param from the store to copy the object from.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
-{
-    if (from == NULL)
-	return 0;
-    return hx509_certs_iter(context, from, certs_merge_func, to);
-}
-
-/**
- * Same a hx509_certs_merge() but use a lock and name to describe the
- * from source.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param name name of the source store
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_append(hx509_context context,
-		   hx509_certs to,
-		   hx509_lock lock,
-		   const char *name)
-{
-    hx509_certs s;
-    int ret;
-
-    ret = hx509_certs_init(context, name, 0, lock, &s);
-    if (ret)
-	return ret;
-    ret = hx509_certs_merge(context, to, s);
-    hx509_certs_free(&s);
-    return ret;
-}
-
-/**
- * Get one random certificate from the certificate store.
- *
- * @param context a hx509 context.
- * @param certs a certificate store to get the certificate from.
- * @param c return certificate, should be freed with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c)
-{
-    hx509_cursor cursor;
-    int ret;
-
-    *c = NULL;
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    ret = hx509_certs_next_cert(context, certs, cursor, c);
-    if (ret)
-	return ret;
-
-    hx509_certs_end_seq(context, certs, cursor);
-    return 0;
-}
-
-static int
-certs_info_stdio(void *ctx, const char *str)
-{
-    FILE *f = ctx;
-    fprintf(f, "%s\n", str);
-    return 0;
-}
-
-/**
- * Print some info about the certificate store.
- *
- * @param context a hx509 context.
- * @param certs certificate store to print information about.
- * @param func function that will get each line of the information, if
- * NULL is used the data is printed on a FILE descriptor that should
- * be passed in ctx, if ctx also is NULL, stdout is used.
- * @param ctx parameter to func.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_info(hx509_context context, 
-		 hx509_certs certs,
-		 int (*func)(void *, const char *),
-		 void *ctx)
-{
-    if (func == NULL) {
-	func = certs_info_stdio;
-	if (ctx == NULL)
-	    ctx = stdout;
-    }
-    if (certs->ops->printinfo == NULL) {
-	(*func)(ctx, "No info function for certs");
-	return 0;
-    }
-    return (*certs->ops->printinfo)(context, certs, certs->ops_data,
-				    func, ctx);
-}
-
-void
-_hx509_pi_printf(int (*func)(void *, const char *), void *ctx,
-		 const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-
-    va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (str == NULL)
-	return;
-    (*func)(ctx, str);
-    free(str);
-}
-
-int
-_hx509_certs_keys_get(hx509_context context, 
-		      hx509_certs certs, 
-		      hx509_private_key **keys)
-{
-    if (certs->ops->getkeys == NULL) {
-	*keys = NULL;
-	return 0;
-    }
-    return (*certs->ops->getkeys)(context, certs, certs->ops_data, keys);
-}
-
-int
-_hx509_certs_keys_add(hx509_context context, 
-		      hx509_certs certs, 
-		      hx509_private_key key)
-{
-    if (certs->ops->addkey == NULL) {
-	hx509_set_error_string(context, 0, EINVAL,
-			       "keystore if type %s doesn't support "
-			       "key add operation",
-			       certs->ops->name);
-	return EINVAL;
-    }
-    return (*certs->ops->addkey)(context, certs, certs->ops_data, key);
-}
-
-
-void
-_hx509_certs_keys_free(hx509_context context,
-		       hx509_private_key *keys)
-{
-    int i;
-    for (i = 0; keys[i]; i++)
-	_hx509_private_key_free(&keys[i]);
-    free(keys);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_dir.c b/crypto/heimdal/lib/hx509/ks_dir.c
deleted file mode 100644
index a0bc875..0000000
--- a/crypto/heimdal/lib/hx509/ks_dir.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_dir.c 19778 2007-01-09 10:52:13Z lha $");
-#include <dirent.h>
-
-/*
- * The DIR keyset module is strange compared to the other modules
- * since it does lazy evaluation and really doesn't keep any local
- * state except for the directory iteration and cert iteration of
- * files. DIR ignores most errors so that the consumer doesn't get
- * failes for stray files in directories.
- */
-
-struct dircursor {
-    DIR *dir;
-    hx509_certs certs;
-    void *iter;
-};
-
-/*
- *
- */
-
-static int
-dir_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    *data = NULL;
-
-    {
-	struct stat sb;
-	int ret;
-
-	ret = stat(residue, &sb);
-	if (ret == -1) {
-	    hx509_set_error_string(context, 0, ENOENT,
-				   "No such file %s", residue);
-	    return ENOENT;
-	}
-
-	if ((sb.st_mode & S_IFDIR) == 0) {
-	    hx509_set_error_string(context, 0, ENOTDIR,
-				   "%s is not a directory", residue);
-	    return ENOTDIR;
-	}
-    }
-
-    *data = strdup(residue);
-    if (*data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-static int
-dir_free(hx509_certs certs, void *data)
-{
-    free(data);
-    return 0;
-}
-
-
-
-static int 
-dir_iter_start(hx509_context context,
-	       hx509_certs certs, void *data, void **cursor)
-{
-    struct dircursor *d;
-
-    *cursor = NULL;
-
-    d = calloc(1, sizeof(*d));
-    if (d == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    d->dir = opendir(data);
-    if (d->dir == NULL) {
-	hx509_clear_error_string(context);
-	free(d);
-	return errno;
-    }
-    d->certs = NULL;
-    d->iter = NULL;
-
-    *cursor = d;
-    return 0;
-}
-
-static int
-dir_iter(hx509_context context,
-	 hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    struct dircursor *d = iter;
-    int ret = 0;
-    
-    *cert = NULL;
-
-    do {
-	struct dirent *dir;
-	char *fn;
-
-	if (d->certs) {
-	    ret = hx509_certs_next_cert(context, d->certs, d->iter, cert);
-	    if (ret) {
-		hx509_certs_end_seq(context, d->certs, d->iter);
-		d->iter = NULL;
-		hx509_certs_free(&d->certs);
-		return ret;
-	    }
-	    if (*cert) {
-		ret = 0;
-		break;
-	    }
-	    hx509_certs_end_seq(context, d->certs, d->iter);
-	    d->iter = NULL;
-	    hx509_certs_free(&d->certs);
-	}
-
-	dir = readdir(d->dir);
-	if (dir == NULL) {
-	    ret = 0;
-	    break;
-	}
-	if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0)
-	    continue;
-	
-	if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1)
-	    return ENOMEM;
-	
-	ret = hx509_certs_init(context, fn, 0, NULL, &d->certs);
-	if (ret == 0) {
-
-	    ret = hx509_certs_start_seq(context, d->certs, &d->iter);
-	    if (ret)
-	    hx509_certs_free(&d->certs);
-	}
-	/* ignore errors */
-	if (ret) {
-	    d->certs = NULL;
-	    ret = 0;
-	}
-
-	free(fn);
-    } while(ret == 0);
-
-    return ret;
-}
-
-
-static int
-dir_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    struct dircursor *d = cursor;
-
-    if (d->certs) {
-	hx509_certs_end_seq(context, d->certs, d->iter);
-	d->iter = NULL;
-	hx509_certs_free(&d->certs);
-    }
-    closedir(d->dir);
-    free(d);
-    return 0;
-}
-
-
-static struct hx509_keyset_ops keyset_dir = {
-    "DIR",
-    0,
-    dir_init,
-    NULL,
-    dir_free,
-    NULL,
-    NULL,
-    dir_iter_start,
-    dir_iter,
-    dir_iter_end
-};
-
-void
-_hx509_ks_dir_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_dir);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_file.c b/crypto/heimdal/lib/hx509/ks_file.c
deleted file mode 100644
index 87b97af..0000000
--- a/crypto/heimdal/lib/hx509/ks_file.c
+++ /dev/null
@@ -1,643 +0,0 @@
-/*
- * Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_file.c 22465 2008-01-16 14:25:24Z lha $");
-
-typedef enum { USE_PEM, USE_DER } outformat;
-
-struct ks_file {
-    hx509_certs certs;
-    char *fn;
-    outformat format;
-};
-
-/*
- *
- */
-
-static int
-parse_certificate(hx509_context context, const char *fn, 
-		  struct hx509_collector *c, 
-		  const hx509_pem_header *headers,
-		  const void *data, size_t len)
-{
-    hx509_cert cert;
-    int ret;
-
-    ret = hx509_cert_init_data(context, data, len, &cert);
-    if (ret)
-	return ret;
-
-    ret = _hx509_collector_certs_add(context, c, cert);
-    hx509_cert_free(cert);
-    return ret;
-}
-
-static int
-try_decrypt(hx509_context context,
-	    struct hx509_collector *collector,
-	    const AlgorithmIdentifier *alg,
-	    const EVP_CIPHER *c,
-	    const void *ivdata,
-	    const void *password,
-	    size_t passwordlen,
-	    const void *cipher,
-	    size_t len)
-{
-    heim_octet_string clear;
-    size_t keylen;
-    void *key;
-    int ret;
-
-    keylen = EVP_CIPHER_key_length(c);
-
-    key = malloc(keylen);
-    if (key == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = EVP_BytesToKey(c, EVP_md5(), ivdata,
-			 password, passwordlen,
-			 1, key, NULL);
-    if (ret <= 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
-			       "Failed to do string2key for private key");
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-
-    clear.data = malloc(len);
-    if (clear.data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "Out of memory to decrypt for private key");
-	ret = ENOMEM;
-	goto out;
-    }
-    clear.length = len;
-
-    {
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
-	EVP_Cipher(&ctx, clear.data, cipher, len);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-    }	
-
-    ret = _hx509_collector_private_key_add(context,
-					   collector,
-					   alg,
-					   NULL,
-					   &clear,
-					   NULL);
-
-    memset(clear.data, 0, clear.length);
-    free(clear.data);
-out:
-    memset(key, 0, keylen);
-    free(key);
-    return ret;
-}
-
-static int
-parse_rsa_private_key(hx509_context context, const char *fn,
-		      struct hx509_collector *c, 
-		      const hx509_pem_header *headers,
-		      const void *data, size_t len)
-{
-    int ret = 0;
-    const char *enc;
-
-    enc = hx509_pem_find_header(headers, "Proc-Type");
-    if (enc) {
-	const char *dek;
-	char *type, *iv;
-	ssize_t ssize, size;
-	void *ivdata;
-	const EVP_CIPHER *cipher;
-	const struct _hx509_password *pw;
-	hx509_lock lock;
-	int i, decrypted = 0;
-
-	lock = _hx509_collector_get_lock(c);
-	if (lock == NULL) {
-	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-				   "Failed to get password for "
-				   "password protected file %s", fn);
-	    return HX509_ALG_NOT_SUPP;
-	}
-
-	if (strcmp(enc, "4,ENCRYPTED") != 0) {
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "RSA key encrypted in unknown method %s "
-				   "in file",
-				   enc, fn);
-	    hx509_clear_error_string(context);
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	dek = hx509_pem_find_header(headers, "DEK-Info");
-	if (dek == NULL) {
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "Encrypted RSA missing DEK-Info");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	type = strdup(dek);
-	if (type == NULL) {
-	    hx509_clear_error_string(context);
-	    return ENOMEM;
-	}
-
-	iv = strchr(type, ',');
-	if (iv == NULL) {
-	    free(type);
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "IV missing");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	*iv++ = '\0';
-
-	size = strlen(iv);
-	ivdata = malloc(size);
-	if (ivdata == NULL) {
-	    hx509_clear_error_string(context);
-	    free(type);
-	    return ENOMEM;
-	}
-
-	cipher = EVP_get_cipherbyname(type);
-	if (cipher == NULL) {
-	    free(ivdata);
-	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-				   "RSA key encrypted with "
-				   "unsupported cipher: %s",
-				   type);
-	    free(type);
-	    return HX509_ALG_NOT_SUPP;
-	}
-
-#define PKCS5_SALT_LEN 8
-
-	ssize = hex_decode(iv, ivdata, size);
-	free(type);
-	type = NULL;
-	iv = NULL;
-
-	if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
-	    free(ivdata);
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "Salt have wrong length in RSA key file");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-	
-	pw = _hx509_lock_get_passwords(lock);
-	if (pw != NULL) {
-	    const void *password;
-	    size_t passwordlen;
-
-	    for (i = 0; i < pw->len; i++) {
-		password = pw->val[i];
-		passwordlen = strlen(password);
-		
-		ret = try_decrypt(context, c, hx509_signature_rsa(),
-				  cipher, ivdata, password, passwordlen,
-				  data, len);
-		if (ret == 0) {
-		    decrypted = 1;
-		    break;
-		}
-	    }
-	}
-	if (!decrypted) {
-	    hx509_prompt prompt;
-	    char password[128];
-
-	    memset(&prompt, 0, sizeof(prompt));
-
-	    prompt.prompt = "Password for keyfile: ";
-	    prompt.type = HX509_PROMPT_TYPE_PASSWORD;
-	    prompt.reply.data = password;
-	    prompt.reply.length = sizeof(password);
-
-	    ret = hx509_lock_prompt(lock, &prompt);
-	    if (ret == 0)
-		ret = try_decrypt(context, c, hx509_signature_rsa(),
-				  cipher, ivdata, password, strlen(password),
-				  data, len);
-	    /* XXX add password to lock password collection ? */
-	    memset(password, 0, sizeof(password));
-	}
-	free(ivdata);
-
-    } else {
-	heim_octet_string keydata;
-
-	keydata.data = rk_UNCONST(data);
-	keydata.length = len;
-
-	ret = _hx509_collector_private_key_add(context,
-					       c,
-					       hx509_signature_rsa(),
-					       NULL,
-					       &keydata,
-					       NULL);
-    }
-
-    return ret;
-}
-
-
-struct pem_formats {
-    const char *name;
-    int (*func)(hx509_context, const char *, struct hx509_collector *, 
-		const hx509_pem_header *, const void *, size_t);
-} formats[] = {
-    { "CERTIFICATE", parse_certificate },
-    { "RSA PRIVATE KEY", parse_rsa_private_key }
-};
-
-
-struct pem_ctx {
-    int flags;
-    struct hx509_collector *c;
-};
-
-static int
-pem_func(hx509_context context, const char *type,
-	 const hx509_pem_header *header,
-	 const void *data, size_t len, void *ctx)
-{
-    struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
-    int ret = 0, j;
-
-    for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
-	const char *q = formats[j].name;
-	if (strcasecmp(type, q) == 0) {
-	    ret = (*formats[j].func)(context, NULL, pem_ctx->c,  header, data, len);
-	    if (ret == 0)
-		break;
-	}
-    }
-    if (j == sizeof(formats)/sizeof(formats[0])) {
-	ret = HX509_UNSUPPORTED_OPERATION;
-	hx509_set_error_string(context, 0, ret,
-			       "Found no matching PEM format for %s", type);
-	return ret;
-    }
-    if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL))
-	return ret;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-file_init_common(hx509_context context,
-		 hx509_certs certs, void **data, int flags, 
-		 const char *residue, hx509_lock lock, outformat format)
-{
-    char *p, *pnext;
-    struct ks_file *f = NULL;
-    hx509_private_key *keys = NULL;
-    int ret;
-    struct pem_ctx pem_ctx;
-
-    pem_ctx.flags = flags;
-    pem_ctx.c = NULL;
-
-    *data = NULL;
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    f = calloc(1, sizeof(*f));
-    if (f == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    f->format = format;
-
-    f->fn = strdup(residue);
-    if (f->fn == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-
-    /* 
-     * XXX this is broken, the function should parse the file before
-     * overwriting it
-     */
-
-    if (flags & HX509_CERTS_CREATE) {
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create", 
-			       0, lock, &f->certs);
-	if (ret)
-	    goto out;
-	*data = f;
-	return 0;
-    }
-
-    ret = _hx509_collector_alloc(context, lock, &pem_ctx.c);
-    if (ret)
-	goto out;
-
-    for (p = f->fn; p != NULL; p = pnext) {
-	FILE *f;
-
-	pnext = strchr(p, ',');
-	if (pnext)
-	    *pnext++ = '\0';
-	
-
-	if ((f = fopen(p, "r")) == NULL) {
-	    ret = ENOENT;
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to open PEM file \"%s\": %s", 
-				   p, strerror(errno));
-	    goto out;
-	}
-
-	ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
-	fclose(f);		     
-	if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
-	    goto out;
-	else if (ret == HX509_PARSING_KEY_FAILED) {
-	    size_t length;
-	    void *ptr;
-	    int i;
-
-	    ret = _hx509_map_file(p, &ptr, &length, NULL);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-
-	    for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
-		ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length);
-		if (ret == 0)
-		    break;
-	    }
-	    _hx509_unmap_file(ptr, length);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs);
-    if (ret)
-	goto out;
-
-    ret = _hx509_collector_collect_private_keys(context, pem_ctx.c, &keys);
-    if (ret == 0) {
-	int i;
-
-	for (i = 0; keys[i]; i++)
-	    _hx509_certs_keys_add(context, f->certs, keys[i]);
-	_hx509_certs_keys_free(context, keys);
-    }
-
-out:
-    if (ret == 0)
-	*data = f;
-    else {
-	if (f->fn)
-	    free(f->fn);
-	free(f);
-    }
-    if (pem_ctx.c)
-	_hx509_collector_free(pem_ctx.c);
-
-    return ret;
-}
-
-static int
-file_init_pem(hx509_context context,
-	      hx509_certs certs, void **data, int flags, 
-	      const char *residue, hx509_lock lock)
-{
-    return file_init_common(context, certs, data, flags, residue, lock, USE_PEM);
-}
-
-static int
-file_init_der(hx509_context context,
-	      hx509_certs certs, void **data, int flags, 
-	      const char *residue, hx509_lock lock)
-{
-    return file_init_common(context, certs, data, flags, residue, lock, USE_DER);
-}
-
-static int
-file_free(hx509_certs certs, void *data)
-{
-    struct ks_file *f = data;
-    hx509_certs_free(&f->certs);
-    free(f->fn);
-    free(f);
-    return 0;
-}
-
-struct store_ctx {
-    FILE *f;
-    outformat format;
-};
-
-static int
-store_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    struct store_ctx *sc = ctx;
-    heim_octet_string data;
-    int ret;
-
-    ret = hx509_cert_binary(context, c, &data);
-    if (ret)
-	return ret;
-    
-    switch (sc->format) {
-    case USE_DER:
-	fwrite(data.data, data.length, 1, sc->f);
-	free(data.data);
-	break;
-    case USE_PEM:
-	hx509_pem_write(context, "CERTIFICATE", NULL, sc->f, 
-			data.data, data.length);
-	free(data.data);
-	if (_hx509_cert_private_key_exportable(c)) {
-	    hx509_private_key key = _hx509_cert_private_key(c);
-	    ret = _hx509_private_key_export(context, key, &data);
-	    if (ret)
-		break;
-	    hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f,
-			    data.data, data.length);
-	    free(data.data);
-	}
-	break;
-    }
-
-    return 0;
-}
-
-static int
-file_store(hx509_context context, 
-	   hx509_certs certs, void *data, int flags, hx509_lock lock)
-{
-    struct ks_file *f = data;
-    struct store_ctx sc;
-    int ret;
-
-    sc.f = fopen(f->fn, "w");
-    if (sc.f == NULL) {
-	hx509_set_error_string(context, 0, ENOENT,
-			       "Failed to open file %s for writing");
-	return ENOENT;
-    }
-    sc.format = f->format;
-
-    ret = hx509_certs_iter(context, f->certs, store_func, &sc);
-    fclose(sc.f);
-    return ret;
-}
-
-static int 
-file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct ks_file *f = data;
-    return hx509_certs_add(context, f->certs, c);
-}
-
-static int 
-file_iter_start(hx509_context context,
-		hx509_certs certs, void *data, void **cursor)
-{
-    struct ks_file *f = data;
-    return hx509_certs_start_seq(context, f->certs, cursor);
-}
-
-static int
-file_iter(hx509_context context,
-	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    struct ks_file *f = data;
-    return hx509_certs_next_cert(context, f->certs, iter, cert);
-}
-
-static int
-file_iter_end(hx509_context context,
-	      hx509_certs certs,
-	      void *data,
-	      void *cursor)
-{
-    struct ks_file *f = data;
-    return hx509_certs_end_seq(context, f->certs, cursor);
-}
-
-static int
-file_getkeys(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key **keys)
-{
-    struct ks_file *f = data;
-    return _hx509_certs_keys_get(context, f->certs, keys);
-}
-
-static int
-file_addkey(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key key)
-{
-    struct ks_file *f = data;
-    return _hx509_certs_keys_add(context, f->certs, key);
-}
-
-static struct hx509_keyset_ops keyset_file = {
-    "FILE",
-    0,
-    file_init_pem,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-static struct hx509_keyset_ops keyset_pemfile = {
-    "PEM-FILE",
-    0,
-    file_init_pem,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-static struct hx509_keyset_ops keyset_derfile = {
-    "DER-FILE",
-    0,
-    file_init_der,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-
-void
-_hx509_ks_file_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_file);
-    _hx509_ks_register(context, &keyset_pemfile);
-    _hx509_ks_register(context, &keyset_derfile);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_keychain.c b/crypto/heimdal/lib/hx509/ks_keychain.c
deleted file mode 100644
index f818197..0000000
--- a/crypto/heimdal/lib/hx509/ks_keychain.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $");
-
-#ifdef HAVE_FRAMEWORK_SECURITY
-
-#include <Security/Security.h>
-
-/* Missing function decls in pre Leopard */
-#ifdef NEED_SECKEYGETCSPHANDLE_PROTO
-OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
-OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
-			      int, const CSSM_ACCESS_CREDENTIALS **);
-#define kSecCredentialTypeDefault 0
-#endif
-
-
-static int
-getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
-	     SecKeychainAttributeList **attrs)
-{	     
-    SecKeychainAttributeInfo attrInfo;
-    UInt32 attrFormat = 0;
-    OSStatus ret;
-
-    *attrs = NULL;
-
-    attrInfo.count = 1;
-    attrInfo.tag = &item;
-    attrInfo.format = &attrFormat;
-  
-    ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
-					       attrs, NULL, NULL);
-    if (ret)
-	return EINVAL;
-    return 0;
-}
-
-
-/*
- *
- */
-
-struct kc_rsa {
-    SecKeychainItemRef item;
-    size_t keysize;
-};
-
-
-static int
-kc_rsa_public_encrypt(int flen,
-		      const unsigned char *from,
-		      unsigned char *to,
-		      RSA *rsa,
-		      int padding)
-{
-    return -1;
-}
-
-static int
-kc_rsa_public_decrypt(int flen,
-		      const unsigned char *from,
-		      unsigned char *to,
-		      RSA *rsa,
-		      int padding)
-{
-    return -1;
-}
-
-
-static int
-kc_rsa_private_encrypt(int flen, 
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    struct kc_rsa *kc = RSA_get_app_data(rsa);
-
-    CSSM_RETURN cret;
-    OSStatus ret;
-    const CSSM_ACCESS_CREDENTIALS *creds;
-    SecKeyRef privKeyRef = (SecKeyRef)kc->item;
-    CSSM_CSP_HANDLE cspHandle;
-    const CSSM_KEY *cssmKey;
-    CSSM_CC_HANDLE sigHandle = 0;
-    CSSM_DATA sig, in;
-    int fret = 0;
-
-
-    cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey);
-    if(cret) abort();
-
-    cret = SecKeyGetCSPHandle(privKeyRef, &cspHandle);
-    if(cret) abort();
-
-    ret = SecKeyGetCredentials(privKeyRef, CSSM_ACL_AUTHORIZATION_SIGN,
-			       kSecCredentialTypeDefault, &creds);
-    if(ret) abort();
-
-    ret = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
-					  creds, cssmKey, &sigHandle);
-    if(ret) abort();
-
-    in.Data = (uint8 *)from;
-    in.Length = flen;
-	
-    sig.Data = (uint8 *)to;
-    sig.Length = kc->keysize;
-	
-    cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig);
-    if(cret) {
-	/* cssmErrorString(cret); */
-	fret = -1;
-    } else
-	fret = sig.Length;
-
-    if(sigHandle)
-	CSSM_DeleteContext(sigHandle);
-
-    return fret;
-}
-
-static int
-kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-		       RSA * rsa, int padding)
-{
-    return -1;
-}
-
-static int 
-kc_rsa_init(RSA *rsa)
-{
-    return 1;
-}
-
-static int
-kc_rsa_finish(RSA *rsa)
-{
-    struct kc_rsa *kc_rsa = RSA_get_app_data(rsa);
-    CFRelease(kc_rsa->item);
-    memset(kc_rsa, 0, sizeof(*kc_rsa));
-    free(kc_rsa);
-    return 1;
-}
-
-static const RSA_METHOD kc_rsa_pkcs1_method = {
-    "hx509 Keychain PKCS#1 RSA",
-    kc_rsa_public_encrypt,
-    kc_rsa_public_decrypt,
-    kc_rsa_private_encrypt,
-    kc_rsa_private_decrypt,
-    NULL,
-    NULL,
-    kc_rsa_init,
-    kc_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-static int
-set_private_key(hx509_context context,
-		SecKeychainItemRef itemRef,
-		hx509_cert cert)
-{
-    struct kc_rsa *kc;
-    hx509_private_key key;
-    RSA *rsa;
-    int ret;
-
-    ret = _hx509_private_key_init(&key, NULL, NULL);
-    if (ret)
-	return ret;
-
-    kc = calloc(1, sizeof(*kc));
-    if (kc == NULL)
-	_hx509_abort("out of memory");
-
-    kc->item = itemRef;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	_hx509_abort("out of memory");
-
-    /* Argh, fake modulus since OpenSSL API is on crack */
-    {
-	SecKeychainAttributeList *attrs = NULL;
-	uint32_t size;
-	void *data;
-
-	rsa->n = BN_new();
-	if (rsa->n == NULL) abort();
-
-	ret = getAttribute(itemRef, kSecKeyKeySizeInBits, &attrs);
-	if (ret) abort();
-
-	size = *(uint32_t *)attrs->attr[0].data;
-	SecKeychainItemFreeAttributesAndData(attrs, NULL);
-
-	kc->keysize = (size + 7) / 8;
-
-	data = malloc(kc->keysize);
-	memset(data, 0xe0, kc->keysize);
-	BN_bin2bn(data, kc->keysize, rsa->n);
-	free(data);
-    }
-    rsa->e = NULL;
-
-    RSA_set_method(rsa, &kc_rsa_pkcs1_method);
-    ret = RSA_set_app_data(rsa, kc);
-    if (ret != 1)
-	_hx509_abort("RSA_set_app_data");
-
-    _hx509_private_key_assign_rsa(key, rsa);
-    _hx509_cert_assign_key(cert, key);
-
-    return 0;
-}
-
-/*
- *
- */
-
-struct ks_keychain {
-    int anchors;
-    SecKeychainRef keychain;
-};
-
-static int
-keychain_init(hx509_context context,
-	      hx509_certs certs, void **data, int flags,
-	      const char *residue, hx509_lock lock)
-{
-    struct ks_keychain *ctx;
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    if (residue) {
-	if (strcasecmp(residue, "system-anchors") == 0) {
-	    ctx->anchors = 1;
-	} else if (strncasecmp(residue, "FILE:", 5) == 0) {
-	    OSStatus ret;
-
-	    ret = SecKeychainOpen(residue + 5, &ctx->keychain);
-	    if (ret != noErr) {
-		hx509_set_error_string(context, 0, ENOENT, 
-				       "Failed to open %s", residue);
-		return ENOENT;
-	    }
-	} else {
-	    hx509_set_error_string(context, 0, ENOENT, 
-				   "Unknown subtype %s", residue);
-	    return ENOENT;
-	}
-    }
-
-    *data = ctx;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-keychain_free(hx509_certs certs, void *data)
-{
-    struct ks_keychain *ctx = data;
-    if (ctx->keychain)
-	CFRelease(ctx->keychain);
-    memset(ctx, 0, sizeof(*ctx));
-    free(ctx);
-    return 0;
-}
-
-/*
- *
- */
-
-struct iter {
-    hx509_certs certs;
-    void *cursor;
-    SecKeychainSearchRef searchRef;
-};
-
-static int 
-keychain_iter_start(hx509_context context,
-		    hx509_certs certs, void *data, void **cursor)
-{
-    struct ks_keychain *ctx = data;
-    struct iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    if (ctx->anchors) {
-        CFArrayRef anchors;
-	int ret;
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create", 
-			       0, NULL, &iter->certs);
-	if (ret) {
-	    free(iter);
-	    return ret;
-	}
-
-	ret = SecTrustCopyAnchorCertificates(&anchors);
-	if (ret != 0) {
-	    hx509_certs_free(&iter->certs);
-	    free(iter);
-	    hx509_set_error_string(context, 0, ENOMEM, 
-				   "Can't get trust anchors from Keychain");
-	    return ENOMEM;
-	}
-	for (i = 0; i < CFArrayGetCount(anchors); i++) {
-	    SecCertificateRef cr; 
-	    hx509_cert cert;
-	    CSSM_DATA cssm;
-
-	    cr = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
-
-	    SecCertificateGetData(cr, &cssm);
-
-	    ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert);
-	    if (ret)
-		continue;
-
-	    ret = hx509_certs_add(context, iter->certs, cert);
-	    hx509_cert_free(cert);
-	}
-	CFRelease(anchors);
-    }
-
-    if (iter->certs) {
-	int ret;
-	ret = hx509_certs_start_seq(context, iter->certs, &iter->cursor);
-	if (ret) {
-	    hx509_certs_free(&iter->certs);
-	    free(iter);
-	    return ret;
-	}
-    } else {
-	OSStatus ret;
-
-	ret = SecKeychainSearchCreateFromAttributes(ctx->keychain,
-						    kSecCertificateItemClass,
-						    NULL,
-						    &iter->searchRef);
-	if (ret) {
-	    free(iter);
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to start search for attributes");
-	    return ENOMEM;
-	}
-    }
-
-    *cursor = iter;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-keychain_iter(hx509_context context,
-	      hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
-{
-    SecKeychainAttributeList *attrs = NULL;
-    SecKeychainAttributeInfo attrInfo;
-    UInt32 attrFormat[1] = { 0 };
-    SecKeychainItemRef itemRef;
-    SecItemAttr item[1];
-    struct iter *iter = cursor;
-    OSStatus ret;
-    UInt32 len;
-    void *ptr = NULL;
-
-    if (iter->certs)
-	return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert);
-
-    *cert = NULL;
-
-    ret = SecKeychainSearchCopyNext(iter->searchRef, &itemRef);
-    if (ret == errSecItemNotFound)
-	return 0;
-    else if (ret != 0)
-	return EINVAL;
-	
-    /*
-     * Pick out certificate and matching "keyid"
-     */
-
-    item[0] = kSecPublicKeyHashItemAttr;
-
-    attrInfo.count = 1;
-    attrInfo.tag = item;
-    attrInfo.format = attrFormat;
-  
-    ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
-					       &attrs, &len, &ptr);
-    if (ret)
-	return EINVAL;
-
-    ret = hx509_cert_init_data(context, ptr, len, cert);
-    if (ret)
-	goto out;
-
-    /* 
-     * Find related private key if there is one by looking at
-     * kSecPublicKeyHashItemAttr == kSecKeyLabel
-     */
-    {
-	SecKeychainSearchRef search;
-	SecKeychainAttribute attrKeyid;
-	SecKeychainAttributeList attrList;
-
-	attrKeyid.tag = kSecKeyLabel;
-	attrKeyid.length = attrs->attr[0].length;
-	attrKeyid.data = attrs->attr[0].data;
-	
-	attrList.count = 1;
-	attrList.attr = &attrKeyid;
-
-	ret = SecKeychainSearchCreateFromAttributes(NULL,
-						    CSSM_DL_DB_RECORD_PRIVATE_KEY,
-						    &attrList,
-						    &search);
-	if (ret) {
-	    ret = 0;
-	    goto out;
-	}
-
-	ret = SecKeychainSearchCopyNext(search, &itemRef);
-	CFRelease(search);
-	if (ret == errSecItemNotFound) {
-	    ret = 0;
-	    goto out;
-	} else if (ret) {
-	    ret = EINVAL;
-	    goto out;
-	}
-	set_private_key(context, itemRef, *cert);
-    }
-
-out:
-    SecKeychainItemFreeAttributesAndData(attrs, ptr);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-keychain_iter_end(hx509_context context,
-		  hx509_certs certs,
-		  void *data,
-		  void *cursor)
-{
-    struct iter *iter = cursor;
-
-    if (iter->certs) {
-	int ret;
-	ret = hx509_certs_end_seq(context, iter->certs, iter->cursor);
-	hx509_certs_free(&iter->certs);
-    } else {
-	CFRelease(iter->searchRef);
-    }
-
-    memset(iter, 0, sizeof(*iter));
-    free(iter);
-    return 0;
-}
-
-/*
- *
- */
-
-struct hx509_keyset_ops keyset_keychain = {
-    "KEYCHAIN",
-    0,
-    keychain_init,
-    NULL,
-    keychain_free,
-    NULL,
-    NULL,
-    keychain_iter_start,
-    keychain_iter,
-    keychain_iter_end
-};
-
-#endif /* HAVE_FRAMEWORK_SECURITY */
-
-/*
- *
- */
-
-void
-_hx509_ks_keychain_register(hx509_context context)
-{
-#ifdef HAVE_FRAMEWORK_SECURITY
-    _hx509_ks_register(context, &keyset_keychain);
-#endif
-}
diff --git a/crypto/heimdal/lib/hx509/ks_mem.c b/crypto/heimdal/lib/hx509/ks_mem.c
deleted file mode 100644
index efa19eb..0000000
--- a/crypto/heimdal/lib/hx509/ks_mem.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("Id$");
-
-/*
- * Should use two hash/tree certificates intead of a array.  Criteria
- * should be subject and subjectKeyIdentifier since those two are
- * commonly seached on in CMS and path building.
- */
-
-struct mem_data {
-    char *name;
-    struct {
-	unsigned long len;
-	hx509_cert *val;
-    } certs;
-    hx509_private_key *keys;
-};
-
-static int
-mem_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags,
-	 const char *residue, hx509_lock lock)
-{
-    struct mem_data *mem;
-    mem = calloc(1, sizeof(*mem));
-    if (mem == NULL)
-	return ENOMEM;
-    if (residue == NULL || residue[0] == '\0')
-	residue = "anonymous";
-    mem->name = strdup(residue);
-    if (mem->name == NULL) {
-	free(mem);
-	return ENOMEM;
-    }
-    *data = mem;
-    return 0;
-}
-
-static int
-mem_free(hx509_certs certs, void *data)
-{
-    struct mem_data *mem = data;
-    unsigned long i;
-    
-    for (i = 0; i < mem->certs.len; i++)
-	hx509_cert_free(mem->certs.val[i]);
-    free(mem->certs.val);
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	_hx509_private_key_free(&mem->keys[i]);
-    free(mem->keys);
-    free(mem->name);
-    free(mem);
-
-    return 0;
-}
-
-static int 
-mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct mem_data *mem = data;
-    hx509_cert *val;
-
-    val = realloc(mem->certs.val, 
-		  (mem->certs.len + 1) * sizeof(mem->certs.val[0]));
-    if (val == NULL)
-	return ENOMEM;
-
-    mem->certs.val = val;
-    mem->certs.val[mem->certs.len] = hx509_cert_ref(c);
-    mem->certs.len++;
-
-    return 0;
-}
-
-static int 
-mem_iter_start(hx509_context context,
-	       hx509_certs certs,
-	       void *data,
-	       void **cursor)
-{
-    unsigned long *iter = malloc(sizeof(*iter));
-
-    if (iter == NULL)
-	return ENOMEM;
-
-    *iter = 0;
-    *cursor = iter;
-
-    return 0;
-}
-
-static int
-mem_iter(hx509_context contexst,
-	 hx509_certs certs,
-	 void *data, 
-	 void *cursor,
-	 hx509_cert *cert)
-{
-    unsigned long *iter = cursor;
-    struct mem_data *mem = data;
-
-    if (*iter >= mem->certs.len) {
-	*cert = NULL;
-	return 0;
-    }
-
-    *cert = hx509_cert_ref(mem->certs.val[*iter]);
-    (*iter)++;
-    return 0;
-}
-
-static int
-mem_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    free(cursor);
-    return 0;
-}
-
-static int
-mem_getkeys(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key **keys)
-{
-    struct mem_data *mem = data;
-    int i;
-
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	;
-    *keys = calloc(i + 1, sizeof(**keys));
-    for (i = 0; mem->keys && mem->keys[i]; i++) {
-	(*keys)[i] = _hx509_private_key_ref(mem->keys[i]);
-	if ((*keys)[i] == NULL) {
-	    while (--i >= 0)
-		_hx509_private_key_free(&(*keys)[i]);
-	    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	    return ENOMEM;
-	}
-    }	    
-    (*keys)[i] = NULL;
-    return 0;
-}
-
-static int
-mem_addkey(hx509_context context,
-	   hx509_certs certs,
-	   void *data,
-	   hx509_private_key key)
-{
-    struct mem_data *mem = data;
-    void *ptr;
-    int i;
-
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	;
-    ptr = realloc(mem->keys, (i + 2) * sizeof(*mem->keys));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    mem->keys = ptr;
-    mem->keys[i++] = _hx509_private_key_ref(key);
-    mem->keys[i++] = NULL;
-    return 0;
-}
-
-
-static struct hx509_keyset_ops keyset_mem = {
-    "MEMORY",
-    0,
-    mem_init,
-    NULL,
-    mem_free,
-    mem_add,
-    NULL,
-    mem_iter_start,
-    mem_iter,
-    mem_iter_end,
-    NULL,
-    mem_getkeys,
-    mem_addkey
-};
-
-void
-_hx509_ks_mem_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_mem);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_null.c b/crypto/heimdal/lib/hx509/ks_null.c
deleted file mode 100644
index 3be259f..0000000
--- a/crypto/heimdal/lib/hx509/ks_null.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $");
-
-
-static int
-null_init(hx509_context context,
-	  hx509_certs certs, void **data, int flags,
-	  const char *residue, hx509_lock lock)
-{
-    *data = NULL;
-    return 0;
-}
-
-static int
-null_free(hx509_certs certs, void *data)
-{
-    assert(data == NULL);
-    return 0;
-}
-
-static int 
-null_iter_start(hx509_context context,
-		hx509_certs certs, void *data, void **cursor)
-{
-    *cursor = NULL;
-    return 0;
-}
-
-static int
-null_iter(hx509_context context,
-	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    *cert = NULL;
-    return ENOENT;
-}
-
-static int
-null_iter_end(hx509_context context,
-	      hx509_certs certs,
-	      void *data,
-	      void *cursor)
-{
-    assert(cursor == NULL);
-    return 0;
-}
-
-
-struct hx509_keyset_ops keyset_null = {
-    "NULL",
-    0,
-    null_init,
-    NULL,
-    null_free,
-    NULL,
-    NULL,
-    null_iter_start,
-    null_iter,
-    null_iter_end
-};
-
-void
-_hx509_ks_null_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_null);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_p11.c b/crypto/heimdal/lib/hx509/ks_p11.c
deleted file mode 100644
index 0d7c312..0000000
--- a/crypto/heimdal/lib/hx509/ks_p11.c
+++ /dev/null
@@ -1,1192 +0,0 @@
-/*
- * Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $");
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#ifdef HAVE_DLOPEN
-
-#include "pkcs11.h"
-
-struct p11_slot {
-    int flags;
-#define P11_SESSION		1
-#define P11_SESSION_IN_USE	2
-#define P11_LOGIN_REQ		4
-#define P11_LOGIN_DONE		8
-#define P11_TOKEN_PRESENT	16
-    CK_SESSION_HANDLE session;
-    CK_SLOT_ID id;
-    CK_BBOOL token;
-    char *name;
-    hx509_certs certs;
-    char *pin;
-    struct {
-	CK_MECHANISM_TYPE_PTR list;
-	CK_ULONG num;
-	CK_MECHANISM_INFO_PTR *infos;
-    } mechs;
-};
-
-struct p11_module {
-    void *dl_handle;
-    CK_FUNCTION_LIST_PTR funcs;
-    CK_ULONG num_slots;
-    unsigned int refcount;
-    struct p11_slot *slot;
-};
-
-#define P11FUNC(module,f,args) (*(module)->funcs->C_##f)args
-
-static int p11_get_session(hx509_context,
-			   struct p11_module *,
-			   struct p11_slot *,
-			   hx509_lock,
-			   CK_SESSION_HANDLE *);
-static int p11_put_session(struct p11_module *,
-			   struct p11_slot *,
-			   CK_SESSION_HANDLE);
-static void p11_release_module(struct p11_module *);
-
-static int p11_list_keys(hx509_context,
-			 struct p11_module *,
-			 struct p11_slot *, 
-			 CK_SESSION_HANDLE,
-			 hx509_lock,
-			 hx509_certs *);
-
-/*
- *
- */
-
-struct p11_rsa {
-    struct p11_module *p;
-    struct p11_slot *slot;
-    CK_OBJECT_HANDLE private_key;
-    CK_OBJECT_HANDLE public_key;
-};
-
-static int
-p11_rsa_public_encrypt(int flen,
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    return -1;
-}
-
-static int
-p11_rsa_public_decrypt(int flen,
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    return -1;
-}
-
-
-static int
-p11_rsa_private_encrypt(int flen, 
-			const unsigned char *from,
-			unsigned char *to,
-			RSA *rsa,
-			int padding)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    CK_OBJECT_HANDLE key = p11rsa->private_key;
-    CK_SESSION_HANDLE session;
-    CK_MECHANISM mechanism;
-    CK_ULONG ck_sigsize;
-    int ret;
-
-    if (padding != RSA_PKCS1_PADDING)
-	return -1;
-
-    memset(&mechanism, 0, sizeof(mechanism));
-    mechanism.mechanism = CKM_RSA_PKCS;
-
-    ck_sigsize = RSA_size(rsa);
-
-    ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
-    if (ret)
-	return -1;
-
-    ret = P11FUNC(p11rsa->p, SignInit, (session, &mechanism, key));
-    if (ret != CKR_OK) {
-	p11_put_session(p11rsa->p, p11rsa->slot, session);
-	return -1;
-    }
-
-    ret = P11FUNC(p11rsa->p, Sign, 
-		  (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
-    p11_put_session(p11rsa->p, p11rsa->slot, session);
-    if (ret != CKR_OK)
-	return -1;
-
-    return ck_sigsize;
-}
-
-static int
-p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-			RSA * rsa, int padding)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    CK_OBJECT_HANDLE key = p11rsa->private_key;
-    CK_SESSION_HANDLE session;
-    CK_MECHANISM mechanism;
-    CK_ULONG ck_sigsize;
-    int ret;
-
-    if (padding != RSA_PKCS1_PADDING)
-	return -1;
-
-    memset(&mechanism, 0, sizeof(mechanism));
-    mechanism.mechanism = CKM_RSA_PKCS;
-
-    ck_sigsize = RSA_size(rsa);
-
-    ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
-    if (ret)
-	return -1;
-
-    ret = P11FUNC(p11rsa->p, DecryptInit, (session, &mechanism, key));
-    if (ret != CKR_OK) {
-	p11_put_session(p11rsa->p, p11rsa->slot, session);
-	return -1;
-    }
-
-    ret = P11FUNC(p11rsa->p, Decrypt, 
-		  (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
-    p11_put_session(p11rsa->p, p11rsa->slot, session);
-    if (ret != CKR_OK)
-	return -1;
-
-    return ck_sigsize;
-}
-
-static int 
-p11_rsa_init(RSA *rsa)
-{
-    return 1;
-}
-
-static int
-p11_rsa_finish(RSA *rsa)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    p11_release_module(p11rsa->p);
-    free(p11rsa);
-    return 1;
-}
-
-static const RSA_METHOD p11_rsa_pkcs1_method = {
-    "hx509 PKCS11 PKCS#1 RSA",
-    p11_rsa_public_encrypt,
-    p11_rsa_public_decrypt,
-    p11_rsa_private_encrypt,
-    p11_rsa_private_decrypt,
-    NULL,
-    NULL,
-    p11_rsa_init,
-    p11_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-/*
- *
- */
-
-static int
-p11_mech_info(hx509_context context,
-	      struct p11_module *p,
-	      struct p11_slot *slot,
-	      int num)
-{
-    CK_ULONG i;
-    int ret;
-
-    ret = P11FUNC(p, GetMechanismList, (slot->id, NULL_PTR, &i));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "Failed to get mech list count for slot %d",
-			       num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    if (i == 0) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "no mech supported for slot %d", num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    slot->mechs.list = calloc(i, sizeof(slot->mechs.list[0]));
-    if (slot->mechs.list == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "out of memory");
-	return ENOMEM;
-    }
-    slot->mechs.num = i;
-    ret = P11FUNC(p, GetMechanismList, (slot->id, slot->mechs.list, &i));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "Failed to get mech list for slot %d",
-			       num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    assert(i == slot->mechs.num);
-
-    slot->mechs.infos = calloc(i, sizeof(*slot->mechs.infos));
-    if (slot->mechs.list == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "out of memory");
-	return ENOMEM;
-    }
-
-    for (i = 0; i < slot->mechs.num; i++) {
-	slot->mechs.infos[i] = calloc(1, sizeof(*(slot->mechs.infos[0])));
-	if (slot->mechs.infos[i] == NULL) {
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "out of memory");
-	    return ENOMEM;
-	}
-	ret = P11FUNC(p, GetMechanismInfo, (slot->id, slot->mechs.list[i],
-					    slot->mechs.infos[i]));
-	if (ret) {
-	    hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-				   "Failed to get mech info for slot %d",
-				   num);
-	    return HX509_PKCS11_NO_MECH;
-	}
-    }
-
-    return 0;
-}
-
-static int
-p11_init_slot(hx509_context context, 
-	      struct p11_module *p,
-	      hx509_lock lock,
-	      CK_SLOT_ID id,
-	      int num,
-	      struct p11_slot *slot)
-{
-    CK_SESSION_HANDLE session;
-    CK_SLOT_INFO slot_info;
-    CK_TOKEN_INFO token_info;
-    int ret, i;
-
-    slot->certs = NULL;
-    slot->id = id;
-
-    ret = P11FUNC(p, GetSlotInfo, (slot->id, &slot_info));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
-			       "Failed to init PKCS11 slot %d",
-			       num);
-	return HX509_PKCS11_TOKEN_CONFUSED;
-    }
-
-    for (i = sizeof(slot_info.slotDescription) - 1; i > 0; i--) {
-	char c = slot_info.slotDescription[i];
-	if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\0')
-	    continue;
-	i++;
-	break;
-    }
-
-    asprintf(&slot->name, "%.*s",
-	     i, slot_info.slotDescription);
-
-    if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
-	return 0;
-
-    ret = P11FUNC(p, GetTokenInfo, (slot->id, &token_info));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_TOKEN,
-			       "Failed to init PKCS11 slot %d "
-			       "with error 0x08x",
-			       num, ret);
-	return HX509_PKCS11_NO_TOKEN;
-    }
-    slot->flags |= P11_TOKEN_PRESENT;
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED)
-	slot->flags |= P11_LOGIN_REQ;
-
-    ret = p11_get_session(context, p, slot, lock, &session);
-    if (ret)
-	return ret;
-
-    ret = p11_mech_info(context, p, slot, num);
-    if (ret)
-	goto out;
-
-    ret = p11_list_keys(context, p, slot, session, lock, &slot->certs);
- out:
-    p11_put_session(p, slot, session);
-
-    return ret;
-}
-
-static int
-p11_get_session(hx509_context context,
-		struct p11_module *p,
-		struct p11_slot *slot,
-		hx509_lock lock,
-		CK_SESSION_HANDLE *psession)
-{
-    CK_RV ret;
-
-    if (slot->flags & P11_SESSION_IN_USE)
-	_hx509_abort("slot already in session");
-    
-    if (slot->flags & P11_SESSION) {
-	slot->flags |= P11_SESSION_IN_USE;
-	*psession = slot->session;
-	return 0;
-    }
-
-    ret = P11FUNC(p, OpenSession, (slot->id, 
-				   CKF_SERIAL_SESSION,
-				   NULL,
-				   NULL,
-				   &slot->session));
-    if (ret != CKR_OK) {
-	if (context)
-	    hx509_set_error_string(context, 0, HX509_PKCS11_OPEN_SESSION,
-				   "Failed to OpenSession for slot id %d "
-				   "with error: 0x%08x",
-				   (int)slot->id, ret);
-	return HX509_PKCS11_OPEN_SESSION;
-    }
-    
-    slot->flags |= P11_SESSION;
-    
-    /* 
-     * If we have have to login, and haven't tried before and have a
-     * prompter or known to work pin code.
-     *
-     * This code is very conversative and only uses the prompter in
-     * the hx509_lock, the reason is that it's bad to try many
-     * passwords on a pkcs11 token, it might lock up and have to be
-     * unlocked by a administrator.
-     *
-     * XXX try harder to not use pin several times on the same card.
-     */
-
-    if (   (slot->flags & P11_LOGIN_REQ)
-	&& (slot->flags & P11_LOGIN_DONE) == 0
-	&& (lock || slot->pin))
-    {
-	hx509_prompt prompt;
-	char pin[20];
-	char *str;
-
-	slot->flags |= P11_LOGIN_DONE;
-
-	if (slot->pin == NULL) {
-
-	    memset(&prompt, 0, sizeof(prompt));
-
-	    asprintf(&str, "PIN code for %s: ", slot->name);
-	    prompt.prompt = str;
-	    prompt.type = HX509_PROMPT_TYPE_PASSWORD;
-	    prompt.reply.data = pin;
-	    prompt.reply.length = sizeof(pin);
-	    
-	    ret = hx509_lock_prompt(lock, &prompt);
-	    if (ret) {
-		free(str);
-		if (context)
-		    hx509_set_error_string(context, 0, ret,
-					   "Failed to get pin code for slot "
-					   "id %d with error: %d",
-					   (int)slot->id, ret);
-		return ret;
-	    }
-	    free(str);
-	} else {
-	    strlcpy(pin, slot->pin, sizeof(pin));
-	}
-
-	ret = P11FUNC(p, Login, (slot->session, CKU_USER,
-				 (unsigned char*)pin, strlen(pin)));
-	if (ret != CKR_OK) {
-	    if (context)
-		hx509_set_error_string(context, 0, HX509_PKCS11_LOGIN,
-				       "Failed to login on slot id %d "
-				       "with error: 0x%08x",
-				       (int)slot->id, ret);
-	    p11_put_session(p, slot, slot->session);
-	    return HX509_PKCS11_LOGIN;
-	}
-	if (slot->pin == NULL) {
-	    slot->pin = strdup(pin);
-	    if (slot->pin == NULL) {
-		if (context)
-		    hx509_set_error_string(context, 0, ENOMEM,
-					   "out of memory");
-		p11_put_session(p, slot, slot->session);
-		return ENOMEM;
-	    }
-	}
-    } else
-	slot->flags |= P11_LOGIN_DONE;
-
-    slot->flags |= P11_SESSION_IN_USE;
-
-    *psession = slot->session;
-
-    return 0;
-}
-
-static int
-p11_put_session(struct p11_module *p,
-		struct p11_slot *slot, 
-		CK_SESSION_HANDLE session)
-{
-    if ((slot->flags & P11_SESSION_IN_USE) == 0)
-	_hx509_abort("slot not in session");
-    slot->flags &= ~P11_SESSION_IN_USE;
-
-    return 0;
-}
-
-static int
-iterate_entries(hx509_context context,
-		struct p11_module *p, struct p11_slot *slot,
-		CK_SESSION_HANDLE session,
-		CK_ATTRIBUTE *search_data, int num_search_data,
-		CK_ATTRIBUTE *query, int num_query,
-		int (*func)(hx509_context,
-			    struct p11_module *, struct p11_slot *,
-			    CK_SESSION_HANDLE session,
-			    CK_OBJECT_HANDLE object,
-			    void *, CK_ATTRIBUTE *, int), void *ptr)
-{
-    CK_OBJECT_HANDLE object;
-    CK_ULONG object_count;
-    int ret, i;
-
-    ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data));
-    if (ret != CKR_OK) {
-	return -1;
-    }
-    while (1) {
-	ret = P11FUNC(p, FindObjects, (session, &object, 1, &object_count));
-	if (ret != CKR_OK) {
-	    return -1;
-	}
-	if (object_count == 0)
-	    break;
-	
-	for (i = 0; i < num_query; i++)
-	    query[i].pValue = NULL;
-
-	ret = P11FUNC(p, GetAttributeValue, 
-		      (session, object, query, num_query));
-	if (ret != CKR_OK) {
-	    return -1;
-	}
-	for (i = 0; i < num_query; i++) {
-	    query[i].pValue = malloc(query[i].ulValueLen);
-	    if (query[i].pValue == NULL) {
-		ret = ENOMEM;
-		goto out;
-	    }
-	}
-	ret = P11FUNC(p, GetAttributeValue,
-		      (session, object, query, num_query));
-	if (ret != CKR_OK) {
-	    ret = -1;
-	    goto out;
-	}
-	
-	ret = (*func)(context, p, slot, session, object, ptr, query, num_query);
-	if (ret)
-	    goto out;
-
-	for (i = 0; i < num_query; i++) {
-	    if (query[i].pValue)
-		free(query[i].pValue);
-	    query[i].pValue = NULL;
-	}
-    }
- out:
-
-    for (i = 0; i < num_query; i++) {
-	if (query[i].pValue)
-	    free(query[i].pValue);
-	query[i].pValue = NULL;
-    }
-
-    ret = P11FUNC(p, FindObjectsFinal, (session));
-    if (ret != CKR_OK) {
-	return -2;
-    }
-
-
-    return 0;
-}
-		
-static BIGNUM *
-getattr_bn(struct p11_module *p,
-	   struct p11_slot *slot,
-	   CK_SESSION_HANDLE session,
-	   CK_OBJECT_HANDLE object, 
-	   unsigned int type)
-{
-    CK_ATTRIBUTE query;
-    BIGNUM *bn;
-    int ret;
-
-    query.type = type;
-    query.pValue = NULL;
-    query.ulValueLen = 0;
-
-    ret = P11FUNC(p, GetAttributeValue, 
-		  (session, object, &query, 1));
-    if (ret != CKR_OK)
-	return NULL;
-
-    query.pValue = malloc(query.ulValueLen);
-
-    ret = P11FUNC(p, GetAttributeValue, 
-		  (session, object, &query, 1));
-    if (ret != CKR_OK) {
-	free(query.pValue);
-	return NULL;
-    }
-    bn = BN_bin2bn(query.pValue, query.ulValueLen, NULL);
-    free(query.pValue);
-
-    return bn;
-}
-
-static int
-collect_private_key(hx509_context context,
-		    struct p11_module *p, struct p11_slot *slot,
-		    CK_SESSION_HANDLE session,
-		    CK_OBJECT_HANDLE object,
-		    void *ptr, CK_ATTRIBUTE *query, int num_query)
-{
-    struct hx509_collector *collector = ptr;
-    hx509_private_key key;
-    heim_octet_string localKeyId;
-    int ret;
-    RSA *rsa;
-    struct p11_rsa *p11rsa;
-
-    localKeyId.data = query[0].pValue;
-    localKeyId.length = query[0].ulValueLen;
-
-    ret = _hx509_private_key_init(&key, NULL, NULL);
-    if (ret)
-	return ret;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	_hx509_abort("out of memory");
-
-    /* 
-     * The exponent and modulus should always be present according to
-     * the pkcs11 specification, but some smartcards leaves it out,
-     * let ignore any failure to fetch it.
-     */
-    rsa->n = getattr_bn(p, slot, session, object, CKA_MODULUS);
-    rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT);
-
-    p11rsa = calloc(1, sizeof(*p11rsa));
-    if (p11rsa == NULL)
-	_hx509_abort("out of memory");
-
-    p11rsa->p = p;
-    p11rsa->slot = slot;
-    p11rsa->private_key = object;
-    
-    p->refcount++;
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to high");
-
-    RSA_set_method(rsa, &p11_rsa_pkcs1_method);
-    ret = RSA_set_app_data(rsa, p11rsa);
-    if (ret != 1)
-	_hx509_abort("RSA_set_app_data");
-
-    _hx509_private_key_assign_rsa(key, rsa);
-
-    ret = _hx509_collector_private_key_add(context,
-					   collector,
-					   hx509_signature_rsa(),
-					   key,
-					   NULL,
-					   &localKeyId);
-
-    if (ret) {
-	_hx509_private_key_free(&key);
-	return ret;
-    }
-    return 0;
-}
-
-static void
-p11_cert_release(hx509_cert cert, void *ctx)
-{
-    struct p11_module *p = ctx;
-    p11_release_module(p);
-}
-
-
-static int
-collect_cert(hx509_context context, 
-	     struct p11_module *p, struct p11_slot *slot,
-	     CK_SESSION_HANDLE session,
-	     CK_OBJECT_HANDLE object,
-	     void *ptr, CK_ATTRIBUTE *query, int num_query)
-{
-    struct hx509_collector *collector = ptr;
-    hx509_cert cert;
-    int ret;
-
-    if ((CK_LONG)query[0].ulValueLen == -1 ||
-	(CK_LONG)query[1].ulValueLen == -1) 
-    {
-	return 0;
-    }
-
-    ret = hx509_cert_init_data(context, query[1].pValue, 
-			       query[1].ulValueLen, &cert);
-    if (ret)
-	return ret;
-
-    p->refcount++;
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to high");
-
-    _hx509_cert_set_release(cert, p11_cert_release, p);
-
-    {
-	heim_octet_string data;
-	
-	data.data = query[0].pValue;
-	data.length = query[0].ulValueLen;
-	
-	_hx509_set_cert_attribute(context,
-				  cert,
-				  oid_id_pkcs_9_at_localKeyId(),
-				  &data);
-    }
-
-    if ((CK_LONG)query[2].ulValueLen != -1) {
-	char *str;
-
-	asprintf(&str, "%.*s",
-		 (int)query[2].ulValueLen, (char *)query[2].pValue);
-	if (str) {
-	    hx509_cert_set_friendly_name(cert, str);
-	    free(str);
-	}
-    }
-
-    ret = _hx509_collector_certs_add(context, collector, cert);
-    hx509_cert_free(cert);
-
-    return ret;
-}
-
-
-static int
-p11_list_keys(hx509_context context,
-	      struct p11_module *p,
-	      struct p11_slot *slot, 
-	      CK_SESSION_HANDLE session,
-	      hx509_lock lock,
-	      hx509_certs *certs)
-{
-    struct hx509_collector *collector;
-    CK_OBJECT_CLASS key_class;
-    CK_ATTRIBUTE search_data[] = {
-	{CKA_CLASS, NULL, 0},
-    };
-    CK_ATTRIBUTE query_data[3] = {
-	{CKA_ID, NULL, 0},
-	{CKA_VALUE, NULL, 0},
-	{CKA_LABEL, NULL, 0}
-    };
-    int ret;
-
-    search_data[0].pValue = &key_class;
-    search_data[0].ulValueLen = sizeof(key_class);
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    ret = _hx509_collector_alloc(context, lock, &collector);
-    if (ret)
-	return ret;
-
-    key_class = CKO_PRIVATE_KEY;
-    ret = iterate_entries(context, p, slot, session,
-			  search_data, 1,
-			  query_data, 1,
-			  collect_private_key, collector);
-    if (ret)
-	goto out;
-
-    key_class = CKO_CERTIFICATE;
-    ret = iterate_entries(context, p, slot, session,
-			  search_data, 1,
-			  query_data, 3,
-			  collect_cert, collector);
-    if (ret)
-	goto out;
-
-    ret = _hx509_collector_collect_certs(context, collector, &slot->certs);
-
-out:
-    _hx509_collector_free(collector);
-
-    return ret;
-}
-
-
-static int
-p11_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    CK_C_GetFunctionList getFuncs;
-    struct p11_module *p;
-    char *list, *str;
-    int ret;
-
-    *data = NULL;
-
-    list = strdup(residue);
-    if (list == NULL)
-	return ENOMEM;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	free(list);
-	return ENOMEM;
-    }
-
-    p->refcount = 1;
-
-    str = strchr(list, ',');
-    if (str)
-	*str++ = '\0';
-    while (str) {
-	char *strnext;
-	strnext = strchr(str, ',');
-	if (strnext)
-	    *strnext++ = '\0';
-#if 0
-	if (strncasecmp(str, "slot=", 5) == 0)
-	    p->selected_slot = atoi(str + 5);
-#endif
-	str = strnext;
-    }
-
-    p->dl_handle = dlopen(list, RTLD_NOW);
-    free(list);
-    if (p->dl_handle == NULL) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to open %s: %s", list, dlerror());
-	goto out;
-    }
-
-    getFuncs = dlsym(p->dl_handle, "C_GetFunctionList");
-    if (getFuncs == NULL) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "C_GetFunctionList missing in %s: %s", 
-			       list, dlerror());
-	goto out;
-    }
-
-    ret = (*getFuncs)(&p->funcs);
-    if (ret) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "C_GetFunctionList failed in %s", list);
-	goto out;
-    }
-
-    ret = P11FUNC(p, Initialize, (NULL_PTR));
-    if (ret != CKR_OK) {
-	ret = HX509_PKCS11_TOKEN_CONFUSED;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed initialize the PKCS11 module");
-	goto out;
-    }
-
-    ret = P11FUNC(p, GetSlotList, (FALSE, NULL, &p->num_slots));
-    if (ret) {
-	ret = HX509_PKCS11_TOKEN_CONFUSED;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to get number of PKCS11 slots");
-	goto out;
-    }
-
-   if (p->num_slots == 0) {
-	ret = HX509_PKCS11_NO_SLOT;
-	hx509_set_error_string(context, 0, ret,
-			       "Selected PKCS11 module have no slots");
-	goto out;
-   }
-
-
-    {
-	CK_SLOT_ID_PTR slot_ids;
-	int i, num_tokens = 0;
-
-	slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
-	if (slot_ids == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = P11FUNC(p, GetSlotList, (FALSE, slot_ids, &p->num_slots));
-	if (ret) {
-	    free(slot_ids);
-	    hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
-				   "Failed getting slot-list from "
-				   "PKCS11 module");
-	    ret = HX509_PKCS11_TOKEN_CONFUSED;
-	    goto out;
-	}
-
-	p->slot = calloc(p->num_slots, sizeof(p->slot[0]));
-	if (p->slot == NULL) {
-	    free(slot_ids);
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "Failed to get memory for slot-list");
-	    ret = ENOMEM;
-	    goto out;
-	}
-			 
-	for (i = 0; i < p->num_slots; i++) {
-	    ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
-	    if (ret)
-		break;
-	    if (p->slot[i].flags & P11_TOKEN_PRESENT)
-		num_tokens++;
-	}
-	free(slot_ids);
-	if (ret)
-	    goto out;
-	if (num_tokens == 0) {
-	    ret = HX509_PKCS11_NO_TOKEN;
-	    goto out;
-	}
-    }
-
-    *data = p;
-
-    return 0;
- out:    
-    p11_release_module(p);
-    return ret;
-}
-
-static void
-p11_release_module(struct p11_module *p)
-{
-    int i;
-
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to low");
-    if (--p->refcount > 0)
-	return;
-
-    for (i = 0; i < p->num_slots; i++) {
-	if (p->slot[i].flags & P11_SESSION_IN_USE)
-	    _hx509_abort("pkcs11 module release while session in use");
-	if (p->slot[i].flags & P11_SESSION) {
-	    int ret;
-
-	    ret = P11FUNC(p, CloseSession, (p->slot[i].session));
-	    if (ret != CKR_OK)
-		;
-	}
-
-	if (p->slot[i].name)
-	    free(p->slot[i].name);
-	if (p->slot[i].pin) {
-	    memset(p->slot[i].pin, 0, strlen(p->slot[i].pin));
-	    free(p->slot[i].pin);
-	}
-	if (p->slot[i].mechs.num) {
-	    free(p->slot[i].mechs.list);
-
-	    if (p->slot[i].mechs.infos) {
-		int j;
-
-		for (j = 0 ; j < p->slot[i].mechs.num ; j++)
-		    free(p->slot[i].mechs.infos[j]);
-		free(p->slot[i].mechs.infos);
-	    }
-	}
-    }
-    free(p->slot);
-
-    if (p->funcs)
-	P11FUNC(p, Finalize, (NULL));
-
-    if (p->dl_handle)
-	dlclose(p->dl_handle);
-
-    memset(p, 0, sizeof(*p));
-    free(p);
-}
-
-static int
-p11_free(hx509_certs certs, void *data)
-{
-    struct p11_module *p = data;
-    int i;
-
-    for (i = 0; i < p->num_slots; i++) {
-	if (p->slot[i].certs)
-	    hx509_certs_free(&p->slot[i].certs);
-    }
-    p11_release_module(p);
-    return 0;
-}
-
-struct p11_cursor {
-    hx509_certs certs;
-    void *cursor;
-};
-
-static int 
-p11_iter_start(hx509_context context,
-	       hx509_certs certs, void *data, void **cursor)
-{
-    struct p11_module *p = data;
-    struct p11_cursor *c;
-    int ret, i;
-
-    c = malloc(sizeof(*c));
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    ret = hx509_certs_init(context, "MEMORY:pkcs11-iter", 0, NULL, &c->certs);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-
-    for (i = 0 ; i < p->num_slots; i++) {
-	if (p->slot[i].certs == NULL)
-	    continue;
-	ret = hx509_certs_merge(context, c->certs, p->slot[i].certs);
-	if (ret) {
-	    hx509_certs_free(&c->certs);
-	    free(c);
-	    return ret;
-	}
-    }
-
-    ret = hx509_certs_start_seq(context, c->certs, &c->cursor);
-    if (ret) {
-	hx509_certs_free(&c->certs);
-	free(c);
-	return 0;
-    }
-    *cursor = c;
-
-    return 0;
-}
-
-static int
-p11_iter(hx509_context context,
-	 hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
-{
-    struct p11_cursor *c = cursor;
-    return hx509_certs_next_cert(context, c->certs, c->cursor, cert);
-}
-
-static int
-p11_iter_end(hx509_context context,
-	     hx509_certs certs, void *data, void *cursor)
-{
-    struct p11_cursor *c = cursor;
-    int ret;
-    ret = hx509_certs_end_seq(context, c->certs, c->cursor);
-    hx509_certs_free(&c->certs);
-    free(c);
-    return ret;
-}
-
-#define MECHFLAG(x) { "unknown-flag-" #x, x }
-static struct units mechflags[] = {
-	MECHFLAG(0x80000000),
-	MECHFLAG(0x40000000),
-	MECHFLAG(0x20000000),
-	MECHFLAG(0x10000000),
-	MECHFLAG(0x08000000),
-	MECHFLAG(0x04000000),
-	{"ec-compress",		0x2000000 },
-	{"ec-uncompress",	0x1000000 },
-	{"ec-namedcurve",	0x0800000 },
-	{"ec-ecparameters",	0x0400000 },
-	{"ec-f-2m",		0x0200000 },
-	{"ec-f-p",		0x0100000 },
-	{"derive",		0x0080000 },
-	{"unwrap",		0x0040000 },
-	{"wrap",		0x0020000 },
-	{"genereate-key-pair",	0x0010000 },
-	{"generate",		0x0008000 },
-	{"verify-recover",	0x0004000 },
-	{"verify",		0x0002000 },
-	{"sign-recover",	0x0001000 },
-	{"sign",		0x0000800 },
-	{"digest",		0x0000400 },
-	{"decrypt",		0x0000200 },
-	{"encrypt",		0x0000100 },
-	MECHFLAG(0x00080),
-	MECHFLAG(0x00040),
-	MECHFLAG(0x00020),
-	MECHFLAG(0x00010),
-	MECHFLAG(0x00008),
-	MECHFLAG(0x00004),
-	MECHFLAG(0x00002),
-	{"hw",			0x0000001 },
-	{ NULL,			0x0000000 }
-};
-#undef MECHFLAG
-
-static int
-p11_printinfo(hx509_context context, 
-	      hx509_certs certs, 
-	      void *data,
-	      int (*func)(void *, const char *),
-	      void *ctx)
-{
-    struct p11_module *p = data;
-    int i, j;
-        
-    _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", 
-		     p->num_slots, p->num_slots > 1 ? "s" : "");
-
-    for (i = 0; i < p->num_slots; i++) {
-	struct p11_slot *s = &p->slot[i];
-
-	_hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x",
-			 i, (int)s->id, s->name, s->flags);
-
-	_hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu", 
-			 (unsigned long)s->mechs.num);
-	for (j = 0; j < s->mechs.num; j++) {
-	    const char *mechname = "unknown";
-	    char flags[256], unknownname[40];
-#define MECHNAME(s,n) case s: mechname = n; break
-	    switch(s->mechs.list[j]) {
-		MECHNAME(CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen");
-		MECHNAME(CKM_RSA_PKCS, "rsa-pkcs");
-		MECHNAME(CKM_RSA_X_509, "rsa-x-509");
-		MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
-		MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
-		MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
-		MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
-		MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
-		MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
-		MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
-		MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
-		MECHNAME(CKM_SHA512, "sha512");
-		MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
-		MECHNAME(CKM_SHA384, "sha384");
-		MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
-		MECHNAME(CKM_SHA256, "sha256");
-		MECHNAME(CKM_SHA_1, "sha1");
-		MECHNAME(CKM_MD5, "md5");
-		MECHNAME(CKM_MD2, "md2");
-		MECHNAME(CKM_RIPEMD160, "ripemd-160");
-		MECHNAME(CKM_DES_ECB, "des-ecb");
-		MECHNAME(CKM_DES_CBC, "des-cbc");
-		MECHNAME(CKM_AES_ECB, "aes-ecb");
-		MECHNAME(CKM_AES_CBC, "aes-cbc");
-		MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen");
-	    default:
-		snprintf(unknownname, sizeof(unknownname),
-			 "unknown-mech-%lu", 
-			 (unsigned long)s->mechs.list[j]);
-		mechname = unknownname;
-		break;
-	    }
-#undef MECHNAME
-	    unparse_flags(s->mechs.infos[j]->flags, mechflags, 
-			  flags, sizeof(flags));
-
-	    _hx509_pi_printf(func, ctx, "  %s: %s", mechname, flags);
-	}
-    }
-
-    return 0;
-}
-
-static struct hx509_keyset_ops keyset_pkcs11 = {
-    "PKCS11",
-    0,
-    p11_init,
-    NULL,
-    p11_free,
-    NULL,
-    NULL,
-    p11_iter_start,
-    p11_iter,
-    p11_iter_end,
-    p11_printinfo
-};
-
-#endif /* HAVE_DLOPEN */
-
-void
-_hx509_ks_pkcs11_register(hx509_context context)
-{
-#ifdef HAVE_DLOPEN
-    _hx509_ks_register(context, &keyset_pkcs11);
-#endif
-}
diff --git a/crypto/heimdal/lib/hx509/ks_p12.c b/crypto/heimdal/lib/hx509/ks_p12.c
deleted file mode 100644
index 12756e6..0000000
--- a/crypto/heimdal/lib/hx509/ks_p12.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $");
-
-struct ks_pkcs12 {
-    hx509_certs certs;
-    char *fn;
-};
-
-typedef int (*collector_func)(hx509_context,
-			      struct hx509_collector *,
-			      const void *, size_t,
-			      const PKCS12_Attributes *);
-
-struct type {
-    const heim_oid * (*oid)(void);
-    collector_func func;
-};
-
-static void
-parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, 
-		  const void *, size_t, const PKCS12_Attributes *);
-
-
-static const PKCS12_Attribute *
-find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
-{
-    int i;
-    if (attrs == NULL)
-	return NULL;
-    for (i = 0; i < attrs->len; i++)
-	if (der_heim_oid_cmp(oid, &attrs->val[i].attrId) == 0)
-	    return &attrs->val[i];
-    return NULL;
-}
-
-static int
-keyBag_parser(hx509_context context,
-	      struct hx509_collector *c, 
-	      const void *data, size_t length,
-	      const PKCS12_Attributes *attrs)
-{
-    const PKCS12_Attribute *attr;
-    PKCS8PrivateKeyInfo ki;
-    const heim_octet_string *os = NULL;
-    int ret;
-
-    attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId());
-    if (attr)
-	os = &attr->attrValues;
-
-    ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
-    if (ret)
-	return ret;
-    
-    _hx509_collector_private_key_add(context,
-				     c,
-				     &ki.privateKeyAlgorithm,
-				     NULL,
-				     &ki.privateKey,
-				     os);
-    free_PKCS8PrivateKeyInfo(&ki);
-    return 0;
-}
-
-static int
-ShroudedKeyBag_parser(hx509_context context,
-		      struct hx509_collector *c, 
-		      const void *data, size_t length,
-		      const PKCS12_Attributes *attrs)
-{
-    PKCS8EncryptedPrivateKeyInfo pk;
-    heim_octet_string content;
-    int ret;
-    
-    memset(&pk, 0, sizeof(pk));
-    
-    ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL);
-    if (ret)
-	return ret;
-
-    ret = _hx509_pbe_decrypt(context,
-			     _hx509_collector_get_lock(c),
-			     &pk.encryptionAlgorithm,
-			     &pk.encryptedData,
-			     &content);
-    free_PKCS8EncryptedPrivateKeyInfo(&pk);
-    if (ret)
-	return ret;
-
-    ret = keyBag_parser(context, c, content.data, content.length, attrs);
-    der_free_octet_string(&content);
-    return ret;
-}
-
-static int
-certBag_parser(hx509_context context,
-	       struct hx509_collector *c, 
-	       const void *data, size_t length,
-	       const PKCS12_Attributes *attrs)
-{
-    heim_octet_string os;
-    hx509_cert cert;
-    PKCS12_CertBag cb;
-    int ret;
-
-    ret = decode_PKCS12_CertBag(data, length, &cb, NULL);
-    if (ret)
-	return ret;
-
-    if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) {
-	free_PKCS12_CertBag(&cb);
-	return 0;
-    }
-
-    ret = decode_PKCS12_OctetString(cb.certValue.data, 
-				    cb.certValue.length,
-				    &os,
-				    NULL);
-    free_PKCS12_CertBag(&cb);
-    if (ret)
-	return ret;
-
-    ret = hx509_cert_init_data(context, os.data, os.length, &cert);
-    der_free_octet_string(&os);
-    if (ret)
-	return ret;
-
-    ret = _hx509_collector_certs_add(context, c, cert);
-    if (ret) {
-	hx509_cert_free(cert);
-	return ret;
-    }
-
-    {
-	const PKCS12_Attribute *attr;
-	const heim_oid * (*oids[])(void) = {
-	    oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName
-	};
-	int i;
-
-	for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
-	    const heim_oid *oid = (*(oids[i]))();
-	    attr = find_attribute(attrs, oid);
-	    if (attr)
-		_hx509_set_cert_attribute(context, cert, oid,
-					  &attr->attrValues);
-	}	
-    }
-
-    hx509_cert_free(cert);
-
-    return 0;
-}
-
-static int
-parse_safe_content(hx509_context context,
-		   struct hx509_collector *c, 
-		   const unsigned char *p, size_t len)
-{
-    PKCS12_SafeContents sc;
-    int ret, i;
-
-    memset(&sc, 0, sizeof(sc));
-
-    ret = decode_PKCS12_SafeContents(p, len, &sc, NULL);
-    if (ret)
-	return ret;
-
-    for (i = 0; i < sc.len ; i++)
-	parse_pkcs12_type(context,
-			  c,
-			  &sc.val[i].bagId,
-			  sc.val[i].bagValue.data,
-			  sc.val[i].bagValue.length,
-			  sc.val[i].bagAttributes);
-
-    free_PKCS12_SafeContents(&sc);
-    return 0;
-}
-
-static int
-safeContent_parser(hx509_context context,
-		   struct hx509_collector *c, 
-		   const void *data, size_t length,
-		   const PKCS12_Attributes *attrs)
-{
-    heim_octet_string os;
-    int ret;
-
-    ret = decode_PKCS12_OctetString(data, length, &os, NULL);
-    if (ret)
-	return ret;
-    ret = parse_safe_content(context, c, os.data, os.length);
-    der_free_octet_string(&os);
-    return ret;
-}
-
-static int
-encryptedData_parser(hx509_context context,
-		     struct hx509_collector *c,
-		     const void *data, size_t length,
-		     const PKCS12_Attributes *attrs)
-{
-    heim_octet_string content;
-    heim_oid contentType;
-    int ret;
-		
-    memset(&contentType, 0, sizeof(contentType));
-
-    ret = hx509_cms_decrypt_encrypted(context,
-				      _hx509_collector_get_lock(c),
-				      data, length,
-				      &contentType,
-				      &content);
-    if (ret)
-	return ret;
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
-	ret = parse_safe_content(context, c, content.data, content.length);
-
-    der_free_octet_string(&content);
-    der_free_oid(&contentType);
-    return ret;
-}
-
-static int
-envelopedData_parser(hx509_context context,
-		     struct hx509_collector *c,
-		     const void *data, size_t length,
-		     const PKCS12_Attributes *attrs)
-{
-    heim_octet_string content;
-    heim_oid contentType;
-    hx509_lock lock;
-    int ret;
-		
-    memset(&contentType, 0, sizeof(contentType));
-
-    lock = _hx509_collector_get_lock(c);
-
-    ret = hx509_cms_unenvelope(context,
-			       _hx509_lock_unlock_certs(lock),
-			       0,
-			       data, length,
-			       NULL,
-			       &contentType,
-			       &content);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret, 
-			       "PKCS12 failed to unenvelope");
-	return ret;
-    }
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
-	ret = parse_safe_content(context, c, content.data, content.length);
-
-    der_free_octet_string(&content);
-    der_free_oid(&contentType);
-
-    return ret;
-}
-
-
-struct type bagtypes[] = {
-    { oid_id_pkcs12_keyBag, keyBag_parser },
-    { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser },
-    { oid_id_pkcs12_certBag, certBag_parser },
-    { oid_id_pkcs7_data, safeContent_parser },
-    { oid_id_pkcs7_encryptedData, encryptedData_parser },
-    { oid_id_pkcs7_envelopedData, envelopedData_parser }
-};
-
-static void
-parse_pkcs12_type(hx509_context context,
-		  struct hx509_collector *c,
-		  const heim_oid *oid, 
-		  const void *data, size_t length,
-		  const PKCS12_Attributes *attrs)
-{
-    int i;
-
-    for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
-	if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
-	    (*bagtypes[i].func)(context, c, data, length, attrs);
-}
-
-static int
-p12_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    struct ks_pkcs12 *p12;
-    size_t len;
-    void *buf;
-    PKCS12_PFX pfx;
-    PKCS12_AuthenticatedSafe as;
-    int ret, i;
-    struct hx509_collector *c;
-
-    *data = NULL;
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    ret = _hx509_collector_alloc(context, lock, &c);
-    if (ret)
-	return ret;
-
-    p12 = calloc(1, sizeof(*p12));
-    if (p12 == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    p12->fn = strdup(residue);
-    if (p12->fn == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    if (flags & HX509_CERTS_CREATE) {
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create",
-			       0, lock, &p12->certs);
-	if (ret == 0)
-	    *data = p12;
-	goto out;
-    }
-
-    ret = _hx509_map_file(residue, &buf, &len, NULL);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = decode_PKCS12_PFX(buf, len, &pfx, NULL);
-    _hx509_unmap_file(buf, len);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode the PFX in %s", residue);
-	goto out;
-    }
-
-    if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) {
-	free_PKCS12_PFX(&pfx);
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "PKCS PFX isn't a pkcs7-data container");
-	goto out;
-    }
-
-    if (pfx.authSafe.content == NULL) {
-	free_PKCS12_PFX(&pfx);
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "PKCS PFX missing data");
-	goto out;
-    }
-
-    {
-	heim_octet_string asdata;
-
-	ret = decode_PKCS12_OctetString(pfx.authSafe.content->data,
-					pfx.authSafe.content->length,
-					&asdata,
-					NULL);
-	free_PKCS12_PFX(&pfx);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	ret = decode_PKCS12_AuthenticatedSafe(asdata.data, 
-					      asdata.length,
-					      &as,
-					      NULL);
-	der_free_octet_string(&asdata);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-    }
-
-    for (i = 0; i < as.len; i++)
-	parse_pkcs12_type(context,
-			  c,
-			  &as.val[i].contentType,
-			  as.val[i].content->data,
-			  as.val[i].content->length,
-			  NULL);
-
-    free_PKCS12_AuthenticatedSafe(&as);
-
-    ret = _hx509_collector_collect_certs(context, c, &p12->certs);
-    if (ret == 0)
-	*data = p12;
-
-out:
-    _hx509_collector_free(c);
-
-    if (ret && p12) {
-	if (p12->fn)
-	    free(p12->fn);
-	if (p12->certs)
-	    hx509_certs_free(&p12->certs);
-	free(p12);
-    }
-
-    return ret;
-}
-
-static int
-addBag(hx509_context context,
-       PKCS12_AuthenticatedSafe *as,
-       const heim_oid *oid,
-       void *data,
-       size_t length)
-{
-    void *ptr;
-    int ret;
-
-    ptr = realloc(as->val, sizeof(as->val[0]) * (as->len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    as->val = ptr;
-
-    ret = der_copy_oid(oid, &as->val[as->len].contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-    
-    as->val[as->len].content = calloc(1, sizeof(*as->val[0].content));
-    if (as->val[as->len].content == NULL) {
-	der_free_oid(&as->val[as->len].contentType);
-	hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory");
-	return ENOMEM;
-    }
-
-    as->val[as->len].content->data = data;
-    as->val[as->len].content->length = length;
-
-    as->len++;
-
-    return 0;
-}
-
-static int
-store_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    PKCS12_AuthenticatedSafe *as = ctx;
-    PKCS12_OctetString os;
-    PKCS12_CertBag cb;
-    size_t size;
-    int ret;
-
-    memset(&os, 0, sizeof(os));
-    memset(&cb, 0, sizeof(cb));
-
-    os.data = NULL;
-    os.length = 0;
-
-    ret = hx509_cert_binary(context, c, &os);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(PKCS12_OctetString,
-		       cb.certValue.data,cb.certValue.length,
-		       &os, &size, ret);
-    free(os.data);
-    if (ret)
-	goto out;
-    ret = der_copy_oid(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType);
-    if (ret) {
-	free_PKCS12_CertBag(&cb);
-	goto out;
-    }
-    ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length,
-		       &cb, &size, ret);
-    free_PKCS12_CertBag(&cb);
-    if (ret)
-	goto out;
-
-    ret = addBag(context, as, oid_id_pkcs12_certBag(), os.data, os.length);
-
-    if (_hx509_cert_private_key_exportable(c)) {
-	hx509_private_key key = _hx509_cert_private_key(c);
-	PKCS8PrivateKeyInfo pki;
-
-	memset(&pki, 0, sizeof(pki));
-
-	ret = der_parse_hex_heim_integer("00", &pki.version);
-	if (ret)
-	    return ret;
-	ret = _hx509_private_key_oid(context, key, 
-				     &pki.privateKeyAlgorithm.algorithm);
-	if (ret) {
-	    free_PKCS8PrivateKeyInfo(&pki);
-	    return ret;
-	}
-	ret = _hx509_private_key_export(context,
-					_hx509_cert_private_key(c),
-					&pki.privateKey);
-	if (ret) {
-	    free_PKCS8PrivateKeyInfo(&pki);
-	    return ret;
-	}
-	/* set attribute, oid_id_pkcs_9_at_localKeyId() */
-
-	ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length,
-			   &pki, &size, ret);
-	free_PKCS8PrivateKeyInfo(&pki);
-	if (ret)
-	    return ret;
-
-	ret = addBag(context, as, oid_id_pkcs12_keyBag(), os.data, os.length);
-	if (ret)
-	    return ret;
-    }
-
-out:
-    return ret;
-}
-
-static int
-p12_store(hx509_context context, 
-	  hx509_certs certs, void *data, int flags, hx509_lock lock)
-{
-    struct ks_pkcs12 *p12 = data;
-    PKCS12_PFX pfx;
-    PKCS12_AuthenticatedSafe as;
-    PKCS12_OctetString asdata;
-    size_t size;
-    int ret;
-
-    memset(&as, 0, sizeof(as));
-    memset(&pfx, 0, sizeof(pfx));
-
-    ret = hx509_certs_iter(context, p12->certs, store_func, &as);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
-		       &as, &size, ret);
-    free_PKCS12_AuthenticatedSafe(&as);
-    if (ret)
-	return ret;
-		       
-    ret = der_parse_hex_heim_integer("03", &pfx.version);
-    if (ret) {
-	free(asdata.data);
-	goto out;
-    }
-
-    pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
-
-    ASN1_MALLOC_ENCODE(PKCS12_OctetString, 
-		       pfx.authSafe.content->data,
-		       pfx.authSafe.content->length,
-		       &asdata, &size, ret);
-    free(asdata.data);
-    if (ret)
-	goto out;
-
-    ret = der_copy_oid(oid_id_pkcs7_data(), &pfx.authSafe.contentType);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
-		       &pfx, &size, ret);
-    if (ret)
-	goto out;
-
-#if 0
-    const struct _hx509_password *pw;
-
-    pw = _hx509_lock_get_passwords(lock);
-    if (pw != NULL) {
-	pfx.macData = calloc(1, sizeof(*pfx.macData));
-	if (pfx.macData == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	    return ret;
-	}
-	if (pfx.macData == NULL) {
-	    free(asdata.data);
-	    goto out;
-	}
-    }
-    ret = calculate_hash(&aspath, pw, pfx.macData);
-#endif
-
-    rk_dumpdata(p12->fn, asdata.data, asdata.length);
-    free(asdata.data);
-
-out:
-    free_PKCS12_AuthenticatedSafe(&as);
-    free_PKCS12_PFX(&pfx);
-
-    return ret;
-}
-
-
-static int
-p12_free(hx509_certs certs, void *data)
-{
-    struct ks_pkcs12 *p12 = data;
-    hx509_certs_free(&p12->certs);
-    free(p12->fn);
-    free(p12);
-    return 0;
-}
-
-static int 
-p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_add(context, p12->certs, c);
-}
-
-static int 
-p12_iter_start(hx509_context context,
-	       hx509_certs certs,
-	       void *data,
-	       void **cursor)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_start_seq(context, p12->certs, cursor);
-}
-
-static int
-p12_iter(hx509_context context,
-	 hx509_certs certs,
-	 void *data,
-	 void *cursor,
-	 hx509_cert *cert)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_next_cert(context, p12->certs, cursor, cert);
-}
-
-static int
-p12_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_end_seq(context, p12->certs, cursor);
-}
-
-static struct hx509_keyset_ops keyset_pkcs12 = {
-    "PKCS12",
-    0,
-    p12_init,
-    p12_store,
-    p12_free,
-    p12_add,
-    NULL,
-    p12_iter_start,
-    p12_iter,
-    p12_iter_end
-};
-
-void
-_hx509_ks_pkcs12_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_pkcs12);
-}
diff --git a/crypto/heimdal/lib/hx509/lock.c b/crypto/heimdal/lib/hx509/lock.c
deleted file mode 100644
index e835aee..0000000
--- a/crypto/heimdal/lib/hx509/lock.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $");
-
-/**
- * @page page_lock Locking and unlocking certificates and encrypted data.
- *
- * See the library functions here: @ref hx509_lock
- */
-
-struct hx509_lock_data {
-    struct _hx509_password password;
-    hx509_certs certs;
-    hx509_prompter_fct prompt;
-    void *prompt_data;
-};
-
-static struct hx509_lock_data empty_lock_data = {
-    { 0, NULL }
-};
-
-hx509_lock _hx509_empty_lock = &empty_lock_data;
-
-/*
- *
- */
-
-int
-hx509_lock_init(hx509_context context, hx509_lock *lock)
-{
-    hx509_lock l;
-    int ret;
-
-    *lock = NULL;
-
-    l = calloc(1, sizeof(*l));
-    if (l == NULL)
-	return ENOMEM;
-
-    ret = hx509_certs_init(context, 
-			   "MEMORY:locks-internal", 
-			   0,
-			   NULL,
-			   &l->certs);
-    if (ret) {
-	free(l);
-	return ret;
-    }
-
-    *lock = l;
-
-    return 0;
-}
-
-int
-hx509_lock_add_password(hx509_lock lock, const char *password)
-{
-    void *d;
-    char *s;
-
-    s = strdup(password);
-    if (s == NULL)
-	return ENOMEM;
-
-    d = realloc(lock->password.val,
-		(lock->password.len + 1) * sizeof(lock->password.val[0]));
-    if (d == NULL) {
-	free(s);
-	return ENOMEM;
-    }
-    lock->password.val = d;
-    lock->password.val[lock->password.len] = s;
-    lock->password.len++;
-
-    return 0;
-}
-
-const struct _hx509_password *
-_hx509_lock_get_passwords(hx509_lock lock)
-{
-    return &lock->password;
-}
-
-hx509_certs
-_hx509_lock_unlock_certs(hx509_lock lock)
-{
-    return lock->certs;
-}
-
-void
-hx509_lock_reset_passwords(hx509_lock lock)
-{
-    int i;
-    for (i = 0; i < lock->password.len; i++)
-	free(lock->password.val[i]);
-    free(lock->password.val);
-    lock->password.val = NULL;
-    lock->password.len = 0;
-}
-
-int
-hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
-{
-    return hx509_certs_add(context, lock->certs, cert);
-}
-
-int
-hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
-{
-    return hx509_certs_merge(context, lock->certs, certs);
-}
-
-void
-hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
-{
-    hx509_certs certs = lock->certs;
-    int ret;
-    
-    ret = hx509_certs_init(context, 
-			   "MEMORY:locks-internal",
-			   0,
-			   NULL,
-			   &lock->certs);
-    if (ret == 0)
-	hx509_certs_free(&certs);
-    else
-	lock->certs = certs;
-}
-
-int
-_hx509_lock_find_cert(hx509_lock lock, const hx509_query *q, hx509_cert *c)
-{
-    *c = NULL;
-    return 0;
-}
-
-int
-hx509_lock_set_prompter(hx509_lock lock, hx509_prompter_fct prompt, void *data)
-{
-    lock->prompt = prompt;
-    lock->prompt_data = data;
-    return 0;
-}
-
-void
-hx509_lock_reset_promper(hx509_lock lock)
-{
-    lock->prompt = NULL;
-    lock->prompt_data = NULL;
-}
-
-static int 
-default_prompter(void *data, const hx509_prompt *prompter)
-{
-    if (hx509_prompt_hidden(prompter->type)) {
-	if(UI_UTIL_read_pw_string(prompter->reply.data,
-				  prompter->reply.length,
-				  prompter->prompt,
-				  0))
-	    return 1;
-    } else {
-	char *s = prompter->reply.data;
-
-	fputs (prompter->prompt, stdout);
-	fflush (stdout);
-	if(fgets(prompter->reply.data,
-		 prompter->reply.length,
-		 stdin) == NULL)
-	    return 1;
-	s[strcspn(s, "\n")] = '\0';
-    }
-    return 0;
-}
-
-int
-hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
-{
-    if (lock->prompt == NULL)
-	return HX509_CRYPTO_NO_PROMPTER;
-    return (*lock->prompt)(lock->prompt_data, prompt);
-}
-
-void
-hx509_lock_free(hx509_lock lock)
-{
-    hx509_certs_free(&lock->certs);
-    hx509_lock_reset_passwords(lock);
-    memset(lock, 0, sizeof(*lock));
-    free(lock);
-}
-
-int
-hx509_prompt_hidden(hx509_prompt_type type)
-{
-    /* default to hidden if unknown */
-
-    switch (type) {
-    case HX509_PROMPT_TYPE_QUESTION:
-    case HX509_PROMPT_TYPE_INFO:
-	return 0;
-    default:
-	return 1;
-    }
-}
-
-int
-hx509_lock_command_string(hx509_lock lock, const char *string)
-{
-    if (strncasecmp(string, "PASS:", 5) == 0) {
-	hx509_lock_add_password(lock, string + 5);
-    } else if (strcasecmp(string, "PROMPT") == 0) {
-	hx509_lock_set_prompter(lock, default_prompter, NULL);
-    } else
-	return HX509_UNKNOWN_LOCK_COMMAND;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/name.c b/crypto/heimdal/lib/hx509/name.c
deleted file mode 100644
index 69fafe1..0000000
--- a/crypto/heimdal/lib/hx509/name.c
+++ /dev/null
@@ -1,918 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: name.c 22432 2008-01-13 14:08:03Z lha $");
-
-/**
- * @page page_name PKIX/X.509 Names
- *
- * There are several names in PKIX/X.509, GeneralName and Name.
- *
- * A Name consists of an ordered list of Relative Distinguished Names
- * (RDN). Each RDN consists of an unordered list of typed strings. The
- * types are defined by OID and have long and short description. For
- * example id-at-commonName (2.5.4.3) have the long name CommonName
- * and short name CN. The string itself can be of serveral encoding,
- * UTF8, UTF16, Teltex string, etc. The type limit what encoding
- * should be used.
- *
- * GeneralName is a broader nametype that can contains al kind of
- * stuff like Name, IP addresses, partial Name, etc.
- *
- * Name is mapped into a hx509_name object.
- *
- * Parse and string name into a hx509_name object with hx509_parse_name(),
- * make it back into string representation with hx509_name_to_string().
- *
- * Name string are defined rfc2253, rfc1779 and X.501.
- *
- * See the library functions here: @ref hx509_name
- */
-
-static const struct {
-    const char *n;
-    const heim_oid *(*o)(void);
-} no[] = {
-    { "C", oid_id_at_countryName },
-    { "CN", oid_id_at_commonName },
-    { "DC", oid_id_domainComponent },
-    { "L", oid_id_at_localityName },
-    { "O", oid_id_at_organizationName },
-    { "OU", oid_id_at_organizationalUnitName },
-    { "S", oid_id_at_stateOrProvinceName },
-    { "STREET", oid_id_at_streetAddress },
-    { "UID", oid_id_Userid },
-    { "emailAddress", oid_id_pkcs9_emailAddress },
-    { "serialNumber", oid_id_at_serialNumber }
-};
-
-static char *
-quote_string(const char *f, size_t len, size_t *rlen)
-{
-    size_t i, j, tolen;
-    const char *from = f;
-    char *to;
-
-    tolen = len * 3 + 1;
-    to = malloc(tolen);
-    if (to == NULL)
-	return NULL;
-
-    for (i = 0, j = 0; i < len; i++) {
-	if (from[i] == ' ' && i + 1 < len)
-	    to[j++] = from[i];
-	else if (from[i] == ',' || from[i] == '=' || from[i] == '+' ||
-		 from[i] == '<' || from[i] == '>' || from[i] == '#' ||
-		 from[i] == ';' || from[i] == ' ')
-	{
-	    to[j++] = '\\';
-	    to[j++] = from[i];
-	} else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) {
-	    to[j++] = from[i];
-	} else {
-	    int l = snprintf(&to[j], tolen - j - 1,
-			     "#%02x", (unsigned char)from[i]);
-	    j += l;
-	}
-    }
-    to[j] = '\0';
-    assert(j < tolen);
-    *rlen = j;
-    return to;
-}
-
-
-static int
-append_string(char **str, size_t *total_len, const char *ss, 
-	      size_t len, int quote)
-{
-    char *s, *qs;
-
-    if (quote)
-	qs = quote_string(ss, len, &len);
-    else
-	qs = rk_UNCONST(ss);
-
-    s = realloc(*str, len + *total_len + 1);
-    if (s == NULL)
-	_hx509_abort("allocation failure"); /* XXX */
-    memcpy(s + *total_len, qs, len);
-    if (qs != ss)
-	free(qs);
-    s[*total_len + len] = '\0';
-    *str = s;
-    *total_len += len;
-    return 0;
-}
-
-static char *
-oidtostring(const heim_oid *type)
-{
-    char *s;
-    size_t i;
-    
-    for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
-	if (der_heim_oid_cmp((*no[i].o)(), type) == 0)
-	    return strdup(no[i].n);
-    }
-    if (der_print_heim_oid(type, '.', &s) != 0)
-	return NULL;
-    return s;
-}
-
-static int
-stringtooid(const char *name, size_t len, heim_oid *oid)
-{
-    int i, ret;
-    char *s;
-    
-    memset(oid, 0, sizeof(*oid));
-
-    for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
-	if (strncasecmp(no[i].n, name, len) == 0)
-	    return der_copy_oid((*no[i].o)(), oid);
-    }
-    s = malloc(len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    memcpy(s, name, len);
-    s[len] = '\0';
-    ret = der_parse_heim_oid(s, ".", oid);
-    free(s);
-    return ret;
-}
-
-/**
- * Convert the hx509 name object into a printable string.
- * The resulting string should be freed with free().
- *
- * @param name name to print
- * @param str the string to return
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_string(const hx509_name name, char **str)
-{
-    return _hx509_Name_to_string(&name->der_name, str);
-}
-
-int
-_hx509_Name_to_string(const Name *n, char **str)
-{
-    size_t total_len = 0;
-    int i, j;
-
-    *str = strdup("");
-    if (*str == NULL)
-	return ENOMEM;
-
-    for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
-	int len;
-
-	for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
-	    DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
-	    char *oidname;
-	    char *ss;
-	    
-	    oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
-
-	    switch(ds->element) {
-	    case choice_DirectoryString_ia5String:
-		ss = ds->u.ia5String;
-		break;
-	    case choice_DirectoryString_printableString:
-		ss = ds->u.printableString;
-		break;
-	    case choice_DirectoryString_utf8String:
-		ss = ds->u.utf8String;
-		break;
-	    case choice_DirectoryString_bmpString: {
-		uint16_t *bmp = ds->u.bmpString.data;
-		size_t bmplen = ds->u.bmpString.length;
-		size_t k;
-
-		ss = malloc(bmplen + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		for (k = 0; k < bmplen; k++)
-		    ss[k] = bmp[k] & 0xff; /* XXX */
-		ss[k] = '\0';
-		break;
-	    }
-	    case choice_DirectoryString_teletexString:
-		ss = malloc(ds->u.teletexString.length + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
-		ss[ds->u.teletexString.length] = '\0';
-		break;
-	    case choice_DirectoryString_universalString: {
-		uint32_t *uni = ds->u.universalString.data;
-		size_t unilen = ds->u.universalString.length;
-		size_t k;
-
-		ss = malloc(unilen + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		for (k = 0; k < unilen; k++)
-		    ss[k] = uni[k] & 0xff; /* XXX */
-		ss[k] = '\0';
-		break;
-	    }
-	    default:
-		_hx509_abort("unknown directory type: %d", ds->element);
-		exit(1);
-	    }
-	    append_string(str, &total_len, oidname, strlen(oidname), 0);
-	    free(oidname);
-	    append_string(str, &total_len, "=", 1, 0);
-	    len = strlen(ss);
-	    append_string(str, &total_len, ss, len, 1);
-	    if (ds->element == choice_DirectoryString_universalString ||
-		ds->element == choice_DirectoryString_bmpString ||
-		ds->element == choice_DirectoryString_teletexString)
-	    {
-		free(ss);
-	    }
-	    if (j + 1 < n->u.rdnSequence.val[i].len)
-		append_string(str, &total_len, "+", 1, 0);
-	}
-
-	if (i > 0)
-	    append_string(str, &total_len, ",", 1, 0);
-    }
-    return 0;
-}
-
-/*
- * XXX this function is broken, it needs to compare code points, not
- * bytes.
- */
-
-static void
-prune_space(const unsigned char **s)
-{
-    while (**s == ' ')
-	(*s)++;
-}
-
-int
-_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2)
-{
-    int c;
-
-    c = ds1->element - ds2->element;
-    if (c)
-	return c;
-
-    switch(ds1->element) {
-    case choice_DirectoryString_ia5String:
-	c = strcmp(ds1->u.ia5String, ds2->u.ia5String);
-	break;
-    case choice_DirectoryString_teletexString:
-	c = der_heim_octet_string_cmp(&ds1->u.teletexString,
-				  &ds2->u.teletexString);
-	break;
-    case choice_DirectoryString_printableString: {
-	const unsigned char *s1 = (unsigned char*)ds1->u.printableString;
-	const unsigned char *s2 = (unsigned char*)ds2->u.printableString;
-	prune_space(&s1); prune_space(&s2);
-	while (*s1 && *s2) {
-	    if (toupper(*s1) != toupper(*s2)) {
-		c = toupper(*s1) - toupper(*s2);
-		break;
-	    }
-	    if (*s1 == ' ') { prune_space(&s1); prune_space(&s2); }
-	    else { s1++; s2++; }
-	}	    
-	prune_space(&s1); prune_space(&s2);
-	c = *s1 - *s2;
-	break;
-    }
-    case choice_DirectoryString_utf8String:
-	c = strcmp(ds1->u.utf8String, ds2->u.utf8String);
-	break;
-    case choice_DirectoryString_universalString:
-	c = der_heim_universal_string_cmp(&ds1->u.universalString,
-					  &ds2->u.universalString);
-	break;
-    case choice_DirectoryString_bmpString:
-	c = der_heim_bmp_string_cmp(&ds1->u.bmpString,
-				    &ds2->u.bmpString);
-	break;
-    default:
-	c = 1;
-	break;
-    }
-    return c;
-}
-
-int
-_hx509_name_cmp(const Name *n1, const Name *n2)
-{
-    int i, j, c;
-
-    c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
-    if (c)
-	return c;
-
-    for (i = 0 ; i < n1->u.rdnSequence.len; i++) {
-	c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len;
-	if (c)
-	    return c;
-
-	for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) {
-	    c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type,
-				 &n1->u.rdnSequence.val[i].val[j].type);
-	    if (c)
-		return c;
-			     
-	    c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
-				   &n2->u.rdnSequence.val[i].val[j].value);
-	    if (c)
-		return c;
-	}
-    }
-    return 0;
-}
-
-/**
- * Compare to hx509 name object, useful for sorting.
- *
- * @param n1 a hx509 name object.
- * @param n2 a hx509 name object.
- *
- * @return 0 the objects are the same, returns > 0 is n2 is "larger"
- * then n2, < 0 if n1 is "smaller" then n2.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_cmp(hx509_name n1, hx509_name n2)
-{
-    return _hx509_name_cmp(&n1->der_name, &n2->der_name);
-}
-
-
-int
-_hx509_name_from_Name(const Name *n, hx509_name *name)
-{
-    int ret;
-    *name = calloc(1, sizeof(**name));
-    if (*name == NULL)
-	return ENOMEM;
-    ret = copy_Name(n, &(*name)->der_name);
-    if (ret) {
-	free(*name);
-	*name = NULL;
-    }
-    return ret;
-}
-
-int
-_hx509_name_modify(hx509_context context,
-		   Name *name, 
-		   int append,
-		   const heim_oid *oid, 
-		   const char *str)
-{
-    RelativeDistinguishedName *rdn;
-    int ret;
-    void *ptr;
-
-    ptr = realloc(name->u.rdnSequence.val, 
-		  sizeof(name->u.rdnSequence.val[0]) * 
-		  (name->u.rdnSequence.len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
-	return ENOMEM;
-    }
-    name->u.rdnSequence.val = ptr;
-
-    if (append) {
-	rdn = &name->u.rdnSequence.val[name->u.rdnSequence.len];
-    } else {
-	memmove(&name->u.rdnSequence.val[1],
-		&name->u.rdnSequence.val[0],
-		name->u.rdnSequence.len * 
-		sizeof(name->u.rdnSequence.val[0]));
-	
-	rdn = &name->u.rdnSequence.val[0];
-    }
-    rdn->val = malloc(sizeof(rdn->val[0]));
-    if (rdn->val == NULL)
-	return ENOMEM;
-    rdn->len = 1;
-    ret = der_copy_oid(oid, &rdn->val[0].type);
-    if (ret)
-	return ret;
-    rdn->val[0].value.element = choice_DirectoryString_utf8String;
-    rdn->val[0].value.u.utf8String = strdup(str);
-    if (rdn->val[0].value.u.utf8String == NULL)
-	return ENOMEM;
-    name->u.rdnSequence.len += 1;
-
-    return 0;
-}
-
-/**
- * Parse a string into a hx509 name object.
- *
- * @param context A hx509 context.
- * @param str a string to parse.
- * @param name the resulting object, NULL in case of error.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
-{
-    const char *p, *q;
-    size_t len;
-    hx509_name n;
-    int ret;
-
-    *name = NULL;
-
-    n = calloc(1, sizeof(*n));
-    if (n == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    n->der_name.element = choice_Name_rdnSequence;
-
-    p = str;
-
-    while (p != NULL && *p != '\0') {
-	heim_oid oid;
-	int last;
-
-	q = strchr(p, ',');
-	if (q) {
-	    len = (q - p);
-	    last = 1;
-	} else {
-	    len = strlen(p);
-	    last = 0;
-	}
-
-	q = strchr(p, '=');
-	if (q == NULL) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, "missing = in %s", p);
-	    goto out;
-	}
-	if (q == p) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, 
-				   "missing name before = in %s", p);
-	    goto out;
-	}
-	
-	if ((q - p) > len) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, " = after , in %s", p);
-	    goto out;
-	}
-
-	ret = stringtooid(p, q - p, &oid);
-	if (ret) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, 
-				   "unknown type: %.*s", (int)(q - p), p);
-	    goto out;
-	}
-	
-	{
-	    size_t pstr_len = len - (q - p) - 1;
-	    const char *pstr = p + (q - p) + 1;
-	    char *r;
-	    
-	    r = malloc(pstr_len + 1);
-	    if (r == NULL) {
-		der_free_oid(&oid);
-		ret = ENOMEM;
-		hx509_set_error_string(context, 0, ret, "out of memory");
-		goto out;
-	    }
-	    memcpy(r, pstr, pstr_len);
-	    r[pstr_len] = '\0';
-
-	    ret = _hx509_name_modify(context, &n->der_name, 0, &oid, r);
-	    free(r);
-	    der_free_oid(&oid);
-	    if(ret)
-		goto out;
-	}
-	p += len + last;
-    }
-
-    *name = n;
-
-    return 0;
-out:
-    hx509_name_free(&n);
-    return HX509_NAME_MALFORMED;
-}
-
-/**
- * Copy a hx509 name object.
- *
- * @param context A hx509 cotext.
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to)
-{
-    int ret;
-
-    *to = calloc(1, sizeof(**to));
-    if (*to == NULL)
-	return ENOMEM;
-    ret = copy_Name(&from->der_name, &(*to)->der_name);
-    if (ret) {
-	free(*to);
-	*to = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Convert a hx509_name into a Name.
- *
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_Name(const hx509_name from, Name *to)
-{
-    return copy_Name(&from->der_name, to);
-}
-
-int
-hx509_name_normalize(hx509_context context, hx509_name name)
-{
-    return 0;
-}
-
-/**
- * Expands variables in the name using env. Variables are on the form
- * ${name}. Useful when dealing with certificate templates.
- *
- * @param context A hx509 cotext.
- * @param name the name to expand.
- * @param env environment variable to expand.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_expand(hx509_context context,
-		  hx509_name name,
-		  hx509_env env)
-{
-    Name *n = &name->der_name;
-    int i, j;
-
-    if (env == NULL)
-	return 0;
-
-    if (n->element != choice_Name_rdnSequence) {
-	hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type");
-	return EINVAL;
-    }
-
-    for (i = 0 ; i < n->u.rdnSequence.len; i++) {
-	for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
-	    /** Only UTF8String rdnSequence names are allowed */
-	    /*
-	      THIS SHOULD REALLY BE:
-	      COMP = n->u.rdnSequence.val[i].val[j];
-	      normalize COMP to utf8
-	      check if there are variables
-	        expand variables
-	        convert back to orignal format, store in COMP
-	      free normalized utf8 string
-	    */
-	    DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
-	    char *p, *p2;
-	    struct rk_strpool *strpool = NULL;
-
-	    if (ds->element != choice_DirectoryString_utf8String) {
-		hx509_set_error_string(context, 0, EINVAL, "unsupported type");
-		return EINVAL;
-	    }
-	    p = strstr(ds->u.utf8String, "${");
-	    if (p) {
-		strpool = rk_strpoolprintf(strpool, "%.*s", 
-					   (int)(p - ds->u.utf8String), 
-					   ds->u.utf8String);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	    while (p != NULL) {
-		/* expand variables */
-		const char *value;
-		p2 = strchr(p, '}');
-		if (p2 == NULL) {
-		    hx509_set_error_string(context, 0, EINVAL, "missing }");
-		    rk_strpoolfree(strpool);
-		    return EINVAL;
-		}
-		p += 2;
-		value = hx509_env_lfind(context, env, p, p2 - p);
-		if (value == NULL) {
-		    hx509_set_error_string(context, 0, EINVAL, 
-					   "variable %.*s missing",
-					   (int)(p2 - p), p);
-		    rk_strpoolfree(strpool);
-		    return EINVAL;
-		}
-		strpool = rk_strpoolprintf(strpool, "%s", value);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-		p2++;
-
-		p = strstr(p2, "${");
-		if (p)
-		    strpool = rk_strpoolprintf(strpool, "%.*s", 
-					       (int)(p - p2), p2);
-		else
-		    strpool = rk_strpoolprintf(strpool, "%s", p2);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	    if (strpool) {
-		free(ds->u.utf8String);
-		ds->u.utf8String = rk_strpoolcollect(strpool);
-		if (ds->u.utf8String == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	}
-    }
-    return 0;
-}
-
-/**
- * Free a hx509 name object, upond return *name will be NULL.
- *
- * @param name a hx509 name object to be freed.
- *
- * @ingroup hx509_name
- */
-
-void
-hx509_name_free(hx509_name *name)
-{
-    free_Name(&(*name)->der_name);
-    memset(*name, 0, sizeof(**name));
-    free(*name);
-    *name = NULL;
-}
-
-/**
- * Convert a DER encoded name info a string.
- *
- * @param data data to a DER/BER encoded name
- * @param length length of data
- * @param str the resulting string, is NULL on failure.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_unparse_der_name(const void *data, size_t length, char **str)
-{
-    Name name;
-    int ret;
-
-    *str = NULL;
-
-    ret = decode_Name(data, length, &name, NULL);
-    if (ret)
-	return ret;
-    ret = _hx509_Name_to_string(&name, str);
-    free_Name(&name);
-    return ret;
-}
-
-/**
- * Convert a hx509_name object to DER encoded name.
- *
- * @param name name to concert
- * @param os data to a DER encoded name, free the resulting octet
- * string with hx509_xfree(os->data).
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_binary(const hx509_name name, heim_octet_string *os)
-{
-    size_t size;
-    int ret;
-
-    ASN1_MALLOC_ENCODE(Name, os->data, os->length, &name->der_name, &size, ret);
-    if (ret)
-	return ret;
-    if (os->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-}
-
-int
-_hx509_unparse_Name(const Name *aname, char **str)
-{
-    hx509_name name;
-    int ret;
-
-    ret = _hx509_name_from_Name(aname, &name);
-    if (ret)
-	return ret;
-
-    ret = hx509_name_to_string(name, str);
-    hx509_name_free(&name);
-    return ret;
-}
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to check if its empty/null.
- *
- * @return non zero if the name is empty/null.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_is_null_p(const hx509_name name)
-{
-    return name->der_name.u.rdnSequence.len == 0;
-}
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to print
- * @param str an allocated string returns the name in string form
- *
- * @return An hx509 error code, see krb5_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_general_name_unparse(GeneralName *name, char **str)
-{
-    struct rk_strpool *strpool = NULL;
-
-    *str = NULL;
-
-    switch (name->element) {
-    case choice_GeneralName_otherName: {
-	char *str;
-	hx509_oid_sprint(&name->u.otherName.type_id, &str);
-	if (str == NULL)
-	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "otherName: %s", str);
-	free(str);
-	break;
-    }
-    case choice_GeneralName_rfc822Name:
-	strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n",
-				   name->u.rfc822Name);
-	break;
-    case choice_GeneralName_dNSName:
-	strpool = rk_strpoolprintf(strpool, "dNSName: %s\n",
-				   name->u.dNSName);
-	break;
-    case choice_GeneralName_directoryName: {
-	Name dir;
-	char *s;
-	int ret;
-	memset(&dir, 0, sizeof(dir));
-	dir.element = name->u.directoryName.element;
-	dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
-	ret = _hx509_unparse_Name(&dir, &s);
-	if (ret)
-	    return ret;
-	strpool = rk_strpoolprintf(strpool, "directoryName: %s", s);
-	free(s);
-	break;
-    }
-    case choice_GeneralName_uniformResourceIdentifier:
-	strpool = rk_strpoolprintf(strpool, "URI: %s", 
-				   name->u.uniformResourceIdentifier);
-	break;
-    case choice_GeneralName_iPAddress: {
-	unsigned char *a = name->u.iPAddress.data;
-
-	strpool = rk_strpoolprintf(strpool, "IPAddress: ");
-	if (strpool == NULL)
-	    break;
-	if (name->u.iPAddress.length == 4)
-	    strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d", 
-				       a[0], a[1], a[2], a[3]);
-	else if (name->u.iPAddress.length == 16)
-	    strpool = rk_strpoolprintf(strpool, 
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X", 
-				       a[0], a[1], a[2], a[3],
-				       a[4], a[5], a[6], a[7],
-				       a[8], a[9], a[10], a[11],
-				       a[12], a[13], a[14], a[15]);
-	else
-	    strpool = rk_strpoolprintf(strpool, 
-				       "unknown IP address of length %lu",
-				       (unsigned long)name->u.iPAddress.length);
-	break;
-    }
-    case choice_GeneralName_registeredID: {
-	char *str;
-	hx509_oid_sprint(&name->u.registeredID, &str);
-	if (str == NULL)
-	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);
-	free(str);
-	break;
-    }
-    default:
-	return EINVAL;
-    }
-    if (strpool == NULL)
-	return ENOMEM;
-
-    *str = rk_strpoolcollect(strpool);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ocsp.asn1 b/crypto/heimdal/lib/hx509/ocsp.asn1
deleted file mode 100644
index d8ecd66..0000000
--- a/crypto/heimdal/lib/hx509/ocsp.asn1
+++ /dev/null
@@ -1,113 +0,0 @@
--- From rfc2560
--- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $
-OCSP DEFINITIONS EXPLICIT TAGS::=
-
-BEGIN
-
-IMPORTS
-	Certificate, AlgorithmIdentifier, CRLReason,
-	Name, GeneralName, CertificateSerialNumber, Extensions
-	FROM rfc2459;
-
-OCSPVersion  ::=  INTEGER {  ocsp-v1(0) }
-
-OCSPCertStatus ::= CHOICE {
-    good                [0]     IMPLICIT NULL,
-    revoked             [1]     IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
-    			revocationTime		GeneralizedTime,
-			revocationReason[0]	EXPLICIT CRLReason OPTIONAL
-    },
-    unknown             [2]     IMPLICIT NULL }
-
-OCSPCertID ::= SEQUENCE {
-    hashAlgorithm            AlgorithmIdentifier,
-    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
-    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
-    serialNumber       CertificateSerialNumber }
-
-OCSPSingleResponse ::= SEQUENCE {
-   certID                       OCSPCertID,
-   certStatus                   OCSPCertStatus,
-   thisUpdate                   GeneralizedTime,
-   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
-   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
-
-OCSPInnerRequest ::=     SEQUENCE {
-    reqCert                    OCSPCertID,
-    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
-
-OCSPTBSRequest      ::=     SEQUENCE {
-    version             [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
-    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
-    requestList             SEQUENCE OF OCSPInnerRequest,
-    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
-
-OCSPSignature       ::=     SEQUENCE {
-    signatureAlgorithm   AlgorithmIdentifier,
-    signature            BIT STRING,
-    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
-OCSPRequest     ::=     SEQUENCE {
-    tbsRequest                  OCSPTBSRequest,
-    optionalSignature   [0]     EXPLICIT OCSPSignature OPTIONAL }
-
-OCSPResponseBytes ::=       SEQUENCE {
-    responseType   OBJECT IDENTIFIER,
-    response       OCTET STRING }
-
-OCSPResponseStatus ::= ENUMERATED {
-    successful            (0),      --Response has valid confirmations
-    malformedRequest      (1),      --Illegal confirmation request
-    internalError         (2),      --Internal error in issuer
-    tryLater              (3),      --Try again later
-                                    --(4) is not used
-    sigRequired           (5),      --Must sign the request
-    unauthorized          (6)       --Request unauthorized
-}
-
-OCSPResponse ::= SEQUENCE {
-   responseStatus         OCSPResponseStatus,
-   responseBytes          [0] EXPLICIT OCSPResponseBytes OPTIONAL }
-
-OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
-                         --(excluding the tag and length fields)
-
-OCSPResponderID ::= CHOICE {
-   byName   [1] Name,
-   byKey    [2] OCSPKeyHash }
-
-OCSPResponseData ::= SEQUENCE {
-   version              [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
-   responderID              OCSPResponderID,
-   producedAt               GeneralizedTime,
-   responses                SEQUENCE OF OCSPSingleResponse,
-   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-
-OCSPBasicOCSPResponse       ::= SEQUENCE {
-   tbsResponseData      OCSPResponseData,
-   signatureAlgorithm   AlgorithmIdentifier,
-   signature            BIT STRING,
-   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
--- ArchiveCutoff ::= GeneralizedTime
-
--- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
--- Object Identifiers
-
-id-pkix-ocsp         OBJECT IDENTIFIER ::= {
- 	 iso(1) identified-organization(3) dod(6) internet(1)
-	 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
-}
-
-id-pkix-ocsp-basic		OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
-id-pkix-ocsp-nonce		OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
--- id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
--- id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
--- id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
--- id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
--- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
-
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/peer.c b/crypto/heimdal/lib/hx509/peer.c
deleted file mode 100644
index eb0ecd2..0000000
--- a/crypto/heimdal/lib/hx509/peer.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $");
-
-/**
- * @page page_peer Hx509 crypto selecting functions
- *
- * Peer info structures are used togeter with hx509_crypto_select() to
- * select the best avaible crypto algorithm to use.
- *
- * See the library functions here: @ref hx509_peer
- */
-
-/**
- * Allocate a new peer info structure an init it to default values.
- *
- * @param context A hx509 context.
- * @param peer return an allocated peer, free with hx509_peer_info_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)
-{
-    *peer = calloc(1, sizeof(**peer));
-    if (*peer == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-static void
-free_cms_alg(hx509_peer_info peer)
-{
-    if (peer->val) {
-	size_t i;
-	for (i = 0; i < peer->len; i++)
-	    free_AlgorithmIdentifier(&peer->val[i]);
-	free(peer->val);
-	peer->val = NULL;
-	peer->len = 0;
-    }
-}
-
-/**
- * Free a peer info structure.
- *
- * @param peer peer info to be freed.
- *
- * @ingroup hx509_peer
- */
-
-void
-hx509_peer_info_free(hx509_peer_info peer)
-{
-    if (peer == NULL)
-	return;
-    if (peer->cert)
-	hx509_cert_free(peer->cert);
-    free_cms_alg(peer);
-    memset(peer, 0, sizeof(*peer));
-    free(peer);
-}
-
-/**
- * Set the certificate that remote peer is using.
- *
- * @param peer peer info to update
- * @param cert cerificate of the remote peer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cert(hx509_peer_info peer,
-			 hx509_cert cert)
-{
-    if (peer->cert)
-	hx509_cert_free(peer->cert);
-    peer->cert = hx509_cert_ref(cert);
-    return 0;
-}
-
-/**
- * Set the algorithms that the peer supports.
- *
- * @param context A hx509 context.
- * @param peer the peer to set the new algorithms for
- * @param val array of supported AlgorithmsIdentiers
- * @param len length of array val.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cms_algs(hx509_context context,
-			     hx509_peer_info peer,
-			     const AlgorithmIdentifier *val,
-			     size_t len)
-{
-    size_t i;
-
-    free_cms_alg(peer);
-
-    peer->val = calloc(len, sizeof(*peer->val));
-    if (peer->val == NULL) {
-	peer->len = 0;
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    peer->len = len;
-    for (i = 0; i < len; i++) {
-	int ret;
-	ret = copy_AlgorithmIdentifier(&val[i], &peer->val[i]);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    free_cms_alg(peer);
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-#if 0
-
-/*
- * S/MIME
- */
-
-int
-hx509_peer_info_parse_smime(hx509_peer_info peer,
-			    const heim_octet_string *data)
-{
-    return 0;
-}
-
-int
-hx509_peer_info_unparse_smime(hx509_peer_info peer,
-			      heim_octet_string *data)
-{
-    return 0;
-}
-
-/*
- * For storing hx509_peer_info to be able to cache them.
- */
-
-int
-hx509_peer_info_parse(hx509_peer_info peer,
-		      const heim_octet_string *data)
-{
-    return 0;
-}
-
-int
-hx509_peer_info_unparse(hx509_peer_info peer,
-			heim_octet_string *data)
-{
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/hx509/pkcs10.asn1 b/crypto/heimdal/lib/hx509/pkcs10.asn1
deleted file mode 100644
index 518fe3b..0000000
--- a/crypto/heimdal/lib/hx509/pkcs10.asn1
+++ /dev/null
@@ -1,25 +0,0 @@
--- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $
-PKCS10 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS
-	Name, SubjectPublicKeyInfo, Attribute, AlgorithmIdentifier
-	FROM rfc2459;
-
-
-CertificationRequestInfo ::= SEQUENCE {
-    version       INTEGER { pkcs10-v1(0) },
-    subject       Name,
-    subjectPKInfo SubjectPublicKeyInfo,
-    attributes    [0] IMPLICIT SET OF Attribute OPTIONAL 
-}
-
-CertificationRequest ::= SEQUENCE {
-    certificationRequestInfo CertificationRequestInfo,
-    signatureAlgorithm	     AlgorithmIdentifier,
-    signature                BIT STRING
-}
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/print.c b/crypto/heimdal/lib/hx509/print.c
deleted file mode 100644
index 78ebbaf..0000000
--- a/crypto/heimdal/lib/hx509/print.c
+++ /dev/null
@@ -1,990 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: print.c 22420 2008-01-13 09:42:35Z lha $");
-
-/**
- * @page page_print Hx509 printing functions
- *
- * See the library functions here: @ref hx509_print
- */
-
-struct hx509_validate_ctx_data {
-    int flags;
-    hx509_vprint_func vprint_func;
-    void *ctx;
-};
-
-struct cert_status {
-    unsigned int selfsigned:1;
-    unsigned int isca:1;
-    unsigned int isproxy:1;
-    unsigned int haveSAN:1;
-    unsigned int haveIAN:1;
-    unsigned int haveSKI:1;
-    unsigned int haveAKI:1;
-    unsigned int haveCRLDP:1;
-};
-
-
-/*
- *
- */
-
-static int
-Time2string(const Time *T, char **str)
-{
-    time_t t;
-    char *s;
-    struct tm *tm;
-
-    *str = NULL;
-    t = _hx509_Time2time_t(T);
-    tm = gmtime (&t);
-    s = malloc(30);
-    if (s == NULL)
-	return ENOMEM;
-    strftime(s, 30, "%Y-%m-%d %H:%M:%S", tm);
-    *str = s;
-    return 0;
-}
-
-/**
- * Helper function to print on stdout for:
- * - hx509_oid_print(),
- * - hx509_bitstring_print(),
- * - hx509_validate_ctx_set_print().
- *
- * @param ctx the context to the print function. If the ctx is NULL,
- * stdout is used.
- * @param fmt the printing format.
- * @param va the argumet list.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_print_stdout(void *ctx, const char *fmt, va_list va)
-{
-    FILE *f = ctx;
-    if (f == NULL)
-	f = stdout;
-    vfprintf(f, fmt, va);
-}
-
-static void
-print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...)
-{
-    va_list va;
-    va_start(va, fmt);
-    (*func)(ctx, fmt, va);
-    va_end(va);
-}
-
-/**
- * Print a oid to a string.
- * 
- * @param oid oid to print
- * @param str allocated string, free with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_oid_sprint(const heim_oid *oid, char **str)
-{
-    return der_print_heim_oid(oid, '.', str);
-}
-
-/**
- * Print a oid using a hx509_vprint_func function. To print to stdout
- * use hx509_print_stdout().
- * 
- * @param oid oid to print
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx)
-{
-    char *str;
-    hx509_oid_sprint(oid, &str);
-    print_func(func, ctx, "%s", str);
-    free(str);
-}
-
-/**
- * Print a bitstring using a hx509_vprint_func function. To print to
- * stdout use hx509_print_stdout().
- * 
- * @param b bit string to print.
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_bitstring_print(const heim_bit_string *b,
-		      hx509_vprint_func func, void *ctx)
-{
-    int i;
-    print_func(func, ctx, "\tlength: %d\n\t", b->length);
-    for (i = 0; i < (b->length + 7) / 8; i++)
-	print_func(func, ctx, "%02x%s%s",
-		   ((unsigned char *)b->data)[i], 
-		   i < (b->length - 7) / 8
-		   && (i == 0 || (i % 16) != 15) ? ":" : "",
-		   i != 0 && (i % 16) == 15 ?
-		   (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):"");
-}
-
-/**
- * Print certificate usage for a certificate to a string.
- * 
- * @param context A hx509 context.
- * @param c a certificate print the keyusage for.
- * @param s the return string with the keysage printed in to, free
- * with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_cert_keyusage_print(hx509_context context, hx509_cert c, char **s)
-{
-    KeyUsage ku;
-    char buf[256];
-    int ret;
-
-    *s = NULL;
-
-    ret = _hx509_cert_get_keyusage(context, c, &ku);
-    if (ret)
-	return ret;
-    unparse_flags(KeyUsage2int(ku), asn1_KeyUsage_units(), buf, sizeof(buf));
-    *s = strdup(buf);
-    if (*s == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-validate_vprint(void *c, const char *fmt, va_list va)
-{
-    hx509_validate_ctx ctx = c;
-    if (ctx->vprint_func == NULL)
-	return;
-    (ctx->vprint_func)(ctx->ctx, fmt, va);
-}
-
-static void
-validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...)
-{
-    va_list va;
-    if ((ctx->flags & flags) == 0)
-	return;
-    va_start(va, fmt);
-    validate_vprint(ctx, fmt, va);
-    va_end(va);
-}
-
-/* 
- * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical,
- * MUST NOT critical
- */
-enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C };
-
-static int
-check_Null(hx509_validate_ctx ctx,
-	   struct cert_status *status,
-	   enum critical_flag cf, const Extension *e)
-{
-    switch(cf) {
-    case D_C:
-	break;
-    case S_C:
-	if (!e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical not set on SHOULD\n");
-	break;
-    case S_N_C:
-	if (e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical set on SHOULD NOT\n");
-	break;
-    case M_C:
-	if (!e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical not set on MUST\n");
-	break;
-    case M_N_C:
-	if (e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical set on MUST NOT\n");
-	break;
-    default:
-	_hx509_abort("internal check_Null state error");
-    }
-    return 0;
-}
-
-static int
-check_subjectKeyIdentifier(hx509_validate_ctx ctx, 
-			   struct cert_status *status,
-			   enum critical_flag cf,
-			   const Extension *e)
-{
-    SubjectKeyIdentifier si;
-    size_t size;
-    int ret;
-
-    status->haveSKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_SubjectKeyIdentifier(e->extnValue.data, 
-				      e->extnValue.length,
-				      &si, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SubjectKeyIdentifier failed: %d", ret);
-	return 1;
-    }
-    if (size != e->extnValue.length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SKI ahve extra bits on the end");
-	return 1;
-    }
-    if (si.length == 0)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "SKI is too short (0 bytes)");
-    if (si.length > 20)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "SKI is too long");
-
-    {
-	char *id;
-	hex_encode(si.data, si.length, &id);
-	if (id) {
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "\tsubject key id: %s\n", id);
-	    free(id);
-	}
-    }
-
-    free_SubjectKeyIdentifier(&si);
-
-    return 0;
-}
-
-static int
-check_authorityKeyIdentifier(hx509_validate_ctx ctx, 
-			     struct cert_status *status,
-			     enum critical_flag cf,
-			     const Extension *e)
-{
-    AuthorityKeyIdentifier ai;
-    size_t size;
-    int ret;
-
-    status->haveAKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    status->haveSKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_AuthorityKeyIdentifier(e->extnValue.data, 
-					e->extnValue.length,
-					&ai, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding AuthorityKeyIdentifier failed: %d", ret);
-	return 1;
-    }
-    if (size != e->extnValue.length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SKI ahve extra bits on the end");
-	return 1;
-    }
-
-    if (ai.keyIdentifier) {
-	char *id;
-	hex_encode(ai.keyIdentifier->data, ai.keyIdentifier->length, &id);
-	if (id) {
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "\tauthority key id: %s\n", id);
-	    free(id);
-	}
-    }
-
-    return 0;
-}
-
-
-static int
-check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
-{
-    KRB5PrincipalName kn;
-    unsigned i;
-    size_t size;
-    int ret;
-
-    ret = decode_KRB5PrincipalName(a->data, a->length, &kn, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding kerberos name in SAN failed: %d", ret);
-	return 1;
-    }
-
-    if (size != a->length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding kerberos name have extra bits on the end");
-	return 1;
-    }
-
-    /* print kerberos principal, add code to quote / within components */
-    for (i = 0; i < kn.principalName.name_string.len; i++) {
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", 
-		       kn.principalName.name_string.val[i]);
-	if (i + 1 < kn.principalName.name_string.len)
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/");
-    }
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "@");
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", kn.realm);
-
-    free_KRB5PrincipalName(&kn);
-    return 0;
-}
-
-static int
-check_utf8_string_san(hx509_validate_ctx ctx, heim_any *a)
-{
-    PKIXXmppAddr jid;
-    size_t size;
-    int ret;
-
-    ret = decode_PKIXXmppAddr(a->data, a->length, &jid, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding JID in SAN failed: %d", ret);
-	return 1;
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", jid);
-    free_PKIXXmppAddr(&jid);
-
-    return 0;
-}
-
-static int
-check_altnull(hx509_validate_ctx ctx, heim_any *a)
-{
-    return 0;
-}
-
-static int
-check_CRLDistributionPoints(hx509_validate_ctx ctx, 
-			   struct cert_status *status,
-			   enum critical_flag cf,
-			   const Extension *e)
-{
-    CRLDistributionPoints dp;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_CRLDistributionPoints(e->extnValue.data, 
-				       e->extnValue.length,
-				       &dp, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding CRL Distribution Points failed: %d\n", ret);
-	return 1;
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "CRL Distribution Points:\n");
-    for (i = 0 ; i < dp.len; i++) {
-	if (dp.val[i].distributionPoint) {
-	    DistributionPointName dpname;
-	    heim_any *data = dp.val[i].distributionPoint;
-	    int j;
-	    
-	    ret = decode_DistributionPointName(data->data, data->length,
-					       &dpname, NULL);
-	    if (ret) {
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			       "Failed to parse CRL Distribution Point Name: %d\n", ret);
-		continue;
-	    }
-
-	    switch (dpname.element) {
-	    case choice_DistributionPointName_fullName:
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
-		
-		for (j = 0 ; j < dpname.u.fullName.len; j++) {
-		    char *s;
-		    GeneralName *name = &dpname.u.fullName.val[j];
-
-		    ret = hx509_general_name_unparse(name, &s);
-		    if (ret == 0 && s != NULL) {
-			validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "   %s\n", s);
-			free(s);
-		    }
-		}
-		break;
-	    case choice_DistributionPointName_nameRelativeToCRLIssuer:
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			       "Unknown nameRelativeToCRLIssuer");
-		break;
-	    default:
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "Unknown DistributionPointName");
-		break;
-	    }
-	    free_DistributionPointName(&dpname);
-	}
-    }
-    free_CRLDistributionPoints(&dp);
-
-    status->haveCRLDP = 1;
-
-    return 0;
-}
-
-
-struct {
-    const char *name;
-    const heim_oid *(*oid)(void);
-    int (*func)(hx509_validate_ctx, heim_any *);
-} check_altname[] = {
-    { "pk-init", oid_id_pkinit_san, check_pkinit_san },
-    { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san },
-    { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull },
-    { "card-id", oid_id_uspkicommon_card_id, check_altnull },
-    { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san }
-};
-
-static int
-check_altName(hx509_validate_ctx ctx,
-	      struct cert_status *status,
-	      const char *name,
-	      enum critical_flag cf,
-	      const Extension *e)
-{
-    GeneralNames gn;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    if (e->extnValue.length == 0) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "%sAltName empty, not allowed", name);
-	return 1;
-    }
-    ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length,
-			      &gn, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "\tret = %d while decoding %s GeneralNames\n", 
-		       ret, name);
-	return 1;
-    }
-    if (gn.len == 0) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "%sAltName generalName empty, not allowed\n", name);
-	return 1;
-    }
-
-    for (i = 0; i < gn.len; i++) {
-	switch (gn.val[i].element) {
-	case choice_GeneralName_otherName: {
-	    unsigned j;
-
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "%sAltName otherName ", name);
-
-	    for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) {
-		if (der_heim_oid_cmp((*check_altname[j].oid)(), 
-				     &gn.val[i].u.otherName.type_id) != 0)
-		    continue;
-		
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ", 
-			       check_altname[j].name);
-		(*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value);
-		break;
-	    }
-	    if (j == sizeof(check_altname)/sizeof(check_altname[0])) {
-		hx509_oid_print(&gn.val[i].u.otherName.type_id,
-				validate_vprint, ctx);
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown");
-	    }
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n");
-	    break;
-	}
-	default: {
-	    char *s;
-	    ret = hx509_general_name_unparse(&gn.val[i], &s);
-	    if (ret) {
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "ret = %d unparsing GeneralName\n", ret);
-		return 1;
-	    }
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s\n", s);
-	    free(s);
-	    break;
-	}
-	}
-    }
-
-    free_GeneralNames(&gn);
-
-    return 0;
-}
-
-static int
-check_subjectAltName(hx509_validate_ctx ctx,
-		     struct cert_status *status,
-		     enum critical_flag cf,
-		     const Extension *e)
-{
-    status->haveSAN = 1;
-    return check_altName(ctx, status, "subject", cf, e);
-}
-
-static int
-check_issuerAltName(hx509_validate_ctx ctx,
-		    struct cert_status *status,
-		     enum critical_flag cf,
-		     const Extension *e)
-{
-    status->haveIAN = 1;
-    return check_altName(ctx, status, "issuer", cf, e);
-}
-
-
-static int
-check_basicConstraints(hx509_validate_ctx ctx, 
-		       struct cert_status *status,
-		       enum critical_flag cf, 
-		       const Extension *e)
-{
-    BasicConstraints b;
-    size_t size;
-    int ret;
-
-    check_Null(ctx, status, cf, e);
-    
-    ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length,
-				  &b, &size);
-    if (ret) {
-	printf("\tret = %d while decoding BasicConstraints\n", ret);
-	return 0;
-    }
-    if (size != e->extnValue.length)
-	printf("\tlength of der data isn't same as extension\n");
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "\tis %sa CA\n", b.cA && *b.cA ? "" : "NOT ");
-    if (b.pathLenConstraint)
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\tpathLenConstraint: %d\n", *b.pathLenConstraint);
-
-    if (b.cA) {
-	if (*b.cA) {
-	    if (!e->critical)
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "Is a CA and not BasicConstraints CRITICAL\n");
-	    status->isca = 1;
-	}
-	else
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "cA is FALSE, not allowed to be\n");
-    }
-    free_BasicConstraints(&b);
-
-    return 0;
-}
-
-static int
-check_proxyCertInfo(hx509_validate_ctx ctx, 
-		    struct cert_status *status,
-		    enum critical_flag cf, 
-		    const Extension *e)
-{
-    check_Null(ctx, status, cf, e);
-    status->isproxy = 1;
-    return 0;
-}
-
-static int
-check_authorityInfoAccess(hx509_validate_ctx ctx, 
-			  struct cert_status *status,
-			  enum critical_flag cf, 
-			  const Extension *e)
-{
-    AuthorityInfoAccessSyntax aia;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, 
-					   e->extnValue.length,
-					   &aia, &size);
-    if (ret) {
-	printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
-	return 0;
-    }
-
-    for (i = 0; i < aia.len; i++) {
-	char *str;
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\ttype: ");
-	hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
-	hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\n\tdirname: %s\n", str);
-	free(str);
-    }
-    free_AuthorityInfoAccessSyntax(&aia);
-
-    return 0;
-}
-
-/*
- *
- */
-
-struct {
-    const char *name;
-    const heim_oid *(*oid)(void);
-    int (*func)(hx509_validate_ctx ctx, 
-		struct cert_status *status,
-		enum critical_flag cf, 
-		const Extension *);
-    enum critical_flag cf;
-} check_extension[] = {
-#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname 
-    { ext(subjectDirectoryAttributes, Null), M_N_C },
-    { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
-    { ext(keyUsage, Null), S_C },
-    { ext(subjectAltName, subjectAltName), M_N_C },
-    { ext(issuerAltName, issuerAltName), S_N_C },
-    { ext(basicConstraints, basicConstraints), D_C },
-    { ext(cRLNumber, Null), M_N_C },
-    { ext(cRLReason, Null), M_N_C },
-    { ext(holdInstructionCode, Null), M_N_C },
-    { ext(invalidityDate, Null), M_N_C },
-    { ext(deltaCRLIndicator, Null), M_C },
-    { ext(issuingDistributionPoint, Null), M_C },
-    { ext(certificateIssuer, Null), M_C },
-    { ext(nameConstraints, Null), M_C },
-    { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
-    { ext(certificatePolicies, Null) },
-    { ext(policyMappings, Null), M_N_C },
-    { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
-    { ext(policyConstraints, Null), D_C },
-    { ext(extKeyUsage, Null), D_C },
-    { ext(freshestCRL, Null), M_N_C },
-    { ext(inhibitAnyPolicy, Null), M_C },
-#undef ext
-#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname 
-    { ext(proxyCertInfo, proxyCertInfo), M_C },
-    { ext(authorityInfoAccess, authorityInfoAccess), M_C },
-#undef ext
-    { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, 
-      check_Null, D_C },
-    { "Netscape cert comment", oid_id_netscape_cert_comment, 
-      check_Null, D_C },
-    { NULL }
-};
-
-/**
- * Allocate a hx509 validation/printing context.
- * 
- * @param context A hx509 context.
- * @param ctx a new allocated hx509 validation context, free with
- * hx509_validate_ctx_free().
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
-{
-    *ctx = malloc(sizeof(**ctx));
-    if (*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    return 0;
-}
-
-/**
- * Set the printing functions for the validation context.
- * 
- * @param ctx a hx509 valication context.
- * @param func the printing function to usea.
- * @param c the context variable to the printing function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_set_print(hx509_validate_ctx ctx, 
-			     hx509_vprint_func func,
-			     void *c)
-{
-    ctx->vprint_func = func;
-    ctx->ctx = c;
-}
-
-/**
- * Add flags to control the behaivor of the hx509_validate_cert()
- * function.
- * 
- * @param ctx A hx509 validation context.
- * @param flags flags to add to the validation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags)
-{
-    ctx->flags |= flags;
-}
-
-/**
- * Free an hx509 validate context.
- * 
- * @param ctx the hx509 validate context to free.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_free(hx509_validate_ctx ctx)
-{
-    free(ctx);
-}
-
-/**
- * Validate/Print the status of the certificate.
- * 
- * @param context A hx509 context.
- * @param ctx A hx509 validation context.
- * @param cert the cerificate to validate/print.
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_cert(hx509_context context,
-		    hx509_validate_ctx ctx,
-		    hx509_cert cert)
-{
-    Certificate *c = _hx509_get_cert(cert);
-    TBSCertificate *t = &c->tbsCertificate;
-    hx509_name issuer, subject;
-    char *str;
-    struct cert_status status;
-    int ret;
-
-    memset(&status, 0, sizeof(status));
-
-    if (_hx509_cert_get_version(c) != 3)
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "Not version 3 certificate\n");
-    
-    if ((t->version == NULL || *t->version < 2) && t->extensions)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Not version 3 certificate with extensions\n");
-	
-    if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Version 3 certificate without extensions\n");
-
-    ret = hx509_cert_get_subject(cert, &subject);
-    if (ret) abort();
-    hx509_name_to_string(subject, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "subject name: %s\n", str);
-    free(str);
-
-    ret = hx509_cert_get_issuer(cert, &issuer);
-    if (ret) abort();
-    hx509_name_to_string(issuer, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "issuer name: %s\n", str);
-    free(str);
-
-    if (hx509_name_cmp(subject, issuer) == 0) {
-	status.selfsigned = 1;
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\tis a self-signed certificate\n");
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "Validity:\n");
-
-    Time2string(&t->validity.notBefore, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotBefore %s\n", str);
-    free(str);
-    Time2string(&t->validity.notAfter, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotAfter  %s\n", str);
-    free(str);
-
-    if (t->extensions) {
-	int i, j;
-
-	if (t->extensions->len == 0) {
-	    validate_print(ctx,
-			   HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
-			   "The empty extensions list is not "
-			   "allowed by PKIX\n");
-	}
-
-	for (i = 0; i < t->extensions->len; i++) {
-
-	    for (j = 0; check_extension[j].name; j++)
-		if (der_heim_oid_cmp((*check_extension[j].oid)(),
-				     &t->extensions->val[i].extnID) == 0)
-		    break;
-	    if (check_extension[j].name == NULL) {
-		int flags = HX509_VALIDATE_F_VERBOSE;
-		if (t->extensions->val[i].critical)
-		    flags |= HX509_VALIDATE_F_VALIDATE;
-		validate_print(ctx, flags, "don't know what ");
-		if (t->extensions->val[i].critical)
-		    validate_print(ctx, flags, "and is CRITICAL ");
-		if (ctx->flags & flags)
-		    hx509_oid_print(&t->extensions->val[i].extnID, 
-				    validate_vprint, ctx);
-		validate_print(ctx, flags, " is\n");
-		continue;
-	    }
-	    validate_print(ctx,
-			   HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
-			   "checking extention: %s\n",
-			   check_extension[j].name);
-	    (*check_extension[j].func)(ctx,
-				       &status,
-				       check_extension[j].cf,
-				       &t->extensions->val[i]);
-	}
-    } else
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
-	
-    if (status.isca) {
-	if (!status.haveSKI)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "CA certificate have no SubjectKeyIdentifier\n");
-
-    } else {
-	if (!status.haveAKI)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Is not CA and doesn't have "
-			   "AuthorityKeyIdentifier\n");
-    }
-	    
-
-    if (!status.haveSKI)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Doesn't have SubjectKeyIdentifier\n");
-
-    if (status.isproxy && status.isca)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Proxy and CA at the same time!\n");
-
-    if (status.isproxy) {
-	if (status.haveSAN)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Proxy and have SAN\n");
-	if (status.haveIAN)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Proxy and have IAN\n");
-    }
-
-    if (hx509_name_is_null_p(subject) && !status.haveSAN)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "NULL subject DN and doesn't have a SAN\n");
-
-    if (!status.selfsigned && !status.haveCRLDP)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Not a CA nor PROXY and doesn't have"
-		       "CRL Dist Point\n");
-
-    if (status.selfsigned) {
-	ret = _hx509_verify_signature_bitstring(context,
-						c,
-						&c->signatureAlgorithm,
-						&c->tbsCertificate._save,
-						&c->signatureValue);
-	if (ret == 0)
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, 
-			   "Self-signed certificate was self-signed\n");
-	else
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Self-signed certificate NOT really self-signed!\n");
-    }
-
-    hx509_name_free(&subject);
-    hx509_name_free(&issuer);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ref/pkcs11.h b/crypto/heimdal/lib/hx509/ref/pkcs11.h
deleted file mode 100644
index 2e6a1e3..0000000
--- a/crypto/heimdal/lib/hx509/ref/pkcs11.h
+++ /dev/null
@@ -1,1357 +0,0 @@
-/* pkcs11.h
-   Copyright 2006, 2007 g10 Code GmbH
-   Copyright 2006 Andreas Jellinghaus
-
-   This file is free software; as a special exception the author gives
-   unlimited permission to copy and/or distribute it, with or without
-   modifications, as long as this notice is preserved.
-
-   This file is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY, to the extent permitted by law; without even
-   the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-   PURPOSE.  */
-
-/* Please submit changes back to the Scute project at
-   http://www.scute.org/ (or send them to marcus@g10code.com), so that
-   they can be picked up by other projects from there as well.  */
-
-/* This file is a modified implementation of the PKCS #11 standard by
-   RSA Security Inc.  It is mostly a drop-in replacement, with the
-   following change:
-
-   This header file does not require any macro definitions by the user
-   (like CK_DEFINE_FUNCTION etc).  In fact, it defines those macros
-   for you (if useful, some are missing, let me know if you need
-   more).
-
-   There is an additional API available that does comply better to the
-   GNU coding standard.  It can be switched on by defining
-   CRYPTOKI_GNU before including this header file.  For this, the
-   following changes are made to the specification:
-
-   All structure types are changed to a "struct ck_foo" where CK_FOO
-   is the type name in PKCS #11.
-
-   All non-structure types are changed to ck_foo_t where CK_FOO is the
-   lowercase version of the type name in PKCS #11.  The basic types
-   (CK_ULONG et al.) are removed without substitute.
-
-   All members of structures are modified in the following way: Type
-   indication prefixes are removed, and underscore characters are
-   inserted before words.  Then the result is lowercased.
-
-   Note that function names are still in the original case, as they
-   need for ABI compatibility.
-
-   CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute.  Use
-   <stdbool.h>.
-
-   If CRYPTOKI_COMPAT is defined before including this header file,
-   then none of the API changes above take place, and the API is the
-   one defined by the PKCS #11 standard.  */
-
-#ifndef PKCS11_H
-#define PKCS11_H 1
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-/* The version of cryptoki we implement.  The revision is changed with
-   each modification of this file.  If you do not use the "official"
-   version of this file, please consider deleting the revision macro
-   (you may use a macro with a different name to keep track of your
-   versions).  */
-#define CRYPTOKI_VERSION_MAJOR		2
-#define CRYPTOKI_VERSION_MINOR		20
-#define CRYPTOKI_VERSION_REVISION	6
-
-
-/* Compatibility interface is default, unless CRYPTOKI_GNU is
-   given.  */
-#ifndef CRYPTOKI_GNU
-#ifndef CRYPTOKI_COMPAT
-#define CRYPTOKI_COMPAT 1
-#endif
-#endif
-
-/* System dependencies.  */
-
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-
-/* There is a matching pop below.  */
-#pragma pack(push, cryptoki, 1)
-
-#ifdef CRYPTOKI_EXPORTS
-#define CK_SPEC __declspec(dllexport)
-#else
-#define CK_SPEC __declspec(dllimport)
-#endif
-
-#else
-
-#define CK_SPEC
-
-#endif
-
-
-#ifdef CRYPTOKI_COMPAT
-  /* If we are in compatibility mode, switch all exposed names to the
-     PKCS #11 variant.  There are corresponding #undefs below.  */
-
-#define ck_flags_t CK_FLAGS
-#define ck_version _CK_VERSION
-
-#define ck_info _CK_INFO
-#define cryptoki_version cryptokiVersion
-#define manufacturer_id manufacturerID
-#define library_description libraryDescription
-#define library_version libraryVersion
-
-#define ck_notification_t CK_NOTIFICATION
-#define ck_slot_id_t CK_SLOT_ID
-
-#define ck_slot_info _CK_SLOT_INFO
-#define slot_description slotDescription
-#define hardware_version hardwareVersion
-#define firmware_version firmwareVersion
-
-#define ck_token_info _CK_TOKEN_INFO
-#define serial_number serialNumber
-#define max_session_count ulMaxSessionCount
-#define session_count ulSessionCount
-#define max_rw_session_count ulMaxRwSessionCount
-#define rw_session_count ulRwSessionCount
-#define max_pin_len ulMaxPinLen
-#define min_pin_len ulMinPinLen
-#define total_public_memory ulTotalPublicMemory
-#define free_public_memory ulFreePublicMemory
-#define total_private_memory ulTotalPrivateMemory
-#define free_private_memory ulFreePrivateMemory
-#define utc_time utcTime
-
-#define ck_session_handle_t CK_SESSION_HANDLE
-#define ck_user_type_t CK_USER_TYPE
-#define ck_state_t CK_STATE
-
-#define ck_session_info _CK_SESSION_INFO
-#define slot_id slotID
-#define device_error ulDeviceError
-
-#define ck_object_handle_t CK_OBJECT_HANDLE
-#define ck_object_class_t CK_OBJECT_CLASS
-#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
-#define ck_key_type_t CK_KEY_TYPE
-#define ck_certificate_type_t CK_CERTIFICATE_TYPE
-#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
-
-#define ck_attribute _CK_ATTRIBUTE
-#define value pValue
-#define value_len ulValueLen
-
-#define ck_date _CK_DATE
-
-#define ck_mechanism_type_t CK_MECHANISM_TYPE
-
-#define ck_mechanism _CK_MECHANISM
-#define parameter pParameter
-#define parameter_len ulParameterLen
-
-#define ck_mechanism_info _CK_MECHANISM_INFO
-#define min_key_size ulMinKeySize
-#define max_key_size ulMaxKeySize
-
-#define ck_rv_t CK_RV
-#define ck_notify_t CK_NOTIFY
-
-#define ck_function_list _CK_FUNCTION_LIST
-
-#define ck_createmutex_t CK_CREATEMUTEX
-#define ck_destroymutex_t CK_DESTROYMUTEX
-#define ck_lockmutex_t CK_LOCKMUTEX
-#define ck_unlockmutex_t CK_UNLOCKMUTEX
-
-#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
-#define create_mutex CreateMutex
-#define destroy_mutex DestroyMutex
-#define lock_mutex LockMutex
-#define unlock_mutex UnlockMutex
-#define reserved pReserved
-
-#endif	/* CRYPTOKI_COMPAT */
-
-
-
-typedef unsigned long ck_flags_t;
-
-struct ck_version
-{
-  unsigned char major;
-  unsigned char minor;
-};
-
-
-struct ck_info
-{
-  struct ck_version cryptoki_version;
-  unsigned char manufacturer_id[32];
-  ck_flags_t flags;
-  unsigned char library_description[32];
-  struct ck_version library_version;
-};
-
-
-typedef unsigned long ck_notification_t;
-
-#define CKN_SURRENDER	(0)
-
-
-typedef unsigned long ck_slot_id_t;
-
-
-struct ck_slot_info
-{
-  unsigned char slot_description[64];
-  unsigned char manufacturer_id[32];
-  ck_flags_t flags;
-  struct ck_version hardware_version;
-  struct ck_version firmware_version;
-};
-
-
-#define CKF_TOKEN_PRESENT	(1 << 0)
-#define CKF_REMOVABLE_DEVICE	(1 << 1)
-#define CKF_HW_SLOT		(1 << 2)
-#define CKF_ARRAY_ATTRIBUTE	(1 << 30)
-
-
-struct ck_token_info
-{
-  unsigned char label[32];
-  unsigned char manufacturer_id[32];
-  unsigned char model[16];
-  unsigned char serial_number[16];
-  ck_flags_t flags;
-  unsigned long max_session_count;
-  unsigned long session_count;
-  unsigned long max_rw_session_count;
-  unsigned long rw_session_count;
-  unsigned long max_pin_len;
-  unsigned long min_pin_len;
-  unsigned long total_public_memory;
-  unsigned long free_public_memory;
-  unsigned long total_private_memory;
-  unsigned long free_private_memory;
-  struct ck_version hardware_version;
-  struct ck_version firmware_version;
-  unsigned char utc_time[16];
-};
-
-
-#define CKF_RNG					(1 << 0)
-#define CKF_WRITE_PROTECTED			(1 << 1)
-#define CKF_LOGIN_REQUIRED			(1 << 2)
-#define CKF_USER_PIN_INITIALIZED		(1 << 3)
-#define CKF_RESTORE_KEY_NOT_NEEDED		(1 << 5)
-#define CKF_CLOCK_ON_TOKEN			(1 << 6)
-#define CKF_PROTECTED_AUTHENTICATION_PATH	(1 << 8)
-#define CKF_DUAL_CRYPTO_OPERATIONS		(1 << 9)
-#define CKF_TOKEN_INITIALIZED			(1 << 10)
-#define CKF_SECONDARY_AUTHENTICATION		(1 << 11)
-#define CKF_USER_PIN_COUNT_LOW			(1 << 16)
-#define CKF_USER_PIN_FINAL_TRY			(1 << 17)
-#define CKF_USER_PIN_LOCKED			(1 << 18)
-#define CKF_USER_PIN_TO_BE_CHANGED		(1 << 19)
-#define CKF_SO_PIN_COUNT_LOW			(1 << 20)
-#define CKF_SO_PIN_FINAL_TRY			(1 << 21)
-#define CKF_SO_PIN_LOCKED			(1 << 22)
-#define CKF_SO_PIN_TO_BE_CHANGED		(1 << 23)
-
-#define CK_UNAVAILABLE_INFORMATION	((unsigned long) -1)
-#define CK_EFFECTIVELY_INFINITE		(0)
-
-
-typedef unsigned long ck_session_handle_t;
-
-#define CK_INVALID_HANDLE	(0)
-
-
-typedef unsigned long ck_user_type_t;
-
-#define CKU_SO			(0)
-#define CKU_USER		(1)
-#define CKU_CONTEXT_SPECIFIC	(2)
-
-
-typedef unsigned long ck_state_t;
-
-#define CKS_RO_PUBLIC_SESSION	(0)
-#define CKS_RO_USER_FUNCTIONS	(1)
-#define CKS_RW_PUBLIC_SESSION	(2)
-#define CKS_RW_USER_FUNCTIONS	(3)
-#define CKS_RW_SO_FUNCTIONS	(4)
-
-
-struct ck_session_info
-{
-  ck_slot_id_t slot_id;
-  ck_state_t state;
-  ck_flags_t flags;
-  unsigned long device_error;
-};
-
-#define CKF_RW_SESSION		(1 << 1)
-#define CKF_SERIAL_SESSION	(1 << 2)
-
-
-typedef unsigned long ck_object_handle_t;
-
-
-typedef unsigned long ck_object_class_t;
-
-#define CKO_DATA		(0)
-#define CKO_CERTIFICATE		(1)
-#define CKO_PUBLIC_KEY		(2)
-#define CKO_PRIVATE_KEY		(3)
-#define CKO_SECRET_KEY		(4)
-#define CKO_HW_FEATURE		(5)
-#define CKO_DOMAIN_PARAMETERS	(6)
-#define CKO_MECHANISM		(7)
-#define CKO_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_hw_feature_type_t;
-
-#define CKH_MONOTONIC_COUNTER	(1)
-#define CKH_CLOCK		(2)
-#define CKH_USER_INTERFACE	(3)
-#define CKH_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_key_type_t;
-
-#define CKK_RSA			(0)
-#define CKK_DSA			(1)
-#define CKK_DH			(2)
-#define CKK_ECDSA		(3)
-#define CKK_EC			(3)
-#define CKK_X9_42_DH		(4)
-#define CKK_KEA			(5)
-#define CKK_GENERIC_SECRET	(0x10)
-#define CKK_RC2			(0x11)
-#define CKK_RC4			(0x12)
-#define CKK_DES			(0x13)
-#define CKK_DES2		(0x14)
-#define CKK_DES3		(0x15)
-#define CKK_CAST		(0x16)
-#define CKK_CAST3		(0x17)
-#define CKK_CAST128		(0x18)
-#define CKK_RC5			(0x19)
-#define CKK_IDEA		(0x1a)
-#define CKK_SKIPJACK		(0x1b)
-#define CKK_BATON		(0x1c)
-#define CKK_JUNIPER		(0x1d)
-#define CKK_CDMF		(0x1e)
-#define CKK_AES			(0x1f)
-#define CKK_BLOWFISH		(0x20)
-#define CKK_TWOFISH		(0x21)
-#define CKK_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_certificate_type_t;
-
-#define CKC_X_509		(0)
-#define CKC_X_509_ATTR_CERT	(1)
-#define CKC_WTLS		(2)
-#define CKC_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_attribute_type_t;
-
-#define CKA_CLASS			(0)
-#define CKA_TOKEN			(1)
-#define CKA_PRIVATE			(2)
-#define CKA_LABEL			(3)
-#define CKA_APPLICATION			(0x10)
-#define CKA_VALUE			(0x11)
-#define CKA_OBJECT_ID			(0x12)
-#define CKA_CERTIFICATE_TYPE		(0x80)
-#define CKA_ISSUER			(0x81)
-#define CKA_SERIAL_NUMBER		(0x82)
-#define CKA_AC_ISSUER			(0x83)
-#define CKA_OWNER			(0x84)
-#define CKA_ATTR_TYPES			(0x85)
-#define CKA_TRUSTED			(0x86)
-#define CKA_CERTIFICATE_CATEGORY	(0x87)
-#define CKA_JAVA_MIDP_SECURITY_DOMAIN	(0x88)
-#define CKA_URL				(0x89)
-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY	(0x8a)
-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY	(0x8b)
-#define CKA_CHECK_VALUE			(0x90)
-#define CKA_KEY_TYPE			(0x100)
-#define CKA_SUBJECT			(0x101)
-#define CKA_ID				(0x102)
-#define CKA_SENSITIVE			(0x103)
-#define CKA_ENCRYPT			(0x104)
-#define CKA_DECRYPT			(0x105)
-#define CKA_WRAP			(0x106)
-#define CKA_UNWRAP			(0x107)
-#define CKA_SIGN			(0x108)
-#define CKA_SIGN_RECOVER		(0x109)
-#define CKA_VERIFY			(0x10a)
-#define CKA_VERIFY_RECOVER		(0x10b)
-#define CKA_DERIVE			(0x10c)
-#define CKA_START_DATE			(0x110)
-#define CKA_END_DATE			(0x111)
-#define CKA_MODULUS			(0x120)
-#define CKA_MODULUS_BITS		(0x121)
-#define CKA_PUBLIC_EXPONENT		(0x122)
-#define CKA_PRIVATE_EXPONENT		(0x123)
-#define CKA_PRIME_1			(0x124)
-#define CKA_PRIME_2			(0x125)
-#define CKA_EXPONENT_1			(0x126)
-#define CKA_EXPONENT_2			(0x127)
-#define CKA_COEFFICIENT			(0x128)
-#define CKA_PRIME			(0x130)
-#define CKA_SUBPRIME			(0x131)
-#define CKA_BASE			(0x132)
-#define CKA_PRIME_BITS			(0x133)
-#define CKA_SUB_PRIME_BITS		(0x134)
-#define CKA_VALUE_BITS			(0x160)
-#define CKA_VALUE_LEN			(0x161)
-#define CKA_EXTRACTABLE			(0x162)
-#define CKA_LOCAL			(0x163)
-#define CKA_NEVER_EXTRACTABLE		(0x164)
-#define CKA_ALWAYS_SENSITIVE		(0x165)
-#define CKA_KEY_GEN_MECHANISM		(0x166)
-#define CKA_MODIFIABLE			(0x170)
-#define CKA_ECDSA_PARAMS		(0x180)
-#define CKA_EC_PARAMS			(0x180)
-#define CKA_EC_POINT			(0x181)
-#define CKA_SECONDARY_AUTH		(0x200)
-#define CKA_AUTH_PIN_FLAGS		(0x201)
-#define CKA_ALWAYS_AUTHENTICATE		(0x202)
-#define CKA_WRAP_WITH_TRUSTED		(0x210)
-#define CKA_HW_FEATURE_TYPE		(0x300)
-#define CKA_RESET_ON_INIT		(0x301)
-#define CKA_HAS_RESET			(0x302)
-#define CKA_PIXEL_X			(0x400)
-#define CKA_PIXEL_Y			(0x401)
-#define CKA_RESOLUTION			(0x402)
-#define CKA_CHAR_ROWS			(0x403)
-#define CKA_CHAR_COLUMNS		(0x404)
-#define CKA_COLOR			(0x405)
-#define CKA_BITS_PER_PIXEL		(0x406)
-#define CKA_CHAR_SETS			(0x480)
-#define CKA_ENCODING_METHODS		(0x481)
-#define CKA_MIME_TYPES			(0x482)
-#define CKA_MECHANISM_TYPE		(0x500)
-#define CKA_REQUIRED_CMS_ATTRIBUTES	(0x501)
-#define CKA_DEFAULT_CMS_ATTRIBUTES	(0x502)
-#define CKA_SUPPORTED_CMS_ATTRIBUTES	(0x503)
-#define CKA_WRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x211)
-#define CKA_UNWRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x212)
-#define CKA_ALLOWED_MECHANISMS		(CKF_ARRAY_ATTRIBUTE | 0x600)
-#define CKA_VENDOR_DEFINED		((unsigned long) (1 << 31))
-
-
-struct ck_attribute
-{
-  ck_attribute_type_t type;
-  void *value;
-  unsigned long value_len;
-};
-
-
-struct ck_date
-{
-  unsigned char year[4];
-  unsigned char month[2];
-  unsigned char day[2];
-};
-
-
-typedef unsigned long ck_mechanism_type_t;
-
-#define CKM_RSA_PKCS_KEY_PAIR_GEN	(0)
-#define CKM_RSA_PKCS			(1)
-#define CKM_RSA_9796			(2)
-#define CKM_RSA_X_509			(3)
-#define CKM_MD2_RSA_PKCS		(4)
-#define CKM_MD5_RSA_PKCS		(5)
-#define CKM_SHA1_RSA_PKCS		(6)
-#define CKM_RIPEMD128_RSA_PKCS		(7)
-#define CKM_RIPEMD160_RSA_PKCS		(8)
-#define CKM_RSA_PKCS_OAEP		(9)
-#define CKM_RSA_X9_31_KEY_PAIR_GEN	(0xa)
-#define CKM_RSA_X9_31			(0xb)
-#define CKM_SHA1_RSA_X9_31		(0xc)
-#define CKM_RSA_PKCS_PSS		(0xd)
-#define CKM_SHA1_RSA_PKCS_PSS		(0xe)
-#define CKM_DSA_KEY_PAIR_GEN		(0x10)
-#define	CKM_DSA				(0x11)
-#define CKM_DSA_SHA1			(0x12)
-#define CKM_DH_PKCS_KEY_PAIR_GEN	(0x20)
-#define CKM_DH_PKCS_DERIVE		(0x21)
-#define	CKM_X9_42_DH_KEY_PAIR_GEN	(0x30)
-#define CKM_X9_42_DH_DERIVE		(0x31)
-#define CKM_X9_42_DH_HYBRID_DERIVE	(0x32)
-#define CKM_X9_42_MQV_DERIVE		(0x33)
-#define CKM_SHA256_RSA_PKCS		(0x40)
-#define CKM_SHA384_RSA_PKCS		(0x41)
-#define CKM_SHA512_RSA_PKCS		(0x42)
-#define CKM_SHA256_RSA_PKCS_PSS		(0x43)
-#define CKM_SHA384_RSA_PKCS_PSS		(0x44)
-#define CKM_SHA512_RSA_PKCS_PSS		(0x45)
-#define CKM_RC2_KEY_GEN			(0x100)
-#define CKM_RC2_ECB			(0x101)
-#define	CKM_RC2_CBC			(0x102)
-#define	CKM_RC2_MAC			(0x103)
-#define CKM_RC2_MAC_GENERAL		(0x104)
-#define CKM_RC2_CBC_PAD			(0x105)
-#define CKM_RC4_KEY_GEN			(0x110)
-#define CKM_RC4				(0x111)
-#define CKM_DES_KEY_GEN			(0x120)
-#define CKM_DES_ECB			(0x121)
-#define CKM_DES_CBC			(0x122)
-#define CKM_DES_MAC			(0x123)
-#define CKM_DES_MAC_GENERAL		(0x124)
-#define CKM_DES_CBC_PAD			(0x125)
-#define CKM_DES2_KEY_GEN		(0x130)
-#define CKM_DES3_KEY_GEN		(0x131)
-#define CKM_DES3_ECB			(0x132)
-#define CKM_DES3_CBC			(0x133)
-#define CKM_DES3_MAC			(0x134)
-#define CKM_DES3_MAC_GENERAL		(0x135)
-#define CKM_DES3_CBC_PAD		(0x136)
-#define CKM_CDMF_KEY_GEN		(0x140)
-#define CKM_CDMF_ECB			(0x141)
-#define CKM_CDMF_CBC			(0x142)
-#define CKM_CDMF_MAC			(0x143)
-#define CKM_CDMF_MAC_GENERAL		(0x144)
-#define CKM_CDMF_CBC_PAD		(0x145)
-#define CKM_MD2				(0x200)
-#define CKM_MD2_HMAC			(0x201)
-#define CKM_MD2_HMAC_GENERAL		(0x202)
-#define CKM_MD5				(0x210)
-#define CKM_MD5_HMAC			(0x211)
-#define CKM_MD5_HMAC_GENERAL		(0x212)
-#define CKM_SHA_1			(0x220)
-#define CKM_SHA_1_HMAC			(0x221)
-#define CKM_SHA_1_HMAC_GENERAL		(0x222)
-#define CKM_RIPEMD128			(0x230)
-#define CKM_RIPEMD128_HMAC		(0x231)
-#define CKM_RIPEMD128_HMAC_GENERAL	(0x232)
-#define CKM_RIPEMD160			(0x240)
-#define CKM_RIPEMD160_HMAC		(0x241)
-#define CKM_RIPEMD160_HMAC_GENERAL	(0x242)
-#define CKM_SHA256			(0x250)
-#define CKM_SHA256_HMAC			(0x251)
-#define CKM_SHA256_HMAC_GENERAL		(0x252)
-#define CKM_SHA384			(0x260)
-#define CKM_SHA384_HMAC			(0x261)
-#define CKM_SHA384_HMAC_GENERAL		(0x262)
-#define CKM_SHA512			(0x270)
-#define CKM_SHA512_HMAC			(0x271)
-#define CKM_SHA512_HMAC_GENERAL		(0x272)
-#define CKM_CAST_KEY_GEN		(0x300)
-#define CKM_CAST_ECB			(0x301)
-#define CKM_CAST_CBC			(0x302)
-#define CKM_CAST_MAC			(0x303)
-#define CKM_CAST_MAC_GENERAL		(0x304)
-#define CKM_CAST_CBC_PAD		(0x305)
-#define CKM_CAST3_KEY_GEN		(0x310)
-#define CKM_CAST3_ECB			(0x311)
-#define CKM_CAST3_CBC			(0x312)
-#define CKM_CAST3_MAC			(0x313)
-#define CKM_CAST3_MAC_GENERAL		(0x314)
-#define CKM_CAST3_CBC_PAD		(0x315)
-#define CKM_CAST5_KEY_GEN		(0x320)
-#define CKM_CAST128_KEY_GEN		(0x320)
-#define CKM_CAST5_ECB			(0x321)
-#define CKM_CAST128_ECB			(0x321)
-#define CKM_CAST5_CBC			(0x322)
-#define CKM_CAST128_CBC			(0x322)
-#define CKM_CAST5_MAC			(0x323)
-#define	CKM_CAST128_MAC			(0x323)
-#define CKM_CAST5_MAC_GENERAL		(0x324)
-#define CKM_CAST128_MAC_GENERAL		(0x324)
-#define CKM_CAST5_CBC_PAD		(0x325)
-#define CKM_CAST128_CBC_PAD		(0x325)
-#define CKM_RC5_KEY_GEN			(0x330)
-#define CKM_RC5_ECB			(0x331)
-#define CKM_RC5_CBC			(0x332)
-#define CKM_RC5_MAC			(0x333)
-#define CKM_RC5_MAC_GENERAL		(0x334)
-#define CKM_RC5_CBC_PAD			(0x335)
-#define CKM_IDEA_KEY_GEN		(0x340)
-#define CKM_IDEA_ECB			(0x341)
-#define	CKM_IDEA_CBC			(0x342)
-#define CKM_IDEA_MAC			(0x343)
-#define CKM_IDEA_MAC_GENERAL		(0x344)
-#define CKM_IDEA_CBC_PAD		(0x345)
-#define CKM_GENERIC_SECRET_KEY_GEN	(0x350)
-#define CKM_CONCATENATE_BASE_AND_KEY	(0x360)
-#define CKM_CONCATENATE_BASE_AND_DATA	(0x362)
-#define CKM_CONCATENATE_DATA_AND_BASE	(0x363)
-#define CKM_XOR_BASE_AND_DATA		(0x364)
-#define CKM_EXTRACT_KEY_FROM_KEY	(0x365)
-#define CKM_SSL3_PRE_MASTER_KEY_GEN	(0x370)
-#define CKM_SSL3_MASTER_KEY_DERIVE	(0x371)
-#define CKM_SSL3_KEY_AND_MAC_DERIVE	(0x372)
-#define CKM_SSL3_MASTER_KEY_DERIVE_DH	(0x373)
-#define CKM_TLS_PRE_MASTER_KEY_GEN	(0x374)
-#define CKM_TLS_MASTER_KEY_DERIVE	(0x375)
-#define CKM_TLS_KEY_AND_MAC_DERIVE	(0x376)
-#define CKM_TLS_MASTER_KEY_DERIVE_DH	(0x377)
-#define CKM_SSL3_MD5_MAC		(0x380)
-#define CKM_SSL3_SHA1_MAC		(0x381)
-#define CKM_MD5_KEY_DERIVATION		(0x390)
-#define CKM_MD2_KEY_DERIVATION		(0x391)
-#define CKM_SHA1_KEY_DERIVATION		(0x392)
-#define CKM_PBE_MD2_DES_CBC		(0x3a0)
-#define CKM_PBE_MD5_DES_CBC		(0x3a1)
-#define CKM_PBE_MD5_CAST_CBC		(0x3a2)
-#define CKM_PBE_MD5_CAST3_CBC		(0x3a3)
-#define CKM_PBE_MD5_CAST5_CBC		(0x3a4)
-#define CKM_PBE_MD5_CAST128_CBC		(0x3a4)
-#define CKM_PBE_SHA1_CAST5_CBC		(0x3a5)
-#define CKM_PBE_SHA1_CAST128_CBC	(0x3a5)
-#define CKM_PBE_SHA1_RC4_128		(0x3a6)
-#define CKM_PBE_SHA1_RC4_40		(0x3a7)
-#define CKM_PBE_SHA1_DES3_EDE_CBC	(0x3a8)
-#define CKM_PBE_SHA1_DES2_EDE_CBC	(0x3a9)
-#define CKM_PBE_SHA1_RC2_128_CBC	(0x3aa)
-#define CKM_PBE_SHA1_RC2_40_CBC		(0x3ab)
-#define CKM_PKCS5_PBKD2			(0x3b0)
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC	(0x3c0)
-#define CKM_KEY_WRAP_LYNKS		(0x400)
-#define CKM_KEY_WRAP_SET_OAEP		(0x401)
-#define CKM_SKIPJACK_KEY_GEN		(0x1000)
-#define CKM_SKIPJACK_ECB64		(0x1001)
-#define CKM_SKIPJACK_CBC64		(0x1002)
-#define CKM_SKIPJACK_OFB64		(0x1003)
-#define CKM_SKIPJACK_CFB64		(0x1004)
-#define CKM_SKIPJACK_CFB32		(0x1005)
-#define CKM_SKIPJACK_CFB16		(0x1006)
-#define CKM_SKIPJACK_CFB8		(0x1007)
-#define CKM_SKIPJACK_WRAP		(0x1008)
-#define CKM_SKIPJACK_PRIVATE_WRAP	(0x1009)
-#define CKM_SKIPJACK_RELAYX		(0x100a)
-#define CKM_KEA_KEY_PAIR_GEN		(0x1010)
-#define CKM_KEA_KEY_DERIVE		(0x1011)
-#define CKM_FORTEZZA_TIMESTAMP		(0x1020)
-#define CKM_BATON_KEY_GEN		(0x1030)
-#define CKM_BATON_ECB128		(0x1031)
-#define CKM_BATON_ECB96			(0x1032)
-#define CKM_BATON_CBC128		(0x1033)
-#define CKM_BATON_COUNTER		(0x1034)
-#define CKM_BATON_SHUFFLE		(0x1035)
-#define CKM_BATON_WRAP			(0x1036)
-#define CKM_ECDSA_KEY_PAIR_GEN		(0x1040)
-#define CKM_EC_KEY_PAIR_GEN		(0x1040)
-#define CKM_ECDSA			(0x1041)
-#define CKM_ECDSA_SHA1			(0x1042)
-#define CKM_ECDH1_DERIVE		(0x1050)
-#define CKM_ECDH1_COFACTOR_DERIVE	(0x1051)
-#define CKM_ECMQV_DERIVE		(0x1052)
-#define CKM_JUNIPER_KEY_GEN		(0x1060)
-#define CKM_JUNIPER_ECB128		(0x1061)
-#define CKM_JUNIPER_CBC128		(0x1062)
-#define CKM_JUNIPER_COUNTER		(0x1063)
-#define CKM_JUNIPER_SHUFFLE		(0x1064)
-#define CKM_JUNIPER_WRAP		(0x1065)
-#define CKM_FASTHASH			(0x1070)
-#define CKM_AES_KEY_GEN			(0x1080)
-#define CKM_AES_ECB			(0x1081)
-#define CKM_AES_CBC			(0x1082)
-#define CKM_AES_MAC			(0x1083)
-#define CKM_AES_MAC_GENERAL		(0x1084)
-#define CKM_AES_CBC_PAD			(0x1085)
-#define CKM_DSA_PARAMETER_GEN		(0x2000)
-#define CKM_DH_PKCS_PARAMETER_GEN	(0x2001)
-#define CKM_X9_42_DH_PARAMETER_GEN	(0x2002)
-#define CKM_VENDOR_DEFINED		((unsigned long) (1 << 31))
-
-
-struct ck_mechanism
-{
-  ck_mechanism_type_t mechanism;
-  void *parameter;
-  unsigned long parameter_len;
-};
-
-
-struct ck_mechanism_info
-{
-  unsigned long min_key_size;
-  unsigned long max_key_size;
-  ck_flags_t flags;
-};
-
-#define CKF_HW			(1 << 0)
-#define CKF_ENCRYPT		(1 << 8)
-#define CKF_DECRYPT		(1 << 9)
-#define CKF_DIGEST		(1 << 10)
-#define CKF_SIGN		(1 << 11)
-#define CKF_SIGN_RECOVER	(1 << 12)
-#define CKF_VERIFY		(1 << 13)
-#define CKF_VERIFY_RECOVER	(1 << 14)
-#define CKF_GENERATE		(1 << 15)
-#define CKF_GENERATE_KEY_PAIR	(1 << 16)
-#define CKF_WRAP		(1 << 17)
-#define CKF_UNWRAP		(1 << 18)
-#define CKF_DERIVE		(1 << 19)
-#define CKF_EXTENSION		((unsigned long) (1 << 31))
-
-
-/* Flags for C_WaitForSlotEvent.  */
-#define CKF_DONT_BLOCK				(1)
-
-
-typedef unsigned long ck_rv_t;
-
-
-typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
-				ck_notification_t event, void *application);
-
-/* Forward reference.  */
-struct ck_function_list;
-
-#define _CK_DECLARE_FUNCTION(name, args)	\
-typedef ck_rv_t (*CK_ ## name) args;		\
-ck_rv_t CK_SPEC name args
-
-_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
-_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
-_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
-_CK_DECLARE_FUNCTION (C_GetFunctionList,
-		      (struct ck_function_list **function_list));
-
-_CK_DECLARE_FUNCTION (C_GetSlotList,
-		      (unsigned char token_present, ck_slot_id_t *slot_list,
-		       unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetSlotInfo,
-		      (ck_slot_id_t slot_id, struct ck_slot_info *info));
-_CK_DECLARE_FUNCTION (C_GetTokenInfo,
-		      (ck_slot_id_t slot_id, struct ck_token_info *info));
-_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
-		      (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
-_CK_DECLARE_FUNCTION (C_GetMechanismList,
-		      (ck_slot_id_t slot_id,
-		       ck_mechanism_type_t *mechanism_list,
-		       unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
-		      (ck_slot_id_t slot_id, ck_mechanism_type_t type,
-		       struct ck_mechanism_info *info));
-_CK_DECLARE_FUNCTION (C_InitToken,
-		      (ck_slot_id_t slot_id, unsigned char *pin,
-		       unsigned long pin_len, unsigned char *label));
-_CK_DECLARE_FUNCTION (C_InitPIN,
-		      (ck_session_handle_t session, unsigned char *pin,
-		       unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_SetPIN,
-		      (ck_session_handle_t session, unsigned char *old_pin,
-		       unsigned long old_len, unsigned char *new_pin,
-		       unsigned long new_len));
-
-_CK_DECLARE_FUNCTION (C_OpenSession,
-		      (ck_slot_id_t slot_id, ck_flags_t flags,
-		       void *application, ck_notify_t notify,
-		       ck_session_handle_t *session));
-_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
-_CK_DECLARE_FUNCTION (C_GetSessionInfo,
-		      (ck_session_handle_t session,
-		       struct ck_session_info *info));
-_CK_DECLARE_FUNCTION (C_GetOperationState,
-		      (ck_session_handle_t session,
-		       unsigned char *operation_state,
-		       unsigned long *operation_state_len));
-_CK_DECLARE_FUNCTION (C_SetOperationState,
-		      (ck_session_handle_t session,
-		       unsigned char *operation_state,
-		       unsigned long operation_state_len,
-		       ck_object_handle_t encryption_key,
-		       ck_object_handle_t authentiation_key));
-_CK_DECLARE_FUNCTION (C_Login,
-		      (ck_session_handle_t session, ck_user_type_t user_type,
-		       unsigned char *pin, unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_CreateObject,
-		      (ck_session_handle_t session,
-		       struct ck_attribute *templ,
-		       unsigned long count, ck_object_handle_t *object));
-_CK_DECLARE_FUNCTION (C_CopyObject,
-		      (ck_session_handle_t session, ck_object_handle_t object,
-		       struct ck_attribute *templ, unsigned long count,
-		       ck_object_handle_t *new_object));
-_CK_DECLARE_FUNCTION (C_DestroyObject,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object));
-_CK_DECLARE_FUNCTION (C_GetObjectSize,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       unsigned long *size));
-_CK_DECLARE_FUNCTION (C_GetAttributeValue,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_SetAttributeValue,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjectsInit,
-		      (ck_session_handle_t session,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjects,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t *object,
-		       unsigned long max_object_count,
-		       unsigned long *object_count));
-_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
-		      (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_EncryptInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Encrypt,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *encrypted_data,
-		       unsigned long *encrypted_data_len));
-_CK_DECLARE_FUNCTION (C_EncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_EncryptFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *last_encrypted_part,
-		       unsigned long *last_encrypted_part_len));
-
-_CK_DECLARE_FUNCTION (C_DecryptInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Decrypt,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_data,
-		       unsigned long encrypted_data_len,
-		       unsigned char *data, unsigned long *data_len));
-_CK_DECLARE_FUNCTION (C_DecryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part, unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_DecryptFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *last_part,
-		       unsigned long *last_part_len));
-
-_CK_DECLARE_FUNCTION (C_DigestInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism));
-_CK_DECLARE_FUNCTION (C_Digest,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *digest,
-		       unsigned long *digest_len));
-_CK_DECLARE_FUNCTION (C_DigestUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_DigestKey,
-		      (ck_session_handle_t session, ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_DigestFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *digest,
-		       unsigned long *digest_len));
-
-_CK_DECLARE_FUNCTION (C_SignInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Sign,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_SignFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignRecoverInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_SignRecover,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-
-_CK_DECLARE_FUNCTION (C_VerifyInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Verify,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_VerifyFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_VerifyRecover,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long signature_len,
-		       unsigned char *data,
-		       unsigned long *data_len));
-
-_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part,
-		       unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part,
-		       unsigned long *part_len));
-
-_CK_DECLARE_FUNCTION (C_GenerateKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       struct ck_attribute *templ,
-		       unsigned long count,
-		       ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       struct ck_attribute *public_key_template,
-		       unsigned long public_key_attribute_count,
-		       struct ck_attribute *private_key_template,
-		       unsigned long private_key_attribute_count,
-		       ck_object_handle_t *public_key,
-		       ck_object_handle_t *private_key));
-_CK_DECLARE_FUNCTION (C_WrapKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t wrapping_key,
-		       ck_object_handle_t key,
-		       unsigned char *wrapped_key,
-		       unsigned long *wrapped_key_len));
-_CK_DECLARE_FUNCTION (C_UnwrapKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t unwrapping_key,
-		       unsigned char *wrapped_key,
-		       unsigned long wrapped_key_len,
-		       struct ck_attribute *templ,
-		       unsigned long attribute_count,
-		       ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_DeriveKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t base_key,
-		       struct ck_attribute *templ,
-		       unsigned long attribute_count,
-		       ck_object_handle_t *key));
-
-_CK_DECLARE_FUNCTION (C_SeedRandom,
-		      (ck_session_handle_t session, unsigned char *seed,
-		       unsigned long seed_len));
-_CK_DECLARE_FUNCTION (C_GenerateRandom,
-		      (ck_session_handle_t session,
-		       unsigned char *random_data,
-		       unsigned long random_len));
-
-_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
-
-
-struct ck_function_list
-{
-  struct ck_version version;
-  CK_C_Initialize C_Initialize;
-  CK_C_Finalize C_Finalize;
-  CK_C_GetInfo C_GetInfo;
-  CK_C_GetFunctionList C_GetFunctionList;
-  CK_C_GetSlotList C_GetSlotList;
-  CK_C_GetSlotInfo C_GetSlotInfo;
-  CK_C_GetTokenInfo C_GetTokenInfo;
-  CK_C_GetMechanismList C_GetMechanismList;
-  CK_C_GetMechanismInfo C_GetMechanismInfo;
-  CK_C_InitToken C_InitToken;
-  CK_C_InitPIN C_InitPIN;
-  CK_C_SetPIN C_SetPIN;
-  CK_C_OpenSession C_OpenSession;
-  CK_C_CloseSession C_CloseSession;
-  CK_C_CloseAllSessions C_CloseAllSessions;
-  CK_C_GetSessionInfo C_GetSessionInfo;
-  CK_C_GetOperationState C_GetOperationState;
-  CK_C_SetOperationState C_SetOperationState;
-  CK_C_Login C_Login;
-  CK_C_Logout C_Logout;
-  CK_C_CreateObject C_CreateObject;
-  CK_C_CopyObject C_CopyObject;
-  CK_C_DestroyObject C_DestroyObject;
-  CK_C_GetObjectSize C_GetObjectSize;
-  CK_C_GetAttributeValue C_GetAttributeValue;
-  CK_C_SetAttributeValue C_SetAttributeValue;
-  CK_C_FindObjectsInit C_FindObjectsInit;
-  CK_C_FindObjects C_FindObjects;
-  CK_C_FindObjectsFinal C_FindObjectsFinal;
-  CK_C_EncryptInit C_EncryptInit;
-  CK_C_Encrypt C_Encrypt;
-  CK_C_EncryptUpdate C_EncryptUpdate;
-  CK_C_EncryptFinal C_EncryptFinal;
-  CK_C_DecryptInit C_DecryptInit;
-  CK_C_Decrypt C_Decrypt;
-  CK_C_DecryptUpdate C_DecryptUpdate;
-  CK_C_DecryptFinal C_DecryptFinal;
-  CK_C_DigestInit C_DigestInit;
-  CK_C_Digest C_Digest;
-  CK_C_DigestUpdate C_DigestUpdate;
-  CK_C_DigestKey C_DigestKey;
-  CK_C_DigestFinal C_DigestFinal;
-  CK_C_SignInit C_SignInit;
-  CK_C_Sign C_Sign;
-  CK_C_SignUpdate C_SignUpdate;
-  CK_C_SignFinal C_SignFinal;
-  CK_C_SignRecoverInit C_SignRecoverInit;
-  CK_C_SignRecover C_SignRecover;
-  CK_C_VerifyInit C_VerifyInit;
-  CK_C_Verify C_Verify;
-  CK_C_VerifyUpdate C_VerifyUpdate;
-  CK_C_VerifyFinal C_VerifyFinal;
-  CK_C_VerifyRecoverInit C_VerifyRecoverInit;
-  CK_C_VerifyRecover C_VerifyRecover;
-  CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
-  CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
-  CK_C_SignEncryptUpdate C_SignEncryptUpdate;
-  CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
-  CK_C_GenerateKey C_GenerateKey;
-  CK_C_GenerateKeyPair C_GenerateKeyPair;
-  CK_C_WrapKey C_WrapKey;
-  CK_C_UnwrapKey C_UnwrapKey;
-  CK_C_DeriveKey C_DeriveKey;
-  CK_C_SeedRandom C_SeedRandom;
-  CK_C_GenerateRandom C_GenerateRandom;
-  CK_C_GetFunctionStatus C_GetFunctionStatus;
-  CK_C_CancelFunction C_CancelFunction;
-  CK_C_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
-
-typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
-typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
-typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
-typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
-
-
-struct ck_c_initialize_args
-{
-  ck_createmutex_t create_mutex;
-  ck_destroymutex_t destroy_mutex;
-  ck_lockmutex_t lock_mutex;
-  ck_unlockmutex_t unlock_mutex;
-  ck_flags_t flags;
-  void *reserved;
-};
-
-
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS	(1 << 0)
-#define CKF_OS_LOCKING_OK			(1 << 1)
-
-#define CKR_OK					(0)
-#define CKR_CANCEL				(1)
-#define CKR_HOST_MEMORY				(2)
-#define CKR_SLOT_ID_INVALID			(3)
-#define CKR_GENERAL_ERROR			(5)
-#define CKR_FUNCTION_FAILED			(6)
-#define CKR_ARGUMENTS_BAD			(7)
-#define CKR_NO_EVENT				(8)
-#define CKR_NEED_TO_CREATE_THREADS		(9)
-#define CKR_CANT_LOCK				(0xa)
-#define CKR_ATTRIBUTE_READ_ONLY			(0x10)
-#define CKR_ATTRIBUTE_SENSITIVE			(0x11)
-#define CKR_ATTRIBUTE_TYPE_INVALID		(0x12)
-#define CKR_ATTRIBUTE_VALUE_INVALID		(0x13)
-#define CKR_DATA_INVALID			(0x20)
-#define CKR_DATA_LEN_RANGE			(0x21)
-#define CKR_DEVICE_ERROR			(0x30)
-#define CKR_DEVICE_MEMORY			(0x31)
-#define CKR_DEVICE_REMOVED			(0x32)
-#define CKR_ENCRYPTED_DATA_INVALID		(0x40)
-#define CKR_ENCRYPTED_DATA_LEN_RANGE		(0x41)
-#define CKR_FUNCTION_CANCELED			(0x50)
-#define CKR_FUNCTION_NOT_PARALLEL		(0x51)
-#define CKR_FUNCTION_NOT_SUPPORTED		(0x54)
-#define CKR_KEY_HANDLE_INVALID			(0x60)
-#define CKR_KEY_SIZE_RANGE			(0x62)
-#define CKR_KEY_TYPE_INCONSISTENT		(0x63)
-#define CKR_KEY_NOT_NEEDED			(0x64)
-#define CKR_KEY_CHANGED				(0x65)
-#define CKR_KEY_NEEDED				(0x66)
-#define CKR_KEY_INDIGESTIBLE			(0x67)
-#define CKR_KEY_FUNCTION_NOT_PERMITTED		(0x68)
-#define CKR_KEY_NOT_WRAPPABLE			(0x69)
-#define CKR_KEY_UNEXTRACTABLE			(0x6a)
-#define CKR_MECHANISM_INVALID			(0x70)
-#define CKR_MECHANISM_PARAM_INVALID		(0x71)
-#define CKR_OBJECT_HANDLE_INVALID		(0x82)
-#define CKR_OPERATION_ACTIVE			(0x90)
-#define CKR_OPERATION_NOT_INITIALIZED		(0x91)
-#define CKR_PIN_INCORRECT			(0xa0)
-#define CKR_PIN_INVALID				(0xa1)
-#define CKR_PIN_LEN_RANGE			(0xa2)
-#define CKR_PIN_EXPIRED				(0xa3)
-#define CKR_PIN_LOCKED				(0xa4)
-#define CKR_SESSION_CLOSED			(0xb0)
-#define CKR_SESSION_COUNT			(0xb1)
-#define CKR_SESSION_HANDLE_INVALID		(0xb3)
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED	(0xb4)
-#define CKR_SESSION_READ_ONLY			(0xb5)
-#define CKR_SESSION_EXISTS			(0xb6)
-#define CKR_SESSION_READ_ONLY_EXISTS		(0xb7)
-#define CKR_SESSION_READ_WRITE_SO_EXISTS	(0xb8)
-#define CKR_SIGNATURE_INVALID			(0xc0)
-#define CKR_SIGNATURE_LEN_RANGE			(0xc1)
-#define CKR_TEMPLATE_INCOMPLETE			(0xd0)
-#define CKR_TEMPLATE_INCONSISTENT		(0xd1)
-#define CKR_TOKEN_NOT_PRESENT			(0xe0)
-#define CKR_TOKEN_NOT_RECOGNIZED		(0xe1)
-#define CKR_TOKEN_WRITE_PROTECTED		(0xe2)
-#define	CKR_UNWRAPPING_KEY_HANDLE_INVALID	(0xf0)
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE		(0xf1)
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT	(0xf2)
-#define CKR_USER_ALREADY_LOGGED_IN		(0x100)
-#define CKR_USER_NOT_LOGGED_IN			(0x101)
-#define CKR_USER_PIN_NOT_INITIALIZED		(0x102)
-#define CKR_USER_TYPE_INVALID			(0x103)
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN	(0x104)
-#define CKR_USER_TOO_MANY_TYPES			(0x105)
-#define CKR_WRAPPED_KEY_INVALID			(0x110)
-#define CKR_WRAPPED_KEY_LEN_RANGE		(0x112)
-#define CKR_WRAPPING_KEY_HANDLE_INVALID		(0x113)
-#define CKR_WRAPPING_KEY_SIZE_RANGE		(0x114)
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT	(0x115)
-#define CKR_RANDOM_SEED_NOT_SUPPORTED		(0x120)
-#define CKR_RANDOM_NO_RNG			(0x121)
-#define CKR_DOMAIN_PARAMS_INVALID		(0x130)
-#define CKR_BUFFER_TOO_SMALL			(0x150)
-#define CKR_SAVED_STATE_INVALID			(0x160)
-#define CKR_INFORMATION_SENSITIVE		(0x170)
-#define CKR_STATE_UNSAVEABLE			(0x180)
-#define CKR_CRYPTOKI_NOT_INITIALIZED		(0x190)
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED	(0x191)
-#define CKR_MUTEX_BAD				(0x1a0)
-#define CKR_MUTEX_NOT_LOCKED			(0x1a1)
-#define CKR_FUNCTION_REJECTED			(0x200)
-#define CKR_VENDOR_DEFINED			((unsigned long) (1 << 31))
-
-
-
-/* Compatibility layer.  */
-
-#ifdef CRYPTOKI_COMPAT
-
-#undef CK_DEFINE_FUNCTION
-#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
-
-/* For NULL.  */
-#include <stddef.h>
-
-typedef unsigned char CK_BYTE;
-typedef unsigned char CK_CHAR;
-typedef unsigned char CK_UTF8CHAR;
-typedef unsigned char CK_BBOOL;
-typedef unsigned long int CK_ULONG;
-typedef long int CK_LONG;
-typedef CK_BYTE *CK_BYTE_PTR;
-typedef CK_CHAR *CK_CHAR_PTR;
-typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
-typedef CK_ULONG *CK_ULONG_PTR;
-typedef void *CK_VOID_PTR;
-typedef void **CK_VOID_PTR_PTR;
-#define CK_FALSE 0
-#define CK_TRUE 1
-#ifndef CK_DISABLE_TRUE_FALSE
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-#endif
-
-typedef struct ck_version CK_VERSION;
-typedef struct ck_version *CK_VERSION_PTR;
-
-typedef struct ck_info CK_INFO;
-typedef struct ck_info *CK_INFO_PTR;
-
-typedef ck_slot_id_t *CK_SLOT_ID_PTR;
-
-typedef struct ck_slot_info CK_SLOT_INFO;
-typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
-
-typedef struct ck_token_info CK_TOKEN_INFO;
-typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
-
-typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
-
-typedef struct ck_session_info CK_SESSION_INFO;
-typedef struct ck_session_info *CK_SESSION_INFO_PTR;
-
-typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
-
-typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
-
-typedef struct ck_attribute CK_ATTRIBUTE;
-typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
-
-typedef struct ck_date CK_DATE;
-typedef struct ck_date *CK_DATE_PTR;
-
-typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
-
-typedef struct ck_mechanism CK_MECHANISM;
-typedef struct ck_mechanism *CK_MECHANISM_PTR;
-
-typedef struct ck_mechanism_info CK_MECHANISM_INFO;
-typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
-
-typedef struct ck_function_list CK_FUNCTION_LIST;
-typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
-typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
-
-typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
-typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
-#define NULL_PTR NULL
-
-/* Delete the helper macros defined at the top of the file.  */
-#undef ck_flags_t
-#undef ck_version
-
-#undef ck_info
-#undef cryptoki_version
-#undef manufacturer_id
-#undef library_description
-#undef library_version
-
-#undef ck_notification_t
-#undef ck_slot_id_t
-
-#undef ck_slot_info
-#undef slot_description
-#undef hardware_version
-#undef firmware_version
-
-#undef ck_token_info
-#undef serial_number
-#undef max_session_count
-#undef session_count
-#undef max_rw_session_count
-#undef rw_session_count
-#undef max_pin_len
-#undef min_pin_len
-#undef total_public_memory
-#undef free_public_memory
-#undef total_private_memory
-#undef free_private_memory
-#undef utc_time
-
-#undef ck_session_handle_t
-#undef ck_user_type_t
-#undef ck_state_t
-
-#undef ck_session_info
-#undef slot_id
-#undef device_error
-
-#undef ck_object_handle_t
-#undef ck_object_class_t
-#undef ck_hw_feature_type_t
-#undef ck_key_type_t
-#undef ck_certificate_type_t
-#undef ck_attribute_type_t
-
-#undef ck_attribute
-#undef value
-#undef value_len
-
-#undef ck_date
-
-#undef ck_mechanism_type_t
-
-#undef ck_mechanism
-#undef parameter
-#undef parameter_len
-
-#undef ck_mechanism_info
-#undef min_key_size
-#undef max_key_size
-
-#undef ck_rv_t
-#undef ck_notify_t
-
-#undef ck_function_list
-
-#undef ck_createmutex_t
-#undef ck_destroymutex_t
-#undef ck_lockmutex_t
-#undef ck_unlockmutex_t
-
-#undef ck_c_initialize_args
-#undef create_mutex
-#undef destroy_mutex
-#undef lock_mutex
-#undef unlock_mutex
-#undef reserved
-
-#endif	/* CRYPTOKI_COMPAT */
-
-
-/* System dependencies.  */
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-#pragma pack(pop, cryptoki)
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif	/* PKCS11_H */
diff --git a/crypto/heimdal/lib/hx509/req.c b/crypto/heimdal/lib/hx509/req.c
deleted file mode 100644
index d7a85e1..0000000
--- a/crypto/heimdal/lib/hx509/req.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include <pkcs10_asn1.h>
-RCSID("$Id: req.c 21344 2007-06-26 14:22:34Z lha $");
-
-struct hx509_request_data {
-    hx509_name name;
-    SubjectPublicKeyInfo key;
-    ExtKeyUsage eku;
-    GeneralNames san;
-};
-
-/*
- *
- */
-
-int
-_hx509_request_init(hx509_context context, hx509_request *req)
-{
-    *req = calloc(1, sizeof(**req));
-    if (*req == NULL)
-	return ENOMEM;
-
-    return 0;
-}
-
-void
-_hx509_request_free(hx509_request *req)
-{
-    if ((*req)->name)
-	hx509_name_free(&(*req)->name);
-    free_SubjectPublicKeyInfo(&(*req)->key);
-    free_ExtKeyUsage(&(*req)->eku);
-    free_GeneralNames(&(*req)->san);
-    memset(*req, 0, sizeof(**req));
-    free(*req);
-    *req = NULL;
-}
-
-int
-_hx509_request_set_name(hx509_context context,
-			hx509_request req,
-			hx509_name name)
-{
-    if (req->name)
-	hx509_name_free(&req->name);
-    if (name) {
-	int ret = hx509_name_copy(context, name, &req->name);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-}
-
-int
-_hx509_request_get_name(hx509_context context,
-			hx509_request req,
-			hx509_name *name)
-{
-    if (req->name == NULL) {
-	hx509_set_error_string(context, 0, EINVAL, "Request have no name");
-	return EINVAL;
-    }
-    return hx509_name_copy(context, req->name, name);
-}
-
-int
-_hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
-					hx509_request req,
-					const SubjectPublicKeyInfo *key)
-{
-    free_SubjectPublicKeyInfo(&req->key);
-    return copy_SubjectPublicKeyInfo(key, &req->key);
-}
-
-int
-_hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
-					hx509_request req,
-					SubjectPublicKeyInfo *key)
-{
-    return copy_SubjectPublicKeyInfo(&req->key, key);
-}
-
-int
-_hx509_request_add_eku(hx509_context context,
-		       hx509_request req,
-		       const heim_oid *oid)
-{
-    void *val;
-    int ret;
-
-    val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
-    if (val == NULL)
-	return ENOMEM;
-    req->eku.val = val;
-
-    ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
-    if (ret)
-	return ret;
-
-    req->eku.len += 1;
-
-    return 0;
-}
-
-int
-_hx509_request_add_dns_name(hx509_context context,
-			    hx509_request req,
-			    const char *hostname)
-{
-    GeneralName name;
-
-    memset(&name, 0, sizeof(name));
-    name.element = choice_GeneralName_dNSName;
-    name.u.dNSName = rk_UNCONST(hostname);
-
-    return add_GeneralNames(&req->san, &name);
-}
-
-int
-_hx509_request_add_email(hx509_context context,
-			 hx509_request req,
-			 const char *email)
-{
-    GeneralName name;
-
-    memset(&name, 0, sizeof(name));
-    name.element = choice_GeneralName_rfc822Name;
-    name.u.dNSName = rk_UNCONST(email);
-
-    return add_GeneralNames(&req->san, &name);
-}
-
-
-
-int
-_hx509_request_to_pkcs10(hx509_context context,
-			 const hx509_request req,
-			 const hx509_private_key signer,
-			 heim_octet_string *request)
-{
-    CertificationRequest r;
-    heim_octet_string data, os;
-    int ret;
-    size_t size;
-
-    if (req->name == NULL) {
-	hx509_set_error_string(context, 0, EINVAL,
-			       "PKCS10 needs to have a subject");
-	return EINVAL;
-    }
-
-    memset(&r, 0, sizeof(r));
-    memset(request, 0, sizeof(*request));
-
-    r.certificationRequestInfo.version = pkcs10_v1;
-
-    ret = copy_Name(&req->name->der_name,
-		    &r.certificationRequestInfo.subject);
-    if (ret)
-	goto out;
-    ret = copy_SubjectPublicKeyInfo(&req->key,
-				    &r.certificationRequestInfo.subjectPKInfo);
-    if (ret)
-	goto out;
-    r.certificationRequestInfo.attributes = 
-	calloc(1, sizeof(*r.certificationRequestInfo.attributes));
-    if (r.certificationRequestInfo.attributes == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length, 
-		       &r.certificationRequestInfo, &size, ret);
-    if (ret)
-	goto out;
-    if (data.length != size)
-	abort();
-
-    ret = _hx509_create_signature(context,
-				  signer,
-				  _hx509_crypto_default_sig_alg,
-				  &data,
-				  &r.signatureAlgorithm,
-				  &os);
-    free(data.data);
-    if (ret)
-	goto out;
-    r.signature.data = os.data;
-    r.signature.length = os.length * 8;
-
-    ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
-		       &r, &size, ret);
-    if (ret)
-	goto out;
-    if (data.length != size)
-	abort();
-
-    *request = data;
-
-out:
-    free_CertificationRequest(&r);
-
-    return ret;
-}
-
-int
-_hx509_request_parse(hx509_context context, 
-		     const char *path,
-		     hx509_request *req)
-{
-    CertificationRequest r;
-    CertificationRequestInfo *rinfo;
-    hx509_name subject;
-    size_t len, size;
-    void *p;
-    int ret;
-
-    if (strncmp(path, "PKCS10:", 7) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-    path += 7;
-
-    /* XXX PEM request */
-
-    ret = _hx509_map_file(path, &p, &len, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
-	return ret;
-    }
-
-    ret = decode_CertificationRequest(p, len, &r, &size);
-    _hx509_unmap_file(p, len);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
-	return ret;
-    }
-
-    ret = _hx509_request_init(context, req);
-    if (ret) {
-	free_CertificationRequest(&r);
-	return ret;
-    }
-
-    rinfo = &r.certificationRequestInfo;
-
-    ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
-						  &rinfo->subjectPKInfo);
-    if (ret) {
-	free_CertificationRequest(&r);
-	_hx509_request_free(req);
-	return ret;
-    }
-
-    ret = _hx509_name_from_Name(&rinfo->subject, &subject);
-    if (ret) {
-	free_CertificationRequest(&r);
-	_hx509_request_free(req);
-	return ret;
-    }
-    ret = _hx509_request_set_name(context, *req, subject);
-    hx509_name_free(&subject);
-    free_CertificationRequest(&r);
-    if (ret) {
-	_hx509_request_free(req);
-	return ret;
-    }
-
-    return 0;
-}
-
-
-int
-_hx509_request_print(hx509_context context, hx509_request req, FILE *f)
-{
-    int ret;
-
-    if (req->name) {
-	char *subject;
-	ret = hx509_name_to_string(req->name, &subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Failed to print name");
-	    return ret;
-	}
-        fprintf(f, "name: %s\n", subject);
-	free(subject);
-    }
-    
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/hx509/revoke.c b/crypto/heimdal/lib/hx509/revoke.c
deleted file mode 100644
index cfde439..0000000
--- a/crypto/heimdal/lib/hx509/revoke.c
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/**
- * @page page_revoke Revocation methods
- *
- * There are two revocation method for PKIX/X.509: CRL and OCSP.
- * Revocation is needed if the private key is lost and
- * stolen. Depending on how picky you are, you might want to make
- * revocation for destroyed private keys too (smartcard broken), but
- * that should not be a problem.
- *
- * CRL is a list of certifiates that have expired.
- *
- * OCSP is an online checking method where the requestor sends a list
- * of certificates to the OCSP server to return a signed reply if they
- * are valid or not. Some services sends a OCSP reply as part of the
- * hand-shake to make the revoktion decision simpler/faster for the
- * client.
- */
-
-#include "hx_locl.h"
-RCSID("$Id: revoke.c 22275 2007-12-11 11:02:11Z lha $");
-
-struct revoke_crl {
-    char *path;
-    time_t last_modfied;
-    CRLCertificateList crl;
-    int verified;
-    int failed_verify;
-};
-
-struct revoke_ocsp {
-    char *path;
-    time_t last_modfied;
-    OCSPBasicOCSPResponse ocsp;
-    hx509_certs certs;
-    hx509_cert signer;
-};
-
-
-struct hx509_revoke_ctx_data {
-    unsigned ref;
-    struct {
-	struct revoke_crl *val;
-	size_t len;
-    } crls;
-    struct {
-	struct revoke_ocsp *val;
-	size_t len;
-    } ocsps;
-};
-
-/**
- * Allocate a revokation context. Free with hx509_revoke_free().
- *
- * @param context A hx509 context.
- * @param ctx returns a newly allocated revokation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL)
-	return ENOMEM;
-
-    (*ctx)->ref = 1;
-    (*ctx)->crls.len = 0;
-    (*ctx)->crls.val = NULL;
-    (*ctx)->ocsps.len = 0;
-    (*ctx)->ocsps.val = NULL;
-
-    return 0;
-}
-
-hx509_revoke_ctx
-_hx509_revoke_ref(hx509_revoke_ctx ctx)
-{
-    if (ctx == NULL)
-	return NULL;
-    if (ctx->ref <= 0)
-	_hx509_abort("revoke ctx refcount <= 0");
-    ctx->ref++;
-    if (ctx->ref == 0)
-	_hx509_abort("revoke ctx refcount == 0");
-    return ctx;
-}
-
-static void
-free_ocsp(struct revoke_ocsp *ocsp)
-{
-    free(ocsp->path);
-    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
-    hx509_certs_free(&ocsp->certs);
-    hx509_cert_free(ocsp->signer);
-}
-
-/**
- * Free a hx509 revokation context.
- *
- * @param ctx context to be freed
- *
- * @ingroup hx509_revoke
- */
-
-void
-hx509_revoke_free(hx509_revoke_ctx *ctx)
-{
-    size_t i ;
-
-    if (ctx == NULL || *ctx == NULL)
-	return;
-
-    if ((*ctx)->ref <= 0)
-	_hx509_abort("revoke ctx refcount <= 0 on free");
-    if (--(*ctx)->ref > 0)
-	return;
-
-    for (i = 0; i < (*ctx)->crls.len; i++) {
-	free((*ctx)->crls.val[i].path);
-	free_CRLCertificateList(&(*ctx)->crls.val[i].crl);
-    }
-
-    for (i = 0; i < (*ctx)->ocsps.len; i++)
-	free_ocsp(&(*ctx)->ocsps.val[i]);
-    free((*ctx)->ocsps.val);
-
-    free((*ctx)->crls.val);
-
-    memset(*ctx, 0, sizeof(**ctx));
-    free(*ctx);
-    *ctx = NULL;
-}
-
-static int
-verify_ocsp(hx509_context context,
-	    struct revoke_ocsp *ocsp,
-	    time_t time_now,
-	    hx509_certs certs,
-	    hx509_cert parent)
-{
-    hx509_cert signer = NULL;
-    hx509_query q;
-    int ret;
-	
-    _hx509_query_clear(&q);
-	
-    /*
-     * Need to match on issuer too in case there are two CA that have
-     * issued the same name to a certificate. One example of this is
-     * the www.openvalidation.org test's ocsp validator.
-     */
-
-    q.match = HX509_QUERY_MATCH_ISSUER_NAME;
-    q.issuer_name = &_hx509_get_cert(parent)->tbsCertificate.issuer;
-
-    switch(ocsp->ocsp.tbsResponseData.responderID.element) {
-    case choice_OCSPResponderID_byName:
-	q.match |= HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
-	break;
-    case choice_OCSPResponderID_byKey:
-	q.match |= HX509_QUERY_MATCH_KEY_HASH_SHA1;
-	q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
-	break;
-    }
-	
-    ret = hx509_certs_find(context, certs, &q, &signer);
-    if (ret && ocsp->certs)
-	ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
-    if (ret)
-	goto out;
-
-    /*
-     * If signer certificate isn't the CA certificate, lets check the
-     * it is the CA that signed the signer certificate and the OCSP EKU
-     * is set.
-     */
-    if (hx509_cert_cmp(signer, parent) != 0) {
-	Certificate *p = _hx509_get_cert(parent);
-	Certificate *s = _hx509_get_cert(signer);
-
-	ret = _hx509_cert_is_parent_cmp(s, p, 0);
-	if (ret != 0) {
-	    ret = HX509_PARENT_NOT_CA;
-	    hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is "
-				   "doesn't have CA as signer certificate");
-	    goto out;
-	}
-
-	ret = _hx509_verify_signature_bitstring(context,
-						p,
-						&s->signatureAlgorithm,
-						&s->tbsCertificate._save,
-						&s->signatureValue);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "OSCP signer signature invalid");
-	    goto out;
-	}
-
-	ret = hx509_cert_check_eku(context, signer, 
-				   oid_id_pkix_kp_OCSPSigning(), 0);
-	if (ret)
-	    goto out;
-    }
-
-    ret = _hx509_verify_signature_bitstring(context,
-					    _hx509_get_cert(signer), 
-					    &ocsp->ocsp.signatureAlgorithm,
-					    &ocsp->ocsp.tbsResponseData._save,
-					    &ocsp->ocsp.signature);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret, 
-			       "OSCP signature invalid");
-	goto out;
-    }
-
-    ocsp->signer = signer;
-    signer = NULL;
-out:
-    if (signer)
-	hx509_cert_free(signer);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
-{
-    OCSPResponse resp;
-    size_t size;
-    int ret;
-
-    memset(basic, 0, sizeof(*basic));
-
-    ret = decode_OCSPResponse(data, length, &resp, &size);
-    if (ret)
-	return ret;
-    if (length != size) {
-	free_OCSPResponse(&resp);
-	return ASN1_EXTRA_DATA;
-    }
-
-    switch (resp.responseStatus) {
-    case successful:
-	break;
-    default:
-	free_OCSPResponse(&resp);
-	return HX509_REVOKE_WRONG_DATA;
-    }
-
-    if (resp.responseBytes == NULL) {
-	free_OCSPResponse(&resp);
-	return EINVAL;
-    }
-
-    ret = der_heim_oid_cmp(&resp.responseBytes->responseType, 
-			   oid_id_pkix_ocsp_basic());
-    if (ret != 0) {
-	free_OCSPResponse(&resp);
-	return HX509_REVOKE_WRONG_DATA;
-    }
-
-    ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
-				       resp.responseBytes->response.length,
-				       basic,
-				       &size);
-    if (ret) {
-	free_OCSPResponse(&resp);
-	return ret;
-    }
-    if (size != resp.responseBytes->response.length) {
-	free_OCSPResponse(&resp);
-	free_OCSPBasicOCSPResponse(basic);
-	return ASN1_EXTRA_DATA;
-    }
-    free_OCSPResponse(&resp);
-
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
-{
-    OCSPBasicOCSPResponse basic;
-    hx509_certs certs = NULL;
-    size_t length;
-    struct stat sb;
-    void *data;
-    int ret;
-
-    ret = _hx509_map_file(ocsp->path, &data, &length, &sb);
-    if (ret)
-	return ret;
-
-    ret = parse_ocsp_basic(data, length, &basic);
-    _hx509_unmap_file(data, length);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to parse OCSP response");
-	return ret;
-    }
-
-    if (basic.certs) {
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, 
-			       NULL, &certs);
-	if (ret) {
-	    free_OCSPBasicOCSPResponse(&basic);
-	    return ret;
-	}
-
-	for (i = 0; i < basic.certs->len; i++) {
-	    hx509_cert c;
-	    
-	    ret = hx509_cert_init(context, &basic.certs->val[i], &c);
-	    if (ret)
-		continue;
-	    
-	    ret = hx509_certs_add(context, certs, c);
-	    hx509_cert_free(c);
-	    if (ret)
-		continue;
-	}
-    }
-
-    ocsp->last_modfied = sb.st_mtime;
-
-    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
-    hx509_certs_free(&ocsp->certs);
-    hx509_cert_free(ocsp->signer);
-
-    ocsp->ocsp = basic;
-    ocsp->certs = certs;
-    ocsp->signer = NULL;
-
-    return 0;
-}
-
-/**
- * Add a OCSP file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_ocsp(hx509_context context,
-		      hx509_revoke_ctx ctx,
-		      const char *path)
-{
-    void *data;
-    int ret;
-    size_t i;
-
-    if (strncmp(path, "FILE:", 5) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    path += 5;
-
-    for (i = 0; i < ctx->ocsps.len; i++) {
-	if (strcmp(ctx->ocsps.val[0].path, path) == 0)
-	    return 0;
-    }
-
-    data = realloc(ctx->ocsps.val, 
-		   (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
-    if (data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ctx->ocsps.val = data;
-
-    memset(&ctx->ocsps.val[ctx->ocsps.len], 0, 
-	   sizeof(ctx->ocsps.val[0]));
-
-    ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
-    if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
-    if (ret) {
-	free(ctx->ocsps.val[ctx->ocsps.len].path);
-	return ret;
-    }
-    ctx->ocsps.len++;
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-verify_crl(hx509_context context,
-	   hx509_revoke_ctx ctx,
-	   CRLCertificateList *crl,
-	   time_t time_now,
-	   hx509_certs certs,
-	   hx509_cert parent)
-{
-    hx509_cert signer;
-    hx509_query q;
-    time_t t;
-    int ret;
-	
-    t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
-    if (t > time_now) {
-	hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
-			       "CRL used before time");
-	return HX509_CRL_USED_BEFORE_TIME;
-    }
-
-    if (crl->tbsCertList.nextUpdate == NULL) {
-	hx509_set_error_string(context, 0, HX509_CRL_INVALID_FORMAT,
-			       "CRL missing nextUpdate");
-	return HX509_CRL_INVALID_FORMAT;
-    }
-
-    t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate);
-    if (t < time_now) {
-	hx509_set_error_string(context, 0, HX509_CRL_USED_AFTER_TIME,
-			       "CRL used after time");
-	return HX509_CRL_USED_AFTER_TIME;
-    }
-
-    _hx509_query_clear(&q);
-	
-    /*
-     * If it's the signer have CRLSIGN bit set, use that as the signer
-     * cert for the certificate, otherwise, search for a certificate.
-     */
-    if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
-	signer = hx509_cert_ref(parent);
-    } else {
-	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.match |= HX509_QUERY_KU_CRLSIGN;
-	q.subject_name = &crl->tbsCertList.issuer;
-	
-	ret = hx509_certs_find(context, certs, &q, &signer);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to find certificate for CRL");
-	    return ret;
-	}
-    }
-
-    ret = _hx509_verify_signature_bitstring(context,
-					    _hx509_get_cert(signer), 
-					    &crl->signatureAlgorithm,
-					    &crl->tbsCertList._save,
-					    &crl->signatureValue);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "CRL signature invalid");
-	goto out;
-    }
-
-    /* 
-     * If signer is not CA cert, need to check revoke status of this
-     * CRL signing cert too, this include all parent CRL signer cert
-     * up to the root *sigh*, assume root at least hve CERTSIGN flag
-     * set.
-     */
-    while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) {
-	hx509_cert crl_parent;
-
-	_hx509_query_clear(&q);
-	
-	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.match |= HX509_QUERY_KU_CRLSIGN;
-	q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
-	
-	ret = hx509_certs_find(context, certs, &q, &crl_parent);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to find parent of CRL signer");
-	    goto out;
-	}
-
-	ret = hx509_revoke_verify(context,
-				  ctx, 
-				  certs,
-				  time_now,
-				  signer,
-				  crl_parent);
-	hx509_cert_free(signer);
-	signer = crl_parent;
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to verify revoke "
-				   "status of CRL signer");
-	    goto out;
-	}
-    }
-
-out:
-    hx509_cert_free(signer);
-
-    return ret;
-}
-
-static int
-load_crl(const char *path, time_t *t, CRLCertificateList *crl)
-{
-    size_t length, size;
-    struct stat sb;
-    void *data;
-    int ret;
-
-    memset(crl, 0, sizeof(*crl));
-
-    ret = _hx509_map_file(path, &data, &length, &sb);
-    if (ret)
-	return ret;
-
-    *t = sb.st_mtime;
-
-    ret = decode_CRLCertificateList(data, length, crl, &size);
-    _hx509_unmap_file(data, length);
-    if (ret)
-	return ret;
-
-    /* check signature is aligned */
-    if (crl->signatureValue.length & 7) {
-	free_CRLCertificateList(crl);
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-    return 0;
-}
-
-/**
- * Add a CRL file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_crl(hx509_context context,
-		     hx509_revoke_ctx ctx,
-		     const char *path)
-{
-    void *data;
-    size_t i;
-    int ret;
-
-    if (strncmp(path, "FILE:", 5) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    
-    path += 5;
-
-    for (i = 0; i < ctx->crls.len; i++) {
-	if (strcmp(ctx->crls.val[0].path, path) == 0)
-	    return 0;
-    }
-
-    data = realloc(ctx->crls.val, 
-		   (ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
-    if (data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    ctx->crls.val = data;
-
-    memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0]));
-
-    ctx->crls.val[ctx->crls.len].path = strdup(path);
-    if (ctx->crls.val[ctx->crls.len].path == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = load_crl(path, 
-		   &ctx->crls.val[ctx->crls.len].last_modfied,
-		   &ctx->crls.val[ctx->crls.len].crl);
-    if (ret) {
-	free(ctx->crls.val[ctx->crls.len].path);
-	return ret;
-    }
-
-    ctx->crls.len++;
-
-    return ret;
-}
-
-/**
- * Check that a certificate is not expired according to a revokation
- * context. Also need the parent certificte to the check OCSP
- * parent identifier.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param certs
- * @param now
- * @param cert
- * @param parent_cert
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-
-int
-hx509_revoke_verify(hx509_context context,
-		    hx509_revoke_ctx ctx,
-		    hx509_certs certs,
-		    time_t now,
-		    hx509_cert cert,
-		    hx509_cert parent_cert)
-{
-    const Certificate *c = _hx509_get_cert(cert);
-    const Certificate *p = _hx509_get_cert(parent_cert);
-    unsigned long i, j, k;
-    int ret;
-
-    hx509_clear_error_string(context);
-
-    for (i = 0; i < ctx->ocsps.len; i++) {
-	struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
-	struct stat sb;
-
-	/* check this ocsp apply to this cert */
-
-	/* check if there is a newer version of the file */
-	ret = stat(ocsp->path, &sb);
-	if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
-	    ret = load_ocsp(context, ocsp);
-	    if (ret)
-		continue;
-	}
-
-	/* verify signature in ocsp if not already done */
-	if (ocsp->signer == NULL) {
-	    ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
-	    if (ret)
-		continue;
-	}
-
-	for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) {
-	    heim_octet_string os;
-
-	    ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
-				   &c->tbsCertificate.serialNumber);
-	    if (ret != 0)
-		continue;
-	    
-	    /* verify issuer hashes hash */
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
-					  &c->tbsCertificate.issuer._save,
-					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
-	    if (ret != 0)
-		continue;
-
-	    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-	    os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm,
-					  &os,
-					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash);
-	    if (ret != 0)
-		continue;
-
-	    switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) {
-	    case choice_OCSPCertStatus_good:
-		break;
-	    case choice_OCSPCertStatus_revoked:
-		hx509_set_error_string(context, 0, 
-				       HX509_CERT_REVOKED,
-				       "Certificate revoked by issuer in OCSP");
-		return HX509_CERT_REVOKED;
-	    case choice_OCSPCertStatus_unknown:
-		continue;
-	    }
-
-	    /* don't allow the update to be in the future */
-	    if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > 
-		now + context->ocsp_time_diff)
-		continue;
-
-	    /* don't allow the next update to be in the past */
-	    if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
-		if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
-		    continue;
-	    } else
-		/* Should force a refetch, but can we ? */;
-
-	    return 0;
-	}
-    }
-
-    for (i = 0; i < ctx->crls.len; i++) {
-	struct revoke_crl *crl = &ctx->crls.val[i];
-	struct stat sb;
-
-	/* check if cert.issuer == crls.val[i].crl.issuer */
-	ret = _hx509_name_cmp(&c->tbsCertificate.issuer, 
-			      &crl->crl.tbsCertList.issuer);
-	if (ret)
-	    continue;
-
-	ret = stat(crl->path, &sb);
-	if (ret == 0 && crl->last_modfied != sb.st_mtime) {
-	    CRLCertificateList cl;
-
-	    ret = load_crl(crl->path, &crl->last_modfied, &cl);
-	    if (ret == 0) {
-		free_CRLCertificateList(&crl->crl);
-		crl->crl = cl;
-		crl->verified = 0;
-		crl->failed_verify = 0;
-	    }
-	}
-	if (crl->failed_verify)
-	    continue;
-
-	/* verify signature in crl if not already done */
-	if (crl->verified == 0) {
-	    ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert);
-	    if (ret) {
-		crl->failed_verify = 1;
-		continue;
-	    }
-	    crl->verified = 1;
-	}
-
-	if (crl->crl.tbsCertList.crlExtensions) {
-	    for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) {
-		if (crl->crl.tbsCertList.crlExtensions->val[j].critical) {
-		    hx509_set_error_string(context, 0, 
-					   HX509_CRL_UNKNOWN_EXTENSION,
-					   "Unknown CRL extension");
-		    return HX509_CRL_UNKNOWN_EXTENSION;
-		}
-	    }
-	}
-
-	if (crl->crl.tbsCertList.revokedCertificates == NULL)
-	    return 0;
-
-	/* check if cert is in crl */
-	for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) {
-	    time_t t;
-
-	    ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate,
-				       &c->tbsCertificate.serialNumber);
-	    if (ret != 0)
-		continue;
-
-	    t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
-	    if (t > now)
-		continue;
-	    
-	    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
-		for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
-		    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
-			return HX509_CRL_UNKNOWN_EXTENSION;
-	    
-	    hx509_set_error_string(context, 0, 
-				   HX509_CERT_REVOKED,
-				   "Certificate revoked by issuer in CRL");
-	    return HX509_CERT_REVOKED;
-	}
-
-	return 0;
-    }
-
-
-    if (context->flags & HX509_CTX_VERIFY_MISSING_OK)
-	return 0;
-    hx509_set_error_string(context, HX509_ERROR_APPEND, 
-			   HX509_REVOKE_STATUS_MISSING,
-			   "No revoke status found for "
-			   "certificates");
-    return HX509_REVOKE_STATUS_MISSING;
-}
-
-struct ocsp_add_ctx {
-    OCSPTBSRequest *req;
-    hx509_certs certs;
-    const AlgorithmIdentifier *digest;
-    hx509_cert parent;
-};
-
-static int
-add_to_req(hx509_context context, void *ptr, hx509_cert cert)
-{
-    struct ocsp_add_ctx *ctx = ptr;
-    OCSPInnerRequest *one;
-    hx509_cert parent = NULL;
-    Certificate *p, *c = _hx509_get_cert(cert);
-    heim_octet_string os;
-    int ret;
-    hx509_query q;
-    void *d;
-
-    d = realloc(ctx->req->requestList.val, 
-		sizeof(ctx->req->requestList.val[0]) *
-		(ctx->req->requestList.len + 1));
-    if (d == NULL)
-	return ENOMEM;
-    ctx->req->requestList.val = d;
-    
-    one = &ctx->req->requestList.val[ctx->req->requestList.len];
-    memset(one, 0, sizeof(*one));
-
-    _hx509_query_clear(&q);
-
-    q.match |= HX509_QUERY_FIND_ISSUER_CERT;
-    q.subject = c;
-
-    ret = hx509_certs_find(context, ctx->certs, &q, &parent);
-    if (ret)
-	goto out;
-
-    if (ctx->parent) {
-	if (hx509_cert_cmp(ctx->parent, parent) != 0) {
-	    ret = HX509_REVOKE_NOT_SAME_PARENT;
-	    hx509_set_error_string(context, 0, ret,
-				   "Not same parent certifate as "
-				   "last certificate in request");
-	    goto out;
-	}
-    } else
-	ctx->parent = hx509_cert_ref(parent);
-
-    p = _hx509_get_cert(parent);
-
-    ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm);
-    if (ret)
-	goto out;
-
-    ret = _hx509_create_signature(context,
-				  NULL,
-				  &one->reqCert.hashAlgorithm,
-				  &c->tbsCertificate.issuer._save,
-				  NULL,
-				  &one->reqCert.issuerNameHash);
-    if (ret)
-	goto out;
-
-    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-    os.length = 
-	p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-    ret = _hx509_create_signature(context,
-				  NULL,
-				  &one->reqCert.hashAlgorithm,
-				  &os,
-				  NULL,
-				  &one->reqCert.issuerKeyHash);
-    if (ret)
-	goto out;
-
-    ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber,
-				       &one->reqCert.serialNumber);
-    if (ret)
-	goto out;
-
-    ctx->req->requestList.len++;
-out:
-    hx509_cert_free(parent);
-    if (ret) {
-	free_OCSPInnerRequest(one);
-	memset(one, 0, sizeof(*one));
-    }
-
-    return ret;
-}
-
-/**
- * Create an OCSP request for a set of certificates.
- *
- * @param context a hx509 context
- * @param reqcerts list of certificates to request ocsp data for
- * @param pool certificate pool to use when signing
- * @param signer certificate to use to sign the request
- * @param digest the signing algorithm in the request, if NULL use the
- * default signature algorithm,
- * @param request the encoded request, free with free_heim_octet_string().
- * @param nonce nonce in the request, free with free_heim_octet_string().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_ocsp_request(hx509_context context,
-		   hx509_certs reqcerts,
-		   hx509_certs pool,
-		   hx509_cert signer,
-		   const AlgorithmIdentifier *digest,
-		   heim_octet_string *request,
-		   heim_octet_string *nonce)
-{
-    OCSPRequest req;
-    size_t size;
-    int ret;
-    struct ocsp_add_ctx ctx;
-    Extensions *es;
-
-    memset(&req, 0, sizeof(req));
-
-    if (digest == NULL)
-	digest = _hx509_crypto_default_digest_alg;
-
-    ctx.req = &req.tbsRequest;
-    ctx.certs = pool;
-    ctx.digest = digest;
-    ctx.parent = NULL;
-
-    ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
-    hx509_cert_free(ctx.parent);
-    if (ret)
-	goto out;
-    
-    if (nonce) {
-	req.tbsRequest.requestExtensions = 
-	    calloc(1, sizeof(*req.tbsRequest.requestExtensions));
-	if (req.tbsRequest.requestExtensions == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	es = req.tbsRequest.requestExtensions;
-	
-	es->val = calloc(es->len, sizeof(es->val[0]));
-	if (es->val == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	es->len = 1;
-	
-	ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID);
-	if (ret) {
-	    free_OCSPRequest(&req);
-	    return ret;
-	}
-
-	es->val[0].extnValue.data = malloc(10);
-	if (es->val[0].extnValue.data == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	es->val[0].extnValue.length = 10;
-	
-	ret = RAND_bytes(es->val[0].extnValue.data,
-			 es->val[0].extnValue.length);
-	if (ret != 1) {
-	    ret = HX509_CRYPTO_INTERNAL_ERROR;
-	    goto out;
-	}
-	ret = der_copy_octet_string(nonce, &es->val[0].extnValue);
-	if (ret) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
-		       &req, &size, ret);
-    free_OCSPRequest(&req);
-    if (ret)
-	goto out;
-    if (size != request->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-
-out:
-    free_OCSPRequest(&req);
-    return ret;
-}
-
-static char *
-printable_time(time_t t)
-{
-    static char s[128];
-    strlcpy(s, ctime(&t)+ 4, sizeof(s));
-    s[20] = 0;
-    return s;
-}
-
-/**
- * Print the OCSP reply stored in a file.
- *
- * @param context a hx509 context
- * @param path path to a file with a OCSP reply
- * @param out the out FILE descriptor to print the reply on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
-{
-    struct revoke_ocsp ocsp;
-    int ret, i;
-    
-    if (out == NULL)
-	out = stdout;
-
-    memset(&ocsp, 0, sizeof(ocsp));
-
-    ocsp.path = strdup(path);
-    if (ocsp.path == NULL)
-	return ENOMEM;
-
-    ret = load_ocsp(context, &ocsp);
-    if (ret) {
-	free_ocsp(&ocsp);
-	return ret;
-    }
-
-    fprintf(out, "signer: ");
-
-    switch(ocsp.ocsp.tbsResponseData.responderID.element) {
-    case choice_OCSPResponderID_byName: {
-	hx509_name n;
-	char *s;
-	_hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
-	hx509_name_to_string(n, &s);
-	hx509_name_free(&n);
-	fprintf(out, " byName: %s\n", s);
-	free(s);
-	break;
-    }
-    case choice_OCSPResponderID_byKey: {
-	char *s;
-	hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
-		   ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
-		   &s);
-	fprintf(out, " byKey: %s\n", s);
-	free(s);
-	break;
-    }
-    default:
-	_hx509_abort("choice_OCSPResponderID unknown");
-	break;
-    }
-
-    fprintf(out, "producedAt: %s\n", 
-	    printable_time(ocsp.ocsp.tbsResponseData.producedAt));
-
-    fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
-
-    for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
-	const char *status;
-	switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
-	case choice_OCSPCertStatus_good:
-	    status = "good";
-	    break;
-	case choice_OCSPCertStatus_revoked:
-	    status = "revoked";
-	    break;
-	case choice_OCSPCertStatus_unknown:
-	    status = "unknown";
-	    break;
-	default:
-	    status = "element unknown";
-	}
-
-	fprintf(out, "\t%d. status: %s\n", i, status);
-
-	fprintf(out, "\tthisUpdate: %s\n", 
-		printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
-	if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
-	    fprintf(out, "\tproducedAt: %s\n", 
-		    printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
-
-    }
-
-    fprintf(out, "appended certs:\n");
-    if (ocsp.certs)
-	ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
-
-    free_ocsp(&ocsp);
-    return ret;
-}
-
-/**
- * Verify that the certificate is part of the OCSP reply and it's not
- * expired. Doesn't verify signature the OCSP reply or it's done by a
- * authorized sender, that is assumed to be already done.
- *
- * @param context a hx509 context
- * @param now the time right now, if 0, use the current time.
- * @param cert the certificate to verify
- * @param flags flags control the behavior
- * @param data pointer to the encode ocsp reply
- * @param length the length of the encode ocsp reply
- * @param expiration return the time the OCSP will expire and need to
- * be rechecked.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_ocsp_verify(hx509_context context,
-		  time_t now,
-		  hx509_cert cert,
-		  int flags,
-		  const void *data, size_t length,
-		  time_t *expiration)
-{
-    const Certificate *c = _hx509_get_cert(cert);
-    OCSPBasicOCSPResponse basic;
-    int ret, i;
-
-    if (now == 0)
-	now = time(NULL);
-
-    *expiration = 0;
-
-    ret = parse_ocsp_basic(data, length, &basic);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to parse OCSP response");
-	return ret;
-    }
-
-    for (i = 0; i < basic.tbsResponseData.responses.len; i++) {
-
-	ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber,
-			       &c->tbsCertificate.serialNumber);
-	if (ret != 0)
-	    continue;
-	    
-	/* verify issuer hashes hash */
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
-				      &c->tbsCertificate.issuer._save,
-				      &basic.tbsResponseData.responses.val[i].certID.issuerNameHash);
-	if (ret != 0)
-	    continue;
-
-	switch (basic.tbsResponseData.responses.val[i].certStatus.element) {
-	case choice_OCSPCertStatus_good:
-	    break;
-	case choice_OCSPCertStatus_revoked:
-	case choice_OCSPCertStatus_unknown:
-	    continue;
-	}
-
-	/* don't allow the update to be in the future */
-	if (basic.tbsResponseData.responses.val[i].thisUpdate > 
-	    now + context->ocsp_time_diff)
-	    continue;
-
-	/* don't allow the next update to be in the past */
-	if (basic.tbsResponseData.responses.val[i].nextUpdate) {
-	    if (*basic.tbsResponseData.responses.val[i].nextUpdate < now)
-		continue;
-	    *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate;
-	} else
-	    *expiration = now;
-
-	free_OCSPBasicOCSPResponse(&basic);
-	return 0;
-    }
-
-    free_OCSPBasicOCSPResponse(&basic);
-
-    {
-	hx509_name name;
-	char *subject;
-	
-	ret = hx509_cert_get_subject(cert, &name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	ret = hx509_name_to_string(name, &subject);
-	hx509_name_free(&name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	hx509_set_error_string(context, 0, HX509_CERT_NOT_IN_OCSP,
-			       "Certificate %s not in OCSP response "
-			       "or not good",
-			       subject);
-	free(subject);
-    }
-out:
-    return HX509_CERT_NOT_IN_OCSP;
-}
-
-struct hx509_crl {
-    hx509_certs revoked;
-    time_t expire;
-};
-
-/**
- * Create a CRL context. Use hx509_crl_free() to free the CRL context.
- *
- * @param context a hx509 context.
- * @param crl return pointer to a newly allocated CRL context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_alloc(hx509_context context, hx509_crl *crl)
-{
-    int ret;
-
-    *crl = calloc(1, sizeof(**crl));
-    if (*crl == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked);
-    if (ret) {
-	free(*crl);
-	*crl = NULL;
-	return ret;
-    }
-    (*crl)->expire = 0;
-    return ret;
-}
-
-/**
- * Add revoked certificate to an CRL context.
- *
- * @param context a hx509 context.
- * @param crl the CRL to add the revoked certificate to.
- * @param certs keyset of certificate to revoke.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_add_revoked_certs(hx509_context context,
-			    hx509_crl crl, 
-			    hx509_certs certs)
-{
-    return hx509_certs_merge(context, crl->revoked, certs);
-}
-
-/**
- * Set the lifetime of a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context
- * @param delta delta time the certificate is valid, library adds the
- * current time to this.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta)
-{
-    crl->expire = time(NULL) + delta;
-    return 0;
-}
-
-/**
- * Free a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context to free.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_crl_free(hx509_context context, hx509_crl *crl)
-{
-    if (*crl == NULL)
-	return;
-    hx509_certs_free(&(*crl)->revoked);
-    memset(*crl, 0, sizeof(**crl));
-    free(*crl);
-    *crl = NULL;
-}
-
-static int
-add_revoked(hx509_context context, void *ctx, hx509_cert cert)
-{
-    TBSCRLCertList *c = ctx;
-    unsigned int num;
-    void *ptr;
-    int ret;
-
-    num = c->revokedCertificates->len;
-    ptr = realloc(c->revokedCertificates->val,
-		  (num + 1) * sizeof(c->revokedCertificates->val[0]));
-    if (ptr == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    c->revokedCertificates->val = ptr;
-
-    ret = hx509_cert_get_serialnumber(cert, 
-				      &c->revokedCertificates->val[num].userCertificate);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    c->revokedCertificates->val[num].revocationDate.element = 
-	choice_Time_generalTime;
-    c->revokedCertificates->val[num].revocationDate.u.generalTime =
-	time(NULL) - 3600 * 24;
-    c->revokedCertificates->val[num].crlEntryExtensions = NULL;
-
-    c->revokedCertificates->len++;
-
-    return 0;
-}    
-
-/**
- * Sign a CRL and return an encode certificate.
- *
- * @param context a hx509 context.
- * @param signer certificate to sign the CRL with
- * @param crl the CRL to sign
- * @param os return the signed and encoded CRL, free with
- * free_heim_octet_string()
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_sign(hx509_context context,
-	       hx509_cert signer,
-	       hx509_crl crl,
-	       heim_octet_string *os)
-{
-    const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg;
-    CRLCertificateList c;
-    size_t size;
-    int ret;
-    hx509_private_key signerkey;
-
-    memset(&c, 0, sizeof(c));
-
-    signerkey = _hx509_cert_private_key(signer);
-    if (signerkey == NULL) {
-	ret = HX509_PRIVATE_KEY_MISSING;
-	hx509_set_error_string(context, 0, ret,
-			       "Private key missing for CRL signing");
-	return ret;
-    }
-
-    c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version));
-    if (c.tbsCertList.version == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    *c.tbsCertList.version = 1;
-
-    ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer,
-		    &c.tbsCertList.issuer);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    c.tbsCertList.thisUpdate.element = choice_Time_generalTime;
-    c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600;
-
-    c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
-    if (c.tbsCertList.nextUpdate == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    {
-	time_t next = crl->expire;
-	if (next == 0)
-	    next = time(NULL) + 24 * 3600 * 365;
-
-	c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
-	c.tbsCertList.nextUpdate->u.generalTime = next;
-    }
-
-    c.tbsCertList.revokedCertificates = 
-	calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
-    if (c.tbsCertList.revokedCertificates == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    c.tbsCertList.crlExtensions = NULL;
-
-    ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
-    if (ret)
-	goto out;
-
-    /* if not revoked certs, remove OPTIONAL entry */
-    if (c.tbsCertList.revokedCertificates->len == 0) {
-	free(c.tbsCertList.revokedCertificates);
-	c.tbsCertList.revokedCertificates = NULL;
-    }
-
-    ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
-		       &c.tbsCertList, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL");
-	goto out;
-    }
-    if (size != os->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-
-    ret = _hx509_create_signature_bitstring(context,
-					    signerkey,
-					    sigalg,
-					    os,
-					    &c.signatureAlgorithm,
-					    &c.signatureValue);
-    free(os->data);
-
-    ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length,
-		       &c, &size, ret);
-    free_CRLCertificateList(&c);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "failed to encode CRL");
-	goto out;
-    }
-    if (size != os->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-
-out:
-    free_CRLCertificateList(&c);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/softp11.c b/crypto/heimdal/lib/hx509/softp11.c
deleted file mode 100644
index 86bb1d6..0000000
--- a/crypto/heimdal/lib/hx509/softp11.c
+++ /dev/null
@@ -1,1740 +0,0 @@
-/*
- * Copyright (c) 2004 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include "pkcs11.h"
-
-#define OBJECT_ID_MASK		0xfff
-#define HANDLE_OBJECT_ID(h)	((h) & OBJECT_ID_MASK)
-#define OBJECT_ID(obj)		HANDLE_OBJECT_ID((obj)->object_handle)
-
-
-struct st_attr {
-    CK_ATTRIBUTE attribute;
-    int secret;
-};
-
-struct st_object {
-    CK_OBJECT_HANDLE object_handle;
-    struct st_attr *attrs;
-    int num_attributes;
-    hx509_cert cert;
-};
-
-static struct soft_token {
-    CK_VOID_PTR application;
-    CK_NOTIFY notify;
-    char *config_file;
-    hx509_certs certs;
-    struct {
-	struct st_object **objs;
-	int num_objs;
-    } object;
-    struct {
-	int hardware_slot;
-	int app_error_fatal;
-	int login_done;
-    } flags;
-    int open_sessions;
-    struct session_state {
-	CK_SESSION_HANDLE session_handle;
-
-	struct {
-	    CK_ATTRIBUTE *attributes;
-	    CK_ULONG num_attributes;
-	    int next_object;
-	} find;
-
-	int sign_object;
-	CK_MECHANISM_PTR sign_mechanism;
-	int verify_object;
-	CK_MECHANISM_PTR verify_mechanism;
-    } state[10];
-#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
-    FILE *logfile;
-} soft_token;
-
-static hx509_context context;
-
-static void
-application_error(const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    vprintf(fmt, ap);
-    va_end(ap);
-    if (soft_token.flags.app_error_fatal)
-	abort();
-}
-
-static void
-st_logf(const char *fmt, ...)
-{
-    va_list ap;
-    if (soft_token.logfile == NULL)
-	return;
-    va_start(ap, fmt);
-    vfprintf(soft_token.logfile, fmt, ap);
-    va_end(ap);
-    fflush(soft_token.logfile);
-}
-
-static CK_RV
-init_context(void)
-{
-    if (context == NULL) {
-	int ret = hx509_context_init(&context);
-	if (ret)
-	    return CKR_GENERAL_ERROR;
-    }
-    return CKR_OK;
-}
-
-#define INIT_CONTEXT() { CK_RV icret = init_context(); if (icret) return icret; }
-
-static void
-snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
-{
-    int len;
-    va_list ap;
-    len = vsnprintf(str, size, fmt, ap);
-    va_end(ap);
-    if (len < 0 || len > size)
-	return;
-    while(len < size)
-	str[len++] = fillchar;
-}
-
-#ifndef TEST_APP
-#define printf error_use_st_logf
-#endif
-
-#define VERIFY_SESSION_HANDLE(s, state)			\
-{							\
-    CK_RV ret;						\
-    ret = verify_session_handle(s, state);		\
-    if (ret != CKR_OK) {				\
-	/* return CKR_OK */;				\
-    }							\
-}
-
-static CK_RV
-verify_session_handle(CK_SESSION_HANDLE hSession,
-		      struct session_state **state)
-{
-    int i;
-
-    for (i = 0; i < MAX_NUM_SESSION; i++){
-	if (soft_token.state[i].session_handle == hSession)
-	    break;
-    }
-    if (i == MAX_NUM_SESSION) {
-	application_error("use of invalid handle: 0x%08lx\n",
-			  (unsigned long)hSession);
-	return CKR_SESSION_HANDLE_INVALID;
-    }
-    if (state)
-	*state = &soft_token.state[i];
-    return CKR_OK;
-}
-
-static CK_RV
-object_handle_to_object(CK_OBJECT_HANDLE handle,
-			struct st_object **object)
-{
-    int i = HANDLE_OBJECT_ID(handle);
-
-    *object = NULL;
-    if (i >= soft_token.object.num_objs)
-	return CKR_ARGUMENTS_BAD;
-    if (soft_token.object.objs[i] == NULL)
-	return CKR_ARGUMENTS_BAD;
-    if (soft_token.object.objs[i]->object_handle != handle)
-	return CKR_ARGUMENTS_BAD;
-    *object = soft_token.object.objs[i];
-    return CKR_OK;
-}
-
-static int
-attributes_match(const struct st_object *obj,
-		 const CK_ATTRIBUTE *attributes,
-		 CK_ULONG num_attributes)
-{
-    CK_ULONG i;
-    int j;
-
-    st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
-
-    for (i = 0; i < num_attributes; i++) {
-	int match = 0;
-	for (j = 0; j < obj->num_attributes; j++) {
-	    if (attributes[i].type == obj->attrs[j].attribute.type &&
-		attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
-		memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
-		       attributes[i].ulValueLen) == 0) {
-		match = 1;
-		break;
-	    }
-	}
-	if (match == 0) {
-	    st_logf("type %d attribute have no match\n", attributes[i].type);
-	    return 0;
-	}
-    }
-    st_logf("attribute matches\n");
-    return 1;
-}
-
-static void
-print_attributes(const CK_ATTRIBUTE *attributes,
-		 CK_ULONG num_attributes)
-{
-    CK_ULONG i;
-
-    st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
-
-    for (i = 0; i < num_attributes; i++) {
-	st_logf("  type: ");
-	switch (attributes[i].type) {
-	case CKA_TOKEN: {
-	    CK_BBOOL *ck_true;
-	    if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
-		application_error("token attribute wrong length\n");
-		break;
-	    }
-	    ck_true = attributes[i].pValue;
-	    st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
-	    break;
-	}
-	case CKA_CLASS: {
-	    CK_OBJECT_CLASS *class;
-	    if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
-		application_error("class attribute wrong length\n");
-		break;
-	    }
-	    class = attributes[i].pValue;
-	    st_logf("class ");
-	    switch (*class) {
-	    case CKO_CERTIFICATE:
-		st_logf("certificate");
-		break;
-	    case CKO_PUBLIC_KEY:
-		st_logf("public key");
-		break;
-	    case CKO_PRIVATE_KEY:
-		st_logf("private key");
-		break;
-	    case CKO_SECRET_KEY:
-		st_logf("secret key");
-		break;
-	    case CKO_DOMAIN_PARAMETERS:
-		st_logf("domain parameters");
-		break;
-	    default:
-		st_logf("[class %lx]", (long unsigned)*class);
-		break;
-	    }
-	    break;
-	}
-	case CKA_PRIVATE:
-	    st_logf("private");
-	    break;
-	case CKA_LABEL:
-	    st_logf("label");
-	    break;
-	case CKA_APPLICATION:
-	    st_logf("application");
-	    break;
-	case CKA_VALUE:
-	    st_logf("value");
-	    break;
-	case CKA_ID:
-	    st_logf("id");
-	    break;
-	default:
-	    st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
-	    break;
-	}
-	st_logf("\n");
-    }
-}
-
-static struct st_object *
-add_st_object(void)
-{
-    struct st_object *o, **objs;
-    int i;
-
-    o = malloc(sizeof(*o));
-    if (o == NULL)
-	return NULL;
-    memset(o, 0, sizeof(*o));
-    o->attrs = NULL;
-    o->num_attributes = 0;
-    
-    for (i = 0; i < soft_token.object.num_objs; i++) {
-	if (soft_token.object.objs == NULL) {
-	    soft_token.object.objs[i] = o;
-	    break;
-	}
-    }
-    if (i == soft_token.object.num_objs) {
-	objs = realloc(soft_token.object.objs,
-		       (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0]));
-	if (objs == NULL) {
-	    free(o);
-	    return NULL;
-	}
-	soft_token.object.objs = objs;
-	soft_token.object.objs[soft_token.object.num_objs++] = o;
-    }	
-    soft_token.object.objs[i]->object_handle =
-	(random() & (~OBJECT_ID_MASK)) | i;
-
-    return o;
-}
-
-static CK_RV
-add_object_attribute(struct st_object *o, 
-		     int secret,
-		     CK_ATTRIBUTE_TYPE type,
-		     CK_VOID_PTR pValue,
-		     CK_ULONG ulValueLen)
-{
-    struct st_attr *a;
-    int i;
-
-    i = o->num_attributes;
-    a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
-    if (a == NULL)
-	return CKR_DEVICE_MEMORY;
-    o->attrs = a;
-    o->attrs[i].secret = secret;
-    o->attrs[i].attribute.type = type;
-    o->attrs[i].attribute.pValue = malloc(ulValueLen);
-    if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
-	return CKR_DEVICE_MEMORY;
-    memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
-    o->attrs[i].attribute.ulValueLen = ulValueLen;
-    o->num_attributes++;
-
-    return CKR_OK;
-}
-
-static CK_RV
-add_pubkey_info(hx509_context hxctx, struct st_object *o,
-		CK_KEY_TYPE key_type, hx509_cert cert)
-{
-    BIGNUM *num;
-    CK_BYTE *modulus = NULL;
-    size_t modulus_len = 0;
-    CK_ULONG modulus_bits = 0;
-    CK_BYTE *exponent = NULL;
-    size_t exponent_len = 0;
-    
-    if (key_type != CKK_RSA)
-	return CKR_OK;
-    if (_hx509_cert_private_key(cert) == NULL)
-	return CKR_OK;
-
-    num = _hx509_private_key_get_internal(context, 
-					  _hx509_cert_private_key(cert), 
-					  "rsa-modulus");
-    if (num == NULL)
-	return CKR_GENERAL_ERROR;
-    modulus_bits = BN_num_bits(num);
-
-    modulus_len = BN_num_bytes(num);
-    modulus = malloc(modulus_len);
-    BN_bn2bin(num, modulus);
-    BN_free(num);
-
-    add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
-    add_object_attribute(o, 0, CKA_MODULUS_BITS,
-			 &modulus_bits, sizeof(modulus_bits));
-
-    free(modulus);
-	
-    num = _hx509_private_key_get_internal(context, 
-					  _hx509_cert_private_key(cert), 
-					  "rsa-exponent");
-    if (num == NULL)
-	return CKR_GENERAL_ERROR;
-
-    exponent_len = BN_num_bytes(num);
-    exponent = malloc(exponent_len);
-    BN_bn2bin(num, exponent);
-    BN_free(num);
-
-    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
-			 exponent, exponent_len);
-
-    free(exponent);
-
-    return CKR_OK;
-}
-
-
-struct foo {
-    char *label;
-    char *id;
-};
-
-static int
-add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
-{
-    struct foo *foo = (struct foo *)ctx;
-    struct st_object *o = NULL;
-    CK_OBJECT_CLASS type;
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_BBOOL bool_false = CK_FALSE;
-    CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
-    CK_KEY_TYPE key_type;
-    CK_MECHANISM_TYPE mech_type;
-    CK_RV ret = CKR_GENERAL_ERROR;
-    int hret;
-    heim_octet_string cert_data, subject_data, issuer_data, serial_data;
-
-    st_logf("adding certificate\n");
-
-    serial_data.data = NULL;
-    serial_data.length = 0;
-    cert_data = subject_data = issuer_data = serial_data;
-
-    hret = hx509_cert_binary(hxctx, cert, &cert_data);
-    if (hret)
-	goto out;
-
-    {
-	    hx509_name name;
-
-	    hret = hx509_cert_get_issuer(cert, &name);
-	    if (hret)
-		goto out;
-	    hret = hx509_name_binary(name, &issuer_data);
-	    hx509_name_free(&name);
-	    if (hret)
-		goto out;
-
-	    hret = hx509_cert_get_subject(cert, &name);
-	    if (hret)
-		goto out;
-	    hret = hx509_name_binary(name, &subject_data);
-	    hx509_name_free(&name);
-	    if (hret)
-		goto out;
-    }
-
-    {
-	AlgorithmIdentifier alg;
-
-	hret = hx509_cert_get_SPKI_AlgorithmIdentifier(context, cert, &alg);
-	if (hret) {
-	    ret = CKR_DEVICE_MEMORY;
-	    goto out;
-	}
-
-	key_type = CKK_RSA; /* XXX */
-
-	free_AlgorithmIdentifier(&alg);
-    }
-
-
-    type = CKO_CERTIFICATE;
-    o = add_st_object();
-    if (o == NULL) {
-	ret = CKR_DEVICE_MEMORY;
-	goto out;
-    }
-
-    o->cert = hx509_cert_ref(cert);
-
-    add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-    add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
-    add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-
-    add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-    add_object_attribute(o, 0, CKA_ISSUER, issuer_data.data, issuer_data.length);
-    add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data.data, serial_data.length);
-    add_object_attribute(o, 0, CKA_VALUE, cert_data.data, cert_data.length);
-    add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
-
-    st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
-    type = CKO_PUBLIC_KEY;
-    o = add_st_object();
-    if (o == NULL) {
-	ret = CKR_DEVICE_MEMORY;
-	goto out;
-    }
-    o->cert = hx509_cert_ref(cert);
-
-    add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-    add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
-    add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-    add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
-    add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
-    add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
-    mech_type = CKM_RSA_X_509;
-    add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
-    add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-    add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
-
-    add_pubkey_info(hxctx, o, key_type, cert);
-
-    st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
-    if (hx509_cert_have_private_key(cert)) {
-	CK_FLAGS flags;
-
-	type = CKO_PRIVATE_KEY;
-	o = add_st_object();
-	if (o == NULL) {
-	    ret = CKR_DEVICE_MEMORY;
-	    goto out;
-	}
-	o->cert = hx509_cert_ref(cert);
-
-	add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
-	add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-	add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
-	add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
-	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
-	mech_type = CKM_RSA_X_509;
-	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
-	add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-	add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
-	flags = 0;
-	add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
-
-	add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
-
-	add_pubkey_info(hxctx, o, key_type, cert);
-    }
-
-    ret = CKR_OK;
- out:
-    if (ret != CKR_OK) {
-	st_logf("something went wrong when adding cert!\n");
-
-	/* XXX wack o */;
-    }
-    hx509_xfree(cert_data.data);
-    hx509_xfree(serial_data.data);
-    hx509_xfree(issuer_data.data);
-    hx509_xfree(subject_data.data);
-
-    return 0;
-}
-
-static CK_RV
-add_certificate(const char *cert_file,
-		const char *pin,
-		char *id,
-		char *label)
-{
-    hx509_certs certs;
-    hx509_lock lock = NULL;
-    int ret, flags = 0;
-
-    struct foo foo;
-    foo.id = id;
-    foo.label = label;
-
-    if (pin == NULL)
-	flags |= HX509_CERTS_UNPROTECT_ALL;
-
-    if (pin) {
-	char *str;
-	asprintf(&str, "PASS:%s", pin);
-
-	hx509_lock_init(context, &lock);
-	hx509_lock_command_string(lock, str);
-
-	memset(str, 0, strlen(str));
-	free(str);
-    }
-
-    ret = hx509_certs_init(context, cert_file, flags, lock, &certs);
-    if (ret) {
-	st_logf("failed to open file %s\n", cert_file);
-	return CKR_GENERAL_ERROR;
-    }
-
-    ret = hx509_certs_iter(context, certs, add_cert, &foo);
-    hx509_certs_free(&certs);
-    if (ret) {
-	st_logf("failed adding certs from file %s\n", cert_file);
-	return CKR_GENERAL_ERROR;
-    }
-
-    return CKR_OK;
-}
-
-static void
-find_object_final(struct session_state *state)
-{
-    if (state->find.attributes) {
-	CK_ULONG i;
-
-	for (i = 0; i < state->find.num_attributes; i++) {
-	    if (state->find.attributes[i].pValue)
-		free(state->find.attributes[i].pValue);
-	}
-	free(state->find.attributes);
-	state->find.attributes = NULL;
-	state->find.num_attributes = 0;
-	state->find.next_object = -1;
-    }
-}
-
-static void
-reset_crypto_state(struct session_state *state)
-{
-    state->sign_object = -1;
-    if (state->sign_mechanism)
-	free(state->sign_mechanism);
-    state->sign_mechanism = NULL_PTR;
-    state->verify_object = -1;
-    if (state->verify_mechanism)
-	free(state->verify_mechanism);
-    state->verify_mechanism = NULL_PTR;
-}
-
-static void
-close_session(struct session_state *state)
-{
-    if (state->find.attributes) {
-	application_error("application didn't do C_FindObjectsFinal\n");
-	find_object_final(state);
-    }
-
-    state->session_handle = CK_INVALID_HANDLE;
-    soft_token.application = NULL_PTR;
-    soft_token.notify = NULL_PTR;
-    reset_crypto_state(state);
-}
-
-static const char *
-has_session(void)
-{
-    return soft_token.open_sessions > 0 ? "yes" : "no";
-}
-
-static CK_RV
-read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
-{
-    char buf[1024], *type, *s, *p;
-    int anchor;
-    FILE *f;
-    CK_RV ret = CKR_OK;
-    CK_RV failed = CKR_OK;
-
-    f = fopen(fn, "r");
-    if (f == NULL) {
-	st_logf("can't open configuration file %s\n", fn);
-	return CKR_GENERAL_ERROR;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	buf[strcspn(buf, "\n")] = '\0';
-
-	anchor = 0;
-
-	st_logf("line: %s\n", buf);
-
-	p = buf;
-	while (isspace(*p))
-	    p++;
-	if (*p == '#')
-	    continue;
-	while (isspace(*p))
-	    p++;
-
-	s = NULL;
-	type = strtok_r(p, "\t", &s);
-	if (type == NULL)
-	    continue;
-	
-	if (strcasecmp("certificate", type) == 0) {
-	    char *cert, *id, *label;
-	    
-	    id = strtok_r(NULL, "\t", &s);
-	    if (id == NULL) {
-		st_logf("no id\n");
-		continue;
-	    }
-	    st_logf("id: %s\n", id);
-	    label = strtok_r(NULL, "\t", &s);
-	    if (label == NULL) {
-		st_logf("no label\n");
-		continue;
-	    }
-	    cert = strtok_r(NULL, "\t", &s);
-	    if (cert == NULL) {
-		st_logf("no certfiicate store\n");
-		continue;
-	    }
-	    
-	    st_logf("adding: %s: %s in file %s\n", id, label, cert);
-	    
-	    ret = add_certificate(cert, pin, id, label);
-	    if (ret)
-		failed = ret;
-	} else if (strcasecmp("debug", type) == 0) {
-	    char *name;
-
-	    name = strtok_r(NULL, "\t", &s);
-	    if (name == NULL) {
-		st_logf("no filename\n");
-		continue;
-	    }
-
-	    if (soft_token.logfile)
-		fclose(soft_token.logfile);
-
-	    if (strcasecmp(name, "stdout") == 0)
-		soft_token.logfile = stdout;
-	    else
-		soft_token.logfile = fopen(name, "a");
-	    if (soft_token.logfile == NULL)
-		st_logf("failed to open file: %s\n", name);
-		
-	} else if (strcasecmp("app-fatal", type) == 0) {
-	    char *name;
-
-	    name = strtok_r(NULL, "\t", &s);
-	    if (name == NULL) {
-		st_logf("argument to app-fatal\n");
-		continue;
-	    }
-
-	    if (strcmp(name, "true") == 0 || strcmp(name, "on") == 0)
-		soft_token.flags.app_error_fatal = 1;
-	    else if (strcmp(name, "false") == 0 || strcmp(name, "off") == 0)
-		soft_token.flags.app_error_fatal = 0;
-	    else
-		st_logf("unknown app-fatal: %s\n", name);
-
-	} else {
-	    st_logf("unknown type: %s\n", type);
-	}
-    }
-
-    fclose(f);
-
-    return failed;
-}
-
-static CK_RV
-func_not_supported(void)
-{
-    st_logf("function not supported\n");
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_Initialize(CK_VOID_PTR a)
-{
-    CK_C_INITIALIZE_ARGS_PTR args = a;
-    CK_RV ret;
-    int i;
-
-    st_logf("Initialize\n");
-
-    INIT_CONTEXT();
-
-    OpenSSL_add_all_algorithms();
-
-    srandom(getpid() ^ time(NULL));
-
-    for (i = 0; i < MAX_NUM_SESSION; i++) {
-	soft_token.state[i].session_handle = CK_INVALID_HANDLE;
-	soft_token.state[i].find.attributes = NULL;
-	soft_token.state[i].find.num_attributes = 0;
-	soft_token.state[i].find.next_object = -1;
-	reset_crypto_state(&soft_token.state[i]);
-    }
-
-    soft_token.flags.hardware_slot = 1;
-    soft_token.flags.app_error_fatal = 0;
-    soft_token.flags.login_done = 0;
-
-    soft_token.object.objs = NULL;
-    soft_token.object.num_objs = 0;
-    
-    soft_token.logfile = NULL;
-#if 0
-    soft_token.logfile = stdout;
-#endif
-#if 0
-    soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
-#endif
-
-    if (a != NULL_PTR) {
-	st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
-	st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
-	st_logf("\tLockMutext\t%p\n", args->LockMutex);
-	st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
-	st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
-    }
-
-    {
-	char *fn = NULL, *home = NULL;
-
-	if (getuid() == geteuid()) {
-	    fn = getenv("SOFTPKCS11RC");
-	    if (fn)
-		fn = strdup(fn);
-	    home = getenv("HOME");
-	}
-	if (fn == NULL && home == NULL) {
-	    struct passwd *pw = getpwuid(getuid());	
-	    if(pw != NULL)
-		home = pw->pw_dir;
-	}
-	if (fn == NULL) {
-	    if (home)
-		asprintf(&fn, "%s/.soft-token.rc", home);
-	    else
-		fn = strdup("/etc/soft-token.rc");
-	}
-
-	soft_token.config_file = fn;
-    }
-
-    /*
-     * This operations doesn't return CKR_OK if any of the
-     * certificates failes to be unparsed (ie password protected).
-     */
-    ret = read_conf_file(soft_token.config_file, CKU_USER, NULL);
-    if (ret == CKR_OK)
-	soft_token.flags.login_done = 1;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Finalize(CK_VOID_PTR args)
-{
-    int i;
-
-    INIT_CONTEXT();
-
-    st_logf("Finalize\n");
-
-    for (i = 0; i < MAX_NUM_SESSION; i++) {
-	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
-	    application_error("application finalized without "
-			      "closing session\n");
-	    close_session(&soft_token.state[i]);
-	}
-    }
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetInfo(CK_INFO_PTR args)
-{
-    INIT_CONTEXT();
-
-    st_logf("GetInfo\n");
-
-    memset(args, 17, sizeof(*args));
-    args->cryptokiVersion.major = 2;
-    args->cryptokiVersion.minor = 10;
-    snprintf_fill((char *)args->manufacturerID, 
-		  sizeof(args->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken");
-    snprintf_fill((char *)args->libraryDescription, 
-		  sizeof(args->libraryDescription), ' ',
-		  "Heimdal hx509 SoftToken");
-    args->libraryVersion.major = 2;
-    args->libraryVersion.minor = 0;
-
-    return CKR_OK;
-}
-
-extern CK_FUNCTION_LIST funcs;
-
-CK_RV
-C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
-{
-    INIT_CONTEXT();
-
-    *ppFunctionList = &funcs;
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSlotList(CK_BBOOL tokenPresent,
-	      CK_SLOT_ID_PTR pSlotList,
-	      CK_ULONG_PTR   pulCount)
-{
-    INIT_CONTEXT();
-    st_logf("GetSlotList: %s\n",
-	    tokenPresent ? "tokenPresent" : "token not Present");
-    if (pSlotList)
-	pSlotList[0] = 1;
-    *pulCount = 1;
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSlotInfo(CK_SLOT_ID slotID,
-	      CK_SLOT_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
-
-    memset(pInfo, 18, sizeof(*pInfo));
-
-    if (slotID != 1)
-	return CKR_ARGUMENTS_BAD;
-
-    snprintf_fill((char *)pInfo->slotDescription, 
-		  sizeof(pInfo->slotDescription),
-		  ' ',
-		  "Heimdal hx509 SoftToken (slot)");
-    snprintf_fill((char *)pInfo->manufacturerID,
-		  sizeof(pInfo->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken (slot)");
-    pInfo->flags = CKF_TOKEN_PRESENT;
-    if (soft_token.flags.hardware_slot)
-	pInfo->flags |= CKF_HW_SLOT;
-    pInfo->hardwareVersion.major = 1;
-    pInfo->hardwareVersion.minor = 0;
-    pInfo->firmwareVersion.major = 1;
-    pInfo->firmwareVersion.minor = 0;
-    
-    return CKR_OK;
-}
-
-CK_RV
-C_GetTokenInfo(CK_SLOT_ID slotID,
-	       CK_TOKEN_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetTokenInfo: %s\n", has_session()); 
-
-    memset(pInfo, 19, sizeof(*pInfo));
-
-    snprintf_fill((char *)pInfo->label, 
-		  sizeof(pInfo->label),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->manufacturerID, 
-		  sizeof(pInfo->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->model,
-		  sizeof(pInfo->model),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->serialNumber, 
-		  sizeof(pInfo->serialNumber),
-		  ' ',
-		  "4711");
-    pInfo->flags = 
-	CKF_TOKEN_INITIALIZED | 
-	CKF_USER_PIN_INITIALIZED;
-
-    if (soft_token.flags.login_done == 0)
-	pInfo->flags |= CKF_LOGIN_REQUIRED;
-
-    /* CFK_RNG |
-       CKF_RESTORE_KEY_NOT_NEEDED |
-    */
-    pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
-    pInfo->ulSessionCount = soft_token.open_sessions;
-    pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
-    pInfo->ulRwSessionCount = soft_token.open_sessions;
-    pInfo->ulMaxPinLen = 1024;
-    pInfo->ulMinPinLen = 0;
-    pInfo->ulTotalPublicMemory = 4711;
-    pInfo->ulFreePublicMemory = 4712;
-    pInfo->ulTotalPrivateMemory = 4713;
-    pInfo->ulFreePrivateMemory = 4714;
-    pInfo->hardwareVersion.major = 2;
-    pInfo->hardwareVersion.minor = 0;
-    pInfo->firmwareVersion.major = 2;
-    pInfo->firmwareVersion.minor = 0;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismList(CK_SLOT_ID slotID,
-		   CK_MECHANISM_TYPE_PTR pMechanismList,
-		   CK_ULONG_PTR pulCount)
-{
-    INIT_CONTEXT();
-    st_logf("GetMechanismList\n");
-
-    *pulCount = 1;
-    if (pMechanismList == NULL_PTR)
-	return CKR_OK;
-    pMechanismList[1] = CKM_RSA_PKCS;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismInfo(CK_SLOT_ID slotID,
-		   CK_MECHANISM_TYPE type,
-		   CK_MECHANISM_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetMechanismInfo: slot %d type: %d\n",
-	    (int)slotID, (int)type);
-    memset(pInfo, 0, sizeof(*pInfo));
-
-    return CKR_OK;
-}
-
-CK_RV
-C_InitToken(CK_SLOT_ID slotID,
-	    CK_UTF8CHAR_PTR pPin,
-	    CK_ULONG ulPinLen,
-	    CK_UTF8CHAR_PTR pLabel)
-{
-    INIT_CONTEXT();
-    st_logf("InitToken: slot %d\n", (int)slotID);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_OpenSession(CK_SLOT_ID slotID,
-	      CK_FLAGS flags,
-	      CK_VOID_PTR pApplication,
-	      CK_NOTIFY Notify,
-	      CK_SESSION_HANDLE_PTR phSession)
-{
-    int i;
-    INIT_CONTEXT();
-    st_logf("OpenSession: slot: %d\n", (int)slotID);
-    
-    if (soft_token.open_sessions == MAX_NUM_SESSION)
-	return CKR_SESSION_COUNT;
-
-    soft_token.application = pApplication;
-    soft_token.notify = Notify;
-
-    for (i = 0; i < MAX_NUM_SESSION; i++)
-	if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
-	    break;
-    if (i == MAX_NUM_SESSION)
-	abort();
-
-    soft_token.open_sessions++;
-
-    soft_token.state[i].session_handle =
-	(CK_SESSION_HANDLE)(random() & 0xfffff);
-    *phSession = soft_token.state[i].session_handle;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_CloseSession(CK_SESSION_HANDLE hSession)
-{
-    struct session_state *state;
-    INIT_CONTEXT();
-    st_logf("CloseSession\n");
-
-    if (verify_session_handle(hSession, &state) != CKR_OK)
-	application_error("closed session not open");
-    else
-	close_session(state);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_CloseAllSessions(CK_SLOT_ID slotID)
-{
-    int i;
-    INIT_CONTEXT();
-
-    st_logf("CloseAllSessions\n");
-
-    for (i = 0; i < MAX_NUM_SESSION; i++)
-	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
-	    close_session(&soft_token.state[i]);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSessionInfo(CK_SESSION_HANDLE hSession,
-		 CK_SESSION_INFO_PTR pInfo)
-{
-    st_logf("GetSessionInfo\n");
-    INIT_CONTEXT();
-    
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-
-    memset(pInfo, 20, sizeof(*pInfo));
-
-    pInfo->slotID = 1;
-    if (soft_token.flags.login_done)
-	pInfo->state = CKS_RO_USER_FUNCTIONS;
-    else
-	pInfo->state = CKS_RO_PUBLIC_SESSION;
-    pInfo->flags = CKF_SERIAL_SESSION;
-    pInfo->ulDeviceError = 0;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Login(CK_SESSION_HANDLE hSession,
-	CK_USER_TYPE userType,
-	CK_UTF8CHAR_PTR pPin,
-	CK_ULONG ulPinLen)
-{
-    char *pin = NULL;
-    CK_RV ret;
-    INIT_CONTEXT();
-
-    st_logf("Login\n");
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-
-    if (pPin != NULL_PTR) {
-	asprintf(&pin, "%.*s", (int)ulPinLen, pPin);
-	st_logf("type: %d password: %s\n", (int)userType, pin);
-    }
-
-    /*
-     * Login
-     */
-
-    ret = read_conf_file(soft_token.config_file, userType, pin);
-    if (ret == CKR_OK)
-	soft_token.flags.login_done = 1;
-
-    free(pin);
-    
-    return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
-}
-
-CK_RV
-C_Logout(CK_SESSION_HANDLE hSession)
-{
-    st_logf("Logout\n");
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetObjectSize(CK_SESSION_HANDLE hSession,
-		CK_OBJECT_HANDLE hObject,
-		CK_ULONG_PTR pulSize)
-{
-    st_logf("GetObjectSize\n");
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetAttributeValue(CK_SESSION_HANDLE hSession,
-		    CK_OBJECT_HANDLE hObject,
-		    CK_ATTRIBUTE_PTR pTemplate,
-		    CK_ULONG ulCount)
-{
-    struct session_state *state;
-    struct st_object *obj;
-    CK_ULONG i;
-    CK_RV ret;
-    int j;
-
-    INIT_CONTEXT();
-
-    st_logf("GetAttributeValue: %lx\n",
-	    (unsigned long)HANDLE_OBJECT_ID(hObject));
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
-	st_logf("object not found: %lx\n",
-		(unsigned long)HANDLE_OBJECT_ID(hObject));
-	return ret;
-    }
-
-    for (i = 0; i < ulCount; i++) {
-	st_logf("	getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
-	for (j = 0; j < obj->num_attributes; j++) {
-	    if (obj->attrs[j].secret) {
-		pTemplate[i].ulValueLen = (CK_ULONG)-1;
-		break;
-	    }
-	    if (pTemplate[i].type == obj->attrs[j].attribute.type) {
-		if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
-		    if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
-			memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
-			       obj->attrs[j].attribute.ulValueLen);
-		}
-		pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
-		break;
-	    }
-	}
-	if (j == obj->num_attributes) {
-	    st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
-	    pTemplate[i].ulValueLen = (CK_ULONG)-1;
-	}
-
-    }
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsInit(CK_SESSION_HANDLE hSession,
-		  CK_ATTRIBUTE_PTR pTemplate,
-		  CK_ULONG ulCount)
-{
-    struct session_state *state;
-
-    st_logf("FindObjectsInit\n");
-
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->find.next_object != -1) {
-	application_error("application didn't do C_FindObjectsFinal\n");
-	find_object_final(state);
-    }
-    if (ulCount) {
-	CK_ULONG i;
-
-	print_attributes(pTemplate, ulCount);
-
-	state->find.attributes = 
-	    calloc(1, ulCount * sizeof(state->find.attributes[0]));
-	if (state->find.attributes == NULL)
-	    return CKR_DEVICE_MEMORY;
-	for (i = 0; i < ulCount; i++) {
-	    state->find.attributes[i].pValue = 
-		malloc(pTemplate[i].ulValueLen);
-	    if (state->find.attributes[i].pValue == NULL) {
-		find_object_final(state);
-		return CKR_DEVICE_MEMORY;
-	    }
-	    memcpy(state->find.attributes[i].pValue,
-		   pTemplate[i].pValue, pTemplate[i].ulValueLen);
-	    state->find.attributes[i].type = pTemplate[i].type;
-	    state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
-	}
-	state->find.num_attributes = ulCount;
-	state->find.next_object = 0;
-    } else {
-	st_logf("find all objects\n");
-	state->find.attributes = NULL;
-	state->find.num_attributes = 0;
-	state->find.next_object = 0;
-    }
-
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjects(CK_SESSION_HANDLE hSession,
-	      CK_OBJECT_HANDLE_PTR phObject,
-	      CK_ULONG ulMaxObjectCount,
-	      CK_ULONG_PTR pulObjectCount)
-{
-    struct session_state *state;
-    int i;
-
-    INIT_CONTEXT();
-
-    st_logf("FindObjects\n");
-
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->find.next_object == -1) {
-	application_error("application didn't do C_FindObjectsInit\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-    if (ulMaxObjectCount == 0) {
-	application_error("application asked for 0 objects\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-    *pulObjectCount = 0;
-    for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
-	st_logf("FindObjects: %d\n", i);
-	state->find.next_object = i + 1;
-	if (attributes_match(soft_token.object.objs[i],
-			     state->find.attributes,
-			     state->find.num_attributes)) {
-	    *phObject++ = soft_token.object.objs[i]->object_handle;
-	    ulMaxObjectCount--;
-	    (*pulObjectCount)++;
-	    if (ulMaxObjectCount == 0)
-		break;
-	}
-    }
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
-{
-    struct session_state *state;
-
-    INIT_CONTEXT();
-
-    st_logf("FindObjectsFinal\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    find_object_final(state);
-    return CKR_OK;
-}
-
-static CK_RV
-commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
-	   const CK_MECHANISM_TYPE *mechs, int mechs_len,
-	   const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
-	   struct st_object **o)
-{
-    CK_RV ret;
-    int i;
-
-    *o = NULL;
-    if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
-	return ret;
-
-    ret = attributes_match(*o, attr_match, attr_match_len);
-    if (!ret) {
-	application_error("called commonInit on key that doesn't "
-			  "support required attr");
-	return CKR_ARGUMENTS_BAD;
-    }
-
-    for (i = 0; i < mechs_len; i++)
-	if (mechs[i] == pMechanism->mechanism)
-	    break;
-    if (i == mechs_len) {
-	application_error("called mech (%08lx) not supported\n",
-			  pMechanism->mechanism);
-	return CKR_ARGUMENTS_BAD;
-    }
-    return CKR_OK;
-}
-
-
-static CK_RV
-dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
-{
-    CK_MECHANISM_PTR p;
-
-    p = malloc(sizeof(*p));
-    if (p == NULL)
-	return CKR_DEVICE_MEMORY;
-
-    if (*dup)
-	free(*dup);
-    *dup = p;
-    memcpy(p, pMechanism, sizeof(*p));
-
-    return CKR_OK;
-}
-
-CK_RV
-C_DigestInit(CK_SESSION_HANDLE hSession,
-	     CK_MECHANISM_PTR pMechanism)
-{
-    st_logf("DigestInit\n");
-    INIT_CONTEXT();
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_SignInit(CK_SESSION_HANDLE hSession,
-	   CK_MECHANISM_PTR pMechanism,
-	   CK_OBJECT_HANDLE hKey)
-{
-    struct session_state *state;
-    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_ATTRIBUTE attr[] = {
-	{ CKA_SIGN, &bool_true, sizeof(bool_true) }
-    };
-    struct st_object *o;
-    CK_RV ret;
-
-    INIT_CONTEXT();
-    st_logf("SignInit\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    
-    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), 
-		     mechs, sizeof(mechs)/sizeof(mechs[0]),
-		     pMechanism, hKey, &o);
-    if (ret)
-	return ret;
-
-    ret = dup_mechanism(&state->sign_mechanism, pMechanism);
-    if (ret == CKR_OK) 
-	state->sign_object = OBJECT_ID(o);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Sign(CK_SESSION_HANDLE hSession,
-       CK_BYTE_PTR pData,
-       CK_ULONG ulDataLen,
-       CK_BYTE_PTR pSignature,
-       CK_ULONG_PTR pulSignatureLen)
-{
-    struct session_state *state;
-    struct st_object *o;
-    CK_RV ret;
-    uint hret;
-    const AlgorithmIdentifier *alg;
-    heim_octet_string sig, data;
-
-    INIT_CONTEXT();
-    st_logf("Sign\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    sig.data = NULL;
-    sig.length = 0;
-
-    if (state->sign_object == -1)
-	return CKR_ARGUMENTS_BAD;
-
-    if (pulSignatureLen == NULL) {
-	st_logf("signature len NULL\n");
-	ret = CKR_ARGUMENTS_BAD;
-	goto out;
-    }
-
-    if (pData == NULL_PTR) {
-	st_logf("data NULL\n");
-	ret = CKR_ARGUMENTS_BAD;
-	goto out;
-    }
-
-    o = soft_token.object.objs[state->sign_object];
-
-    if (hx509_cert_have_private_key(o->cert) == 0) {
-	st_logf("private key NULL\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-
-    switch(state->sign_mechanism->mechanism) {
-    case CKM_RSA_PKCS:
-	alg = hx509_signature_rsa_pkcs1_x509();
-	break;
-    default:
-	ret = CKR_FUNCTION_NOT_SUPPORTED;
-	goto out;
-    }
-    
-    data.data = pData;
-    data.length = ulDataLen;
-
-    hret = _hx509_create_signature(context,
-				   _hx509_cert_private_key(o->cert),
-				   alg,
-				   &data,
-				   NULL,
-				   &sig);
-    if (hret) {
-	ret = CKR_DEVICE_ERROR;
-	goto out;
-    }
-    *pulSignatureLen = sig.length;
-
-    if (pSignature != NULL_PTR)
-	memcpy(pSignature, sig.data, sig.length);
-
-    ret = CKR_OK;
- out:
-    if (sig.data) {
-	memset(sig.data, 0, sig.length);
-	der_free_octet_string(&sig);
-    }
-    return ret;
-}
-
-CK_RV
-C_SignUpdate(CK_SESSION_HANDLE hSession,
-	     CK_BYTE_PTR pPart,
-	     CK_ULONG ulPartLen)
-{
-    INIT_CONTEXT();
-    st_logf("SignUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_RV
-C_SignFinal(CK_SESSION_HANDLE hSession,
-	    CK_BYTE_PTR pSignature,
-	    CK_ULONG_PTR pulSignatureLen)
-{
-    INIT_CONTEXT();
-    st_logf("SignUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyInit(CK_SESSION_HANDLE hSession,
-	     CK_MECHANISM_PTR pMechanism,
-	     CK_OBJECT_HANDLE hKey)
-{
-    struct session_state *state;
-    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_ATTRIBUTE attr[] = {
-	{ CKA_VERIFY, &bool_true, sizeof(bool_true) }
-    };
-    struct st_object *o;
-    CK_RV ret;
-
-    INIT_CONTEXT();
-    st_logf("VerifyInit\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    
-    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), 
-		     mechs, sizeof(mechs)/sizeof(mechs[0]),
-		     pMechanism, hKey, &o);
-    if (ret)
-	return ret;
-
-    ret = dup_mechanism(&state->verify_mechanism, pMechanism);
-    if (ret == CKR_OK) 
-	state->verify_object = OBJECT_ID(o);
-			
-    return ret;
-}
-
-CK_RV
-C_Verify(CK_SESSION_HANDLE hSession,
-	 CK_BYTE_PTR pData,
-	 CK_ULONG ulDataLen,
-	 CK_BYTE_PTR pSignature,
-	 CK_ULONG ulSignatureLen)
-{
-    struct session_state *state;
-    struct st_object *o;
-    const AlgorithmIdentifier *alg;
-    CK_RV ret;
-    int hret;
-    heim_octet_string data, sig;
-
-    INIT_CONTEXT();
-    st_logf("Verify\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->verify_object == -1)
-	return CKR_ARGUMENTS_BAD;
-
-    o = soft_token.object.objs[state->verify_object];
-
-    switch(state->verify_mechanism->mechanism) {
-    case CKM_RSA_PKCS:
-	alg = hx509_signature_rsa_pkcs1_x509();
-	break;
-    default:
-	ret = CKR_FUNCTION_NOT_SUPPORTED;
-	goto out;
-    }
-
-    sig.data = pData;
-    sig.length = ulDataLen;
-    data.data = pSignature;
-    data.length = ulSignatureLen;
-
-    hret = _hx509_verify_signature(context,
-				   _hx509_get_cert(o->cert),
-				   alg,
-				   &data,
-				   &sig);
-    if (hret) {
-	ret = CKR_GENERAL_ERROR;
-	goto out;
-    }
-    ret = CKR_OK;
-
- out:
-    return ret;
-}
-
-
-CK_RV
-C_VerifyUpdate(CK_SESSION_HANDLE hSession,
-	       CK_BYTE_PTR pPart,
-	       CK_ULONG ulPartLen)
-{
-    INIT_CONTEXT();
-    st_logf("VerifyUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyFinal(CK_SESSION_HANDLE hSession,
-	      CK_BYTE_PTR pSignature,
-	      CK_ULONG ulSignatureLen)
-{
-    INIT_CONTEXT();
-    st_logf("VerifyFinal\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GenerateRandom(CK_SESSION_HANDLE hSession,
-		 CK_BYTE_PTR RandomData,
-		 CK_ULONG ulRandomLen)
-{
-    INIT_CONTEXT();
-    st_logf("GenerateRandom\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_FUNCTION_LIST funcs = {
-    { 2, 11 },
-    C_Initialize,
-    C_Finalize,
-    C_GetInfo,
-    C_GetFunctionList,
-    C_GetSlotList,
-    C_GetSlotInfo,
-    C_GetTokenInfo,
-    C_GetMechanismList,
-    C_GetMechanismInfo,
-    C_InitToken,
-    (void *)func_not_supported, /* C_InitPIN */
-    (void *)func_not_supported, /* C_SetPIN */
-    C_OpenSession,
-    C_CloseSession,
-    C_CloseAllSessions,
-    C_GetSessionInfo,
-    (void *)func_not_supported, /* C_GetOperationState */
-    (void *)func_not_supported, /* C_SetOperationState */
-    C_Login,
-    C_Logout,
-    (void *)func_not_supported, /* C_CreateObject */
-    (void *)func_not_supported, /* C_CopyObject */
-    (void *)func_not_supported, /* C_DestroyObject */
-    (void *)func_not_supported, /* C_GetObjectSize */
-    C_GetAttributeValue,
-    (void *)func_not_supported, /* C_SetAttributeValue */
-    C_FindObjectsInit,
-    C_FindObjects,
-    C_FindObjectsFinal,
-    (void *)func_not_supported, /* C_EncryptInit, */
-    (void *)func_not_supported, /* C_Encrypt, */
-    (void *)func_not_supported, /* C_EncryptUpdate, */
-    (void *)func_not_supported, /* C_EncryptFinal, */
-    (void *)func_not_supported, /* C_DecryptInit, */
-    (void *)func_not_supported, /* C_Decrypt, */
-    (void *)func_not_supported, /* C_DecryptUpdate, */
-    (void *)func_not_supported, /* C_DecryptFinal, */
-    C_DigestInit,
-    (void *)func_not_supported, /* C_Digest */
-    (void *)func_not_supported, /* C_DigestUpdate */
-    (void *)func_not_supported, /* C_DigestKey */
-    (void *)func_not_supported, /* C_DigestFinal */
-    C_SignInit,
-    C_Sign,
-    C_SignUpdate,
-    C_SignFinal,
-    (void *)func_not_supported, /* C_SignRecoverInit */
-    (void *)func_not_supported, /* C_SignRecover */
-    C_VerifyInit,
-    C_Verify,
-    C_VerifyUpdate,
-    C_VerifyFinal,
-    (void *)func_not_supported, /* C_VerifyRecoverInit */
-    (void *)func_not_supported, /* C_VerifyRecover */
-    (void *)func_not_supported, /* C_DigestEncryptUpdate */
-    (void *)func_not_supported, /* C_DecryptDigestUpdate */
-    (void *)func_not_supported, /* C_SignEncryptUpdate */
-    (void *)func_not_supported, /* C_DecryptVerifyUpdate */
-    (void *)func_not_supported, /* C_GenerateKey */
-    (void *)func_not_supported, /* C_GenerateKeyPair */
-    (void *)func_not_supported, /* C_WrapKey */
-    (void *)func_not_supported, /* C_UnwrapKey */
-    (void *)func_not_supported, /* C_DeriveKey */
-    (void *)func_not_supported, /* C_SeedRandom */
-    C_GenerateRandom,
-    (void *)func_not_supported, /* C_GetFunctionStatus */
-    (void *)func_not_supported, /* C_CancelFunction */
-    (void *)func_not_supported  /* C_WaitForSlotEvent */
-};
diff --git a/crypto/heimdal/lib/hx509/test_ca.in b/crypto/heimdal/lib/hx509/test_ca.in
deleted file mode 100644
index 5cc124d..0000000
--- a/crypto/heimdal/lib/hx509/test_ca.in
+++ /dev/null
@@ -1,424 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_ca.in 21345 2007-06-26 14:22:57Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "create certificate request"
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --key=FILE:$srcdir/data/key.der \
-	 pkcs10-request.der || exit 1
-
-echo "issue certificate"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue crl (no cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key || exit 1
-
-echo "verify certificate (with CRL)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue crl (with cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	FILE:cert-ee.pem || exit 1
-
-echo "verify certificate (included in CRL)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue crl (with cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--lifetime='1 month' \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	FILE:cert-ee.pem || exit 1
-
-echo "verify certificate (included in CRL, and lifetime 1 month)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (10years 1 month)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --lifetime="10years 1 month" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (with https ekus)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="https-server" \
-	  --type="https-client" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (pkinit KDC)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="pkinit-kdc" \
-          --pk-init-principal="krbtgt/TEST.H5L.SE@TEST.H5L.SE" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (pkinit client)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="pkinit-client" \
-          --pk-init-principal="lha@TEST.H5L.SE" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (hostnames)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="https-server" \
-          --hostname="www.test.h5l.se" \
-          --hostname="ftp.test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate hostname (ok)"
-${hxtool} verify --missing-revoke \
-	--hostname=www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=www2.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=2www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (hostname in CN)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=www.test.h5l.se" \
-	  --type="https-server" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate hostname (ok)"
-${hxtool} verify --missing-revoke \
-	--hostname=www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=www2.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (email)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --email="lha@test.h5l.se" \
-          --email="test@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (email, null subject DN)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="" \
-          --email="lha@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-null.pem" || exit 1
-
-echo "issue certificate (jabber)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --jid="lha@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue self-signed cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --ca-private-key=FILE:$srcdir/data/key.der \
-	  --subject="cn=test" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue ca cert"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --issue-ca \
-	  --subject="cn=ca-cert" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ca.der" || exit 1
-
-echo "issue self-signed ca cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-	  --ca-private-key=FILE:$srcdir/data/key.der \
-	  --subject="cn=ca-root" \
-	  --certificate="FILE:cert-ca.der" || exit 1
-
-echo "issue proxy certificate"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	  --issue-proxy \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-proxy.der" || exit 1
-
-echo "verify proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:cert-proxy.der \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue ca cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
- 	  --serial-number="deadbeaf" \
-	  --generate-key=rsa \
-          --path-length=-1 \
-	  --subject="cn=ca2-cert" \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "issue sub-ca cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --issue-ca \
- 	  --serial-number="deadbeaf22" \
-	  --generate-key=rsa \
-	  --subject="cn=sub-ca2-cert" \
-	  --certificate="FILE:cert-sub-ca.pem" || exit 1
-
-echo "issue ee cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --generate-key=rsa \
-	  --subject="cn=cert-ee2" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue sub-ca ee cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-sub-ca.pem \
-	  --generate-key=rsa \
-	  --subject="cn=cert-sub-ee2" \
-	  --certificate="FILE:cert-sub-ee.pem" || exit 1
-
-echo "verify certificate (ee)"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "verify certificate (sub-ee)"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem || exit 1
-
-echo "sign CMS signature (generate key)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:cert-ee.pem \
-	"$srcdir/test_name.c" \
-	sd.data > /dev/null || exit 1
-
-echo "verify CMS signature (generate key)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:cert-ca.pem \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_name.c" sd.data.out || exit 1
-
-echo "extend ca cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="2years" \
- 	  --serial-number="deadbeaf" \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --subject="cn=ca2-cert" \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate generated by previous ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "extend ca cert (template)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=-1 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate generated by previous ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "extend sub-ca cert (template)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --issue-ca \
-          --lifetime="2years" \
-	  --template-certificate="FILE:cert-sub-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject,SPKI" \
-	  --certificate="FILE:cert-sub-ca2.pem" || exit 1
-
-echo "verify certificate (sub-ee) with extended chain"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "+++++++++++ test basic constraints"
-
-echo "extend ca cert (too low path-length constraint)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=0 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify failure of certificate (sub-ee) with path-length constraint"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null && exit 1
-
-echo "extend ca cert (exact path-length constraint)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=1 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate (sub-ee) with exact path-length constraint"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "Check missing basicConstrants.isCa"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-          --lifetime="2years" \
-	  --template-certificate="FILE:cert-sub-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject,SPKI" \
-	  --certificate="FILE:cert-sub-ca2.pem" || exit 1
-
-echo "verify failure certificate (sub-ee) with missing isCA"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca2.pem \
-	anchor:FILE:cert-ca.pem > /dev/null && exit 1
-
-echo "issue ee cert (crl uri)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --crl-uri="http://www.test.h5l.se/crl1.crl" \
-	  --subject="cn=cert-ee-crl-uri" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue null subject cert"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --subject="" \
-	  --email="lha@test.h5l.se" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate null subject"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_cert.in b/crypto/heimdal/lib/hx509/test_cert.in
deleted file mode 100644
index ed04bfa..0000000
--- a/crypto/heimdal/lib/hx509/test_cert.in
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_chain.in 20809 2007-06-03 03:19:06Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "print DIR"
-${hxtool} print --content DIR:$srcdir/data > /dev/null || exit 1
-
-echo "print FILE"
-for a in $srcdir/data/*.crt; do 
-    ${hxtool} print --content FILE:"$a" > /dev/null 2>/dev/null
-done
-
-echo "print NULL"
-${hxtool} print --content NULL: > /dev/null || exit 1
-
-echo "copy dance"
-${hxtool} certificate-copy \
-    FILE:${srcdir}/data/test.crt PEM-FILE:cert-pem.tmp || exit 1
-
-${hxtool} certificate-copy PEM-FILE:cert-pem.tmp DER-FILE:cert-der.tmp || exit 1
-${hxtool} certificate-copy DER-FILE:cert-der.tmp PEM-FILE:cert-pem2.tmp || exit 1
-
-cmp cert-pem.tmp cert-pem2.tmp || exit 1
-
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_chain.in b/crypto/heimdal/lib/hx509/test_chain.in
deleted file mode 100644
index a99ae5e..0000000
--- a/crypto/heimdal/lib/hx509/test_chain.in
+++ /dev/null
@@ -1,242 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_chain.in 21278 2007-06-25 04:54:43Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "max depth 2 (ok)"
-${hxtool} verify --missing-revoke \
-	--max-depth=2 \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "max depth 1 (fail)"
-${hxtool} verify --missing-revoke \
-	--max-depth=1 \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "ocsp non-ca responder"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
-
-echo "ocsp ca responder"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
-
-echo "ocsp no-ca responder, missing cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
-
-echo "ocsp no-ca responder, missing cert, in pool"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
-    chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
-
-echo "ocsp no-ca responder, keyHash"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der > /dev/null || exit 1
-
-echo "ocsp revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/revoke.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
-
-for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
-	echo "ocsp print reply $a"
-	${hxtool} ocsp-print \
-	    $srcdir/data/ocsp-${a}.der > /dev/null || exit 1
-done
-
-echo "ocsp verify exists"
-${hxtool} ocsp-verify \
-	--ocsp-file=$srcdir/data/ocsp-resp1-ca.der \
-	FILE:$srcdir/data/test.crt > /dev/null || exit 1
-
-echo "ocsp verify not exists"
-${hxtool} ocsp-verify \
-    --ocsp-file=$srcdir/data/ocsp-resp1.der \
-	FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "ocsp verify revoked"
-${hxtool} ocsp-verify \
-    --ocsp-file=$srcdir/data/ocsp-resp2.der \
-	FILE:$srcdir/data/revoke.crt > /dev/null && exit 1
-
-echo "crl non-revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
-
-echo "crl revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/revoke.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
-
-echo "proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (negative)"
-${hxtool} verify --missing-revoke \
-    cert:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "proxy cert (level fail)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy-level-test.crt \
-    chain:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "not a proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/no-proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "proxy cert (max level 10)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (second level)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (third level)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-child-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_cms.in b/crypto/heimdal/lib/hx509/test_cms.in
deleted file mode 100644
index a89e810..0000000
--- a/crypto/heimdal/lib/hx509/test_cms.in
+++ /dev/null
@@ -1,377 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_cms.in 21311 2007-06-25 18:26:37Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "create signed data"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (id-by-name)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--id-by-name \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "verify signed data (EE cert as anchor)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/test.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (password)"
-${hxtool} cms-create-sd \
-	--pass=PASS:foobar \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (combined)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.combined.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data  (content info)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (content info)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data  (content type)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-type=1.1.1.1 \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (content type)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (pem)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--pem \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (pem, detached)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--detached-signature \
-	--pem \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (p12)"
-${hxtool} cms-create-sd \
-	--pass=PASS:foobar \
-	--certificate=PKCS12:$srcdir/data/test.p12 \
-	--signer=friendlyname-test \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "verify signed data (no attr)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "verify failure signed data (no attr, no certs)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr-nocerts" \
-	sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "verify signed data (no attr, no certs)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr-nocerts" \
-	sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "create signed data (subcert, no certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify failure signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--certificate=FILE:$srcdir/data/sub-ca.crt \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	--pool=FILE:$srcdir/data/sub-ca.crt \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, certs, no-root)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	--pool=FILE:$srcdir/data/sub-ca.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, no-subca, no-root)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify failure signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (sd cert)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (ke cert)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (sd + ke certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (ke + sd certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (detached)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--detached-signature \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (detached)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--signed-content="$srcdir/test_chain.in" \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "verify failure signed data (detached)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (rsa)"
-${hxtool} cms-create-sd \
-	--peer-alg=1.2.840.113549.1.1.1 \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (rsa)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "envelope data (content-type)"
-${hxtool} cms-envelope \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-type=1.1.1.1 \
-	"$srcdir/data/static-file" \
-	ev.data > /dev/null || exit 1
-
-echo "unenvelope data (content-type)"
-${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	ev.data ev.data.out \
-	FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
-cmp "$srcdir/data/static-file" ev.data.out || exit 1
-
-echo "envelope data (content-info)"
-${hxtool} cms-envelope \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-info \
-	"$srcdir/data/static-file" \
-	ev.data > /dev/null || exit 1
-
-echo "unenvelope data (content-info)"
-${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	ev.data ev.data.out \
-	FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
-cmp "$srcdir/data/static-file" ev.data.out || exit 1
-
-for a in des-ede3 aes-128 aes-256; do
-
-	rm -f ev.data ev.data.out
-	echo "envelope data ($a)"
-	${hxtool} cms-envelope \
-	        --encryption-type="$a-cbc" \
-		--certificate=FILE:$srcdir/data/test.crt \
-		"$srcdir/data/static-file" \
-		ev.data  || exit 1
-
-	echo "unenvelope data ($a)"
-	${hxtool} cms-unenvelope \
-		--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-		ev.data ev.data.out > /dev/null || exit 1
-	cmp "$srcdir/data/static-file" ev.data.out || exit 1
-done
-
-for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
-    echo "static unenvelope data ($a)"
-
-    rm -f ev.data.out
-    ${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	"$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
-    cmp "$srcdir/data/static-file" ev.data.out || exit 1
-done
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_crypto.in b/crypto/heimdal/lib/hx509/test_crypto.in
deleted file mode 100644
index 31b5233..0000000
--- a/crypto/heimdal/lib/hx509/test_crypto.in
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_crypto.in 20898 2007-06-04 23:07:46Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-
-echo "Bleichenbacher good cert (from eay)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-good.pem \
-    anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
-
-echo "Bleichenbacher bad cert (from eay)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
-    anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
-
-echo "Bleichenbacher good cert (from yutaka)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
-    anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
-
-echo "Bleichenbacher bad cert (from yutaka)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
-    anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
-
-# Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
-# Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
-echo "Bleichenbacher bad cert (sf pad correct)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
-    anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
-
-echo Read 50 kilobyte random data
-${hxtool} random-data 50kilobyte > random-data || exit 1
-
-echo "crypto select1"
-${hxtool} crypto-select > test || { echo "select1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
-	{ echo "select1 failure"; exit 1; }
-
-echo "crypto select1"
-${hxtool} crypto-select --type=digest > test || { echo "select1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
-	{ echo "select1 failure"; exit 1; }
-
-echo "crypto select2"
-${hxtool} crypto-select --type=public-sig > test || { echo "select2"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select2 > /dev/null || \
-	{ echo "select2 failure"; exit 1; }
-
-echo "crypto select3"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.4 \
-	 > test || { echo "select3"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select3 > /dev/null || \
-	{ echo "select3 failure"; exit 1; }
-
-echo "crypto select4"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	--peer-cmstype=1.2.840.113549.1.1.4 \
-	 > test || { echo "select4"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select4 > /dev/null || \
-	{ echo "select4 failure"; exit 1; }
-
-echo "crypto select5"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.11 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select5"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select5 > /dev/null || \
-	{ echo "select5 failure"; exit 1; }
-
-echo "crypto select6"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.2.5 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select6"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select6 > /dev/null || \
-	{ echo "select6 failure"; exit 1; }
-
-echo "crypto select7"
-${hxtool} crypto-select \
-	--type=secret \
-	--peer-cmstype=2.16.840.1.101.3.4.1.42 \
-	--peer-cmstype=1.2.840.113549.3.7 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select7"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select7 > /dev/null || \
-	{ echo "select7 failure"; exit 1; }
-
-echo "crypto available1"
-${hxtool} crypto-available \
-	--type=all \
-	> test || { echo "available1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \
-	{ echo "available1 failure"; exit 1; }
-
-echo "crypto available2"
-${hxtool} crypto-available \
-	--type=digest \
-	> test || { echo "available2"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available2 > /dev/null || \
-	{ echo "available2 failure"; exit 1; }
-
-echo "crypto available3"
-${hxtool} crypto-available \
-	--type=public-sig \
-	> test || { echo "available3"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \
-	{ echo "available3 failure"; exit 1; }
-
-echo "copy keystore FILE existing -> FILE"
-${hxtool} certificate-copy \
-    FILE:${srcdir}/data/test.crt,${srcdir}/data/test.key \
-    FILE:out.pem || exit 1
-
-echo "copy keystore FILE -> FILE"
-${hxtool} certificate-copy \
-    FILE:out.pem \
-    FILE:out2.pem || exit 1
-
-echo "copy keystore FILE -> PKCS12"
-${hxtool} certificate-copy \
-    FILE:out.pem \
-    PKCS12:out2.pem || exit 1
-
-echo "print certificate with utf8"
-${hxtool} print \
-	FILE:$srcdir/data/j.pem >/dev/null 2>/dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_java_pkcs11.in b/crypto/heimdal/lib/hx509/test_java_pkcs11.in
deleted file mode 100644
index 35f61e6..0000000
--- a/crypto/heimdal/lib/hx509/test_java_pkcs11.in
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-
-exit 0
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-dir=$objdir
-file=
-
-for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
-    if [ -f $dir/$a ] ; then
-	file=$dir/$a
-	break
-    fi
-done
-
-if [ "X$file" = X ] ; then
-    exit 0
-fi
-
-cat > pkcs11.cfg <<EOF
-name = Heimdal
-library = $file
-EOF
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test.key
-debug	stdout
-EOF
-
-
-env SOFTPKCS11RC="test-rc-file.rc" \
-    keytool \
-    -keystore NONE \
-    -storetype PKCS11 \
-    -providerClass sun.security.pkcs11.SunPKCS11 \
-    -providerArg pkcs11.cfg \
-    -list || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_name.c b/crypto/heimdal/lib/hx509/test_name.c
deleted file mode 100644
index 2c6dd51..0000000
--- a/crypto/heimdal/lib/hx509/test_name.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: test_name.c 19882 2007-01-13 01:02:57Z lha $");
-
-static int
-test_name(hx509_context context, const char *name)
-{
-    hx509_name n;
-    char *s;
-    int ret;
-
-    ret = hx509_parse_name(context, name, &n);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_to_string(n, &s);
-    if (ret)
-	return 1;
-
-    if (strcmp(s, name) != 0)
-	return 1;
-
-    hx509_name_free(&n);
-    free(s);
-
-    return 0;
-}
-
-static int
-test_name_fail(hx509_context context, const char *name)
-{
-    hx509_name n;
-
-    if (hx509_parse_name(context, name, &n) == HX509_NAME_MALFORMED)
-	return 0;
-    hx509_name_free(&n);
-    return 1;
-}
-
-static int
-test_expand(hx509_context context, const char *name, const char *expected)
-{
-    hx509_env env;
-    hx509_name n;
-    char *s;
-    int ret;
-
-    hx509_env_init(context, &env);
-    hx509_env_add(context, env, "uid", "lha");
-
-    ret = hx509_parse_name(context, name, &n);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_expand(context, n, env);
-    hx509_env_free(&env);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_to_string(n, &s);
-    hx509_name_free(&n);
-    if (ret)
-	return 1;
-    
-    ret = strcmp(s, expected) != 0;
-    free(s);
-    if (ret)
-	return 1;
-
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    hx509_context context;
-    int ret = 0;
-
-    ret = hx509_context_init(&context);
-    if (ret)
-	errx(1, "hx509_context_init failed with %d", ret);
-
-    ret += test_name(context, "CN=foo,C=SE");
-    ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE");
-    ret += test_name(context, "1.2.3.4=foo,C=SE");
-    ret += test_name_fail(context, "=");
-    ret += test_name_fail(context, "CN=foo,=foo");
-    ret += test_name_fail(context, "CN=foo,really-unknown-type=foo");
-
-    ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE");
-    ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE");
-    ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE");
-    ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE");
-    ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE");
-    ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE");
-
-    hx509_context_free(&context);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/test_nist.in b/crypto/heimdal/lib/hx509/test_nist.in
deleted file mode 100644
index 8306283..0000000
--- a/crypto/heimdal/lib/hx509/test_nist.in
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist.in 22240 2007-12-08 22:55:03Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "nist tests"
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
-    expr "$id" : "#" > /dev/null && continue
-    
-    test "$id" = "end" && break
-
-    args=""
-    case "$arg1" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg1" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg1" ;;
-    *) args="$args $arg1" ;;
-    esac
-    case "$arg2" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg2" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg2" ;;
-    *) args="$args $arg2" ;;
-    esac
-    case "$arg3" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg3" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg3" ;;
-    *) args="$args $arg3" ;;
-    esac
-    case "$arg4" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg4" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg4" ;;
-    *) args="$args $arg4" ;;
-    esac
-    case "$arg5" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg5" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg5" ;;
-    *) args="$args $arg5" ;;
-    esac
-
-    args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
-    args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
-    args="$args cert:FILE:$nistdir/certs/$cert"
-
-    if ${hxtool} verify $args > /dev/null; then
-	if test "$verify" = "f"; then
-	    echo "verify passed on fail: $id $cert"
-	    exit 1
-	fi
-    else
-	if test "$verify" = "p"; then
-	    echo "verify failed on pass: $id $cert"
-	    exit 1
-	fi
-    fi
-
-done < $srcdir/data/nist-data
-
-
-echo "done!"
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_nist2.in b/crypto/heimdal/lib/hx509/test_nist2.in
deleted file mode 100644
index 6616129..0000000
--- a/crypto/heimdal/lib/hx509/test_nist2.in
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist.in 21787 2007-08-02 08:50:24Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-limit="${1:-nolimit}"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "nist tests, version 2"
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-ec=
-name=
-description=
-while read result cert other ; do
-    if expr "$result" : "#" > /dev/null; then
-	name=${cert}
-	description="${other}"
-	continue
-    fi
-    
-    test nolimit != "${limit}" && ! expr "$name" : "$limit" > /dev/null && continue
-
-    test "$result" = "end" && break
-
-    args=
-    args="$args cert:FILE:$nistdir/certs/$cert"
-    args="$args chain:DIR:$nistdir/certs"
-    args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
-#    args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
-
-    for a in $nistdir/crls/*.crl; do
-	args="$args crl:FILE:$a"
-    done
-
-    cmd="${hxtool} verify $args"
-    eval ${cmd} > /dev/null
-    res=$?
-
-    case "${result},${res}" in
-    0,0) r="PASSs";;
-    0,*) r="FAILs";;
-    [123],0) r="FAILf";;
-    [123],*) r="PASSf";;
-    *) echo="unknown result ${result},${res}" ; exit 1 ;;
-    esac
-    if grep "${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then
-	if expr "$r" : "PASS" >/dev/null; then
-	    echo "${name} passed when expected not to"
-	    echo "# ${description}" > nist2-passed-${name}.tmp
-	    ec=1
-	fi
-    elif expr "$r" : "FAIL.*" >/dev/null ; then
-	echo "$r ${name} ${description}"
-	echo "# ${description}" > nist2-failed-${name}.tmp
-	echo "$cmd" >> nist2-failed-${name}.tmp
-	ec=1
-    fi
-
-done < $srcdir/data/nist-data2
-
-
-echo "done!"
-
-exit $ec
diff --git a/crypto/heimdal/lib/hx509/test_nist_cert.in b/crypto/heimdal/lib/hx509/test_nist_cert.in
deleted file mode 100644
index 2d2bbe1..0000000
--- a/crypto/heimdal/lib/hx509/test_nist_cert.in
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist_cert.in 21823 2007-08-03 15:13:37Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" &&  cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
-   :
-else
-   echo "validate failed"
-   exit 1
-fi
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in b/crypto/heimdal/lib/hx509/test_nist_pkcs12.in
deleted file mode 100644
index fe595f2..0000000
--- a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist_pkcs12.in 22256 2007-12-09 06:04:02Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-pass="--pass=PASS:password"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" &&  cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-echo "nist pkcs12 tests"
-
-for a in $nistdir/pkcs12/*.p12 ; do
-
-    if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
-	:
-    else
-	echo "$a failed"
-	exit 1
-    fi
-
-done
-
-echo "done!"
-
-exit 0
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/hx509/test_pkcs11.in b/crypto/heimdal/lib/hx509/test_pkcs11.in
deleted file mode 100644
index 0a315bf..0000000
--- a/crypto/heimdal/lib/hx509/test_pkcs11.in
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-SOFTPKCS11RC="test-rc-file.rc" \
-export SOFTPKCS11RC
-
-echo "password less"
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test.key
-debug	p11dbg.log
-app-fatal	true
-EOF
-
-./test_soft_pkcs11 || exit 1
-
-echo "password"
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key
-debug	p11dbg.log
-app-fatal	true
-EOF
-
-./test_soft_pkcs11 || exit 1
-
-echo "done"
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_query.in b/crypto/heimdal/lib/hx509/test_query.in
deleted file mode 100644
index 01e0c31..0000000
--- a/crypto/heimdal/lib/hx509/test_query.in
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_query.in 20782 2007-06-02 00:46:00Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-echo "try printing"
-${hxtool} print \
-	--pass=PASS:foobar \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-${hxtool} print \
-	--pass=PASS:foobar \
-	--info \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found  (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test-not  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (friendlyname, no-pw)"
-${hxtool} query \
-	--friendlyname=friendlyname-cert  \
-	PKCS12:$srcdir/data/test-nopw.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "check for ca cert (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test \
-	PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (friendlyname|private key)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
-
-echo "make sure entry is not found (friendlyname|private key)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (cert ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert-ds ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (cert-ds ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is not found (cert-ds ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is not found (cert-ke ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (cert-ke ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (cert-ke ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
-
-exit 0
-
diff --git a/crypto/heimdal/lib/hx509/test_req.in b/crypto/heimdal/lib/hx509/test_req.in
deleted file mode 100644
index 2109ceb..0000000
--- a/crypto/heimdal/lib/hx509/test_req.in
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_req.in 21341 2007-06-26 14:20:56Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --key=FILE:$srcdir/data/key.der \
-	 request.out || exit 1
-
-${hxtool} request-print \
-	 PKCS10:request.out > /dev/null || exit 1
-
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --dnsname=nutcracker.it.su.se \
-	 --key=FILE:$srcdir/data/key.der \
-	 request.out || exit 1
diff --git a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c b/crypto/heimdal/lib/hx509/test_soft_pkcs11.c
deleted file mode 100644
index e76f772..0000000
--- a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include "pkcs11.h"
-#include <err.h>
-
-static CK_FUNCTION_LIST_PTR func;
-
-
-static CK_RV
-find_object(CK_SESSION_HANDLE session, 
-	    char *id,
-	    CK_OBJECT_CLASS key_class, 
-	    CK_OBJECT_HANDLE_PTR object)
-{
-    CK_ULONG object_count;
-    CK_RV ret;
-    CK_ATTRIBUTE search_data[] = {
-	{CKA_ID, id, 0 },
-	{CKA_CLASS, &key_class, sizeof(key_class)}
-    };
-    CK_ULONG num_search_data = sizeof(search_data)/sizeof(search_data[0]);
-
-    search_data[0].ulValueLen = strlen(id);
-
-    ret = (*func->C_FindObjectsInit)(session, search_data, num_search_data);
-    if (ret != CKR_OK)
-	return ret;
-
-    ret = (*func->C_FindObjects)(session, object, 1, &object_count);
-    if (ret != CKR_OK)
-	return ret;
-    if (object_count == 0) {
-	printf("found no object\n");
-	return 1;
-    }
-
-    ret = (*func->C_FindObjectsFinal)(session);
-    if (ret != CKR_OK)
-	return ret;
-
-    return CKR_OK;
-}
-
-static char *sighash = "hej";
-static char signature[1024];
-
-
-int
-main(int argc, char **argv)
-{
-    CK_SLOT_ID_PTR slot_ids;
-    CK_SLOT_ID slot;
-    CK_ULONG num_slots;
-    CK_RV ret;
-    CK_SLOT_INFO slot_info;
-    CK_TOKEN_INFO token_info;
-    CK_SESSION_HANDLE session;
-    CK_OBJECT_HANDLE public, private;
-
-    ret = C_GetFunctionList(&func);
-    if (ret != CKR_OK)
-	errx(1, "C_GetFunctionList failed: %d", (int)ret);
-
-    (*func->C_Initialize)(NULL_PTR);
-
-    ret = (*func->C_GetSlotList)(FALSE, NULL, &num_slots);
-    if (ret != CKR_OK)
-	errx(1, "C_GetSlotList1 failed: %d", (int)ret);
-
-    if (num_slots == 0)
-	errx(1, "no slots");
-
-    if ((slot_ids = calloc(1, num_slots * sizeof(*slot_ids))) == NULL)
-	err(1, "alloc slots failed");
-
-    ret = (*func->C_GetSlotList)(FALSE, slot_ids, &num_slots);
-    if (ret != CKR_OK)
-	errx(1, "C_GetSlotList2 failed: %d", (int)ret);
-
-    slot = slot_ids[0];
-    free(slot_ids);
-
-    ret = (*func->C_GetSlotInfo)(slot, &slot_info);
-    if (ret)
-	errx(1, "C_GetSlotInfo failed: %d", (int)ret);
-
-    if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
-	errx(1, "no token present");
-
-    ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION, 
-				 NULL, NULL, &session);
-    if (ret != CKR_OK)
-	errx(1, "C_OpenSession failed: %d", (int)ret);
-    
-    ret = (*func->C_GetTokenInfo)(slot, &token_info);
-    if (ret)
-	errx(1, "C_GetTokenInfo1 failed: %d", (int)ret);
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED) {
-	ret = (*func->C_Login)(session, CKU_USER,
-			       (unsigned char*)"foobar", 6);
-	if (ret != CKR_OK)
-	    errx(1, "C_Login failed: %d", (int)ret);
-    }
-
-    ret = (*func->C_GetTokenInfo)(slot, &token_info);
-    if (ret)
-	errx(1, "C_GetTokenInfo2 failed: %d", (int)ret);
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED)
-	errx(1, "login required, even after C_Login");
-
-    ret = find_object(session, "cert", CKO_PUBLIC_KEY, &public);
-    if (ret != CKR_OK)
-	errx(1, "find cert failed: %d", (int)ret);
-    ret = find_object(session, "cert", CKO_PRIVATE_KEY, &private);
-    if (ret != CKR_OK)
-	errx(1, "find private key failed: %d", (int)ret);
-
-    {
-	CK_ULONG ck_sigsize;
-	CK_MECHANISM mechanism;
-
-	memset(&mechanism, 0, sizeof(mechanism));
-	mechanism.mechanism = CKM_RSA_PKCS;
-
-	ret = (*func->C_SignInit)(session, &mechanism, private);
-	if (ret != CKR_OK)
-	    return 1;
-	
-	ck_sigsize = sizeof(signature);
-	ret = (*func->C_Sign)(session, (CK_BYTE *)sighash, strlen(sighash),
-			      (CK_BYTE *)signature, &ck_sigsize);
-	if (ret != CKR_OK) {
-	    printf("C_Sign failed with: %d\n", (int)ret);
-	    return 1;
-	}
-
-	ret = (*func->C_VerifyInit)(session, &mechanism, public);
-	if (ret != CKR_OK)
-	    return 1;
-
-	ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize, 
-				(CK_BYTE *)sighash, strlen(sighash));
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-    }
-
-#if 0
-    {
-	CK_ULONG ck_sigsize, outsize;
-	CK_MECHANISM mechanism;
-	char outdata[1024];
-
-	memset(&mechanism, 0, sizeof(mechanism));
-	mechanism.mechanism = CKM_RSA_PKCS;
-
-	ret = (*func->C_EncryptInit)(session, &mechanism, public);
-	if (ret != CKR_OK)
-	    return 1;
-	
-	ck_sigsize = sizeof(signature);
-	ret = (*func->C_Encrypt)(session, (CK_BYTE *)sighash, strlen(sighash),
-				 (CK_BYTE *)signature, &ck_sigsize);
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-
-	ret = (*func->C_DecryptInit)(session, &mechanism, private);
-	if (ret != CKR_OK)
-	    return 1;
-
-	outsize = sizeof(outdata);
-	ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize, 
-				 (CK_BYTE *)outdata, &outsize);
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-
-	if (memcmp(sighash, outdata, strlen(sighash)) != 0)
-	    return 1;
-    }
-#endif
-
-    ret = (*func->C_CloseSession)(session);
-    if (ret != CKR_OK)
-	return 1;
-
-    (*func->C_Finalize)(NULL_PTR);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/test_windows.in b/crypto/heimdal/lib/hx509/test_windows.in
deleted file mode 100644
index 8614544..0000000
--- a/crypto/heimdal/lib/hx509/test_windows.in
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_windows.in 21004 2007-06-08 01:53:10Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "Create trust anchor"
-${hxtool} issue-certificate \
-    --self-signed \
-    --issue-ca \
-    --generate-key=rsa \
-    --subject="CN=Windows-CA,DC=heimdal,DC=pki" \
-    --lifetime=10years \
-    --certificate="FILE:wca.pem" || exit 1
-
-echo "Create domain controller cert"
-${hxtool} issue-certificate \
-    --type="pkinit-kdc" \
-    --pk-init-principal="krbtgt/HEIMDAL.PKI@HEIMDAL.PKI" \
-    --hostname=kdc.heimdal.pki \
-    --generate-key=rsa \
-    --subject="CN=kdc.heimdal.pki,dc=heimdal,dc=pki" \
-    --certificate="FILE:wdc.pem" \
-    --domain-controller \
-    --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
-    --ca-certificate=FILE:wca.pem || exit 1
-
-
-echo "Create user cert"
-${hxtool} issue-certificate \
-    --type="pkinit-client" \
-    --pk-init-principal="user@HEIMDAL.PKI" \
-    --generate-key=rsa \
-    --subject="CN=User,DC=heimdal,DC=pki" \
-    --ms-upn="user@heimdal.pki" \
-    --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
-    --certificate="FILE:wuser.pem" \
-    --ca-certificate=FILE:wca.pem || exit 1
-
-echo "Create crl"
-${hxtool} crl-sign \
-	--crl-file=wcrl.crl \
-	--signer=FILE:wca.pem || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available1 b/crypto/heimdal/lib/hx509/tst-crypto-available1
deleted file mode 100644
index 71fa741..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available1
+++ /dev/null
@@ -1,13 +0,0 @@
-1.2.840.113549.1.1.11
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.4
-1.2.840.113549.1.1.2
-1.2.752.43.16.1
-2.16.840.1.101.3.4.2.1
-1.3.14.3.2.26
-1.2.840.113549.2.5
-1.2.840.113549.2.2
-1.2.840.113549.3.7
-2.16.840.1.101.3.4.1.2
-2.16.840.1.101.3.4.1.42
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available2 b/crypto/heimdal/lib/hx509/tst-crypto-available2
deleted file mode 100644
index b3f76e3..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available2
+++ /dev/null
@@ -1,4 +0,0 @@
-2.16.840.1.101.3.4.2.1
-1.3.14.3.2.26
-1.2.840.113549.2.5
-1.2.840.113549.2.2
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available3 b/crypto/heimdal/lib/hx509/tst-crypto-available3
deleted file mode 100644
index 0b1a855..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available3
+++ /dev/null
@@ -1,6 +0,0 @@
-1.2.840.113549.1.1.11
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.4
-1.2.840.113549.1.1.2
-1.2.752.43.16.1
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select b/crypto/heimdal/lib/hx509/tst-crypto-select
deleted file mode 100644
index 399c883..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.11
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select1 b/crypto/heimdal/lib/hx509/tst-crypto-select1
deleted file mode 100644
index eb0d095..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select1
+++ /dev/null
@@ -1 +0,0 @@
-1.3.14.3.2.26
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select2 b/crypto/heimdal/lib/hx509/tst-crypto-select2
deleted file mode 100644
index 749a549..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select2
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select3 b/crypto/heimdal/lib/hx509/tst-crypto-select3
deleted file mode 100644
index ba9f29f..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select3
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.4
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select4 b/crypto/heimdal/lib/hx509/tst-crypto-select4
deleted file mode 100644
index 749a549..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select4
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select5 b/crypto/heimdal/lib/hx509/tst-crypto-select5
deleted file mode 100644
index 399c883..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select5
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.11
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select6 b/crypto/heimdal/lib/hx509/tst-crypto-select6
deleted file mode 100644
index 749a549..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select6
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select7 b/crypto/heimdal/lib/hx509/tst-crypto-select7
deleted file mode 100644
index 9b0ac64..0000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select7
+++ /dev/null
@@ -1 +0,0 @@
-2.16.840.1.101.3.4.1.42
diff --git a/crypto/heimdal/lib/hx509/version-script.map b/crypto/heimdal/lib/hx509/version-script.map
deleted file mode 100644
index 68ef73e..0000000
--- a/crypto/heimdal/lib/hx509/version-script.map
+++ /dev/null
@@ -1,227 +0,0 @@
-# $Id$
-
-HEIMDAL_X509_1.0 {
-	global:
-		initialize_hx_error_table_r;
-		hx509_bitstring_print;
-		hx509_ca_sign;
-		hx509_ca_sign_self;
-		hx509_ca_tbs_add_crl_dp_uri;
-		hx509_ca_tbs_add_eku;
-		hx509_ca_tbs_add_san_hostname;
-		hx509_ca_tbs_add_san_jid;
-		hx509_ca_tbs_add_san_ms_upn;
-		hx509_ca_tbs_add_san_otherName;
-		hx509_ca_tbs_add_san_pkinit;
-		hx509_ca_tbs_add_san_rfc822name;
-		hx509_ca_tbs_free;
-		hx509_ca_tbs_init;
-		hx509_ca_tbs_set_ca;
-		hx509_ca_tbs_set_domaincontroller;
-		hx509_ca_tbs_set_notAfter;
-		hx509_ca_tbs_set_notAfter_lifetime;
-		hx509_ca_tbs_set_notBefore;
-		hx509_ca_tbs_set_proxy;
-		hx509_ca_tbs_set_serialnumber;
-		hx509_ca_tbs_set_spki;
-		hx509_ca_tbs_set_subject;
-		hx509_ca_tbs_set_template;
-		hx509_ca_tbs_subject_expand;
-		hx509_ca_tbs_template_units;
-		hx509_cert_binary;
-		hx509_cert_check_eku;
-		hx509_cert_cmp;
-		hx509_cert_find_subjectAltName_otherName;
-		hx509_cert_free;
-		hx509_cert_get_SPKI;
-		hx509_cert_attribute;
-		hx509_cert_get_attribute;
-		hx509_cert_get_base_subject;
-		hx509_cert_get_friendly_name;
-		hx509_cert_get_issuer;
-		hx509_cert_get_notAfter;
-		hx509_cert_get_notBefore;
-		hx509_cert_get_serialnumber;
-		hx509_cert_get_subject;
-		hx509_cert_init;
-		hx509_cert_init_data;
-		hx509_cert_keyusage_print;
-		hx509_cert;
-		hx509_cert_ref;
-		hx509_cert_set_friendly_name;
-		hx509_certs_add;
-		hx509_certs_append;
-		hx509_certs_end_seq;
-		hx509_certs_find;
-		hx509_certs_free;
-		hx509_certs_info;
-		hx509_certs_init;
-		hx509_certs_iter;
-		hx509_certs_merge;
-		hx509_certs_next_cert;
-		hx509_certs_start_seq;
-		hx509_certs_store;
-		hx509_ci_print_names;
-		hx509_clear_error_string;
-		hx509_cms_create_signed_1;
-		hx509_cms_decrypt_encrypted;
-		hx509_cms_envelope_1;
-		hx509_cms_unenvelope;
-		hx509_cms_unwrap_ContentInfo;
-		hx509_cms_verify_signed;
-		hx509_cms_wrap_ContentInfo;
-		hx509_context_free;
-		hx509_context_init;
-		hx509_context_set_missing_revoke;
-		hx509_crl_add_revoked_certs;
-		hx509_crl_alloc;
-		hx509_crl_free;
-		hx509_crl_lifetime;
-		hx509_crl_sign;
-		hx509_crypto_aes128_cbc;
-		hx509_crypto_aes256_cbc;
-		hx509_crypto_available;
-		hx509_crypto_decrypt;
-		hx509_crypto_des_rsdi_ede3_cbc;
-		hx509_crypto_destroy;
-		hx509_crypto_encrypt;
-		hx509_crypto_enctype_by_name;
-		hx509_crypto_free_algs;
-		hx509_crypto_get_params;
-		hx509_crypto_init;
-		hx509_crypto_provider;
-		hx509_crypto_select;
-		hx509_crypto_set_key_data;
-		hx509_crypto_set_key_name;
-		hx509_crypto_set_params;
-		hx509_crypto_set_random_key;
-		hx509_env_add;
-		hx509_env_free;
-		hx509_env_init;
-		hx509_env_lfind;
-		hx509_err;
-		hx509_free_error_string;
-		hx509_free_octet_string_list;
-		hx509_general_name_unparse;
-		hx509_get_error_string;
-		hx509_get_one_cert;
-		hx509_lock_add_cert;
-		hx509_lock_add_certs;
-		hx509_lock_add_password;
-		hx509_lock_command_string;
-		hx509_lock_free;
-		hx509_lock_init;
-		hx509_lock_prompt;
-		hx509_lock_reset_certs;
-		hx509_lock_reset_passwords;
-		hx509_lock_reset_promper;
-		hx509_lock_set_prompter;
-		hx509_name_cmp;
-		hx509_name_copy;
-		hx509_name_expand;
-		hx509_name_free;
-		hx509_name_is_null_p;
-		hx509_name_normalize;
-		hx509_name_to_Name;
-		hx509_name_binary;
-		hx509_name_to_string;
-		hx509_ocsp_request;
-		hx509_ocsp_verify;
-		hx509_oid_print;
-		hx509_oid_sprint;
-		hx509_parse_name;
-		hx509_peer_info_alloc;
-		hx509_peer_info_free;
-		hx509_peer_info_set_cert;
-		hx509_peer_info_set_cms_algs;
-		hx509_print_stdout;
-		hx509_prompt_hidden;
-		hx509_query_alloc;
-		hx509_query_free;
-		hx509_query_match_cmp_func;
-		hx509_query_match_friendly_name;
-		hx509_query_match_issuer_serial;
-		hx509_query_match_option;
-		hx509_query_statistic_file;
-		hx509_query_unparse_stats;
-		hx509_revoke_add_crl;
-		hx509_revoke_add_ocsp;
-		hx509_revoke_free;
-		hx509_revoke_init;
-		hx509_revoke_ocsp_print;
-		hx509_revoke_verify;
-		hx509_set_error_string;
-		hx509_set_error_stringv;
-		hx509_signature_md2;
-		hx509_signature_md5;
-		hx509_signature_rsa;
-		hx509_signature_rsa_with_md2;
-		hx509_signature_rsa_with_md5;
-		hx509_signature_rsa_with_sha1;
-		hx509_signature_rsa_with_sha256;
-		hx509_signature_rsa_with_sha384;
-		hx509_signature_rsa_with_sha512;
-		hx509_signature_sha1;
-		hx509_signature_sha256;
-		hx509_signature_sha384;
-		hx509_signature_sha512;
-		hx509_unparse_der_name;
-		hx509_validate_cert;
-		hx509_validate_ctx_add_flags;
-		hx509_validate_ctx_free;
-		hx509_validate_ctx_init;
-		hx509_validate_ctx_set_print;
-		hx509_verify_attach_anchors;
-		hx509_verify_attach_revoke;
-		hx509_verify_ctx_f_allow_default_trustanchors;
-		hx509_verify_destroy_ctx;
-		hx509_verify_hostname;
-		hx509_verify_init_ctx;
-		hx509_verify_path;
-		hx509_verify_set_max_depth;
-		hx509_verify_set_proxy_certificate;
-		hx509_verify_set_strict_rfc3280_verification;
-		hx509_verify_set_time;
-		hx509_verify_signature;
-		hx509_pem_write;
-		hx509_pem_add_header;
-		hx509_pem_find_header;
-		hx509_pem_free_header;
-		hx509_xfree;
-		_hx509_write_file;
-		_hx509_map_file;
-		_hx509_map_file_os;
-		_hx509_unmap_file;
-		_hx509_unmap_file_os;
-		_hx509_certs_keys_free;
-		_hx509_certs_keys_get;
-		_hx509_request_init;
-		_hx509_request_add_dns_name;
-		_hx509_request_add_email;
-		_hx509_request_get_name;
-		_hx509_request_set_name;
-		_hx509_request_set_email;
-		_hx509_request_get_SubjectPublicKeyInfo;
-		_hx509_request_set_SubjectPublicKeyInfo;
-		_hx509_request_to_pkcs10;
-		_hx509_request_to_pkcs10;
-		_hx509_request_free;
-		_hx509_request_print;
-		_hx509_request_parse;
-		_hx509_private_key_ref;
-		_hx509_private_key_free;
-		_hx509_private_key2SPKI;
-		_hx509_generate_private_key_init;
-		_hx509_generate_private_key_is_ca;
-		_hx509_generate_private_key_bits;
-		_hx509_generate_private_key;
-		_hx509_generate_private_key_free;
-		_hx509_cert_assign_key;
-		_hx509_cert_private_key;
-		_hx509_name_from_Name;
-		# pkcs11 symbols
-		C_GetFunctionList;
-	local:
-		*;
-};
-
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog
deleted file mode 100644
index 9b1235c..0000000
--- a/crypto/heimdal/lib/kadm5/ChangeLog
+++ /dev/null
@@ -1,1383 +0,0 @@
-2008-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* default_keys.c: Use hdb_free_keys().
-
-2008-01-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add check-cracklib.pl, flush.c,
-	sample_passwd_check.c
-
-2007-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use hdb_db_dir() and hdb_default_db()
-
-2007-10-18  Love  <lha@stacken.kth.se>
-
-	* init_c.c: We are getting default_client, not client. this way
-	the user can override the result.
-	
-2007-09-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.8: fix spelling, From Antoine Jacoutt.
-
-2007-08-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: export _kadm5_unmarshal_params,
-	_kadm5_acl_check_permission
-
-	* version-script.map: export kadm5_log_ symbols.
-
-	* log.c: Unexport the specific log replay operations.
-	
-2007-08-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: build sample_passwd_check.la as part of noinst.
-
-	* sample_passwd_check.c: Add missing prototype for check_length().
-
-2007-08-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* log.c: Sprinkle krb5_set_error_string().
-
-	* ipropd_slave.c: Provide better error why kadm5_log_replay
-	failed.
-
-2007-08-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c: - don't push whole database to the new client
-	every time.  - make slaves get the whole new database if they have
-	a newer log the the master (and thus have them go back in time).
-
-2007-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: make more sane.
-
-	* ipropd_slave.c: more paranoid check that the log entires are
-	self consistant
-
-	* log.c (kadm5_log_foreach): check that the postamble contains the
-	right data.
-
-	* ipropd_master.c: Sprinkle more info about what versions the
-	master thinks about the client versions.
-
-	* ipropd_master.c: Start the server at the current version, not 0.
-
-2007-08-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c: Add more logging, to figure out what is
-	happening in the master.
-
-2007-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add version-script for libkadm5srv.la
-
-	* version-script.map: version script fro kadm5 server libary.
-
-	* log.c: only free the orignal entries extentions if there was
-	any.  Bug reported by Peter Meinecke.
-
-	* add configuration for signal file and acl file, let user select
-	hostname, catch signals and print why we are quiting, make nop
-	cause one new version, not two
-
-2007-07-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (send_diffs): make current slave's version
-	uptodate when diff have been sent.
-	
-2007-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: More comments and some more error checking.
-	
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (get_cache_principal): make sure id is reset if we
-	fail. From Benjamin Bennet.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c (find_db_spec): match realm-less as the default
-	realm.
-
-	* Makefile.am: New library version.
-
-2007-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
-	ctx->config.realm can be NULL, check for that, from Bjorn S.
-	
-2007-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c: Try harder to use the right principal.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: Catch return value from krb5_program_setup. From
-	Steven Luo.
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete_s.c: Write log entry after store is successful, rename
-	out goto statments.
-
-	* randkey_s.c: Write log entry after store is successful.
-
-	* modify_s.c: Write log entry after store is successful.
-
-	* rename_s.c: indent.
-
-	* chpass_s.c: Write log entry after store is successful.
-
-	* create_s.c: Write log entry after store is successful.
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* iprop-commands.in: Add default values to make this working
-	again.
-
-	* iprop-log.c (iprop_replay): create the database with more
-	liberal mode.
-
-	* log.c: make it slightly more working.
-
-	* iprop-log.8: Document last-version.
-
-	* iprop-log.c: (last_version): print last version of the log.
-	
-	* iprop-commands.in: new command last-version: print last version
-	of the log.
-
-	* log.c (kadm5_log_previous): document assumptions and make less
-	broken.  Bug report from Ronny Blomme.
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin.h: add support to get aliases
-
-	* get_s.c: add support to get aliases
-
-2007-02-11  David Love  <fx@gnu.org>
-
-	* iprop-log.8: Small fixes, from David Love.
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c: if the user have a kadmin/admin initial ticket, don't
-	ask for password, just use the credential instead.
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ipropd_master.c: Use strcspn to remove \n from string returned
-	by fgets.  From Bj�rn Sandell
-	
-2006-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (kadm_connect): clear error string before trying to
-	print a errno, this way we don't pick up a random failure code
-	
-2006-11-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-
-	* init_c.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ent_setup.c: Try to not leak memory.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST
-
-	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST
-
-	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
-	
-2006-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-cracklib.pl: Add password reuse checking. From Harald
-	Barth.
-	
-2006-06-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
-
-	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
-
-	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
-	
-2006-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
-
-2006-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c (kadm5_check_password_quality): set error
-	message in context.
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop-log.c: Avoid shadowing.
-
-	* rename_s.c: Avoid shadowing.
-
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
-	that way.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
-	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
-
-	* send_recv.c: set and clear error string
-
-	* rename_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* randkey_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* modify_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* log.c: Break out the that we request from principal from the
-	entry and pass it in as a separate argument.
-
-	* get_s.c: Break out the that we request from principal from the
-	entry and pass it in as a separate argument.
-
-	* delete_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* chpass_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-	
-2006-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* create_s.c (create_principal*): If client doesn't send kvno,
-	make sure to set it to 1.
-	
-2006-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* log.c: (kadm5_log_rename): handle errors better
-	Fixes Coverity, NetBSD CID#628
-
-	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
-	CID#626
-	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627
-
-	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
-	case no client name was passed in. Coverity, NetBSD CID#919
-	
-	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
-	case of error. Coverity NetBSD CID#1908
-	
-2006-02-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kadm5_err.et: (PASS_REUSE): Spelling, 
-	from V�clav H?la <ax@natur.cuni.cz>
-	
-2006-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* send_recv.c: Clear error-string when introducing new errors.
-
-	* *_c.c: Clear error-string when introducing new errors.
-	
-2006-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
-	dependency
-	
-2005-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* memset hdb_entry_ex before use
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Wrap hdb_entry with hdb_entry_ex, patch originally 
-	from Andrew Bartlet
-
-2005-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c (set_field): try another way to calculate the path
-	to the database/logfile/signal-socket
-
-	* log.c (kadm5_log_init): set error string on failures
-	
-2005-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Constify password.
-
-	* admin.h: Add KRB5_TL_PKINIT_ACL.
-	
-	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
-	
-	* get_s.c (kadm5_s_get_principal): clear error string
-	
-2005-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop-log.8: More text about iprop-log.
-	
-2005-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.8: SEE ALSO iprop-log.
-
-	* Makefile.am: man_MANS += iprop-log.8
-
-	* iprop-log.8: Basic for documentation of iprop-log.
-	
-	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
-	iprop-log.
-
-	* log.c (kadm5_log_foreach): add a context variable and pass it
-	down to `func�.
-
-	* iprop-commands.in: Move truncate_log and replay_log into
-	iprop-log.
-
-	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
-	
-	* Makefile.am: Move truncate_log and replay_log into iprop-log.
-	
-	* Makefile.am: Make this work with a clean directory.
-
-	* ipropd_master.c: Make compile.
-
-	* ipropd_master.c: Update to new signature of kadm5_log_previous.
-
-	* log.c (kadm5_log_previous): catch errors instead of asserting
-	and set error string.
-
-	* iprop-commands.in: New program iprop-log that incorperates
-	dump_log as a subcommand, truncate_log and replay_log soon to come
-	after.
-	
-	* iprop-log.c: New program iprop-log that incorperates dump_log as
-	a subcommand, truncate_log and replay_log soon to come after.
-
-	* Makefile.am: New program iprop-log that incorperates dump_log as
-	a subcommand, truncate_log and replay_log soon to come after.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
-	
-	* set_keys.c: Set and clear password where appropriate.
-
-	* randkey_s.c: Operation modifies tl_data.
-
-	* log.c (kadm5_log_replay_modify): Check return values of
-	malloc(), replace all extensions.
-
-	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.
-
-	* get_s.c: Expose KADM5_TL_DATA options to the client.
-
-	* ent_setup.c: Merge in KADM5_TL_DATA in the database.
-
-	* chpass_s.c: Operations modify extensions, mark that with
-	TL_DATA.
-
-	* admin.h: Add more TL types (password and extension).
-
-2005-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* constify
-
-	* ipropd_slave.c: avoid shadowing
-
-	* ipropd_master.c: rename local variable slave to s, optind ->
-	optidx
-
-	* get_princs_c.c: rename variable exp to expression
-	
-	* ad.c: rename variable exp to expression
-
-	* log.c: rename shadowing len to num
-	
-	* get_princs_s.c: rename variable exp to expression
-
-	* context_s.c: const poison
-
-	* common_glue.c: rename variable exp to expression
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
-	
-	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
-
-	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
-
-2005-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadm5_pwcheck.3: please mdoclint
-
-2005-05-25  Dave Love  <fx@gnu.org>
-
-	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
-	improve text
-
-2005-05-24  Dave Love  <fx@gnu.org>
-
-	* iprop.8: Added some info about defaults, fixed some markup.
-	
-2005-05-23  Dave Love  <fx@gnu.org>
-
-	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.
-
-	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.
-
-2005-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
-	failure
-
-2005-05-09  Dave Love  <fx@gnu.org>
-
-	* password_quality.c (find_func): Fix off-by-one and logic error.
-	(external_passwd_quality): Improve messages.
-
-	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
-	and kadm5_add_passwd_quality_verifier.
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* default_keys.c: #include <err.h>, only print salt it its longer
-	then 0, use krb5_err instead of errx where appropriate
-	
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: add the documented option --port
-
-	* ipropd_master.c: add the documented option --port
-	
-	* dump_log.c: use the newly generated units function
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dump_log.c: use strlcpy
-	
-	* password_quality.c: don't use sizeof(pointer)
-	
-2005-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-cracklib.pl: external password verifier sample
-
-	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
-	is passed in, load defaults
-
-2005-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c: add an end tag to the external password
-	quality check protocol
-
-2005-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c: add external passsword quality check builtin
-	module
-	
-	[password_quality]
-		policies = external-check
-		external-program = /bin/false
-	
-	To approve password a, make the test program return APPROVED on
-	stderr and fail with exit code 0.
-	
-2004-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 7:7:0 and 6:5:2
-	
-	* default_keys.c (parse_file): use hdb_generate_key_set
-	
-	* keys.c,set_keys.c: Move keyset parsing and password based keyset
-	generation into hdb.  Requested by Andrew Bartlett <abartlet@samba.org>
-	for hdb-ldb backend.
-	
-2004-09-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: add help strings to some options
-	
-2004-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
-	
-	* keys.c (_kadm5_free_keys): change prototype, make it use
-	krb5_context instead of a kadm5_server_context
-	
-	* set_keys.c (parse_key_set): do way with static returning
-	(function) static variable and returned allocated memory
-	(_kadm5_generate_key_set): free enctypes returned by parse_key_set
-
-2004-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c: Fix memory leak, don't return stack variables From
-	Andrew Bartlett
-	
-	* set_keys.c: make all_etypes const and move outside function to
-	avoid returning data on stack
-	
-2004-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
-	delim of the third element, this is so we can match
-	"foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
-	"foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
-	what really happen was that the last <SPC> was stamped out, and
-	the it never strtok_r never needed to parse over it.
-	
-2004-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
-	without salting, some people tries to add the string
-	"arcfour-hmac-md5" when they really should have used
-	"arcfour-hmac-md5:pw-salt", help them and add glue for that
-	
-2004-08-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: add --detach
-
-2004-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: use new tsasl interface remove debug printf add upn to
-	computer-accounts
-	
-2004-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
-	strings
-	
-2004-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: man_MANS = kadm5_pwcheck.3
-	
-	* kadm5_pwcheck.3: document new password quality api
-	
-	* password_quality.c: new password check interface (old still
-	supported)
-	
-	* kadm5-pwcheck.h: new password check interface
-	
-2004-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (main): process all slaves, not just up to the
-	last slave sending data
-	(bug report from Bj�rn Sandell <biorn@dce.chalmers.se>)
-	(*): only send one ARE_YOU_THERE
-
-2004-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: use krb5_set_password_using_ccache
-	
-2004-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: try handle spn's better
-	
-2004-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: add expiration time
-	
-	* ad.c: add modify operations
-	
-	* ad.c: handle create and delete
-	
-2004-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: more code for get, handle attributes
-	
-	* ad.c: more code for get, handle time stamps and bad password
-	counter
-
-	* ad.c: more code for get, only fetches kvno for now
-	
-2004-05-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: add support for tsasl
-	
-	* private.h: add kadm5_ad_context
-	
-	* ipropd_master.c (prop_one): store the opcode in the begining of
-	the blob, not the end
-	
-	* ad.c: try all ldap servers in dns, generate a random password,
-	base64(random_block(64)), XXX must make it support other then
-	ARCFOUR
-	
-	* ad.c: framework for windows AD backend
-	
-2004-03-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* create_s.c (kadm5_s_create_principal): remove old XXX command
-	and related code, _kadm5_set_keys will do all this now
-	
-2004-02-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
-	enctype for des keys From: Andrew Bartlett <abartlet@samba.org>
-	
-	* create_s.c (kadm5_s_create_principal_with_key): don't call
-	_kadm5_set_keys2, create_principal will do that for us. Set kvno
-	to 1.
-
-	* chpass_s.c (change): bump kvno
-	(kadm5_s_chpass_principal_with_key): bump kvno
-
-	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
-	
-	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
-	to that
-
-2003-12-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c (change): fix same-password-again by decrypting keys
-	and setting an error code From: Buck Huppmann <buckh@pobox.com>
-	
-2003-12-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
-	other krb5_ functions
-
-2003-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rename_s.c (kadm5_s_rename_principal): allow principal to change
-	realm From Panasas Inc
-	
-2003-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
-	Inc
-
-2003-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.h: don't include <krb5-private.h>
-	
-	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
-	functions and replace them with with krb5_storage
-	
-	* ipropd_master.c: stop using krb5 lib private byte-frobbing
-	functions and replace them with with krb5_storage
-	
-2003-11-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c (receive_loop): when seeking over the entries we
-	already have, skip over the trailer.  From: Jeffrey Hutzelman
-	<jhutz@cmu.edu>
-
-	* dump_log.c,ipropd_master.c,ipropd_slave.c,
-	replay_log.c,truncate_log.c: parse kdc.conf
-	From: Jeffrey Hutzelman <jhutz@cmu.edu>
-
-2003-10-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: += test_pw_quality
-	
-	* test_pw_quality.c: test program for verifying password quality
-	function
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add and enable check program default_keys
-	
-	* default_keys.c: test program for _kadm5_generate_key_set
-	
-	* init_c.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-2003-08-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
-	
-	* ipropd_master.c (main): make sure current_version is initialized
-	
-2003-08-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c: use default_keys for the both random keys and
-	password derived keys if its defined
-	
-2003-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c (receive_everything): switch close and rename
-	From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
-	
-2003-07-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.h, ipropd_master.c, ipropd_slave.c:
-	Add probing from the server that the client is still there, also
-	make the client check that the server is probing.
-
-2003-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* truncate_log.c (main): add missing ``if (ret)''
-	
-2003-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (make_keys): add AES support
-	
-	* set_keys.c: fix off by one in the aes case, pointed out by Ken
-	Raeburn
-
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): add
-	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
-	support
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* send_recv.c: check return values from krb5_data_alloc
-	* log.c: check return values from krb5_data_alloc
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dump_log.c (print_entry): check return values from
-	krb5_data_alloc
-
-2003-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (kadm_connect): if a context realm was passed in, use
-	that to form the kadmin/admin principal
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (main): make sure we don't consider dead slave
-	for select processing
-	(write_stats): use slave_stats_file variable, 
-	check return value of strftime
-	(args): allow specifying slave stats file
-	(slave_dead): close the fd when the slave dies
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c (from Derrick Brashear): Propagating a large
-	database without this means the slave kdcs can get erroneous
-	HDB_NOENTRY and return the resulting errors. This creates a new db
-	handle, populates it, and moves it into place.
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* ipropd_slave.c (receive_everything): type-correctness calling
-	_krb5_get_int
-
-	* context_s.c (find_db_spec): const-correctness in parameters to
-	krb5_config_get_next
-
-2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* private.h: rename header file flag macro
-
-	* Makefile.am: generate kadm5-{protos,private}.h
-
-2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: check return value of krb5_sockaddr2address
-
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: handle slaves that come and go; add status
-	reporting (both from Love)
-
-	* iprop.h: KADM5_SLAVE_STATS
-
-2002-03-25  Jacques Vidrine  <n@nectar.com>
-
-	* init_c.c (get_cred_cache): bug fix: the default credentials
-	cache was not being used if a client name was specified.
-
-2002-03-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): when getting the default_client from
-	the cred cache, make sure the instance part is "admin"; this
-	should require fewer uses of -p
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
-	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2
-
-2002-02-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: we have to create our own param struct before
-	marshaling
-
-2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: link with LIB_pidfile
-
-	* iprop.h: include util.h for pidfile
-
-2001-08-31  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (main): syslog with the correct name
-
-2001-08-30  Jacques Vidrine <n@nectar.com>
-
-	* ipropd_slave.c, ipropd_master.c (main): call pidfile
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): do not return bogus flags and re-organize
-	function
-
-	* Makefile.am: rename variable name to avoid error from current
-	automake
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c: add easier afs configuration, defaulting to the
-	local realm in lower case; also try to remove duplicate salts
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
-
-2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: call krb5_get_init_creds_opt_set_default_flags
-
-2001-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* replay_log.c: add --{start-end}-version flags to replay just
-	part of the log
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): fix select-loop to decrement ret
-	correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* init_s.c (*): handle krb5_init_context failure consistently
-	* init_c.c (init_context): handle krb5_init_context failure
-	consistently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): clean-up salting loop and try not to
-	leak memory
-
-	* ipropd_master.c (main): check for fd's being too large to select
-	on
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
-
-2000-08-07  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): ignore SIGPIPE
-
-2000-08-06  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (receive_everything): make `fd' an int instead of
-	a pointer.  From Derrick J Brashear <shadow@dementia.org>
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin.h: change void** to void*
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump versions to 7:0:0 and 6:0:2
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
-	and make a new that takes a context
-	(kadm5_log_nop): add logging of missing lengths
-	(kadm5_log_truncate): new function
-
-	* dump_log.c (print_entry): update and correct
-	* randkey_s.c: call _kadm5_bump_pw_expire
-	* truncate_log.c: new program for truncating the log
-	* Makefile.am (sbin_PROGRAMS): add truncate_log
-	(C_SOURCES): add bump_pw_expire.c
-	* bump_pw_expire.c: new function for extending password expiration
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
-
-	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
-	functions
-
-	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
-	* Makefile.am (C_SOURCES): add keys.c
-	* init_c.c: remove unused variable and handle some parameters
-	being NULL
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: use krb5_read_priv_message
-
-	* ipropd_master.c: use krb5_{read,write}_priv_message
-
-	* init_c.c: use krb5_write_priv_message
-
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: no need to call gethostname, since
-	sname_to_principal will
-
-	* send_recv.c: assert that we have a connected socket
-
-	* get_princs_c.c: call _kadm5_connect
-
-	* rename_c.c: call _kadm5_connect
-
-	* randkey_c.c: call _kadm5_connect
-
-	* privs_c.c: call _kadm5_connect
-
-	* modify_c.c: call _kadm5_connect
-
-	* get_c.c: call _kadm5_connect
-
-	* delete_c.c: call _kadm5_connect
-
-	* create_c.c: call _kadm5_connect
-
-	* chpass_c.c: call _kadm5_connect
-
-	* private.h: add more fields to client context; remove prototypes
-
-	* admin.h: remove prototypes
-
-	* kadm5-protos.h: move public prototypes here
-
-	* kadm5-private.h: move private prototypes here
-
-	* init_c.c: break out connection code to separate function, and
-	defer calling it until we actually do something
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
-	backwards compatability
-
-2000-06-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
-	adaptable to different salts
-	
-2000-06-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get_s.c: pa_* -> KRB5_PADATA_*
-
-2000-06-16  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: change default keytab to default keytab (as in
-	typically FILE:/etc/krb5.keytab)
-
-2000-06-08  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: bug fixes, for actually writing the full dump to
-	the database.  based on a patch from Love <lha@stacken.kth.se>
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* acl.c: add support for patterns of principals
-	* log.c (kadm5_log_replay_create): handle more NULL pointers
-	(should they really happen?)
-	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
-	max_renew == NULL
-
-	* ipropd_master.c: use syslog.  be less verbose
-	* ipropd_slave.c: use syslog
-
-2000-06-05  Assar Westerlund  <assar@sics.se>
-
-	* private.h (kadm_ops): add kadm_nop more prototypes
-	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
-	kadm5_log_replay_nop): add
-	* ipropd_slave.c: and some more improvements
-	* ipropd_master.c: lots of improvements
-	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
-	(iprop_cmd): add new commands
-
-	* dump_log.c: add nop
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
-
-2000-05-12  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
-	fallback.  handle not having any creator.
-	* destroy_s.c (kadm5_s_destroy): free all allocated memory
-	* context_s.c (set_field): free variable if it's already set
-	(find_db_spec): malloc space for all strings
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): add LIB_openldap
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
-	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1
-
-2000-03-24  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): rewrite
-	(_kadm5_set_keys3): add
-
-	* private.h (struct kadm_func): add chpass_principal_with_key
-	* init_c.c (set_funcs): add chpass_principal_with_key
-
-2000-03-23  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (set_funcs): add chpass_principal_with_key
-	* common_glue.c (kadm5_chpass_principal_with_key): add
-	* chpass_s.c: comment-ize and change calling convention for
-	_kadm5_set_keys*
-	* chpass_c.c (kadm5_c_chpass_principal_with_key): add
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
-
-2000-01-28  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): make sure to request non-forwardable,
-	non-proxiable
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv.la): bump version to 5:1:0
-
-	* context_s.c (_kadm5_s_init_context): handle params == NULL
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
- 	== NULL
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
-
-	* init_c.c (_kadm5_c_init_context): handle getting back port
- 	number from admin host
-	(kadm5_c_init_with_context): remove `proto/' part before doing
-	getaddrinfo()
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0 and 4:0:0
-
-	* init_c.c (kadm5_c_init_with_context): don't use unitialized
- 	stuff
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* replay_log.c: adapt to changed kadm5_log_foreach
-
-	* log.c (kadm5_log_foreach): change to take a
- 	`kadm5_server_context'
-
-	* init_c.c: use krb5_warn{,x}
-
-	* dump_log.c: adapt to changed kadm5_log_foreach
-
-	* init_c.c: re-write to use getaddrinfo
-	* Makefile.am (install-build-headers): add dependency
-	
-1999-12-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* log.c (kadm5_log_foreach): pass context
-
-	* dump_log.c: print more interesting things
-
-1999-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c (process_msg): check for short reads
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* modify_s.c (kadm5_s_modify_principal): support key_data
-	(kadm5_s_modify_principal_with_key): remove
-
-	* admin.h (kadm5_s_modify_principal_with_key): remove
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (find_db_spec): ugly cast work-around.
-
-1999-11-14  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
- 	that we aren't dependent on the layout of krb5_context_data
-	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
- 	we aren't dependent on the layout of krb5_context_data
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c (kadm5_setup_passwd_quality_check): use
-	correct types for function pointers
-	
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* randkey_s.c: always bail out if the fetch fails
-
-	* admin.h (kadm5_config_params): remove fields we're not using
-
-	* ipropd_slave.c: allow passing a realm
-
-	* ipropd_master.c: allow passing a realm
-
-	* dump_log.c: allow passing a realm
-
-	* acl.c: correctly get acl file
-
-	* private.h (kadm5_server_context): add config_params struct and
-	remove acl_file; bump protocol version number
-
-	* marshall.c: marshalling of config parameters
-
-	* init_c.c (kadm5_c_init_with_context): try to cope with old
-	servers
-
-	* init_s.c (kadm5_s_init_with_context): actually use some passed
-	values
-
-	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
-	stash_file from the config parameters, try to figure out these if
-	they're not provided
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (install-build-headers): use `cp' instead of
- 	INSTALL_DATA
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
- 	directly in libkrb5's context - bad functions)
-
-	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
- 	the copied keys
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
- 	quality functions).
- 	set version of kdam5clnt to 2:1:1 (no interface changes)
-
-	* Makefile.am (LDADD): add $(LIB_dlopen)
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): use
- 	_kadm5_set_keys_randomly
-
-	* set_keys.c (free_keys): free more memory
-	(_kadm5_set_keys): a little bit more generic
-	(_kadm5_set_keys_randomly): new function for setting random keys.
-
-1999-10-14  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
- 	ones and always add 3 DES keys and one 3DES key
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
-  	check return value from strdup
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
- 	strlcpy
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dump_log.c: remove unused `optind'
-
-	* replay_log.c: remove unused `optind'
-
-1999-09-13  Assar Westerlund  <assar@sics.se>
-
-	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
-
-	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
- 	so that we avoid copying it and don't need to dimension in
- 	advance.  change all callers.
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c: new file
-
-	* admin.h
- 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
- 	add prototypes
-
-	* Makefile.am (S_SOURCES): add password_quality.c
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: update versions to 2:0:1
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
- 	and pw_expiration == 0 mean never
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_flush): extra cast
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* marshall.c (store_principal_ent): encoding princ_expire_time and
- 	pw_expiration in correct order
-
-1999-06-28  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
- 	otherwise hdb will think that the new random keys are already
- 	encrypted which will cause lots of confusion later.
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
- 	correctly.  From Michal Vocu <michal@karlin.mff.cuni.cz>
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use get_default_username
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* create_s.c (create_principal): if there's no default entry the
-	mask should be zero.
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use $USERNAME
-
-1999-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): figure out principal
-
-1999-05-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c: cleanup _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): don't check the recently created
- 	memory for NULL pointers
-
-	* private.h (_kadm5_setup_entry): change prototype
-
-	* modify_s.c: call new _kadm5_setup_entry
-
-	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
- 	masks, one for what bits to set and one for each of principal and
- 	def containing the bits that are set there.
-
-	* create_s.c: call new _kadm5_setup_entry
-
-	* create_s.c (get_default): check return value
-	(create_principal): send wider mask to _kadm5_setup_entry
-
-1999-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
-	packets, check for errors
-
-	* get_c.c: check for failure from _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): don't abort when interrupted from
- 	password prompt
-	
-	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
- 	auth context
-
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* chpass_s.c: fix arguments to _kadm5_set_keys2
-
-	* private.h: proto
-
-	* set_keys.c: clear mkvno
-
-	* rename_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* randkey_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* modify_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* log.c: add flags to fetch and store; seal keys before logging
-
-	* get_s.c: add flags to fetch and store; seal keys before logging
-
-	* get_princs_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* delete_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* create_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* chpass_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* Makefile.am: remove server.c
-
-	* admin.h: add prototypes
-
-	* ent_setup.c (_kadm5_setup_entry): set key_data
-
-	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
-
-	* modify_s.c: add kadm5_s_modify_principal_with_key
-
-	* create_s.c: add kadm5_s_create_principal_with_key
-
-	* chpass_s.c: add kadm5_s_chpass_principal_with_key
-
-	* kadm5_locl.h: move stuff to private.h
-
-	* private.h: move stuff from kadm5_locl.h
-	
diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am
deleted file mode 100644
index 66ffd37..0000000
--- a/crypto/heimdal/lib/kadm5/Makefile.am
+++ /dev/null
@@ -1,192 +0,0 @@
-# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-SLC = $(top_builddir)/lib/sl/slc
-
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 8:1:0
-libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
-
-if versionscript
-libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-sbin_PROGRAMS = iprop-log
-check_PROGRAMS = default_keys
-noinst_PROGRAMS = test_pw_quality
-
-noinst_LTLIBRARIES = sample_passwd_check.la
-
-sample_passwd_check_la_SOURCES = sample_passwd_check.c
-sample_passwd_check_la_LDFLAGS = -module
-
-libkadm5srv_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(LIBADD_roken)
-libkadm5clnt_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
-
-libexec_PROGRAMS = ipropd-master ipropd-slave
-
-default_keys_SOURCES = default_keys.c
-
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-
-dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
-nodist_kadm5include_HEADERS = kadm5_err.h
-
-install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-	@foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-dist_libkadm5clnt_la_SOURCES =			\
-	ad.c					\
-	chpass_c.c				\
-	client_glue.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5clnt_la_SOURCES =		\
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_libkadm5srv_la_SOURCES =			\
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	password_quality.c			\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	server_glue.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5srv_la_SOURCES = 		\
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_iprop_log_SOURCES = iprop-log.c
-nodist_iprop_log_SOURCES = iprop-commands.c
-
-ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
-
-ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
-
-man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
-
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-iprop_log_LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-
-iprop-commands.c iprop-commands.h: iprop-commands.in
-	$(SLC) $(srcdir)/iprop-commands.in
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-$(iprop_log_OBJECTS): iprop-commands.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-
-EXTRA_DIST = \
-	kadm5_err.et \
-	iprop-commands.in \
-	$(man_MANS) \
-	check-cracklib.pl \
-	flush.c \
-	sample_passwd_check.c \
-	version-script.map
diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in
deleted file mode 100644
index 81f1ced..0000000
--- a/crypto/heimdal/lib/kadm5/Makefile.in
+++ /dev/null
@@ -1,1293 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_kadm5include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-sbin_PROGRAMS = iprop-log$(EXEEXT)
-check_PROGRAMS = default_keys$(EXEEXT)
-noinst_PROGRAMS = test_pw_quality$(EXEEXT)
-libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT)
-subdir = lib/kadm5
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" \
-	"$(DESTDIR)$(kadm5includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libkadm5clnt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	../krb5/libkrb5.la $(am__DEPENDENCIES_1)
-dist_libkadm5clnt_la_OBJECTS = ad.lo chpass_c.lo client_glue.lo \
-	common_glue.lo create_c.lo delete_c.lo destroy_c.lo flush_c.lo \
-	free.lo get_c.lo get_princs_c.lo init_c.lo marshall.lo \
-	modify_c.lo privs_c.lo randkey_c.lo rename_c.lo send_recv.lo
-nodist_libkadm5clnt_la_OBJECTS = kadm5_err.lo
-libkadm5clnt_la_OBJECTS = $(dist_libkadm5clnt_la_OBJECTS) \
-	$(nodist_libkadm5clnt_la_OBJECTS)
-libkadm5clnt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkadm5clnt_la_LDFLAGS) $(LDFLAGS) -o $@
-libkadm5srv_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(am__DEPENDENCIES_1)
-dist_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \
-	common_glue.lo context_s.lo create_s.lo delete_s.lo \
-	destroy_s.lo ent_setup.lo error.lo flush_s.lo free.lo \
-	get_princs_s.lo get_s.lo init_s.lo keys.lo log.lo marshall.lo \
-	modify_s.lo password_quality.lo privs_s.lo randkey_s.lo \
-	rename_s.lo server_glue.lo set_keys.lo set_modifier.lo
-nodist_libkadm5srv_la_OBJECTS = kadm5_err.lo
-libkadm5srv_la_OBJECTS = $(dist_libkadm5srv_la_OBJECTS) \
-	$(nodist_libkadm5srv_la_OBJECTS)
-libkadm5srv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkadm5srv_la_LDFLAGS) $(LDFLAGS) -o $@
-sample_passwd_check_la_LIBADD =
-am_sample_passwd_check_la_OBJECTS = sample_passwd_check.lo
-sample_passwd_check_la_OBJECTS = $(am_sample_passwd_check_la_OBJECTS)
-sample_passwd_check_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(sample_passwd_check_la_LDFLAGS) $(LDFLAGS) -o $@
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-am_default_keys_OBJECTS = default_keys.$(OBJEXT)
-default_keys_OBJECTS = $(am_default_keys_OBJECTS)
-default_keys_LDADD = $(LDADD)
-default_keys_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-dist_iprop_log_OBJECTS = iprop-log.$(OBJEXT)
-nodist_iprop_log_OBJECTS = iprop-commands.$(OBJEXT)
-iprop_log_OBJECTS = $(dist_iprop_log_OBJECTS) \
-	$(nodist_iprop_log_OBJECTS)
-iprop_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) \
-	ipropd_common.$(OBJEXT)
-ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS)
-ipropd_master_LDADD = $(LDADD)
-ipropd_master_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) \
-	ipropd_common.$(OBJEXT)
-ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS)
-ipropd_slave_LDADD = $(LDADD)
-ipropd_slave_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-test_pw_quality_SOURCES = test_pw_quality.c
-test_pw_quality_OBJECTS = test_pw_quality.$(OBJEXT)
-test_pw_quality_LDADD = $(LDADD)
-test_pw_quality_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
-	$(nodist_libkadm5clnt_la_SOURCES) \
-	$(dist_libkadm5srv_la_SOURCES) \
-	$(nodist_libkadm5srv_la_SOURCES) \
-	$(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
-	$(dist_iprop_log_SOURCES) $(nodist_iprop_log_SOURCES) \
-	$(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) \
-	test_pw_quality.c
-DIST_SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
-	$(dist_libkadm5srv_la_SOURCES) \
-	$(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
-	$(dist_iprop_log_SOURCES) $(ipropd_master_SOURCES) \
-	$(ipropd_slave_SOURCES) test_pw_quality.c
-man3dir = $(mandir)/man3
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-dist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SLC = $(top_builddir)/lib/sl/slc
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 8:1:0 $(am__append_1)
-libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
-noinst_LTLIBRARIES = sample_passwd_check.la
-sample_passwd_check_la_SOURCES = sample_passwd_check.c
-sample_passwd_check_la_LDFLAGS = -module
-libkadm5srv_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(LIBADD_roken)
-
-libkadm5clnt_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
-
-default_keys_SOURCES = default_keys.c
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
-nodist_kadm5include_HEADERS = kadm5_err.h
-dist_libkadm5clnt_la_SOURCES = \
-	ad.c					\
-	chpass_c.c				\
-	client_glue.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5clnt_la_SOURCES = \
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_libkadm5srv_la_SOURCES = \
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	password_quality.c			\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	server_glue.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5srv_la_SOURCES = \
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_iprop_log_SOURCES = iprop-log.c
-nodist_iprop_log_SOURCES = iprop-commands.c
-ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
-ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
-man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-iprop_log_LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-EXTRA_DIST = \
-	kadm5_err.et \
-	iprop-commands.in \
-	$(man_MANS) \
-	check-cracklib.pl \
-	flush.c \
-	sample_passwd_check.c \
-	version-script.map
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/kadm5/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/kadm5/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) 
-	$(libkadm5clnt_la_LINK) -rpath $(libdir) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS)
-libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) 
-	$(libkadm5srv_la_LINK) -rpath $(libdir) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS)
-sample_passwd_check.la: $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_DEPENDENCIES) 
-	$(sample_passwd_check_la_LINK)  $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-default_keys$(EXEEXT): $(default_keys_OBJECTS) $(default_keys_DEPENDENCIES) 
-	@rm -f default_keys$(EXEEXT)
-	$(LINK) $(default_keys_OBJECTS) $(default_keys_LDADD) $(LIBS)
-iprop-log$(EXEEXT): $(iprop_log_OBJECTS) $(iprop_log_DEPENDENCIES) 
-	@rm -f iprop-log$(EXEEXT)
-	$(LINK) $(iprop_log_OBJECTS) $(iprop_log_LDADD) $(LIBS)
-ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) 
-	@rm -f ipropd-master$(EXEEXT)
-	$(LINK) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS)
-ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) 
-	@rm -f ipropd-slave$(EXEEXT)
-	$(LINK) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS)
-test_pw_quality$(EXEEXT): $(test_pw_quality_OBJECTS) $(test_pw_quality_DEPENDENCIES) 
-	@rm -f test_pw_quality$(EXEEXT)
-	$(LINK) $(test_pw_quality_OBJECTS) $(test_pw_quality_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-install-dist_kadm5includeHEADERS: $(dist_kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
-	@list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  $(dist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-uninstall-dist_kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-install-nodist_kadm5includeHEADERS: $(nodist_kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
-	@list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  $(nodist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-uninstall-nodist_kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" "$(DESTDIR)$(kadm5includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_kadm5includeHEADERS install-man \
-	install-nodist_kadm5includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-nodist_kadm5includeHEADERS \
-	uninstall-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS ctags dist-hook \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook \
-	install-dist_kadm5includeHEADERS install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-libexecPROGRAMS install-man \
-	install-man3 install-man8 install-nodist_kadm5includeHEADERS \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-sbinPROGRAMS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_kadm5includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man3 \
-	uninstall-man8 uninstall-nodist_kadm5includeHEADERS \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-	@foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-iprop-commands.c iprop-commands.h: iprop-commands.in
-	$(SLC) $(srcdir)/iprop-commands.in
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-$(iprop_log_OBJECTS): iprop-commands.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c
deleted file mode 100644
index 9a2f75b..0000000
--- a/crypto/heimdal/lib/kadm5/acl.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: acl.c 17445 2006-05-05 10:37:46Z lha $");
-
-static struct units acl_units[] = {
-    { "all",		KADM5_PRIV_ALL },
-    { "change-password",KADM5_PRIV_CPW },
-    { "cpw",		KADM5_PRIV_CPW },
-    { "list",		KADM5_PRIV_LIST },
-    { "delete",		KADM5_PRIV_DELETE },
-    { "modify",		KADM5_PRIV_MODIFY },
-    { "add",		KADM5_PRIV_ADD },
-    { "get", 		KADM5_PRIV_GET },
-    { NULL }
-};
-
-kadm5_ret_t
-_kadm5_string_to_privs(const char *s, uint32_t* privs)
-{
-    int flags;
-    flags = parse_flags(s, acl_units, 0);
-    if(flags < 0)
-	return KADM5_FAILURE;
-    *privs = flags;
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_privs_to_string(uint32_t privs, char *string, size_t len)
-{
-    if(privs == 0)
-	strlcpy(string, "none", len);
-    else
-	unparse_flags(privs, acl_units + 1, string, len);
-    return 0;
-}
-
-/*
- * retrieve the right for the current caller on `princ' (NULL means all)
- * and store them in `ret_flags'
- * return 0 or an error.
- */
-
-static kadm5_ret_t
-fetch_acl (kadm5_server_context *context,
-	   krb5_const_principal princ,
-	   unsigned *ret_flags)
-{
-    FILE *f;
-    krb5_error_code ret = 0;
-    char buf[256];
-
-    *ret_flags = 0;
-
-    /* no acl file -> no rights */
-    f = fopen(context->config.acl_file, "r");
-    if (f == NULL)
-	return 0;
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *foo = NULL, *p;
-	krb5_principal this_princ;
-	unsigned flags = 0;
-
-	p = strtok_r(buf, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	if (*p == '#')		/* comment */
-	    continue;
-	ret = krb5_parse_name(context->context, p, &this_princ);
-	if(ret)
-	    break;
-	if(!krb5_principal_compare(context->context, 
-				   context->caller, this_princ)) {
-	    krb5_free_principal(context->context, this_princ);
-	    continue;
-	}
-	krb5_free_principal(context->context, this_princ);
-	p = strtok_r(NULL, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	ret = _kadm5_string_to_privs(p, &flags);
-	if (ret)
-	    break;
-	p = strtok_r(NULL, " \t\n", &foo);
-	if (p == NULL) {
-	    *ret_flags = flags;
-	    break;
-	}
-	if (princ != NULL) {
-	    krb5_principal pattern_princ;
-	    krb5_boolean match;
-
-	    ret = krb5_parse_name (context->context, p, &pattern_princ);
-	    if (ret)
-		break;
-	    match = krb5_principal_match (context->context,
-					  princ, pattern_princ);
-	    krb5_free_principal (context->context, pattern_princ);
-	    if (match) {
-		*ret_flags = flags;
-		break;
-	    }
-	}
-    }
-    fclose(f);
-    return ret;
-}
-
-/*
- * set global acl flags in `context' for the current caller.
- * return 0 on success or an error
- */
-
-kadm5_ret_t
-_kadm5_acl_init(kadm5_server_context *context)
-{
-    krb5_principal princ;
-    krb5_error_code ret;
-    
-    ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ);
-    if (ret)
-	return ret;
-    ret = krb5_principal_compare(context->context, context->caller, princ);
-    krb5_free_principal(context->context, princ);
-    if(ret != 0) {
-	context->acl_flags = KADM5_PRIV_ALL;
-	return 0;
-    }
-
-    return fetch_acl (context, NULL, &context->acl_flags);
-}
-
-/*
- * check if `flags' allows `op'
- * return 0 if OK or an error
- */
-
-static kadm5_ret_t
-check_flags (unsigned op,
-	     unsigned flags)
-{
-    unsigned res = ~flags & op;
-
-    if(res & KADM5_PRIV_GET)
-	return KADM5_AUTH_GET;
-    if(res & KADM5_PRIV_ADD)
-	return KADM5_AUTH_ADD;
-    if(res & KADM5_PRIV_MODIFY)
-	return KADM5_AUTH_MODIFY;
-    if(res & KADM5_PRIV_DELETE)
-	return KADM5_AUTH_DELETE;
-    if(res & KADM5_PRIV_CPW)
-	return KADM5_AUTH_CHANGEPW;
-    if(res & KADM5_PRIV_LIST)
-	return KADM5_AUTH_LIST;
-    if(res)
-	return KADM5_AUTH_INSUFFICIENT;
-    return 0;
-}
-
-/*
- * return 0 if the current caller in `context' is allowed to perform
- * `op' on `princ' and otherwise an error
- * princ == NULL if it's not relevant.
- */
-
-kadm5_ret_t
-_kadm5_acl_check_permission(kadm5_server_context *context,
-			    unsigned op,
-			    krb5_const_principal princ)
-{
-    kadm5_ret_t ret;
-    unsigned princ_flags;
-
-    ret = check_flags (op, context->acl_flags);
-    if (ret == 0)
-	return ret;
-    ret = fetch_acl (context, princ, &princ_flags);
-    if (ret)
-	return ret;
-    return check_flags (op, princ_flags);
-}
diff --git a/crypto/heimdal/lib/kadm5/ad.c b/crypto/heimdal/lib/kadm5/ad.c
deleted file mode 100644
index 72288d9..0000000
--- a/crypto/heimdal/lib/kadm5/ad.c
+++ /dev/null
@@ -1,1449 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#define HAVE_TSASL 1
-
-#include "kadm5_locl.h"
-#if 1
-#undef OPENLDAP
-#undef HAVE_TSASL
-#endif
-#ifdef OPENLDAP
-#include <ldap.h>
-#ifdef HAVE_TSASL
-#include <tsasl.h>
-#endif
-#include <resolve.h>
-#include <base64.h>
-#endif
-
-RCSID("$Id: ad.c 17445 2006-05-05 10:37:46Z lha $");
-
-#ifdef OPENLDAP
-
-#define CTX2LP(context) ((LDAP *)((context)->ldap_conn))
-#define CTX2BASE(context) ((context)->base_dn)
-
-/*
- * userAccountControl
- */
-
-#define UF_SCRIPT	 			0x00000001
-#define UF_ACCOUNTDISABLE			0x00000002
-#define UF_UNUSED_0	 			0x00000004
-#define UF_HOMEDIR_REQUIRED			0x00000008
-#define UF_LOCKOUT	 			0x00000010
-#define UF_PASSWD_NOTREQD 			0x00000020
-#define UF_PASSWD_CANT_CHANGE 			0x00000040
-#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED	0x00000080
-#define UF_TEMP_DUPLICATE_ACCOUNT       	0x00000100
-#define UF_NORMAL_ACCOUNT               	0x00000200
-#define UF_UNUSED_1	 			0x00000400
-#define UF_INTERDOMAIN_TRUST_ACCOUNT    	0x00000800
-#define UF_WORKSTATION_TRUST_ACCOUNT    	0x00001000
-#define UF_SERVER_TRUST_ACCOUNT         	0x00002000
-#define UF_UNUSED_2	 			0x00004000
-#define UF_UNUSED_3	 			0x00008000
-#define UF_PASSWD_NOT_EXPIRE			0x00010000
-#define UF_MNS_LOGON_ACCOUNT			0x00020000
-#define UF_SMARTCARD_REQUIRED			0x00040000
-#define UF_TRUSTED_FOR_DELEGATION		0x00080000
-#define UF_NOT_DELEGATED			0x00100000
-#define UF_USE_DES_KEY_ONLY			0x00200000
-#define UF_DONT_REQUIRE_PREAUTH			0x00400000
-#define UF_UNUSED_4				0x00800000
-#define UF_UNUSED_5				0x01000000
-#define UF_UNUSED_6				0x02000000
-#define UF_UNUSED_7				0x04000000
-#define UF_UNUSED_8				0x08000000
-#define UF_UNUSED_9				0x10000000
-#define UF_UNUSED_10				0x20000000
-#define UF_UNUSED_11				0x40000000
-#define UF_UNUSED_12				0x80000000
-
-/*
- *
- */
-
-#ifndef HAVE_TSASL
-static int
-sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *interact)
-{
-    return LDAP_SUCCESS;
-}
-#endif
-
-#if 0
-static Sockbuf_IO ldap_tsasl_io = {
-    NULL,			/* sbi_setup */
-    NULL,			/* sbi_remove */
-    NULL,			/* sbi_ctrl */
-    NULL,			/* sbi_read */
-    NULL,			/* sbi_write */
-    NULL			/* sbi_close */
-};
-#endif
-
-#ifdef HAVE_TSASL
-static int
-ldap_tsasl_bind_s(LDAP *ld,
-		  LDAP_CONST char *dn,
-		  LDAPControl **serverControls,
-		  LDAPControl **clientControls,
-		  const char *host)
-{
-    char *attrs[] = { "supportedSASLMechanisms", NULL };
-    struct tsasl_peer *peer = NULL;
-    struct tsasl_buffer in, out;
-    struct berval ccred, *scred;
-    LDAPMessage *m, *m0;
-    const char *mech;
-    char **vals;
-    int ret, rc;
-
-    ret = tsasl_peer_init(TSASL_FLAGS_INITIATOR | TSASL_FLAGS_CLEAR,
-			  "ldap", host, &peer);
-    if (ret != TSASL_DONE) {
-	rc = LDAP_LOCAL_ERROR;
-	goto out;
-    }
-
-    rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &m0);
-    if (rc != LDAP_SUCCESS)
-	goto out;
-    
-    m = ldap_first_entry(ld, m0);
-    if (m == NULL) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    vals = ldap_get_values(ld, m, "supportedSASLMechanisms");
-    if (vals == NULL) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    ret = tsasl_find_best_mech(peer, vals, &mech);
-    if (ret) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    ldap_msgfree(m0);
-
-    ret = tsasl_select_mech(peer, mech);
-    if (ret != TSASL_DONE) {
-	rc = LDAP_LOCAL_ERROR;
-	goto out;
-    }
-
-    in.tb_data = NULL;
-    in.tb_size = 0;
-
-    do {
-	ret = tsasl_request(peer, &in, &out);
-	if (in.tb_size != 0) {
-	    free(in.tb_data);
-	    in.tb_data = NULL; 
-	    in.tb_size = 0;
-	}
-	if (ret != TSASL_DONE && ret != TSASL_CONTINUE) {
-	    rc = LDAP_AUTH_UNKNOWN;
-	    goto out;
-	}
-
-	ccred.bv_val = out.tb_data;
-	ccred.bv_len = out.tb_size;
-
-	rc = ldap_sasl_bind_s(ld, dn, mech, &ccred,
-			      serverControls, clientControls, &scred);
-	tsasl_buffer_free(&out);
-
-	if (rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS) {
-	    if(scred && scred->bv_len)
-		ber_bvfree(scred);
-	    goto out;
-	}
-
-	in.tb_data = malloc(scred->bv_len);
-	if (in.tb_data == NULL) {
-	    rc = LDAP_LOCAL_ERROR;
-	    goto out;
-	}
-	memcpy(in.tb_data, scred->bv_val, scred->bv_len);
-	in.tb_size = scred->bv_len;
-	ber_bvfree(scred);
-
-    } while (rc == LDAP_SASL_BIND_IN_PROGRESS);
-
- out:
-    if (rc == LDAP_SUCCESS) {
-#if 0
-	ber_sockbuf_add_io(ld->ld_conns->lconn_sb, &ldap_tsasl_io,
-			   LBER_SBIOD_LEVEL_APPLICATION, peer);
-
-#endif
-    } else if (peer != NULL)
-	tsasl_peer_free(peer);
-
-    return rc;
-}
-#endif /* HAVE_TSASL */
-
-
-static int
-check_ldap(kadm5_ad_context *context, int ret)
-{
-    switch (ret) {
-    case LDAP_SUCCESS:
-	return 0;
-    case LDAP_SERVER_DOWN: {
-	LDAP *lp = CTX2LP(context);
-	ldap_unbind(lp);
-	context->ldap_conn = NULL;
-	free(context->base_dn);
-	context->base_dn = NULL;
-	return 1;
-    }
-    default:
-	return 1;
-    }
-}
-
-/*
- *
- */
-
-static void
-laddattr(char ***al, int *attrlen, char *attr)
-{
-    char **a;
-    a = realloc(*al, (*attrlen + 2) * sizeof(**al));
-    if (a == NULL)
-	return;
-    a[*attrlen] = attr;
-    a[*attrlen + 1] = NULL;
-    (*attrlen)++;
-    *al = a;
-}
-
-static kadm5_ret_t
-_kadm5_ad_connect(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-    struct {
-	char *server;
-	int port;
-    } *s, *servers = NULL;
-    int i, num_servers = 0;
-
-    if (context->ldap_conn)
-	return 0;
-
-    {
-	struct dns_reply *r;
-	struct resource_record *rr;
-	char *domain;
-
-	asprintf(&domain, "_ldap._tcp.%s", context->realm);
-	if (domain == NULL) {
-	    krb5_set_error_string(context->context, "malloc");
-	    return KADM5_NO_SRV;
-	}
-
-	r = dns_lookup(domain, "SRV");
-	free(domain);
-	if (r == NULL) {
-	    krb5_set_error_string(context->context, "Didn't find ldap dns");
-	    return KADM5_NO_SRV;
-	}	
-
-	for (rr = r->head ; rr != NULL; rr = rr->next) {
-	    if (rr->type != T_SRV)
-		continue;
-	    s = realloc(servers, sizeof(*servers) * (num_servers + 1));
-	    if (s == NULL) {
-		krb5_set_error_string(context->context, "malloc");
-		dns_free_data(r);
-		goto fail;
-	    }
-	    servers = s;
-	    num_servers++;
-	    servers[num_servers - 1].port =  rr->u.srv->port;
-	    servers[num_servers - 1].server =  strdup(rr->u.srv->target);
-	}
-	dns_free_data(r);
-    }
-
-    if (num_servers == 0) {
-	krb5_set_error_string(context->context, "No AD server found in DNS");
-	return KADM5_NO_SRV;
-    }
-
-    for (i = 0; i < num_servers; i++) {
-	int lret, version = LDAP_VERSION3;
-	LDAP *lp;
-
-	lp = ldap_init(servers[i].server, servers[i].port);
-	if (lp == NULL)
-	    continue;
-	
-	if (ldap_set_option(lp, LDAP_OPT_PROTOCOL_VERSION, &version)) {
-	    ldap_unbind(lp);
-	    continue;
-	}
-	
-	if (ldap_set_option(lp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) {
-	    ldap_unbind(lp);
-	    continue;
-	}
-	
-#ifdef HAVE_TSASL
-	lret = ldap_tsasl_bind_s(lp, NULL, NULL, NULL, servers[i].server);
-				 
-#else
-	lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, 
-					    LDAP_SASL_QUIET,
-					    sasl_interact, NULL);
-#endif
-	if (lret != LDAP_SUCCESS) {
-	    krb5_set_error_string(context->context, 
-				  "Couldn't contact any AD servers: %s",
-				  ldap_err2string(lret));
-	    ldap_unbind(lp);
-	    continue;
-	}
-
-	context->ldap_conn = lp;
-	break;
-    }
-    if (i >= num_servers) {
-	goto fail;
-    }
-
-    {
-	LDAPMessage *m, *m0;
-	char **attr = NULL;
-	int attrlen = 0;
-	char **vals;
-	int ret;
-	
-	laddattr(&attr, &attrlen, "defaultNamingContext");
-
-	ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, 
-			    "objectclass=*", attr, 0, &m);
-	free(attr);
-	if (check_ldap(context, ret))
-	    goto fail;
-
-	if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	    m0 = ldap_first_entry(CTX2LP(context), m);
-	    if (m0 == NULL) {
-		krb5_set_error_string(context->context,
-				      "Error in AD ldap responce");
-		ldap_msgfree(m);
-		goto fail;
-	    }
-	    vals = ldap_get_values(CTX2LP(context), 
-				   m0, "defaultNamingContext");
-	    if (vals == NULL) {
-		krb5_set_error_string(context->context,
-				      "No naming context found");
-		goto fail;
-	    }
-	    context->base_dn = strdup(vals[0]);
-	} else
-	    goto fail;
-	ldap_msgfree(m);
-    }
-
-    for (i = 0; i < num_servers; i++)
-	free(servers[i].server);
-    free(servers);
-
-    return 0;
-
- fail:
-    for (i = 0; i < num_servers; i++)
-	free(servers[i].server);
-    free(servers);
-
-    if (context->ldap_conn) {
-	ldap_unbind(CTX2LP(context));
-	context->ldap_conn = NULL;
-    }
-    return KADM5_RPC_ERROR;
-}
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static time_t
-nt2unixtime(const char *str)
-{
-    unsigned long long t;
-    t = strtoll(str, NULL, 10);
-    t = ((t - NTTIME_EPOCH) / (long long)10000000);
-    if (t > (((time_t)(~(long long)0)) >> 1))
-	return 0;
-    return (time_t)t;
-}
-
-static long long
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (long long)10000000 + (long long)NTTIME_EPOCH;
-    return wt;
-}
-
-/* XXX create filter in a better way */
-
-static int
-ad_find_entry(kadm5_ad_context *context,
-	      const char *fqdn,
-	      const char *pn,
-	      char **name)
-{
-    LDAPMessage *m, *m0;
-    char *attr[] = { "distinguishedName", NULL };
-    char *filter;
-    int ret;
-
-    if (name)
-	*name = NULL;
-
-    if (fqdn)
-	asprintf(&filter, 
-		 "(&(objectClass=computer)(|(dNSHostName=%s)(servicePrincipalName=%s)))",
-		 fqdn, pn);
-    else if(pn)
-	asprintf(&filter, "(&(objectClass=account)(userPrincipalName=%s))", pn);
-    else
-	return KADM5_RPC_ERROR;
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(filter);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	char **vals;
-	m0 = ldap_first_entry(CTX2LP(context), m);
-	vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
-	if (vals == NULL || vals[0] == NULL) {
-	    ldap_msgfree(m);
-	    return KADM5_RPC_ERROR;
-	}
-	if (name)
-	    *name = strdup(vals[0]);
-	ldap_msgfree(m);
-    } else
-	return KADM5_UNK_PRINC;
-
-    return 0;
-}
-
-#endif /* OPENLDAP */
-
-static kadm5_ret_t
-ad_get_cred(kadm5_ad_context *context, const char *password)
-{
-    kadm5_ret_t ret;
-    krb5_ccache cc;
-    char *service;
-
-    if (context->ccache)
-	return 0;
-
-    asprintf(&service, "%s/%s@%s", KRB5_TGS_NAME,
-	     context->realm, context->realm);
-    if (service == NULL)
-	return ENOMEM;
-
-    ret = _kadm5_c_get_cred_cache(context->context,
-				  context->client_name,
-				  service,
-				  password, krb5_prompter_posix, 
-				  NULL, NULL, &cc);
-    free(service);
-    if(ret)
-	return ret; /* XXX */
-    context->ccache = cc;
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_ad_chpass_principal(void *server_handle,
-			  krb5_principal principal,
-			  const char *password)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_data result_code_string, result_string;
-    int result_code;
-    kadm5_ret_t ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_set_password_using_ccache (context->context, 
-					  context->ccache,
-					  password,
-					  principal,
-					  &result_code,
-					  &result_code_string,
-					  &result_string);
-    
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-
-    /* XXX do mapping here on error codes */
-
-    return ret;
-}
-
-#ifdef OPENLDAP
-static const char *
-get_fqdn(krb5_context context, const krb5_principal p)
-{
-    const char *s, *hosttypes[] = { "host", "ldap", "gc", "cifs", "dns" };
-    int i;
-
-    s = krb5_principal_get_comp_string(context, p, 0);
-    if (p == NULL)
-	return NULL;
-    
-    for (i = 0; i < sizeof(hosttypes)/sizeof(hosttypes[0]); i++) {
-	if (strcasecmp(s, hosttypes[i]) == 0)
-	    return krb5_principal_get_comp_string(context, p, 1);
-    }
-    return 0;
-}
-#endif
-
-
-static kadm5_ret_t
-kadm5_ad_create_principal(void *server_handle,
-			  kadm5_principal_ent_t entry,
-			  uint32_t mask,
-			  const char *password)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * KADM5_PRINC_EXPIRE_TIME
-     *
-     * return 0 || KADM5_DUP;
-     */
-
-#ifdef OPENLDAP
-    LDAPMod *attrs[8], rattrs[7], *a;
-    char *useraccvals[2] = { NULL, NULL }, 
-	*samvals[2], *dnsvals[2], *spnvals[5], *upnvals[2], *tv[2];
-    char *ocvals_spn[] = { "top", "person", "organizationalPerson", 
-			   "user", "computer", NULL}; 
-    char *p, *realmless_p, *p_msrealm = NULL, *dn = NULL;
-    const char *fqdn;
-    char *s, *samname = NULL, *short_spn = NULL;
-    int ret, i;
-    int32_t uf_flags = 0;
-    
-    if ((mask & KADM5_PRINCIPAL) == 0)
-	return KADM5_BAD_MASK;
-
-    for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
-	attrs[i] = &rattrs[i];
-    attrs[i] = NULL;
-    
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-    
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-    
-    fqdn = get_fqdn(context->context, entry->principal);
-    
-    ret = krb5_unparse_name(context->context, entry->principal, &p);
-    if (ret)
-	return ret;
-    
-    if (ad_find_entry(context, fqdn, p, NULL) == 0) {
-	free(p);
-	return KADM5_DUP;
-    }
-    
-    if (mask & KADM5_ATTRIBUTES) {
-	if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
-	    uf_flags |= UF_ACCOUNTDISABLE|UF_LOCKOUT;
-	if ((entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH) == 0)
-	    uf_flags |= UF_DONT_REQUIRE_PREAUTH;
-	if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
-	    uf_flags |= UF_SMARTCARD_REQUIRED;
-    }
-    
-    realmless_p = strdup(p);
-    if (realmless_p == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    s = strrchr(realmless_p, '@');
-    if (s)
-	*s = '\0';
-    
-    if (fqdn) {
-	/* create computer account */
-	asprintf(&samname, "%s$", fqdn);
-	if (samname == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	s = strchr(samname, '.');
-	if (s) {
-	    s[0] = '$';
-	    s[1] = '\0';
-	}
-	
-	short_spn = strdup(p);
-	if (short_spn == NULL) {
-	    errno = ENOMEM;
-	    goto out;
-	}
-	s = strchr(short_spn, '.');
-	if (s) {
-	    *s = '\0';
-	} else {
-	    free(short_spn);
-	    short_spn = NULL;
-	}
-
-	p_msrealm = strdup(p);
-	if (p_msrealm == NULL) {
-	    errno = ENOMEM;
-	    goto out;
-	}
-	s = strrchr(p_msrealm, '@');
-	if (s) {
-	    *s = '/';
-	} else {
-	    free(p_msrealm);
-	    p_msrealm = NULL;
-	}
-
-	asprintf(&dn, "cn=%s, cn=Computers, %s", fqdn, CTX2BASE(context));
-	if (dn == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	a = &rattrs[0];
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "objectClass";
-	a->mod_values = ocvals_spn;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userAccountControl";
-	a->mod_values = useraccvals;
-	asprintf(&useraccvals[0], "%d",
-		 uf_flags |
-		 UF_PASSWD_NOT_EXPIRE |
-		 UF_WORKSTATION_TRUST_ACCOUNT);
-	useraccvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "sAMAccountName";
-	a->mod_values = samvals;
-	samvals[0] = samname;
-	samvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "dNSHostName";
-	a->mod_values = dnsvals;
-	dnsvals[0] = (char *)fqdn;
-	dnsvals[1] = NULL;
-	a++;
-
-	/* XXX  add even more spn's */
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "servicePrincipalName";
-	a->mod_values = spnvals;
-	i = 0;
-	spnvals[i++] = p;
-	spnvals[i++] = realmless_p;
-	if (short_spn)
-	    spnvals[i++] = short_spn;
-	if (p_msrealm)
-	    spnvals[i++] = p_msrealm;
-	spnvals[i++] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userPrincipalName";
-	a->mod_values = upnvals;
-	upnvals[0] = p;
-	upnvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	tv[0] = "9223372036854775807"; /* "never" */
-	tv[1] = NULL;
-	a++;
-
-    } else {
-	/* create user account */
-	
-	a = &rattrs[0];
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userAccountControl";
-	a->mod_values = useraccvals;
-	asprintf(&useraccvals[0], "%d", 
-		 uf_flags |
-		 UF_PASSWD_NOT_EXPIRE);
-	useraccvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "sAMAccountName";
-	a->mod_values = samvals;
-	samvals[0] = realmless_p;
-	samvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userPrincipalName";
-	a->mod_values = upnvals;
-	upnvals[0] = p;
-	upnvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	tv[0] = "9223372036854775807"; /* "never" */
-	tv[1] = NULL;
-	a++;
-    }
-
-    attrs[a - &rattrs[0]] = NULL;
-
-    ret = ldap_add_s(CTX2LP(context), dn, attrs);
-
- out:
-    if (useraccvals[0])
-	free(useraccvals[0]);
-    if (realmless_p)
-	free(realmless_p);
-    if (samname)
-	free(samname);
-    if (short_spn)
-	free(short_spn);
-    if (p_msrealm)
-	free(p_msrealm);
-    free(p);
-
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    return 0;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_delete_principal(void *server_handle, krb5_principal principal)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    char *p, *dn = NULL;
-    const char *fqdn;
-    int ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    fqdn = get_fqdn(context->context, principal);
-
-    ret = krb5_unparse_name(context->context, principal, &p);
-    if (ret)
-	return ret;
-
-    if (ad_find_entry(context, fqdn, p, &dn) != 0) {
-	free(p);
-	return KADM5_UNK_PRINC;
-    }
-
-    ret = ldap_delete_s(CTX2LP(context), dn);
-
-    free(dn);
-    free(p);
-
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-    return 0;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_destroy(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-
-    if (context->ccache)
-	krb5_cc_destroy(context->context, context->ccache);
-
-#ifdef OPENLDAP
-    {
-	LDAP *lp = CTX2LP(context);
-	if (lp)
-	    ldap_unbind(lp);
-	if (context->base_dn)
-	    free(context->base_dn);
-    }
-#endif
-    free(context->realm);
-    free(context->client_name);
-    krb5_free_principal(context->context, context->caller);
-    if(context->my_context)
-	krb5_free_context(context->context);
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_ad_flush(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_principal(void *server_handle,
-		       krb5_principal principal, 
-		       kadm5_principal_ent_t entry, 
-		       uint32_t mask)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    LDAPMessage *m, *m0;
-    char **attr = NULL;
-    int attrlen = 0;
-    char *filter, *p, *q, *u;
-    int ret;
-
-    /*
-     * principal
-     * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
-     */
-
-    /*
-     * return 0 || KADM5_DUP;
-     */
-
-    memset(entry, 0, sizeof(*entry));
-
-    if (mask & KADM5_KVNO)
-	laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
-
-    if (mask & KADM5_PRINCIPAL) {
-	laddattr(&attr, &attrlen, "userPrincipalName");
-	laddattr(&attr, &attrlen, "servicePrincipalName");
-    }
-    laddattr(&attr, &attrlen, "objectClass");
-    laddattr(&attr, &attrlen, "lastLogon");
-    laddattr(&attr, &attrlen, "badPwdCount");
-    laddattr(&attr, &attrlen, "badPasswordTime");
-    laddattr(&attr, &attrlen, "pwdLastSet");
-    laddattr(&attr, &attrlen, "accountExpires");
-    laddattr(&attr, &attrlen, "userAccountControl");
-
-    krb5_unparse_name_short(context->context, principal, &p);
-    krb5_unparse_name(context->context, principal, &u);
-
-    /* replace @ in domain part with a / */
-    q = strrchr(p, '@');
-    if (q && (p != q && *(q - 1) != '\\'))
-	*q = '/';
-
-    asprintf(&filter, 
-	     "(|(userPrincipalName=%s)(servicePrincipalName=%s)(servicePrincipalName=%s))",
-	     u, p, u);
-    free(p);
-    free(u);
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(attr);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	char **vals;
-	m0 = ldap_first_entry(CTX2LP(context), m);
-	if (m0 == NULL) {
-	    ldap_msgfree(m);
-	    goto fail;
-	}
-#if 0
-	vals = ldap_get_values(CTX2LP(context), m0, "servicePrincipalName");
-	if (vals)
-	    printf("servicePrincipalName %s\n", vals[0]);
-	vals = ldap_get_values(CTX2LP(context), m0, "userPrincipalName");
-	if (vals)
-	    printf("userPrincipalName %s\n", vals[0]);
-	vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	if (vals)
-	    printf("userAccountControl %s\n", vals[0]);
-#endif
-	entry->princ_expire_time = 0;
-	if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
-	    if (vals)
-		entry->princ_expire_time = nt2unixtime(vals[0]);
-	}
-	entry->last_success = 0;
-	if (mask & KADM5_LAST_SUCCESS) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "lastLogon");
-	    if (vals)
-		entry->last_success = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_LAST_FAILED) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "badPasswordTime");
-	    if (vals)
-		entry->last_failed = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_LAST_PWD_CHANGE) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "pwdLastSet");
-	    if (vals)
-		entry->last_pwd_change = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_FAIL_AUTH_COUNT) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "badPwdCount");
-	    if (vals)
-		entry->fail_auth_count = atoi(vals[0]);
-	}
- 	if (mask & KADM5_ATTRIBUTES) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	    if (vals) {
-		uint32_t i;
-		i = atoi(vals[0]);
-		if (i & (UF_ACCOUNTDISABLE|UF_LOCKOUT))
-		    entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-		if ((i & UF_DONT_REQUIRE_PREAUTH) == 0)
-		    entry->attributes |= KRB5_KDB_REQUIRES_PRE_AUTH;
-		if (i & UF_SMARTCARD_REQUIRED)
-		    entry->attributes |= KRB5_KDB_REQUIRES_HW_AUTH;
-		if ((i & UF_WORKSTATION_TRUST_ACCOUNT) == 0)
-		    entry->attributes |= KRB5_KDB_DISALLOW_SVR;
-	    }
-	}
-	if (mask & KADM5_KVNO) {
-	    vals = ldap_get_values(CTX2LP(context), m0, 
-				   "msDS-KeyVersionNumber");
-	    if (vals)
-		entry->kvno = atoi(vals[0]);
-	    else
-		entry->kvno = 0;
-	}
-	ldap_msgfree(m);
-    } else {
-	return KADM5_UNK_PRINC;
-    }
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_copy_principal(context->context, principal, &entry->principal);
-
-    return 0;
- fail:
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_principals(void *server_handle,
-			const char *expression,
-			char ***principals,
-			int *count)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
-     */
-
-#ifdef OPENLDAP
-    kadm5_ret_t ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_privs(void *server_handle, uint32_t*privs)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static kadm5_ret_t
-kadm5_ad_modify_principal(void *server_handle,
-			  kadm5_principal_ent_t entry,
-			  uint32_t mask)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /* 
-     * KADM5_ATTRIBUTES
-     * KRB5_KDB_DISALLOW_ALL_TIX (| KADM5_KVNO)
-     */
-
-#ifdef OPENLDAP
-    LDAPMessage *m = NULL, *m0;
-    kadm5_ret_t ret;
-    char **attr = NULL;
-    int attrlen = 0;
-    char *p = NULL, *s = NULL, *q;
-    char **vals;
-    LDAPMod *attrs[4], rattrs[3], *a;
-    char *uaf[2] = { NULL, NULL };
-    char *kvno[2] = { NULL, NULL };
-    char *tv[2] = { NULL, NULL };
-    char *filter, *dn;
-    int i;
-
-    for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
-	attrs[i] = &rattrs[i];
-    attrs[i] = NULL;
-    a = &rattrs[0];
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    if (mask & KADM5_KVNO)
-	laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-	laddattr(&attr, &attrlen, "accountExpires");
-    if (mask & KADM5_ATTRIBUTES)
-	laddattr(&attr, &attrlen, "userAccountControl");
-    laddattr(&attr, &attrlen, "distinguishedName");
-
-    krb5_unparse_name(context->context, entry->principal, &p);
-
-    s = strdup(p);
-
-    q = strrchr(s, '@');
-    if (q && (p != q && *(q - 1) != '\\'))
-	*q = '\0';
-
-    asprintf(&filter, 
-	     "(|(userPrincipalName=%s)(servicePrincipalName=%s))",
-	     s, s);
-    free(p);
-    free(s);
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(attr);
-    free(filter);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) <= 0) {
-	ret = KADM5_RPC_ERROR;
-	goto out;
-    }
-
-    m0 = ldap_first_entry(CTX2LP(context), m);
-
-    if (mask & KADM5_ATTRIBUTES) {
-	int32_t i;
-
-	vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	if (vals == NULL) {
-	    ret = KADM5_RPC_ERROR;
-	    goto out;
-	}
-
-	i = atoi(vals[0]);
-	if (i == 0)
-	    return KADM5_RPC_ERROR;
-
-	if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
-	    i |= (UF_ACCOUNTDISABLE|UF_LOCKOUT);
-	else
-	    i &= ~(UF_ACCOUNTDISABLE|UF_LOCKOUT);
-	if (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)
-	    i &= ~UF_DONT_REQUIRE_PREAUTH;
-	else
-	    i |= UF_DONT_REQUIRE_PREAUTH;
-	if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
-	    i |= UF_SMARTCARD_REQUIRED;
-	else
-	    i &= UF_SMARTCARD_REQUIRED;
-	if (entry->attributes & KRB5_KDB_DISALLOW_SVR)
-	    i &= ~UF_WORKSTATION_TRUST_ACCOUNT;
-	else
-	    i |= UF_WORKSTATION_TRUST_ACCOUNT;
-
-	asprintf(&uaf[0], "%d", i);
-
-	a->mod_op = LDAP_MOD_REPLACE;
-	a->mod_type = "userAccountControl";
-	a->mod_values = uaf;
-	a++;
-    }
-
-    if (mask & KADM5_KVNO) {
-	vals = ldap_get_values(CTX2LP(context), m0, "msDS-KeyVersionNumber");
-	if (vals == NULL) {
-	    entry->kvno = 0;
-	} else {
-	    asprintf(&kvno[0], "%d", entry->kvno);
-
-	    a->mod_op = LDAP_MOD_REPLACE;
-	    a->mod_type = "msDS-KeyVersionNumber";
-	    a->mod_values = kvno;
-	    a++;
-	}
-    }
-
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	long long wt;
-	vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
-	if (vals == NULL) {
-	    ret = KADM5_RPC_ERROR;
-	    goto out;
-	}
-
-	wt = unix2nttime(entry->princ_expire_time);
-
-	asprintf(&tv[0], "%llu", wt);
-
-	a->mod_op = LDAP_MOD_REPLACE;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	a++;
-    }
-    
-    vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
-    if (vals == NULL) {
-	ret = KADM5_RPC_ERROR;
-	goto out;
-    }
-    dn = vals[0];
-
-    attrs[a - &rattrs[0]] = NULL;
-
-    ret = ldap_modify_s(CTX2LP(context), dn, attrs);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
- out:
-    if (m)
-	ldap_msgfree(m);
-    if (uaf[0])
-	free(uaf[0]);
-    if (kvno[0])
-	free(kvno[0]);
-    if (tv[0])
-	free(tv[0]);
-    return ret;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_randkey_principal(void *server_handle,
-			   krb5_principal principal,
-			   krb5_keyblock **keys,
-			   int *n_keys)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * random key
-     */
-
-#ifdef OPENLDAP
-    krb5_data result_code_string, result_string;
-    int result_code, plen;
-    kadm5_ret_t ret;
-    char *password;
-
-    *keys = NULL;
-    *n_keys = 0;
-
-    {
-	char p[64];
-	krb5_generate_random_block(p, sizeof(p));
-	plen = base64_encode(p, sizeof(p), &password);
-	if (plen < 0)
-	    return ENOMEM;
-    }
-
-    ret = ad_get_cred(context, NULL);
-    if (ret) {
-	free(password);
-	return ret;
-    }
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_set_password_using_ccache (context->context, 
-					  context->ccache,
-					  password,
-					  principal,
-					  &result_code,
-					  &result_code_string,
-					  &result_string);
-
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-
-    if (ret == 0) {
-
-	*keys = malloc(sizeof(**keys) * 1);
-	if (*keys == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	*n_keys = 1;
-
-	ret = krb5_string_to_key(context->context,
-				 ENCTYPE_ARCFOUR_HMAC_MD5,
-				 password,
-				 principal,
-				 &(*keys)[0]);
-	memset(password, 0, sizeof(password));
-	if (ret) {
-	    free(*keys);
-	    *keys = NULL;
-	    *n_keys = 0;
-	    goto out;
-	}
-    }
-    memset(password, 0, plen);
-    free(password);
- out:
-    return ret;
-#else
-    *keys = NULL;
-    *n_keys = 0;
-
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_rename_principal(void *server_handle,
-			  krb5_principal from,
-			  krb5_principal to)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static kadm5_ret_t
-kadm5_ad_chpass_principal_with_key(void *server_handle, 
-				   krb5_principal princ,
-				   int n_key_data,
-				   krb5_key_data *key_data)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static void
-set_funcs(kadm5_ad_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5_ad_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-kadm5_ret_t 
-kadm5_ad_init_with_password_ctx(krb5_context context,
-				const char *client_name,
-				const char *password,
-				const char *service_name,
-				kadm5_config_params *realm_params,
-				unsigned long struct_version,
-				unsigned long api_version,
-				void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_ad_context *ctx;
-
-    ctx = malloc(sizeof(*ctx));
-    if(ctx == NULL)
-	return ENOMEM;
-    memset(ctx, 0, sizeof(*ctx));
-    set_funcs(ctx);
-
-    ctx->context = context;
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-
-    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
-    if(ret) {
-	free(ctx);
-	return ret;
-    }
-
-    if(realm_params->mask & KADM5_CONFIG_REALM) {
-	ret = 0;
-	ctx->realm = strdup(realm_params->realm);
-	if (ctx->realm == NULL)
-	    ret = ENOMEM;
-    } else
-	ret = krb5_get_default_realm(ctx->context, &ctx->realm);
-    if (ret) {
-	free(ctx);
-	return ret;
-    }
-
-    ctx->client_name = strdup(client_name);
-
-    if(password != NULL && *password != '\0')
-	ret = ad_get_cred(ctx, password);
-    else
-	ret = ad_get_cred(ctx, NULL);
-    if(ret) {
-	kadm5_ad_destroy(ctx);
-	return ret;
-    }
-
-#ifdef OPENLDAP
-    ret = _kadm5_ad_connect(ctx);
-    if (ret) {
-	kadm5_ad_destroy(ctx);
-	return ret;
-    }
-#endif
-
-    *server_handle = ctx;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_ad_init_with_password(const char *client_name,
-			    const char *password,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_ad_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_ad_init_with_password_ctx(context, 
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-    if(ret) {
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h
deleted file mode 100644
index 30d68d8..0000000
--- a/crypto/heimdal/lib/kadm5/admin.h
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: admin.h 20237 2007-02-16 23:54:34Z lha $ */
-
-#ifndef __KADM5_ADMIN_H__
-#define __KADM5_ADMIN_H__
-
-#define KADM5_API_VERSION_1 1
-#define KADM5_API_VERSION_2 2
-
-#ifndef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
-#endif
-
-#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
-#error No support for API versions other than 2
-#endif
-
-#define KADM5_STRUCT_VERSION 0
-
-#include <krb5.h>
-
-#define KRB5_KDB_DISALLOW_POSTDATED	0x00000001
-#define KRB5_KDB_DISALLOW_FORWARDABLE	0x00000002
-#define KRB5_KDB_DISALLOW_TGT_BASED	0x00000004
-#define KRB5_KDB_DISALLOW_RENEWABLE	0x00000008
-#define KRB5_KDB_DISALLOW_PROXIABLE	0x00000010
-#define KRB5_KDB_DISALLOW_DUP_SKEY	0x00000020
-#define KRB5_KDB_DISALLOW_ALL_TIX	0x00000040
-#define KRB5_KDB_REQUIRES_PRE_AUTH	0x00000080
-#define KRB5_KDB_REQUIRES_HW_AUTH	0x00000100
-#define KRB5_KDB_REQUIRES_PWCHANGE	0x00000200
-#define KRB5_KDB_DISALLOW_SVR		0x00001000
-#define KRB5_KDB_PWCHANGE_SERVICE	0x00002000
-#define KRB5_KDB_SUPPORT_DESMD5		0x00004000
-#define KRB5_KDB_NEW_PRINC		0x00008000
-#define KRB5_KDB_OK_AS_DELEGATE		0x00010000
-#define KRB5_KDB_TRUSTED_FOR_DELEGATION	0x00020000
-#define KRB5_KDB_ALLOW_KERBEROS4	0x00040000
-#define KRB5_KDB_ALLOW_DIGEST		0x00080000
-
-#define KADM5_PRINCIPAL		0x000001
-#define KADM5_PRINC_EXPIRE_TIME	0x000002
-#define KADM5_PW_EXPIRATION	0x000004
-#define KADM5_LAST_PWD_CHANGE	0x000008
-#define KADM5_ATTRIBUTES	0x000010
-#define KADM5_MAX_LIFE		0x000020
-#define KADM5_MOD_TIME		0x000040
-#define KADM5_MOD_NAME		0x000080
-#define KADM5_KVNO		0x000100
-#define KADM5_MKVNO		0x000200
-#define KADM5_AUX_ATTRIBUTES	0x000400
-#define KADM5_POLICY		0x000800
-#define KADM5_POLICY_CLR	0x001000
-#define KADM5_MAX_RLIFE		0x002000
-#define KADM5_LAST_SUCCESS	0x004000
-#define KADM5_LAST_FAILED	0x008000
-#define KADM5_FAIL_AUTH_COUNT	0x010000
-#define KADM5_KEY_DATA		0x020000
-#define KADM5_TL_DATA		0x040000
-
-#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
-
-#define KADM5_PW_MAX_LIFE 	0x004000
-#define KADM5_PW_MIN_LIFE	0x008000
-#define KADM5_PW_MIN_LENGTH 	0x010000
-#define KADM5_PW_MIN_CLASSES	0x020000
-#define KADM5_PW_HISTORY_NUM	0x040000
-#define KADM5_REF_COUNT		0x080000
-
-#define KADM5_POLICY_NORMAL_MASK (~0)
-
-#define KADM5_ADMIN_SERVICE	"kadmin/admin"
-#define KADM5_HIST_PRINCIPAL	"kadmin/history"
-#define KADM5_CHANGEPW_SERVICE	"kadmin/changepw"
-
-typedef struct _krb5_key_data {
-    int16_t key_data_ver;	/* Version */
-    int16_t key_data_kvno;	/* Key Version */
-    int16_t key_data_type[2];	/* Array of types */
-    int16_t key_data_length[2];	/* Array of lengths */
-    void*   key_data_contents[2];/* Array of pointers */
-} krb5_key_data;
-
-typedef struct _krb5_tl_data {
-    struct _krb5_tl_data* tl_data_next;
-    int16_t tl_data_type;         
-    int16_t tl_data_length;       
-    void*   tl_data_contents;     
-} krb5_tl_data;
-
-#define KRB5_TL_LAST_PWD_CHANGE		0x0001
-#define KRB5_TL_MOD_PRINC		0x0002
-#define KRB5_TL_KADM_DATA		0x0003
-#define KRB5_TL_KADM5_E_DATA		0x0004
-#define KRB5_TL_RB1_CHALLENGE		0x0005
-#define KRB5_TL_SECURID_STATE           0x0006
-#define KRB5_TL_PASSWORD           	0x0007
-#define KRB5_TL_EXTENSION           	0x0008
-#define KRB5_TL_PKINIT_ACL           	0x0009
-#define KRB5_TL_ALIASES           	0x000a
-
-typedef struct _kadm5_principal_ent_t {
-    krb5_principal principal;
-
-    krb5_timestamp princ_expire_time;
-    krb5_timestamp last_pwd_change;
-    krb5_timestamp pw_expiration;
-    krb5_deltat max_life;
-    krb5_principal mod_name;
-    krb5_timestamp mod_date;
-    krb5_flags attributes;
-    krb5_kvno kvno;
-    krb5_kvno mkvno;
-
-    char * policy;
-    uint32_t aux_attributes;
-
-    krb5_deltat max_renewable_life;
-    krb5_timestamp last_success;
-    krb5_timestamp last_failed;
-    krb5_kvno fail_auth_count;
-    int16_t n_key_data;
-    int16_t n_tl_data;
-    krb5_tl_data *tl_data;
-    krb5_key_data *key_data;
-} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-
-typedef struct _kadm5_policy_ent_t {
-    char *policy;
-
-    uint32_t pw_min_life;
-    uint32_t pw_max_life;
-    uint32_t pw_min_length;
-    uint32_t pw_min_classes;
-    uint32_t pw_history_num;
-    uint32_t policy_refcnt;
-} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
-
-#define KADM5_CONFIG_REALM			(1 << 0)
-#define KADM5_CONFIG_PROFILE			(1 << 1)
-#define KADM5_CONFIG_KADMIND_PORT		(1 << 2)
-#define KADM5_CONFIG_ADMIN_SERVER		(1 << 3)
-#define KADM5_CONFIG_DBNAME			(1 << 4)
-#define KADM5_CONFIG_ADBNAME			(1 << 5)
-#define KADM5_CONFIG_ADB_LOCKFILE		(1 << 6)
-#define KADM5_CONFIG_ACL_FILE			(1 << 7)
-#define KADM5_CONFIG_DICT_FILE			(1 << 8)
-#define KADM5_CONFIG_ADMIN_KEYTAB		(1 << 9)
-#define KADM5_CONFIG_MKEY_FROM_KEYBOARD		(1 << 10)
-#define KADM5_CONFIG_STASH_FILE			(1 << 11)
-#define KADM5_CONFIG_MKEY_NAME			(1 << 12)
-#define KADM5_CONFIG_ENCTYPE			(1 << 13)
-#define KADM5_CONFIG_MAX_LIFE			(1 << 14)
-#define KADM5_CONFIG_MAX_RLIFE			(1 << 15)
-#define KADM5_CONFIG_EXPIRATION			(1 << 16)
-#define KADM5_CONFIG_FLAGS			(1 << 17)
-#define KADM5_CONFIG_ENCTYPES			(1 << 18)
-
-#define KADM5_PRIV_GET		(1 << 0)
-#define KADM5_PRIV_ADD 		(1 << 1)
-#define KADM5_PRIV_MODIFY	(1 << 2)
-#define KADM5_PRIV_DELETE	(1 << 3)
-#define KADM5_PRIV_LIST		(1 << 4)
-#define KADM5_PRIV_CPW		(1 << 5)
-#define KADM5_PRIV_ALL		(KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
-
-typedef struct {
-    int XXX;
-}krb5_key_salt_tuple;
-
-typedef struct _kadm5_config_params {
-    uint32_t mask;
-
-    /* Client and server fields */
-    char *realm;
-    int kadmind_port;
-
-    /* client fields */
-    char *admin_server;
-
-    /* server fields */
-    char *dbname;
-    char *acl_file;
-
-    /* server library (database) fields */
-    char *stash_file;
-} kadm5_config_params;
-
-typedef krb5_error_code kadm5_ret_t;
-
-#include "kadm5-protos.h"
-
-#if 0
-/* unimplemented functions */
-kadm5_ret_t 
-kadm5_decrypt_key(void *server_handle,
-		  kadm5_principal_ent_t entry, int32_t
-		  ktype, int32_t stype, int32_t
-		  kvno, krb5_keyblock *keyblock,
-		  krb5_keysalt *keysalt, int *kvnop);
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, uint32_t mask); 
-
-kadm5_ret_t
-kadm5_delete_policy(void *server_handle, char *policy);
-
-
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, 
-		    uint32_t mask);
-
-kadm5_ret_t
-kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 
-
-kadm5_ret_t
-kadm5_get_policies(void *server_handle, char *exp,
-		   char ***pols, int *count);
-
-void 
-kadm5_free_policy_ent(kadm5_policy_ent_t policy);
-
-#endif
-
-#endif /* __KADM5_ADMIN_H__ */
diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c
deleted file mode 100644
index 17bd5e1..0000000
--- a/crypto/heimdal/lib/kadm5/bump_pw_expire.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: bump_pw_expire.c 8797 2000-07-24 03:47:54Z assar $");
-
-/*
- * extend password_expiration if it's defined
- */
-
-kadm5_ret_t
-_kadm5_bump_pw_expire(kadm5_server_context *context,
-		      hdb_entry *ent)
-{
-    if (ent->pw_end != NULL) {
-	time_t life;
-
-	life = krb5_config_get_time_default(context->context,
-					    NULL,
-					    365 * 24 * 60 * 60,
-					    "kadmin",
-					    "password_lifetime",
-					    NULL);
-
-	*(ent->pw_end) = time(NULL) + life;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/check-cracklib.pl b/crypto/heimdal/lib/kadm5/check-cracklib.pl
deleted file mode 100755
index 229cc7f..0000000
--- a/crypto/heimdal/lib/kadm5/check-cracklib.pl
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/pkg/bin/perl
-#
-# Sample password verifier for Heimdals external password
-# verifier, see the chapter "Password changing" in the the info
-# documentation for more information about the protocol used.
-#
-# Three checks
-#  1. Check that password is not the principal name
-#  2. Check that the password passes cracklib
-#  3. Check that password isn't repeated for this principal
-#
-# The repeat check must be last because some clients ask
-# twice when getting "no" back and thus the error message
-# would be wrong.
-#
-# Prereqs (example versions): 
-#
-# * perl (5.8.5) http://www.perl.org/
-# * cracklib (2.8.5) http://sourceforge.net/projects/cracklib
-# * Crypt-Cracklib perlmodule (0.01) http://search.cpan.org/~daniel/
-#
-# Sample dictionaries:
-#     cracklib-words (1.1) http://sourceforge.net/projects/cracklib
-#     miscfiles (1.4.2) http://directory.fsf.org/miscfiles.html
-#
-# Configuration for krb5.conf or kdc.conf
-#
-#   [password_quality]
-#     	policies = builtin:external-check
-#     	external_program = <your-path>/check-cracklib.pl
-#
-# $Id: check-cracklib.pl 20578 2007-05-07 22:21:51Z lha $
-
-use strict;
-use Crypt::Cracklib;
-use Digest::MD5;
-
-# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
-my $database = '/usr/lib/cracklib_dict';
-my $historydb = '/var/heimdal/historydb';
-# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
-
-my %params;
-
-sub check_basic
-{
-    my $principal = shift;
-    my $passwd = shift;
-
-    if ($principal eq $passwd) {
-	return "Principal name as password is not allowed";
-    }
-    return "ok";
-}
-
-sub check_repeat
-{
-    my $principal = shift;
-    my $passwd = shift;
-    my $result  = 'Do not reuse passwords';
-    my %DB;
-    my $md5context = new Digest::MD5;
-
-    $md5context->reset();
-    $md5context->add($principal, ":", $passwd);
-
-    my $key=$md5context->hexdigest();
-
-    dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
-    $result = "ok" if (!$DB{$key});
-    $DB{$key}=scalar(time());
-    dbmclose(%DB) or die "Internal: Could not close $historydb";
-    return $result;
-}
-
-sub badpassword
-{
-    my $reason = shift;
-    print "$reason\n";
-    exit 0
-}
-
-while (<>) {
-    last if /^end$/;
-    if (!/^([^:]+): (.+)$/) {
-	die "key value pair not correct: $_";
-    }
-    $params{$1} = $2;
-}
-
-die "missing principal" if (!defined $params{'principal'});
-die "missing password" if (!defined $params{'new-password'});
-
-my $reason;
-
-$reason = check_basic($params{'principal'}, $params{'new-password'});
-badpassword($reason) if ($reason ne "ok");
-
-$reason = fascist_check($params{'new-password'}, $database);
-badpassword($reason) if ($reason ne "ok");
-
-$reason = check_repeat($params{'principal'}, $params{'new-password'});
-badpassword($reason) if ($reason ne "ok");
-
-print "APPROVED\n";
-exit 0
diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c
deleted file mode 100644
index 5319ce9..0000000
--- a/crypto/heimdal/lib/kadm5/chpass_c.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_c.c 16661 2006-01-25 12:50:10Z lha $");
-
-kadm5_ret_t
-kadm5_c_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 const char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_chpass);
-    krb5_store_principal(sp, princ);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-    int i;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_chpass_with_key);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, n_key_data);
-    for (i = 0; i < n_key_data; ++i)
-	kadm5_store_key_data (sp, &key_data[i]);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c
deleted file mode 100644
index abef28c..0000000
--- a/crypto/heimdal/lib/kadm5/chpass_s.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_s.c 20608 2007-05-08 07:11:48Z lha $");
-
-static kadm5_ret_t
-change(void *server_handle, 
-       krb5_principal princ,
-       const char *password,
-       int cond)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-    Key *keys;
-    size_t num_keys;
-    int cmp = 1;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-
-    num_keys = ent.entry.keys.len;
-    keys     = ent.entry.keys.val;
-
-    ent.entry.keys.len = 0;
-    ent.entry.keys.val = NULL;
-
-    ret = _kadm5_set_keys(context, &ent.entry, password);
-    if(ret) {
-	_kadm5_free_keys (context->context, num_keys, keys);
-	goto out2;
-    }
-    ent.entry.kvno++;
-    if (cond)
-	cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
-			       keys, num_keys);
-    _kadm5_free_keys (context->context, num_keys, keys);
-
-    if (cmp == 0) {
-	krb5_set_error_string(context->context, "Password reuse forbidden");
-	ret = KADM5_PASS_REUSE;
-	goto out2;
-    }
-
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-
-/*
- * change the password of `princ' to `password' if it's not already that.
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond(void *server_handle, 
-			      krb5_principal princ,
-			      const char *password)
-{
-    return change (server_handle, princ, password, 1);
-}
-
-/*
- * change the password of `princ' to `password'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 const char *password)
-{
-    return change (server_handle, princ, password, 0);
-}
-
-/*
- * change keys for `princ' to `keys'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ, 
-				 HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-    ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
-    if(ret)
-	goto out2;
-    ent.entry.kvno++;
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c
deleted file mode 100644
index 24d91b3..0000000
--- a/crypto/heimdal/lib/kadm5/client_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: client_glue.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_c_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_c_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_c_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_c_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c
deleted file mode 100644
index 48d9d84..0000000
--- a/crypto/heimdal/lib/kadm5/common_glue.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: common_glue.c 17445 2006-05-05 10:37:46Z lha $");
-
-#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
-
-kadm5_ret_t
-kadm5_chpass_principal(void *server_handle,
-		       krb5_principal princ,
-		       const char *password)
-{
-    return __CALL(chpass_principal, (server_handle, princ, password));
-}
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key(void *server_handle,
-				krb5_principal princ,
-				int n_key_data,
-				krb5_key_data *key_data)
-{
-    return __CALL(chpass_principal_with_key,
-		  (server_handle, princ, n_key_data, key_data));
-}
-
-kadm5_ret_t
-kadm5_create_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       uint32_t mask,
-		       const char *password)
-{
-    return __CALL(create_principal, (server_handle, princ, mask, password));
-}
-
-kadm5_ret_t
-kadm5_delete_principal(void *server_handle,
-		       krb5_principal princ)
-{
-    return __CALL(delete_principal, (server_handle, princ));
-}
-
-kadm5_ret_t
-kadm5_destroy (void *server_handle)
-{
-    return __CALL(destroy, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_flush (void *server_handle)
-{
-    return __CALL(flush, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_get_principal(void *server_handle,
-		    krb5_principal princ,
-		    kadm5_principal_ent_t out,
-		    uint32_t mask)
-{
-    return __CALL(get_principal, (server_handle, princ, out, mask));
-}
-
-kadm5_ret_t
-kadm5_modify_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       uint32_t mask)
-{
-    return __CALL(modify_principal, (server_handle, princ, mask));
-}
-
-kadm5_ret_t
-kadm5_randkey_principal(void *server_handle,
-			krb5_principal princ,
-			krb5_keyblock **new_keys,
-			int *n_keys)
-{
-    return __CALL(randkey_principal, (server_handle, princ, new_keys, n_keys));
-}
-
-kadm5_ret_t
-kadm5_rename_principal(void *server_handle,
-		       krb5_principal source,
-		       krb5_principal target)
-{
-    return __CALL(rename_principal, (server_handle, source, target));
-}
-
-kadm5_ret_t
-kadm5_get_principals(void *server_handle,
-		     const char *expression,
-		     char ***princs,
-		     int *count)
-{
-    return __CALL(get_principals, (server_handle, expression, princs, count));
-}
-
-kadm5_ret_t
-kadm5_get_privs(void *server_handle,
-		uint32_t *privs)
-{
-    return __CALL(get_privs, (server_handle, privs));
-}
diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c
deleted file mode 100644
index 6ac7a9c..0000000
--- a/crypto/heimdal/lib/kadm5/context_s.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: context_s.c 22211 2007-12-07 19:27:27Z lha $");
-
-static void
-set_funcs(kadm5_server_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-static void
-set_socket_name(krb5_context context, struct sockaddr_un *un)
-{
-    const char *fn = kadm5_log_signal_socket(context);
-
-    memset(un, 0, sizeof(*un));
-    un->sun_family = AF_UNIX;
-    strlcpy (un->sun_path, fn, sizeof(un->sun_path));
-}
-
-static kadm5_ret_t
-find_db_spec(kadm5_server_context *ctx)
-{
-    krb5_context context = ctx->context;
-    struct hdb_dbinfo *info, *d;
-    krb5_error_code ret;
-
-    if (ctx->config.realm) {
-	/* fetch the databases */
-	ret = hdb_get_dbinfo(context, &info);
-	if (ret)
-	    return ret;
-	
-	d = NULL;
-	while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
-	    const char *p = hdb_dbinfo_get_realm(context, d);
-	    
-	    /* match default (realm-less) */
-	    if(p != NULL && strcmp(ctx->config.realm, p) != 0)
-		continue;
-	    
-	    p = hdb_dbinfo_get_dbname(context, d);
-	    if (p)
-		ctx->config.dbname = strdup(p);
-	    
-	    p = hdb_dbinfo_get_acl_file(context, d);
-	    if (p)
-		ctx->config.acl_file = strdup(p);
-	    
-	    p = hdb_dbinfo_get_mkey_file(context, d);
-	    if (p)
-		ctx->config.stash_file = strdup(p);
-	    
-	    p = hdb_dbinfo_get_log_file(context, d);
-	    if (p)
-		ctx->log_context.log_file = strdup(p);
-	    break;
-	}
-	hdb_free_dbinfo(context, &info);
-    }
-
-    /* If any of the values was unset, pick up the default value */
-
-    if (ctx->config.dbname == NULL)
-	ctx->config.dbname = strdup(hdb_default_db(context));
-    if (ctx->config.acl_file == NULL)
-	asprintf(&ctx->config.acl_file, "%s/kadmind.acl", hdb_db_dir(context));
-    if (ctx->config.stash_file == NULL)
-	asprintf(&ctx->config.stash_file, "%s/m-key", hdb_db_dir(context));
-    if (ctx->log_context.log_file == NULL)
-	asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context));
-
-    set_socket_name(context, &ctx->log_context.socket_name);
-
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_s_init_context(kadm5_server_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-#define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
-    if(is_set(REALM))
-	(*ctx)->config.realm = strdup(params->realm);
-    else
-	krb5_get_default_realm(context, &(*ctx)->config.realm);
-    if(is_set(DBNAME))
-	(*ctx)->config.dbname = strdup(params->dbname);
-    if(is_set(ACL_FILE))
-	(*ctx)->config.acl_file = strdup(params->acl_file);
-    if(is_set(STASH_FILE))
-	(*ctx)->config.stash_file = strdup(params->stash_file);
-    
-    find_db_spec(*ctx);
-    
-    /* PROFILE can't be specified for now */
-    /* KADMIND_PORT is supposed to be used on the server also, 
-       but this doesn't make sense */
-    /* ADMIN_SERVER is client only */
-    /* ADNAME is not used at all (as far as I can tell) */
-    /* ADB_LOCKFILE ditto */
-    /* DICT_FILE */
-    /* ADMIN_KEYTAB */
-    /* MKEY_FROM_KEYBOARD is not supported */
-    /* MKEY_NAME neither */
-    /* ENCTYPE */
-    /* MAX_LIFE */
-    /* MAX_RLIFE */
-    /* EXPIRATION */
-    /* FLAGS */
-    /* ENCTYPES */
-
-    return 0;
-}
-
-HDB *
-_kadm5_s_get_db(void *server_handle)
-{
-    kadm5_server_context *context = server_handle;
-    return context->db;
-}
diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c
deleted file mode 100644
index 903a06a..0000000
--- a/crypto/heimdal/lib/kadm5/create_c.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask,
-			 const char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_create);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c
deleted file mode 100644
index 9465310..0000000
--- a/crypto/heimdal/lib/kadm5/create_s.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_s.c 20607 2007-05-08 07:11:11Z lha $");
-
-static kadm5_ret_t
-get_default(kadm5_server_context *context, krb5_principal princ, 
-	    kadm5_principal_ent_t def)
-{
-    kadm5_ret_t ret;
-    krb5_principal def_principal;
-    krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
-    ret = krb5_make_principal(context->context, &def_principal, 
-			      *realm, "default", NULL);
-    if (ret)
-	return ret;
-    ret = kadm5_s_get_principal(context, def_principal, def, 
-				KADM5_PRINCIPAL_NORMAL_MASK);
-    krb5_free_principal (context->context, def_principal);
-    return ret;
-}
-
-static kadm5_ret_t
-create_principal(kadm5_server_context *context,
-		 kadm5_principal_ent_t princ,
-		 uint32_t mask,
-		 hdb_entry_ex *ent,
-		 uint32_t required_mask,
-		 uint32_t forbidden_mask)
-{
-    kadm5_ret_t ret;
-    kadm5_principal_ent_rec defrec, *defent;
-    uint32_t def_mask;
-    
-    if((mask & required_mask) != required_mask)
-	return KADM5_BAD_MASK;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	/* XXX no real policies for now */
-	return KADM5_UNK_POLICY;
-    memset(ent, 0, sizeof(*ent));
-    ret  = krb5_copy_principal(context->context, princ->principal, 
-			       &ent->entry.principal);
-    if(ret)
-	return ret;
-    
-    defent = &defrec;
-    ret = get_default(context, princ->principal, defent);
-    if(ret) {
-	defent   = NULL;
-	def_mask = 0;
-    } else {
-	def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;
-    }
-
-    ret = _kadm5_setup_entry(context,
-			     ent, mask | def_mask,
-			     princ, mask,
-			     defent, def_mask);
-    if(defent)
-	kadm5_free_principal_ent(context, defent);
-    
-    ent->entry.created_by.time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->entry.created_by.principal);
-
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key(void *server_handle,
-				  kadm5_principal_ent_t princ,
-				  uint32_t mask)
-{
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL | KADM5_KEY_DATA,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES 
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out;
-    
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if (ret)
-	goto out;
-    kadm5_log_create (context, &ent.entry);
-
-out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-				  
-
-kadm5_ret_t
-kadm5_s_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask,
-			 const char *password)
-{
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
-    ent.entry.keys.len = 0;
-    ent.entry.keys.val = NULL;
-
-    ret = _kadm5_set_keys(context, &ent.entry, password);
-    if (ret)
-	goto out;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out;
-    
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if (ret)
-	goto out;
-
-    kadm5_log_create (context, &ent.entry);
-
- out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/default_keys.c b/crypto/heimdal/lib/kadm5/default_keys.c
deleted file mode 100644
index 2a851cd..0000000
--- a/crypto/heimdal/lib/kadm5/default_keys.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <err.h>
-
-RCSID("$Id: default_keys.c 22494 2008-01-21 11:56:44Z lha $");
-
-static void
-print_keys(krb5_context context, Key *keys, size_t nkeys)
-{
-    krb5_error_code ret;
-    char *str;
-    int i;
-
-    printf("keys:\n");
-
-    for (i = 0; i < nkeys; i++) {
-
-	ret = krb5_enctype_to_string(context, keys[i].key.keytype, &str);
-	if (ret)
-	    krb5_err(context, ret, 1, "krb5_enctype_to_string: %d\n",
-		     (int)keys[i].key.keytype);
-
-	printf("\tenctype %s", str);
-	free(str);
-
-	if (keys[i].salt) {
-	    printf(" salt: ");
-
-	    switch (keys[i].salt->type) {
-	    case KRB5_PW_SALT:
-		printf("pw-salt:");
-		break;
-	    case KRB5_AFS3_SALT:
-		printf("afs3-salt:");
-		break;
-	    default:
-		printf("unknown salt: %d", keys[i].salt->type);
-		break;
-	    }
-	    if (keys[i].salt->salt.length)
-		printf("%.*s", (int)keys[i].salt->salt.length,
-		       (char *)keys[i].salt->salt.data);
-	}	
-	printf("\n");
-    }
-    printf("end keys:\n");
-}
-
-static void
-parse_file(krb5_context context, krb5_principal principal, int no_salt)
-{
-    krb5_error_code ret;
-    size_t nkeys;
-    Key *keys;
-
-    ret = hdb_generate_key_set(context, principal, &keys, &nkeys, no_salt);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_generate_key_set");
-
-    print_keys(context, keys, nkeys);
-
-    hdb_free_keys(context, nkeys, keys);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal principal;
-
-    ret = krb5_init_context(&context);
-    if (ret) 
-	errx(1, "krb5_init_context");
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &principal);
-    if (ret)
-	krb5_err(context, ret, 1, "krb5_parse_name");
-
-    parse_file(context, principal, 0);
-    parse_file(context, principal, 1);
-
-    krb5_free_principal(context, principal);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c
deleted file mode 100644
index 5018fd6..0000000
--- a/crypto/heimdal/lib/kadm5/delete_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_c.c 16661 2006-01-25 12:50:10Z lha $");
-
-kadm5_ret_t
-kadm5_c_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_delete);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if(sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c
deleted file mode 100644
index b4e5a37..0000000
--- a/crypto/heimdal/lib/kadm5/delete_s.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_s.c 20612 2007-05-08 07:13:45Z lha $");
-
-kadm5_ret_t
-kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-    if(ent.entry.flags.immutable) {
-	ret = KADM5_PROTECT_PRINCIPAL;
-	goto out2;
-    }
-    
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_remove(context->context, context->db, princ);
-    if (ret)
-	goto out2;
-
-    kadm5_log_delete (context, princ);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c
deleted file mode 100644
index 9ae2e9d..0000000
--- a/crypto/heimdal/lib/kadm5/destroy_c.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_c.c 13198 2003-12-07 19:01:39Z lha $");
-
-kadm5_ret_t 
-kadm5_c_destroy(void *server_handle)
-{
-    kadm5_client_context *context = server_handle;
-
-    free(context->realm);
-    free(context->admin_server);
-    close(context->sock);
-    if (context->client_name)
-	free(context->client_name);
-    if (context->service_name)
-	free(context->service_name);
-    if (context->ac != NULL)
-	krb5_auth_con_free(context->context, context->ac);
-    if(context->my_context)
-	krb5_free_context(context->context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c
deleted file mode 100644
index edfc6b5..0000000
--- a/crypto/heimdal/lib/kadm5/destroy_s.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_s.c 12880 2003-09-19 00:25:35Z lha $");
-
-/*
- * dealloc a `kadm5_config_params'
- */
-
-static void
-destroy_config (kadm5_config_params *c)
-{
-    free (c->realm);
-    free (c->dbname);
-    free (c->acl_file);
-    free (c->stash_file);
-}
-
-/*
- * dealloc a kadm5_log_context
- */
-
-static void
-destroy_kadm5_log_context (kadm5_log_context *c)
-{
-    free (c->log_file);
-    close (c->socket_fd);
-}
-
-/*
- * destroy a kadm5 handle
- */
-
-kadm5_ret_t 
-kadm5_s_destroy(void *server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *context = server_handle;
-    krb5_context kcontext = context->context;
-
-    ret = context->db->hdb_destroy(kcontext, context->db);
-    destroy_kadm5_log_context (&context->log_context);
-    destroy_config (&context->config);
-    krb5_free_principal (kcontext, context->caller);
-    if(context->my_context)
-	krb5_free_context(kcontext);
-    free (context);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c
deleted file mode 100644
index f8309fb..0000000
--- a/crypto/heimdal/lib/kadm5/dump_log.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include "parse_time.h"
-
-RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
-
-static char *op_names[] = {
-    "get",
-    "delete",
-    "create",
-    "rename",
-    "chpass",
-    "modify",
-    "randkey",
-    "get_privs",
-    "get_princs",
-    "chpass_with_key",
-    "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    char t[256];
-    int32_t mask;
-    hdb_entry ent;
-    krb5_principal source;
-    char *name1, *name2;
-    krb5_data data;
-    krb5_context context = server_context->context;
-
-    off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-    
-    krb5_error_code ret;
-
-    strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
-    if(op < kadm_get || op > kadm_nop) {
-	printf("unknown op: %d\n", op);
-	krb5_storage_seek(sp, end, SEEK_SET);
-	return;
-    }
-
-    printf ("%s: ver = %u, timestamp = %s, len = %u\n",
-	    op_names[op], ver, t, len);
-    switch(op) {
-    case kadm_delete:
-	krb5_ret_principal(sp, &source);
-	krb5_unparse_name(context, source, &name1);
-	printf("    %s\n", name1);
-	free(name1);
-	krb5_free_principal(context, source);
-	break;
-    case kadm_rename:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
-	krb5_ret_principal(sp, &source);
-	krb5_storage_read(sp, data.data, data.length);
-	hdb_value2entry(context, &data, &ent);
-	krb5_unparse_name(context, source, &name1);
-	krb5_unparse_name(context, ent.principal, &name2);
-	printf("    %s -> %s\n", name1, name2);
-	free(name1);
-	free(name2);
-	krb5_free_principal(context, source);
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_create:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-	mask = ~0;
-	goto foo;
-    case kadm_modify:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
-	krb5_ret_int32(sp, &mask);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-    foo:
-	if(ent.principal /* mask & KADM5_PRINCIPAL */) {
-	    krb5_unparse_name(context, ent.principal, &name1);
-	    printf("    principal = %s\n", name1);
-	    free(name1);
-	}
-	if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	    if(ent.valid_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.valid_end));
-	    }
-	    printf("    expires = %s\n", t);
-	}
-	if(mask & KADM5_PW_EXPIRATION) {
-	    if(ent.pw_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.pw_end));
-	    }
-	    printf("    password exp = %s\n", t);
-	}
-	if(mask & KADM5_LAST_PWD_CHANGE) {
-	}
-	if(mask & KADM5_ATTRIBUTES) {
-	    unparse_flags(HDBFlags2int(ent.flags), 
-			  HDBFlags_units, t, sizeof(t));
-	    printf("    attributes = %s\n", t);
-	}
-	if(mask & KADM5_MAX_LIFE) {
-	    if(ent.max_life == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_life, t, sizeof(t));
-	    printf("    max life = %s\n", t);
-	}
-	if(mask & KADM5_MAX_RLIFE) {
-	    if(ent.max_renew == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_renew, t, sizeof(t));
-	    printf("    max rlife = %s\n", t);
-	}
-	if(mask & KADM5_MOD_TIME) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_MOD_NAME) {
-	    printf("    mod name\n");
-	}
-	if(mask & KADM5_KVNO) {
-	    printf("    kvno = %d\n", ent.kvno);
-	}
-	if(mask & KADM5_MKVNO) {
-	    printf("    mkvno\n");
-	}
-	if(mask & KADM5_AUX_ATTRIBUTES) {
-	    printf("    aux attributes\n");
-	}
-	if(mask & KADM5_POLICY) {
-	    printf("    policy\n");
-	}
-	if(mask & KADM5_POLICY_CLR) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_LAST_SUCCESS) {
-	    printf("    last success\n");
-	}
-	if(mask & KADM5_LAST_FAILED) {
-	    printf("    last failed\n");
-	}
-	if(mask & KADM5_FAIL_AUTH_COUNT) {
-	    printf("    fail auth count\n");
-	}
-	if(mask & KADM5_KEY_DATA) {
-	    printf("    key data\n");
-	}
-	if(mask & KADM5_TL_DATA) {
-	    printf("    tl data\n");
-	}
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_nop :
-	break;
-    default:
-	abort();
-    }
-    krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, print_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c
deleted file mode 100644
index dfc4a9b..0000000
--- a/crypto/heimdal/lib/kadm5/ent_setup.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: ent_setup.c 18823 2006-10-22 10:15:53Z lha $");
-
-#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
-#define set_null(X)     do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
-
-static void
-attr_to_flags(unsigned attr, HDBFlags *flags)
-{
-    flags->postdate =		!(attr & KRB5_KDB_DISALLOW_POSTDATED);
-    flags->forwardable =	!(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
-    flags->initial =	       !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
-    flags->renewable =		!(attr & KRB5_KDB_DISALLOW_RENEWABLE);
-    flags->proxiable =		!(attr & KRB5_KDB_DISALLOW_PROXIABLE);
-    /* DUP_SKEY */
-    flags->invalid =	       !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
-    flags->require_preauth =   !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
-    /* HW_AUTH */
-    flags->server =		!(attr & KRB5_KDB_DISALLOW_SVR);
-    flags->change_pw = 	       !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
-    flags->client =	        1; /* XXX */
-    flags->ok_as_delegate =    !!(attr & KRB5_KDB_OK_AS_DELEGATE);
-    flags->trusted_for_delegation = !!(attr & KRB5_KDB_TRUSTED_FOR_DELEGATION);
-    flags->allow_kerberos4 =   !!(attr & KRB5_KDB_ALLOW_KERBEROS4);
-    flags->allow_digest =      !!(attr & KRB5_KDB_ALLOW_DIGEST);
-}
-
-/*
- * Modify the `ent' according to `tl_data'.
- */
-
-static kadm5_ret_t
-perform_tl_data(krb5_context context,
-		HDB *db,
-		hdb_entry_ex *ent, 
-		const krb5_tl_data *tl_data)
-{
-    kadm5_ret_t ret = 0;
-
-    if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
-	heim_utf8_string pw = tl_data->tl_data_contents;
-
-	if (pw[tl_data->tl_data_length] != '\0')
-	    return KADM5_BAD_TL_TYPE;
-
-	ret = hdb_entry_set_password(context, db, &ent->entry, pw);
-
-    } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-	unsigned char *s;
-	time_t t;
-
-	if (tl_data->tl_data_length != 4)
-	    return KADM5_BAD_TL_TYPE;
-
-	s = tl_data->tl_data_contents;
-
-	t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
-
-	ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
-
-    } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
-	HDB_extension ext;
-
-	ret = decode_HDB_extension(tl_data->tl_data_contents,
-				   tl_data->tl_data_length,
-				   &ext,
-				   NULL);
-	if (ret)
-	    return KADM5_BAD_TL_TYPE;
-	
-	ret = hdb_replace_extension(context, &ent->entry, &ext);
-	free_HDB_extension(&ext);
-    } else {
-	return KADM5_BAD_TL_TYPE;
-    }
-    return ret;
-}
-
-
-/*
- * Create the hdb entry `ent' based on data from `princ' with
- * `princ_mask' specifying what fields to be gotten from there and
- * `mask' specifying what fields we want filled in.
- */
-
-kadm5_ret_t
-_kadm5_setup_entry(kadm5_server_context *context,
-		   hdb_entry_ex *ent,
-		   uint32_t mask,
-		   kadm5_principal_ent_t princ, 
-		   uint32_t princ_mask,
-		   kadm5_principal_ent_t def,
-		   uint32_t def_mask)
-{
-    if(mask & KADM5_PRINC_EXPIRE_TIME
-       && princ_mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (princ->princ_expire_time)
-	    set_value(ent->entry.valid_end, princ->princ_expire_time);
-	else
-	    set_null(ent->entry.valid_end);
-    }
-    if(mask & KADM5_PW_EXPIRATION
-       && princ_mask & KADM5_PW_EXPIRATION) {
-	if (princ->pw_expiration)
-	    set_value(ent->entry.pw_end, princ->pw_expiration);
-	else
-	    set_null(ent->entry.pw_end);
-    }
-    if(mask & KADM5_ATTRIBUTES) {
-	if (princ_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(princ->attributes, &ent->entry.flags);
-	} else if(def_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(def->attributes, &ent->entry.flags);
-	    ent->entry.flags.invalid = 0;
-	} else {
-	    ent->entry.flags.client      = 1;
-	    ent->entry.flags.server      = 1;
-	    ent->entry.flags.forwardable = 1;
-	    ent->entry.flags.proxiable   = 1;
-	    ent->entry.flags.renewable   = 1;
-	    ent->entry.flags.postdate    = 1;
-	}
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(princ_mask & KADM5_MAX_LIFE) {
-	    if(princ->max_life)
-	      set_value(ent->entry.max_life, princ->max_life);
-	    else
-	      set_null(ent->entry.max_life);
-	} else if(def_mask & KADM5_MAX_LIFE) {
-	    if(def->max_life)
-	      set_value(ent->entry.max_life, def->max_life);
-	    else
-	      set_null(ent->entry.max_life);
-	}
-    }
-    if(mask & KADM5_KVNO
-       && princ_mask & KADM5_KVNO)
-	ent->entry.kvno = princ->kvno;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(princ_mask & KADM5_MAX_RLIFE) {
-	  if(princ->max_renewable_life)
-	    set_value(ent->entry.max_renew, princ->max_renewable_life);
-	  else
-	    set_null(ent->entry.max_renew);
-	} else if(def_mask & KADM5_MAX_RLIFE) {
-	  if(def->max_renewable_life)
-	    set_value(ent->entry.max_renew, def->max_renewable_life);
-	  else
-	    set_null(ent->entry.max_renew);
-	}
-    }
-    if(mask & KADM5_KEY_DATA
-       && princ_mask & KADM5_KEY_DATA) {
-	_kadm5_set_keys2(context, &ent->entry,
-			 princ->n_key_data, princ->key_data);
-    }
-    if(mask & KADM5_TL_DATA) {
-	krb5_tl_data *tl;
-
-	for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
-	    kadm5_ret_t ret;
-	    ret = perform_tl_data(context->context, context->db, ent, tl);
-	    if (ret)
-		return ret;
-	}
-    }
-    if(mask & KADM5_FAIL_AUTH_COUNT) {
-	/* XXX */
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c
deleted file mode 100644
index 46211d2..0000000
--- a/crypto/heimdal/lib/kadm5/error.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: error.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-_kadm5_error_code(kadm5_ret_t code)
-{
-    switch(code){
-    case HDB_ERR_EXISTS:
-	return KADM5_DUP;
-    case HDB_ERR_NOENTRY:
-	return KADM5_UNK_PRINC;
-    }
-    return code;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c
deleted file mode 100644
index ad1574f..0000000
--- a/crypto/heimdal/lib/kadm5/flush.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c
deleted file mode 100644
index 748a49a..0000000
--- a/crypto/heimdal/lib/kadm5/flush_c.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_c.c 5723 1999-03-23 18:23:37Z joda $");
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c
deleted file mode 100644
index 9bed0c6..0000000
--- a/crypto/heimdal/lib/kadm5/flush_s.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_s.c 5723 1999-03-23 18:23:37Z joda $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c
deleted file mode 100644
index 1f1740d..0000000
--- a/crypto/heimdal/lib/kadm5/free.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: free.c 7464 1999-12-02 17:05:13Z joda $");
-
-void 
-kadm5_free_key_data(void *server_handle,
-		    int16_t *n_key_data, 
-		    krb5_key_data *key_data)
-{
-    int i;
-    for(i = 0; i < *n_key_data; i++){
-	if(key_data[i].key_data_contents[0]){
-	    memset(key_data[i].key_data_contents[0], 
-		   0,
-		   key_data[i].key_data_length[0]);
-	    free(key_data[i].key_data_contents[0]);
-	}
-	if(key_data[i].key_data_contents[1])
-	    free(key_data[i].key_data_contents[1]);
-    }
-    *n_key_data = 0;
-}
-
-
-void 
-kadm5_free_principal_ent(void *server_handle,
-			 kadm5_principal_ent_t princ)
-{
-    kadm5_server_context *context = server_handle;
-    if(princ->principal)
-	krb5_free_principal(context->context, princ->principal);
-    if(princ->mod_name)
-	krb5_free_principal(context->context, princ->mod_name);
-    kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
-    while(princ->n_tl_data && princ->tl_data) {
-	krb5_tl_data *tp;
-	tp = princ->tl_data;
-	princ->tl_data = tp->tl_data_next;
-	princ->n_tl_data--;
-	memset(tp->tl_data_contents, 0, tp->tl_data_length);
-	free(tp->tl_data_contents);
-	free(tp);
-    }
-    if (princ->key_data != NULL)
-	free (princ->key_data);
-}
-
-void 
-kadm5_free_name_list(void *server_handle,
-		     char **names, 
-		     int *count)
-{
-    int i;
-    for(i = 0; i < *count; i++)
-	free(names[i]);
-    free(names);
-    *count = 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
deleted file mode 100644
index 5f9724f..0000000
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      uint32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_get);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    krb5_clear_error_string(context->context);
-    if(ret == 0)
-	kadm5_ret_principal_ent(sp, out);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c
deleted file mode 100644
index 81a3cfd..0000000
--- a/crypto/heimdal/lib/kadm5/get_princs_c.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_c.c 15484 2005-06-17 05:21:07Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_principals(void *server_handle, 
-		       const char *expression,
-		       char ***princs, 
-		       int *count)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_get_princs);
-    krb5_store_int32(sp, expression != NULL);
-    if(expression)
-	krb5_store_string(sp, expression);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	int i;
-	krb5_ret_int32(sp, &tmp);
-	*princs = calloc(tmp + 1, sizeof(**princs));
-	if (*princs == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_string(sp, &(*princs)[i]);
-	*count = tmp;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c
deleted file mode 100644
index cab6ef7..0000000
--- a/crypto/heimdal/lib/kadm5/get_princs_s.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_s.c 16378 2005-12-12 12:40:12Z lha $");
-
-struct foreach_data {
-    const char *exp;
-    char *exp2;
-    char **princs;
-    int count;
-};
-
-static krb5_error_code
-add_princ(struct foreach_data *d, char *princ)
-{
-    char **tmp;
-    tmp = realloc(d->princs, (d->count + 1) * sizeof(*tmp));
-    if(tmp == NULL)
-	return ENOMEM;
-    d->princs = tmp;
-    d->princs[d->count++] = princ;
-    return 0;
-}
-
-static krb5_error_code
-foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
-{
-    struct foreach_data *d = data;
-    char *princ;
-    krb5_error_code ret;
-    ret = krb5_unparse_name(context, ent->entry.principal, &princ);
-    if(ret)
-	return ret;
-    if(d->exp){
-	if(fnmatch(d->exp, princ, 0) == 0 || fnmatch(d->exp2, princ, 0) == 0)
-	    ret = add_princ(d, princ);
-	else
-	    free(princ);
-    }else{
-	ret = add_princ(d, princ);
-    }
-    if(ret)
-	free(princ);
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_get_principals(void *server_handle, 
-		       const char *expression,
-		       char ***princs, 
-		       int *count)
-{
-    struct foreach_data d;
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    d.exp = expression;
-    {
-	krb5_realm r;
-	krb5_get_default_realm(context->context, &r);
-	asprintf(&d.exp2, "%s@%s", expression, r);
-	free(r);
-    }
-    d.princs = NULL;
-    d.count = 0;
-    ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
-    context->db->hdb_close(context->context, context->db);
-    if(ret == 0)
-	ret = add_princ(&d, NULL);
-    if(ret == 0){
-	*princs = d.princs;
-	*count = d.count - 1;
-    }else
-	kadm5_free_name_list(context, d.princs, &d.count);
-    free(d.exp2);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c
deleted file mode 100644
index 5d0db9b..0000000
--- a/crypto/heimdal/lib/kadm5/get_s.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_s.c 21745 2007-07-31 16:11:25Z lha $");
-
-static kadm5_ret_t
-add_tl_data(kadm5_principal_ent_t ent, int16_t type, 
-	    const void *data, size_t size)
-{
-    krb5_tl_data *tl;
-
-    tl = calloc(1, sizeof(*tl));
-    if (tl == NULL)
-	return _kadm5_error_code(ENOMEM);
-
-    tl->tl_data_type = type;
-    tl->tl_data_length = size;
-    tl->tl_data_contents = malloc(size);
-    if (tl->tl_data_contents == NULL) {
-	free(tl);
-	return _kadm5_error_code(ENOMEM);
-    }
-    memcpy(tl->tl_data_contents, data, size);
-
-    tl->tl_data_next = ent->tl_data;
-    ent->tl_data = tl;
-    ent->n_tl_data++;
-
-    return 0;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */
-
-kadm5_ret_t
-kadm5_s_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      uint32_t mask)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if(ret)
-	return _kadm5_error_code(ret);
-
-    memset(out, 0, sizeof(*out));
-    if(mask & KADM5_PRINCIPAL)
-	ret  = krb5_copy_principal(context->context, ent.entry.principal, 
-				   &out->principal);
-    if(ret)
-	goto out;
-    if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
-	out->princ_expire_time = *ent.entry.valid_end;
-    if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
-	out->pw_expiration = *ent.entry.pw_end;
-    if(mask & KADM5_LAST_PWD_CHANGE)
-	hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
-    if(mask & KADM5_ATTRIBUTES){
-	out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
-	out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
-	out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
-	out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
-	out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
-	out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
-	out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
-	out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
-	out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
-	out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
-	out->attributes |= ent.entry.flags.trusted_for_delegation ? KRB5_KDB_TRUSTED_FOR_DELEGATION : 0;
-	out->attributes |= ent.entry.flags.allow_kerberos4 ? KRB5_KDB_ALLOW_KERBEROS4 : 0;
-	out->attributes |= ent.entry.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(ent.entry.max_life)
-	    out->max_life = *ent.entry.max_life;
-	else
-	    out->max_life = INT_MAX;
-    }
-    if(mask & KADM5_MOD_TIME) {
-	if(ent.entry.modified_by)
-	    out->mod_date = ent.entry.modified_by->time;
-	else
-	    out->mod_date = ent.entry.created_by.time;
-    }
-    if(mask & KADM5_MOD_NAME) {
-	if(ent.entry.modified_by) {
-	    if (ent.entry.modified_by->principal != NULL)
-		ret = krb5_copy_principal(context->context, 
-					  ent.entry.modified_by->principal,
-					  &out->mod_name);
-	} else if(ent.entry.created_by.principal != NULL)
-	    ret = krb5_copy_principal(context->context, 
-				      ent.entry.created_by.principal,
-				      &out->mod_name);
-	else
-	    out->mod_name = NULL;
-    }
-    if(ret)
-	goto out;
-
-    if(mask & KADM5_KVNO)
-	out->kvno = ent.entry.kvno;
-    if(mask & KADM5_MKVNO) {
-	int n;
-	out->mkvno = 0; /* XXX */
-	for(n = 0; n < ent.entry.keys.len; n++)
-	    if(ent.entry.keys.val[n].mkvno) {
-		out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
-		break;
-	    }
-    }
-    if(mask & KADM5_AUX_ATTRIBUTES)
-	/* XXX implement */;
-    if(mask & KADM5_POLICY)
-	out->policy = NULL;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(ent.entry.max_renew)
-	    out->max_renewable_life = *ent.entry.max_renew;
-	else
-	    out->max_renewable_life = INT_MAX;
-    }
-    if(mask & KADM5_LAST_SUCCESS)
-	/* XXX implement */;
-    if(mask & KADM5_LAST_FAILED)
-	/* XXX implement */;
-    if(mask & KADM5_FAIL_AUTH_COUNT)
-	/* XXX implement */;
-    if(mask & KADM5_KEY_DATA){
-	int i;
-	Key *key;
-	krb5_key_data *kd;
-	krb5_salt salt;
-	krb5_data *sp;
-	krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
-	out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data));
-	if (out->key_data == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < ent.entry.keys.len; i++){
-	    key = &ent.entry.keys.val[i];
-	    kd = &out->key_data[i];
-	    kd->key_data_ver = 2;
-	    kd->key_data_kvno = ent.entry.kvno;
-	    kd->key_data_type[0] = key->key.keytype;
-	    if(key->salt)
-		kd->key_data_type[1] = key->salt->type;
-	    else
-		kd->key_data_type[1] = KRB5_PADATA_PW_SALT;
-	    /* setup key */
-	    kd->key_data_length[0] = key->key.keyvalue.length;
-	    kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
-	    if(kd->key_data_contents[0] == NULL){
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[0], key->key.keyvalue.data, 
-		   kd->key_data_length[0]);
-	    /* setup salt */
-	    if(key->salt)
-		sp = &key->salt->salt;
-	    else
-		sp = &salt.saltvalue;
-	    kd->key_data_length[1] = sp->length;
-	    kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
-	    if(kd->key_data_length[1] != 0
-	       && kd->key_data_contents[1] == NULL) {
-		memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
-	    out->n_key_data = i + 1;
-	}
-	krb5_free_salt(context->context, salt);
-    }
-    if(ret){
-	kadm5_free_principal_ent(context, out);
-	goto out;
-    }
-    if(mask & KADM5_TL_DATA) {
-	time_t last_pw_expire;
-	const HDB_Ext_Aliases *aliases;
-
-	ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
-	if (ret == 0 && last_pw_expire) {
-	    unsigned char buf[4];
-	    _krb5_put_int(buf, last_pw_expire, sizeof(buf));
-	    ret = add_tl_data(out, KRB5_TL_LAST_PWD_CHANGE, buf, sizeof(buf));
-	}
-	if(ret){
-	    kadm5_free_principal_ent(context, out);
-	    goto out;
-	}
-	/* 
-	 * If the client was allowed to get key data, let it have the
-	 * password too.
-	 */
-	if(mask & KADM5_KEY_DATA) {
-	    heim_utf8_string pw;
-
-	    ret = hdb_entry_get_password(context->context, 
-					 context->db, &ent.entry, &pw);
-	    if (ret == 0) {
-		ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
-		free(pw);
-	    }
-	    krb5_clear_error_string(context->context);
-	    ret = 0;
-	}
-
-	ret = hdb_entry_get_aliases(&ent.entry, &aliases);
-	if (ret == 0 && aliases) {
-	    krb5_data buf;
-	    size_t len;
-
-	    ASN1_MALLOC_ENCODE(HDB_Ext_Aliases, buf.data, buf.length,
-			       aliases, &len, ret);
-	    if (ret) {
-		kadm5_free_principal_ent(context, out);
-		goto out;
-	    }
-	    if (len != buf.length)
-		krb5_abortx(context->context,
-			    "internal ASN.1 encoder error");
-	    ret = add_tl_data(out, KRB5_TL_ALIASES, buf.data, buf.length);
-	    free(buf.data);
-	    if (ret) {
-		kadm5_free_principal_ent(context, out);
-		goto out;
-	    }
-	}
-	if(ret){
-	    kadm5_free_principal_ent(context, out);
-	    goto out;
-	}
-
-    }
-out:
-    hdb_free_entry(context->context, &ent);
-
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c
deleted file mode 100644
index be53992..0000000
--- a/crypto/heimdal/lib/kadm5/init_c.c
+++ /dev/null
@@ -1,783 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-RCSID("$Id: init_c.c 21972 2007-10-18 19:11:15Z lha $");
-
-static void
-set_funcs(kadm5_client_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-kadm5_ret_t
-_kadm5_c_init_context(kadm5_client_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    krb5_error_code ret;
-    char *colon;
-
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    if(params->mask & KADM5_CONFIG_REALM) {
-	ret = 0;
-	(*ctx)->realm = strdup(params->realm);
-	if ((*ctx)->realm == NULL)
-	    ret = ENOMEM;
-    } else
-	ret = krb5_get_default_realm((*ctx)->context, &(*ctx)->realm);
-    if (ret) {
-	free(*ctx);
-	return ret;
-    }
-    if(params->mask & KADM5_CONFIG_ADMIN_SERVER)
-	(*ctx)->admin_server = strdup(params->admin_server);
-    else {
-	char **hostlist;
-
-	ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist);
-	if (ret) {
-	    free((*ctx)->realm);
-	    free(*ctx);
-	    return ret;
-	}
-	(*ctx)->admin_server = strdup(*hostlist);
-	krb5_free_krbhst (context, hostlist);
-    }
-
-    if ((*ctx)->admin_server == NULL) {
-	free((*ctx)->realm);
-	free(*ctx);
-	return ENOMEM;
-    }
-    colon = strchr ((*ctx)->admin_server, ':');
-    if (colon != NULL)
-	*colon++ = '\0';
-
-    (*ctx)->kadmind_port = 0;
-
-    if(params->mask & KADM5_CONFIG_KADMIND_PORT)
-	(*ctx)->kadmind_port = params->kadmind_port;
-    else if (colon != NULL) {
-	char *end;
-
-	(*ctx)->kadmind_port = htons(strtol (colon, &end, 0));
-    }
-    if ((*ctx)->kadmind_port == 0)
-	(*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", 
-						   "tcp", 749);
-    return 0;
-}
-
-static krb5_error_code
-get_kadm_ticket(krb5_context context,
-		krb5_ccache id,
-		krb5_principal client,
-		const char *server_name)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out;
-    
-    memset(&in, 0, sizeof(in));
-    in.client = client;
-    ret = krb5_parse_name(context, server_name, &in.server);
-    if(ret) 
-	return ret;
-    ret = krb5_get_credentials(context, 0, id, &in, &out);
-    if(ret == 0)
-	krb5_free_creds(context, out);
-    krb5_free_principal(context, in.server);
-    return ret;
-}
-
-static krb5_error_code
-get_new_cache(krb5_context context,
-	      krb5_principal client,
-	      const char *password,
-	      krb5_prompter_fct prompter,
-	      const char *keytab,
-	      const char *server_name,
-	      krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_get_init_creds_opt *opt;
-    krb5_ccache id;
-    
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	return ret;
-
-    krb5_get_init_creds_opt_set_default_flags(context, "kadmin", 
-					      krb5_principal_get_realm(context, 
-								       client), 
-					      opt);
-
-
-    krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
-
-    if(password == NULL && prompter == NULL) {
-	krb5_keytab kt;
-	if(keytab == NULL)
-	    ret = krb5_kt_default(context, &kt);
-	else
-	    ret = krb5_kt_resolve(context, keytab, &kt);
-	if(ret) {
-	    krb5_get_init_creds_opt_free(context, opt);
-	    return ret;
-	}
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  client,
-					  kt,
-					  0,
-					  server_name,
-					  opt);
-	krb5_kt_close(context, kt);
-    } else {
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    client,
-					    password,
-					    prompter,
-					    NULL,
-					    0,
-					    server_name,
-					    opt);
-    }
-    krb5_get_init_creds_opt_free(context, opt);
-    switch(ret){
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR:	/* don't print anything if it was just C-c:ed */
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-    case KRB5KRB_AP_ERR_MODIFIED:
-	return KADM5_BAD_PASSWORD;
-    default:
-	return ret;
-    }
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if(ret)
-	return ret;
-    ret = krb5_cc_initialize (context, id, cred.client);
-    if (ret)
-	return ret;
-    ret = krb5_cc_store_cred (context, id, &cred);
-    if (ret)
-	return ret;
-    krb5_free_cred_contents (context, &cred);
-    *ret_cache = id;
-    return 0;
-}
-
-/*
- * Check the credential cache `id� to figure out what principal to use
- * when talking to the kadmind. If there is a initial kadmin/admin@
- * credential in the cache, use that client principal. Otherwise, use
- * the client principals first component and add /admin to the
- * principal.
- */
-
-static krb5_error_code
-get_cache_principal(krb5_context context,
-		    krb5_ccache *id,
-		    krb5_principal *client)
-{
-    krb5_error_code ret;
-    const char *name, *inst;
-    krb5_principal p1, p2;
-
-    ret = krb5_cc_default(context, id);
-    if(ret) {
-	*id = NULL;
-	return ret;
-    }
-    
-    ret = krb5_cc_get_principal(context, *id, &p1);
-    if(ret) {
-	krb5_cc_close(context, *id);
-	*id = NULL;
-	return ret;
-    }
-
-    ret = krb5_make_principal(context, &p2, NULL, 
-			      "kadmin", "admin", NULL);
-    if (ret) {
-	krb5_cc_close(context, *id);
-	*id = NULL;
-	krb5_free_principal(context, p1);
-	return ret;
-    }
-
-    {
-	krb5_creds in, *out;
-	krb5_kdc_flags flags;
-
-	flags.i = 0;
-	memset(&in, 0, sizeof(in));
-
-	in.client = p1;
-	in.server = p2;
-
-	/* check for initial ticket kadmin/admin */
-	ret = krb5_get_credentials_with_flags(context, KRB5_GC_CACHED, flags,
-					      *id, &in, &out);
-	krb5_free_principal(context, p2);
-	if (ret == 0) {
-	    if (out->flags.b.initial) {
-		*client = p1;
-		krb5_free_creds(context, out);
-		return 0;
-	    }
-	    krb5_free_creds(context, out);
-	}
-    }
-    krb5_cc_close(context, *id);
-    *id = NULL;
-
-    name = krb5_principal_get_comp_string(context, p1, 0);
-    inst = krb5_principal_get_comp_string(context, p1, 1);
-    if(inst == NULL || strcmp(inst, "admin") != 0) {
-	ret = krb5_make_principal(context, &p2, NULL, name, "admin", NULL);
-	krb5_free_principal(context, p1);
-	if(ret != 0)
-	    return ret;
-
-	*client = p2;
-	return 0;
-    }
-
-    *client = p1;
-
-    return 0;
-}
-
-krb5_error_code
-_kadm5_c_get_cred_cache(krb5_context context,
-			const char *client_name,
-			const char *server_name,
-			const char *password,
-			krb5_prompter_fct prompter,
-			const char *keytab,
-			krb5_ccache ccache,
-			krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-    krb5_principal default_client = NULL, client = NULL;
-    
-    /* treat empty password as NULL */
-    if(password && *password == '\0')
-	password = NULL;
-    if(server_name == NULL)
-	server_name = KADM5_ADMIN_SERVICE;
-    
-    if(client_name != NULL) {
-	ret = krb5_parse_name(context, client_name, &client);
-	if(ret) 
-	    return ret;
-    }
-
-    if(ccache != NULL) {
-	id = ccache;
-	ret = krb5_cc_get_principal(context, id, &client);
-	if(ret)
-	    return ret;
-    } else {
-	/* get principal from default cache, ok if this doesn't work */
-
-	ret = get_cache_principal(context, &id, &default_client);
-	if (ret) {
-	    /* 
-	     * No client was specified by the caller and we cannot
-	     * determine the client from a credentials cache.
-	     */
-	    const char *user;
-
-	    user = get_default_username ();
-
-	    if(user == NULL) {
-		krb5_set_error_string(context, "Unable to find local user name");
-		return KADM5_FAILURE;
-	    }
-	    ret = krb5_make_principal(context, &default_client, 
-				      NULL, user, "admin", NULL);
-	    if(ret)
-		return ret;
-	}
-    }
-
-
-    /*
-     * No client was specified by the caller, but we have a client
-     * from the default credentials cache.
-     */
-    if (client == NULL && default_client != NULL)
-	client = default_client;
-
-    
-    if(id && (default_client == NULL || 
-	      krb5_principal_compare(context, client, default_client))) {
-	ret = get_kadm_ticket(context, id, client, server_name);
-	if(ret == 0) {
-	    *ret_cache = id;
-	    krb5_free_principal(context, default_client);
-	    if (default_client != client)
-		krb5_free_principal(context, client);
-	    return 0;
-	}
-	if(ccache != NULL)
-	    /* couldn't get ticket from cache */
-	    return -1;
-    }
-    /* get creds via AS request */
-    if(id && (id != ccache))
-	krb5_cc_close(context, id);
-    if (client != default_client)
-	krb5_free_principal(context, default_client);
-
-    ret = get_new_cache(context, client, password, prompter, keytab, 
-			server_name, ret_cache);
-    krb5_free_principal(context, client);
-    return ret;
-}
-
-static kadm5_ret_t
-kadm_connect(kadm5_client_context *ctx)
-{
-    kadm5_ret_t ret;
-    krb5_principal server;
-    krb5_ccache cc;
-    int s;
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    char *hostname, *slash;
-    char *service_name;
-    krb5_context context = ctx->context;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port));
-
-    hostname = ctx->admin_server;
-    slash = strchr (hostname, '/');
-    if (slash != NULL)
-	hostname = slash + 1;
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	krb5_clear_error_string(context);
-	return KADM5_BAD_SERVER_NAME;
-    }
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    krb5_clear_error_string(context);
-	    krb5_warn (context, errno, "connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	krb5_clear_error_string(context);
-	krb5_warnx (context, "failed to contact %s", hostname);
-	return KADM5_FAILURE;
-    }
-    ret = _kadm5_c_get_cred_cache(context,
-				  ctx->client_name, 
-				  ctx->service_name, 
-				  NULL, ctx->prompter, ctx->keytab, 
-				  ctx->ccache, &cc);
-    
-    if(ret) {
-	freeaddrinfo (ai);
-	close(s);
-	return ret;
-    }
-
-    if (ctx->realm)
-	asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm);
-    else
-	asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE);
-
-    if (service_name == NULL) {
-	freeaddrinfo (ai);
-	close(s);
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = krb5_parse_name(context, service_name, &server);
-    free(service_name);
-    if(ret) {
-	freeaddrinfo (ai);
-	if(ctx->ccache == NULL)
-	    krb5_cc_close(context, cc);
-	close(s);
-	return ret;
-    }
-    ctx->ac = NULL;
-
-    ret = krb5_sendauth(context, &ctx->ac, &s, 
-			KADMIN_APPL_VERSION, NULL, 
-			server, AP_OPTS_MUTUAL_REQUIRED, 
-			NULL, NULL, cc, NULL, NULL, NULL);
-    if(ret == 0) {
-	krb5_data params;
-	kadm5_config_params p;
-	memset(&p, 0, sizeof(p));
-	if(ctx->realm) {
-	    p.mask |= KADM5_CONFIG_REALM;
-	    p.realm = ctx->realm;
-	}
-	ret = _kadm5_marshal_params(context, &p, &params);
-	
-	ret = krb5_write_priv_message(context, ctx->ac, &s, &params);
-	krb5_data_free(&params);
-	if(ret) {
-	    freeaddrinfo (ai);
-	    close(s);
-	    if(ctx->ccache == NULL)
-		krb5_cc_close(context, cc);
-	    return ret;
-	}
-    } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) {
-	close(s);
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0) {
-	    freeaddrinfo (ai);
-	    krb5_clear_error_string(context);
-	    return errno;
-	}
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    freeaddrinfo (ai);
-	    krb5_clear_error_string(context);
-	    return errno;
-	}
-	ret = krb5_sendauth(context, &ctx->ac, &s, 
-			    KADMIN_OLD_APPL_VERSION, NULL, 
-			    server, AP_OPTS_MUTUAL_REQUIRED, 
-			    NULL, NULL, cc, NULL, NULL, NULL);
-    }
-    freeaddrinfo (ai);
-    if(ret) {
-	close(s);
-	return ret;
-    }
-    
-    krb5_free_principal(context, server);
-    if(ctx->ccache == NULL)
-	krb5_cc_close(context, cc);
-    ctx->sock = s;
-    
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_connect(void *handle)
-{
-    kadm5_client_context *ctx = handle;
-    if(ctx->sock == -1)
-	return kadm_connect(ctx);
-    return 0;
-}
-
-static kadm5_ret_t 
-kadm5_c_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *password,
-			  krb5_prompter_fct prompter,
-			  const char *keytab,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_client_context *ctx;
-    krb5_ccache cc;
-
-    ret = _kadm5_c_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    if(password != NULL && *password != '\0') {
-	ret = _kadm5_c_get_cred_cache(context, 
-				      client_name,
-				      service_name, 
-				      password, prompter, keytab, ccache, &cc);
-	if(ret)
-	    return ret; /* XXX */
-	ccache = cc;
-    }
-    
-
-    if (client_name != NULL)
-	ctx->client_name = strdup(client_name);
-    else
-	ctx->client_name = NULL;
-    if (service_name != NULL)
-	ctx->service_name = strdup(service_name);
-    else
-	ctx->service_name = NULL;
-    ctx->prompter = prompter;
-    ctx->keytab = keytab;
-    ctx->ccache = ccache;
-    /* maybe we should copy the params here */
-    ctx->sock = -1;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-static kadm5_ret_t 
-init_context(const char *client_name, 
-	     const char *password,
-	     krb5_prompter_fct prompter,
-	     const char *keytab,
-	     krb5_ccache ccache,
-	     const char *service_name,
-	     kadm5_config_params *realm_params,
-	     unsigned long struct_version,
-	     unsigned long api_version,
-	     void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_c_init_with_context(context,
-				    client_name,
-				    password,
-				    prompter,
-				    keytab,
-				    ccache,
-				    service_name,
-				    realm_params,
-				    struct_version,
-				    api_version,
-				    server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     password,
-				     krb5_prompter_posix,
-				     NULL,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return init_context(client_name, 
-			password, 
-			krb5_prompter_posix,
-			NULL,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     keytab,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-
-kadm5_ret_t 
-kadm5_c_init_with_skey(const char *client_name, 
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			keytab,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     NULL,
-				     ccache,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			NULL,
-			ccache,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-#if 0
-kadm5_ret_t 
-kadm5_init(char *client_name, char *pass,
-	   char *service_name,
-	   kadm5_config_params *realm_params,
-	   unsigned long struct_version,
-	   unsigned long api_version,
-	   void **server_handle)
-{
-}
-#endif
-
diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c
deleted file mode 100644
index dee464b..0000000
--- a/crypto/heimdal/lib/kadm5/init_s.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: init_s.c 9441 2000-12-31 08:01:16Z assar $");
-
-
-static kadm5_ret_t 
-kadm5_s_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    ret = _kadm5_s_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    assert(ctx->config.dbname != NULL);
-    assert(ctx->config.stash_file != NULL);
-    assert(ctx->config.acl_file != NULL);
-    assert(ctx->log_context.log_file != NULL);
-    assert(ctx->log_context.socket_name.sun_path[0] != '\0');
-
-    ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
-    if(ret)
-	return ret;
-    ret = hdb_set_master_keyfile (ctx->context, 
-				  ctx->db, ctx->config.stash_file);
-    if(ret)
-	return ret;
-
-    ctx->log_context.log_fd   = -1;
-
-    ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-
-    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
-    if(ret)
-	return ret;
-
-    ret = _kadm5_acl_init(ctx);
-    if(ret)
-	return ret;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_password_ctx(context, 
-					 client_name, 
-					 password, 
-					 service_name, 
-					 realm_params, 
-					 struct_version, 
-					 api_version, 
-					 server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey(const char *client_name,
-		       const char *keytab,
-		       const char *service_name,
-		       kadm5_config_params *realm_params,
-		       unsigned long struct_version,
-		       unsigned long api_version,
-		       void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_skey_ctx(context, 
-				     client_name, 
-				     keytab, 
-				     service_name, 
-				     realm_params, 
-				     struct_version, 
-				     api_version, 
-				     server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_creds_ctx(context, 
-				      client_name, 
-				      ccache, 
-				      service_name, 
-				      realm_params, 
-				      struct_version, 
-				      api_version, 
-				      server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop-commands.in b/crypto/heimdal/lib/kadm5/iprop-commands.in
deleted file mode 100644
index 438594e..0000000
--- a/crypto/heimdal/lib/kadm5/iprop-commands.in
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: iprop-commands.in 20602 2007-05-08 03:08:35Z lha $ */
-
-command = {
-	name = "dump"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_dump"
-	help = "Prints the iprop transaction log in text."
-	max_args = "0"
-}
-command = {
-	name = "truncate"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_truncate"
-	help = "Truncate the log, preserve the version number."
-	max_args = "0"
-}
-command = {
-	name = "replay"
-	option = {
-		long = "start-version"
-		type = "integer"
-		help = "start replay with this version"
-		argument = "version-number"
-		default = "-1"
-	}
-	option = {
-		long = "end-version"
-		type = "integer"
-		help = "end replay with this version"
-		argument = "version-number"
-		default = "-1"
-	}
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_replay"
-	help = "Replay the log on the database."
-	max_args = "0"
-}
-command = {
-	name = "last-version"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "last_version"
-	help = "Print the last version of the log-file."
-	max_args = "0"
-}
-command = {
-	name = "help"
-	argument = "command"
-	max_args = "1"
-	function = "help"
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop-log.8 b/crypto/heimdal/lib/kadm5/iprop-log.8
deleted file mode 100644
index 599046b..0000000
--- a/crypto/heimdal/lib/kadm5/iprop-log.8
+++ /dev/null
@@ -1,170 +0,0 @@
-.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $
-.\" 
-.\" Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\"	$Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $
-.\"
-.Dd February 18, 2007
-.Dt IPROP-LOG 8
-.Os Heimdal
-.Sh NAME
-.Nm iprop-log
-.Nd
-maintain the iprop log file
-.Sh SYNOPSIS
-.Nm
-.Op Fl -version
-.Op Fl h | Fl -help
-.Ar command
-.Pp
-.Nm iprop-log truncate
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Pp
-.Nm iprop-log dump
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Pp
-.Nm iprop-log replay
-.Op Fl -start-version= Ns Ar version-number
-.Op Fl -end-version= Ns Ar version-number
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Sh DESCRIPTION
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.El
-.Pp
-command can be one of the following:
-.Bl -tag -width truncate
-.It truncate
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Truncates the log. Sets the new logs version number for the to the
-last entry of the old log.  If the log is truncted by emptying the
-file, the log will start over at the first version (0).
-.It dump
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Print out all entires in the log to standard output.
-.It replay
-.Bl -tag -width Ds
-.It Xo
-.Fl -start-version= Ns Ar version-number
-.Xc
-start replay with this version
-.It Xo
-.Fl -end-version= Ns Ar version-number
-.Xc
-end replay with this version
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Replay the changes from specified entries (or all if none is
-specified) in the transaction log to the database.
-.It last-version
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-prints the version of the last log entry.
-.El
-.Sh SEE ALSO
-.Xr iprop 8
diff --git a/crypto/heimdal/lib/kadm5/iprop-log.c b/crypto/heimdal/lib/kadm5/iprop-log.c
deleted file mode 100644
index 7b43076..0000000
--- a/crypto/heimdal/lib/kadm5/iprop-log.c
+++ /dev/null
@@ -1,486 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include <sl.h>
-#include <parse_time.h>
-#include "iprop-commands.h"
-
-RCSID("$Id: iprop-log.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_context context;
-
-static kadm5_server_context *
-get_kadmin_context(const char *config_file, char *realm)
-{
-    kadm5_config_params conf;
-    krb5_error_code ret;
-    void *kadm_handle;
-    char **files;
-
-    if (config_file == NULL) {
-	char *file;
-	asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
-	if (file == NULL)
-	    errx(1, "out of memory");
-	config_file = file;
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    return (kadm5_server_context *)kadm_handle;
-}
-
-/*
- * dump log
- */
-
-static const char *op_names[] = {
-    "get",
-    "delete",
-    "create",
-    "rename",
-    "chpass",
-    "modify",
-    "randkey",
-    "get_privs",
-    "get_princs",
-    "chpass_with_key",
-    "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
-	    uint32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    uint32_t len,
-	    krb5_storage *sp,
-	    void *ctx)
-{
-    char t[256];
-    int32_t mask;
-    hdb_entry ent;
-    krb5_principal source;
-    char *name1, *name2;
-    krb5_data data;
-    krb5_context scontext = server_context->context;
-
-    off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-    
-    krb5_error_code ret;
-
-    strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
-    if(op < kadm_get || op > kadm_nop) {
-	printf("unknown op: %d\n", op);
-	krb5_storage_seek(sp, end, SEEK_SET);
-	return;
-    }
-
-    printf ("%s: ver = %u, timestamp = %s, len = %u\n",
-	    op_names[op], ver, t, len);
-    switch(op) {
-    case kadm_delete:
-	krb5_ret_principal(sp, &source);
-	krb5_unparse_name(scontext, source, &name1);
-	printf("    %s\n", name1);
-	free(name1);
-	krb5_free_principal(scontext, source);
-	break;
-    case kadm_rename:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
-	krb5_ret_principal(sp, &source);
-	krb5_storage_read(sp, data.data, data.length);
-	hdb_value2entry(scontext, &data, &ent);
-	krb5_unparse_name(scontext, source, &name1);
-	krb5_unparse_name(scontext, ent.principal, &name2);
-	printf("    %s -> %s\n", name1, name2);
-	free(name1);
-	free(name2);
-	krb5_free_principal(scontext, source);
-	free_hdb_entry(&ent);
-	break;
-    case kadm_create:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(scontext, &data, &ent);
-	if(ret)
-	    abort();
-	mask = ~0;
-	goto foo;
-    case kadm_modify:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
-	krb5_ret_int32(sp, &mask);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(scontext, &data, &ent);
-	if(ret)
-	    abort();
-    foo:
-	if(ent.principal /* mask & KADM5_PRINCIPAL */) {
-	    krb5_unparse_name(scontext, ent.principal, &name1);
-	    printf("    principal = %s\n", name1);
-	    free(name1);
-	}
-	if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	    if(ent.valid_end == NULL) {
-		strlcpy(t, "never", sizeof(t));
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.valid_end));
-	    }
-	    printf("    expires = %s\n", t);
-	}
-	if(mask & KADM5_PW_EXPIRATION) {
-	    if(ent.pw_end == NULL) {
-		strlcpy(t, "never", sizeof(t));
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.pw_end));
-	    }
-	    printf("    password exp = %s\n", t);
-	}
-	if(mask & KADM5_LAST_PWD_CHANGE) {
-	}
-	if(mask & KADM5_ATTRIBUTES) {
-	    unparse_flags(HDBFlags2int(ent.flags), 
-			  asn1_HDBFlags_units(), t, sizeof(t));
-	    printf("    attributes = %s\n", t);
-	}
-	if(mask & KADM5_MAX_LIFE) {
-	    if(ent.max_life == NULL)
-		strlcpy(t, "for ever", sizeof(t));
-	    else
-		unparse_time(*ent.max_life, t, sizeof(t));
-	    printf("    max life = %s\n", t);
-	}
-	if(mask & KADM5_MAX_RLIFE) {
-	    if(ent.max_renew == NULL)
-		strlcpy(t, "for ever", sizeof(t));
-	    else
-		unparse_time(*ent.max_renew, t, sizeof(t));
-	    printf("    max rlife = %s\n", t);
-	}
-	if(mask & KADM5_MOD_TIME) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_MOD_NAME) {
-	    printf("    mod name\n");
-	}
-	if(mask & KADM5_KVNO) {
-	    printf("    kvno = %d\n", ent.kvno);
-	}
-	if(mask & KADM5_MKVNO) {
-	    printf("    mkvno\n");
-	}
-	if(mask & KADM5_AUX_ATTRIBUTES) {
-	    printf("    aux attributes\n");
-	}
-	if(mask & KADM5_POLICY) {
-	    printf("    policy\n");
-	}
-	if(mask & KADM5_POLICY_CLR) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_LAST_SUCCESS) {
-	    printf("    last success\n");
-	}
-	if(mask & KADM5_LAST_FAILED) {
-	    printf("    last failed\n");
-	}
-	if(mask & KADM5_FAIL_AUTH_COUNT) {
-	    printf("    fail auth count\n");
-	}
-	if(mask & KADM5_KEY_DATA) {
-	    printf("    key data\n");
-	}
-	if(mask & KADM5_TL_DATA) {
-	    printf("    tl data\n");
-	}
-	free_hdb_entry(&ent);
-	break;
-    case kadm_nop :
-	break;
-    default:
-	abort();
-    }
-    krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-int
-iprop_dump(struct dump_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, print_entry, NULL);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    return 0;
-}
-
-int
-iprop_truncate(struct truncate_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_truncate (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_truncate");
-
-    return 0;
-}
-
-int
-last_version(struct last_version_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-    uint32_t version;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_get_version (server_context, &version);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_get_version");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-
-    printf("version: %lu\n", (unsigned long)version);
-
-    return 0;
-}
-
-/*
- * Replay log
- */
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
-	    uint32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    uint32_t len,
-	    krb5_storage *sp, 
-	    void *ctx)
-{
-    struct replay_options *opt = ctx;
-    krb5_error_code ret;
-
-    if((opt->start_version_integer != -1 && ver < opt->start_version_integer) ||
-       (opt->end_version_integer != -1 && ver > opt->end_version_integer)) {
-	/* XXX skip this entry */
-	krb5_storage_seek(sp, len, SEEK_CUR);
-	return;
-    }
-    printf ("ver %u... ", ver);
-    fflush (stdout);
-
-    ret = kadm5_log_replay (server_context,
-			    op, ver, len, sp);
-    if (ret)
-	krb5_warn (server_context->context, ret, "kadm5_log_replay");
-    
-    printf ("done\n");
-}
-
-int
-iprop_replay(struct replay_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = server_context->db->hdb_open(context,
-				       server_context->db,
-				       O_RDWR | O_CREAT, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, apply_entry, opt);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    ret = server_context->db->hdb_close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-
-    return 0;
-}
-
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-    { "version", 	0,	arg_flag, 	&version_flag,
-      NULL,		NULL 
-    }, 
-    { "help", 	'h', 	arg_flag, 	&help_flag, 
-      NULL, NULL
-    }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-help(void *opt, int argc, char **argv)
-{
-    if(argc == 0) {
-	sl_help(commands, 1, argv - 1 /* XXX */);
-    } else {
-	SL_cmd *c = sl_match (commands, argv[0], 0);
- 	if(c == NULL) {
-	    fprintf (stderr, "No such command: %s. "
-		     "Try \"help\" for a list of commands\n",
-		     argv[0]);
-	} else {
-	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
-		fake[0] = argv[0];
-		(*c->func)(2, fake);
-		fprintf(stderr, "\n");
-	    }
-	    if(c->help && *c->help)
-		fprintf (stderr, "%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		int f = 0;
-		fprintf (stderr, "Synonyms:");
-		while (c->name && c->func == NULL) {
-		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
-		    f = 1;
-		}
-		fprintf (stderr, "\n");
-	    }
-	}
-    }
-    return 0;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    exit(status);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argc -= optidx;
-    argv += optidx;
-    if(argc == 0)
-	usage(1);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context failed with: %d\n", ret);
-
-    ret = sl_command(commands, argc, argv);
-    if(ret == -1)
-	warnx ("unrecognized command: %s", argv[0]);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop.8 b/crypto/heimdal/lib/kadm5/iprop.8
deleted file mode 100644
index d1e55cc..0000000
--- a/crypto/heimdal/lib/kadm5/iprop.8
+++ /dev/null
@@ -1,223 +0,0 @@
-.\" $Id: iprop.8 21940 2007-09-28 22:28:09Z lha $
-.\" 
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.Dd May 24, 2005
-.Dt IPROP 8
-.Os Heimdal
-.Sh NAME
-.Nm iprop ,
-.Nm ipropd-master ,
-.Nm ipropd-slave
-.Nd
-propagate changes to a Heimdal Kerberos master KDC to slave KDCs
-.Sh SYNOPSIS
-.Nm ipropd-master
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file
-.Xc
-.Oc
-.Op Fl -slave-stats-file= Ns Ar file
-.Op Fl -time-missing= Ns Ar time
-.Op Fl -time-gone= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
-.Nm ipropd-slave
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Op Fl -time-lost= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
-.Ar master
-.Pp
-.Sh DESCRIPTION
-.Nm ipropd-master
-is used to propagate changes to a Heimdal Kerberos database from the
-master Kerberos server on which it runs to slave Kerberos servers
-running
-.Nm ipropd-slave .
-.Pp
-The slaves are specified by the contents of the
-.Pa slaves
-file in the KDC's database directory, e.g.\&
-.Pa /var/heimdal/slaves .
-This has principals one per-line of the form
-.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
-where 
-.Ar slave 
-is the hostname of the slave server in the given 
-.Ar REALM ,
-e.g.\&
-.Dl iprop/kerberos-1.example.com@EXAMPLE.COM
-On a slave, the argument
-.Fa master
-specifies the hostname of the master server from which to receive updates.
-.Pp
-In contrast to
-.Xr hprop 8 ,
-which sends the whole database to the slaves regularly,
-.Nm
-normally sends only the changes as they happen on the master.  The
-master keeps track of all the changes by assigning a version number to
-every change to the database.  The slaves know which was the latest
-version they saw, and in this way it can be determined if they are in
-sync or not.  A log of all the changes is kept on the master.  When a
-slave is at an older version than the oldest one in the log, the whole
-database has to be sent.
-.Pp
-The changes are propagated over a secure channel (on port 2121 by
-default).  This should normally be defined as
-.Dq iprop/tcp
-in
-.Pa /etc/services
-or another source of the services database.  The master and slaves
-must each have access to a keytab with keys for the
-.Nm iprop
-service principal on the local host.
-.Pp
-There is a keep-alive feature logged in the master's
-.Pa slave-stats
-file (e.g.\&
-.Pa /var/heimdal/slave-stats ) .
-.Pp
-Supported options for
-.Nm ipropd-master :
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-keytab to get authentication from
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
-Database (default per KDC)
-.It Xo
-.Fl -slave-stats-file= Ns Ar file
-.Xc
-file for slave status information
-.It Xo
-.Fl -time-missing= Ns Ar time
-.Xc
-time before slave is polled for presence (default 2 min)
-.It Xo
-.Fl -time-gone= Ns Ar time
-.Xc
-time of inactivity after which a slave is considered gone (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
-detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-.Pp
-Supported options for
-.Nm ipropd-slave :
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-keytab to get authentication from
-.It Xo
-.Fl -time-lost= Ns Ar time
-.Xc
-time before server is considered lost (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
-detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-Time arguments for the relevant options above may be specified in forms
-like 5 min, 300 s, or simply a number of seconds.
-.Sh FILES
-.Pa slaves ,
-.Pa slave-stats
-in the database directory.
-.Sh SEE ALSO
-.Xr hpropd 8 ,
-.Xr hprop 8 ,
-.Xr krb5.conf 8 , 
-.Xr kdc 8 ,
-.Xr iprop-log 8 .
diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h
deleted file mode 100644
index beb5414..0000000
--- a/crypto/heimdal/lib/kadm5/iprop.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1998-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: iprop.h 22211 2007-12-07 19:27:27Z lha $ */
-
-#ifndef __IPROP_H__
-#define __IPROP_H__
-
-#include "kadm5_locl.h"
-#include <getarg.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-#include <parse_time.h>
-
-#define IPROP_VERSION "iprop-0.0"
-
-#define IPROP_NAME "iprop"
-
-#define IPROP_SERVICE "iprop"
-
-#define IPROP_PORT 2121
-
-enum iprop_cmd { I_HAVE = 1,
-		 FOR_YOU = 2,
-		 TELL_YOU_EVERYTHING = 3,
-		 ONE_PRINC = 4,
-		 NOW_YOU_HAVE = 5,
-		 ARE_YOU_THERE = 6,
-		 I_AM_HERE = 7
-};
-
-extern sig_atomic_t exit_flag;
-void setup_signal(void);
-
-#endif /* __IPROP_H__ */
diff --git a/crypto/heimdal/lib/kadm5/ipropd_common.c b/crypto/heimdal/lib/kadm5/ipropd_common.c
deleted file mode 100644
index e656159..0000000
--- a/crypto/heimdal/lib/kadm5/ipropd_common.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-RCSID("$Id$");
-
-sig_atomic_t exit_flag;
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = sig;
-}
-
-void
-setup_signal(void)
-{
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT, &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-	sigaction(SIGXCPU, &sa, NULL);
-
-	sa.sa_handler = SIG_IGN;
-	sigaction(SIGPIPE, &sa, NULL);
-    }
-#else
-    signal(SIGINT, sigterm);
-    signal(SIGTERM, sigterm);
-    signal(SIGXCPU, sigterm);
-    signal(SIGPIPE, SIG_IGN);
-#endif
-}
diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c
deleted file mode 100644
index bd8f71f..0000000
--- a/crypto/heimdal/lib/kadm5/ipropd_master.c
+++ /dev/null
@@ -1,937 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include <rtbl.h>
-
-RCSID("$Id: ipropd_master.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_log_facility *log_facility;
-
-const char *slave_stats_file;
-const char *slave_time_missing = "2 min";
-const char *slave_time_gone = "5 min";
-
-static int time_before_missing;
-static int time_before_gone;
-
-const char *master_hostname;
-
-static int
-make_signal_socket (krb5_context context)
-{
-    struct sockaddr_un addr;
-    const char *fn;
-    int fd;
-
-    fn = kadm5_log_signal_socket(context);
-
-    fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_UNIX");
-    memset (&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    strlcpy (addr.sun_path, fn, sizeof(addr.sun_path));
-    unlink (addr.sun_path);
-    if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind %s", addr.sun_path);
-    return fd;
-}
-
-static int
-make_listen_socket (krb5_context context, const char *port_str)
-{
-    int fd;
-    int one = 1;
-    struct sockaddr_in addr;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-
-    if (port_str) {
-	addr.sin_port = krb5_getportbyname (context,
-					      port_str, "tcp", 
-					      0);
-	if (addr.sin_port == 0) {
-	    char *ptr;
-	    long port;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    addr.sin_port = htons(port);
-	}
-    } else {
-	addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, 
-					    "tcp", IPROP_PORT);
-    }
-    if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind");
-    if (listen(fd, SOMAXCONN) < 0)
-	krb5_err (context, 1, errno, "listen");
-    return fd;
-}
-
-struct slave {
-    int fd;
-    struct sockaddr_in addr;
-    char *name;
-    krb5_auth_context ac;
-    uint32_t version;
-    time_t seen;
-    unsigned long flags;
-#define SLAVE_F_DEAD	0x1
-#define SLAVE_F_AYT	0x2
-    struct slave *next;
-};
-
-typedef struct slave slave;
-
-static int
-check_acl (krb5_context context, const char *name)
-{
-    const char *fn;
-    FILE *fp;
-    char buf[256];
-    int ret = 1;
-    char *slavefile;
-
-    asprintf(&slavefile, "%s/slaves", hdb_db_dir(context));
-
-    fn = krb5_config_get_string_default(context,
-					NULL,
-					slavefile,
-					"kdc",
-					"iprop-acl",
-					NULL);
-
-    fp = fopen (fn, "r");
-    free(slavefile);
-    if (fp == NULL)
-	return 1;
-    while (fgets(buf, sizeof(buf), fp) != NULL) {
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (strcmp (buf, name) == 0) {
-	    ret = 0;
-	    break;
-	}
-    }
-    fclose (fp);
-    return ret;
-}
-
-static void
-slave_seen(slave *s)
-{
-    s->flags &= ~SLAVE_F_AYT;
-    s->seen = time(NULL);
-}
-
-static int
-slave_missing_p (slave *s)
-{
-    if (time(NULL) > s->seen + time_before_missing)
-	return 1;
-    return 0;
-}
-
-static int
-slave_gone_p (slave *s)
-{
-    if (time(NULL) > s->seen + time_before_gone)
-	return 1;
-    return 0;
-}
-
-static void
-slave_dead(krb5_context context, slave *s)
-{
-    krb5_warnx(context, "slave %s dead", s->name);
-
-    if (s->fd >= 0) {
-	close (s->fd);
-	s->fd = -1;
-    }
-    s->flags |= SLAVE_F_DEAD;
-    slave_seen(s);
-}
-
-static void
-remove_slave (krb5_context context, slave *s, slave **root)
-{
-    slave **p;
-
-    if (s->fd >= 0)
-	close (s->fd);
-    if (s->name)
-	free (s->name);
-    if (s->ac)
-	krb5_auth_con_free (context, s->ac);
-
-    for (p = root; *p; p = &(*p)->next)
-	if (*p == s) {
-	    *p = s->next;
-	    break;
-	}
-    free (s);
-}
-
-static void
-add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
-{
-    krb5_principal server;
-    krb5_error_code ret;
-    slave *s;
-    socklen_t addr_len;
-    krb5_ticket *ticket = NULL;
-    char hostname[128];
-
-    s = malloc(sizeof(*s));
-    if (s == NULL) {
-	krb5_warnx (context, "add_slave: no memory");
-	return;
-    }
-    s->name = NULL;
-    s->ac = NULL;
-
-    addr_len = sizeof(s->addr);
-    s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
-    if (s->fd < 0) {
-	krb5_warn (context, errno, "accept");
-	goto error;
-    }
-    if (master_hostname)
-	strlcpy(hostname, master_hostname, sizeof(hostname));
-    else
-	gethostname(hostname, sizeof(hostname));
-
-    ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sname_to_principal");
-	goto error;
-    }
-
-    ret = krb5_recvauth (context, &s->ac, &s->fd,
-			 IPROP_VERSION, server, 0, keytab, &ticket);
-    krb5_free_principal (context, server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_recvauth");
-	goto error;
-    }
-    ret = krb5_unparse_name (context, ticket->client, &s->name);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_unparse_name");
-	goto error;
-    }
-    if (check_acl (context, s->name)) {
-	krb5_warnx (context, "%s not in acl", s->name);
-	goto error;
-    }
-    krb5_free_ticket (context, ticket);
-    ticket = NULL;
-
-    {
-	slave *l = *root;
-
-	while (l) {
-	    if (strcmp(l->name, s->name) == 0)
-		break;
-	    l = l->next;
-	}
-	if (l) {
-	    if (l->flags & SLAVE_F_DEAD) {
-		remove_slave(context, l, root);
-	    } else {
-		krb5_warnx (context, "second connection from %s", s->name);
-		goto error;
-	    }
-	}
-    }
-
-    krb5_warnx (context, "connection from %s", s->name);
-
-    s->version = 0;
-    s->flags = 0;
-    slave_seen(s);
-    s->next = *root;
-    *root = s;
-    return;
-error:
-    remove_slave(context, s, root);
-}
-
-struct prop_context {
-    krb5_auth_context auth_context;
-    int fd;
-};
-
-static int
-prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    krb5_data data;
-    struct slave *s = (struct slave *)v;
-
-    ret = hdb_entry2value (context, &entry->entry, &data);
-    if (ret)
-	return ret;
-    ret = krb5_data_realloc (&data, data.length + 4);
-    if (ret) {
-	krb5_data_free (&data);
-	return ret;
-    }
-    memmove ((char *)data.data + 4, data.data, data.length - 4);
-    sp = krb5_storage_from_data(&data);
-    if (sp == NULL) {
-	krb5_data_free (&data);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, ONE_PRINC);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message (context, s->ac, &s->fd, &data);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static int
-send_complete (krb5_context context, slave *s,
-	       const char *database, uint32_t current_version)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    HDB *db;
-    krb5_data data;
-    char buf[8];
-
-    ret = hdb_create (context, &db, database);
-    if (ret)
-	krb5_err (context, 1, ret, "hdb_create: %s", database);
-    ret = db->hdb_open (context, db, O_RDONLY, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    sp = krb5_storage_from_mem (buf, 4);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_mem");
-    krb5_store_int32 (sp, TELL_YOU_EVERYTHING);
-    krb5_storage_free (sp);
-
-    data.data   = buf;
-    data.length = 4;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-
-    if (ret) {
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	slave_dead(context, s);
-	return ret;
-    }
-
-    ret = hdb_foreach (context, db, 0, prop_one, s);
-    if (ret) {
-	krb5_warn (context, ret, "hdb_foreach");
-	slave_dead(context, s);
-	return ret;
-    }
-
-    (*db->hdb_close)(context, db);
-    (*db->hdb_destroy)(context, db);
-
-    sp = krb5_storage_from_mem (buf, 8);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_mem");
-    krb5_store_int32 (sp, NOW_YOU_HAVE);
-    krb5_store_int32 (sp, current_version);
-    krb5_storage_free (sp);
-
-    data.length = 8;
-
-    s->version = current_version;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    if (ret) {
-	slave_dead(context, s);
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	return ret;
-    }
-
-    slave_seen(s);
-
-    return 0;
-}
-
-static int
-send_are_you_there (krb5_context context, slave *s)
-{
-    krb5_storage *sp;
-    krb5_data data;
-    char buf[4];
-    int ret;
-
-    if (s->flags & (SLAVE_F_DEAD|SLAVE_F_AYT))
-	return 0;
-
-    s->flags |= SLAVE_F_AYT;
-
-    data.data = buf;
-    data.length = 4;
-
-    sp = krb5_storage_from_mem (buf, 4);
-    if (sp == NULL) {
-	krb5_warnx (context, "are_you_there: krb5_data_alloc");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_store_int32 (sp, ARE_YOU_THERE);
-    krb5_storage_free (sp);
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-
-    if (ret) {
-	krb5_warn (context, ret, "are_you_there: krb5_write_priv_message");
-	slave_dead(context, s);
-	return 1;
-    }
-
-    return 0;
-}
-
-static int
-send_diffs (krb5_context context, slave *s, int log_fd,
-	    const char *database, uint32_t current_version)
-{
-    krb5_storage *sp;
-    uint32_t ver;
-    time_t timestamp;
-    enum kadm_ops op;
-    uint32_t len;
-    off_t right, left;
-    krb5_data data;
-    int ret = 0;
-
-    if (s->version == current_version) {
-	krb5_warnx(context, "slave %s in sync already at version %ld",
-		   s->name, (long)s->version);
-	return 0;
-    }
-
-    if (s->flags & SLAVE_F_DEAD)
-	return 0;
-
-    /* if slave is a fresh client, starting over */
-    if (s->version == 0) {
-	krb5_warnx(context, "sending complete log to fresh slave %s",
-		   s->name);
-	return send_complete (context, s, database, current_version);
-    }
-
-    sp = kadm5_log_goto_end (log_fd);
-    right = krb5_storage_seek(sp, 0, SEEK_CUR);
-    for (;;) {
-	ret = kadm5_log_previous (context, sp, &ver, &timestamp, &op, &len);
-	if (ret)
-	    krb5_err(context, 1, ret, 
-		     "send_diffs: failed to find previous entry");
-	left = krb5_storage_seek(sp, -16, SEEK_CUR);
-	if (ver == s->version)
-	    return 0;
-	if (ver == s->version + 1)
-	    break;
-	if (left == 0) {
-	    krb5_warnx(context,
-		       "slave %s (version %lu) out of sync with master "
-		       "(first version in log %lu), sending complete database",
-		       s->name, (unsigned long)s->version, (unsigned long)ver);
-	    return send_complete (context, s, database, current_version);
-	}
-    }
-
-    krb5_warnx(context,
-	       "syncing slave %s from version %lu to version %lu",
-	       s->name, (unsigned long)s->version,
-	       (unsigned long)current_version);
-
-    ret = krb5_data_alloc (&data, right - left + 4);
-    if (ret) {
-	krb5_warn (context, ret, "send_diffs: krb5_data_alloc");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_storage_read (sp, (char *)data.data + 4, data.length - 4);
-    krb5_storage_free(sp);
-
-    sp = krb5_storage_from_data (&data);
-    if (sp == NULL) {
-	krb5_warnx (context, "send_diffs: krb5_storage_from_data");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_store_int32 (sp, FOR_YOU);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    krb5_data_free(&data);
-
-    if (ret) {
-	krb5_warn (context, ret, "send_diffs: krb5_write_priv_message");
-	slave_dead(context, s);
-	return 1;
-    }
-    slave_seen(s);
-
-    s->version = current_version;
-
-    return 0;
-}
-
-static int
-process_msg (krb5_context context, slave *s, int log_fd,
-	     const char *database, uint32_t current_version)
-{
-    int ret = 0;
-    krb5_data out;
-    krb5_storage *sp;
-    int32_t tmp;
-
-    ret = krb5_read_priv_message(context, s->ac, &s->fd, &out);
-    if(ret) {
-	krb5_warn (context, ret, "error reading message from %s", s->name);
-	return 1;
-    }
-
-    sp = krb5_storage_from_mem (out.data, out.length);
-    if (sp == NULL) {
-	krb5_warnx (context, "process_msg: no memory");
-	krb5_data_free (&out);
-	return 1;
-    }
-    if (krb5_ret_int32 (sp, &tmp) != 0) {
-	krb5_warnx (context, "process_msg: client send too short command");
-	krb5_data_free (&out);
-	return 1;
-    }
-    switch (tmp) {
-    case I_HAVE :
-	ret = krb5_ret_int32 (sp, &tmp);
-	if (ret != 0) {
-	    krb5_warnx (context, "process_msg: client send too I_HAVE data");
-	    break;
-	}
-	/* new started slave that have old log */
-	if (s->version == 0 && tmp != 0) {
-	    if (s->version < tmp) {
-		krb5_warnx (context, "Slave %s have later version the master "
-			    "OUT OF SYNC", s->name);
-	    } else {
-		s->version = tmp;
-	    }
-	}
-	if (tmp < s->version) {
-	    krb5_warnx (context, "Slave claims to not have "
-			"version we already sent to it");
-	} else {
-	    ret = send_diffs (context, s, log_fd, database, current_version);
-	}
-	break;
-    case I_AM_HERE :
-	break;
-    case ARE_YOU_THERE:
-    case FOR_YOU :
-    default :
-	krb5_warnx (context, "Ignoring command %d", tmp);
-	break;
-    }
-
-    krb5_data_free (&out);
-
-    slave_seen(s);
-
-    return ret;
-}
-
-#define SLAVE_NAME	"Name"
-#define SLAVE_ADDRESS	"Address"
-#define SLAVE_VERSION	"Version"
-#define SLAVE_STATUS	"Status"
-#define SLAVE_SEEN	"Last Seen"
-
-static FILE *
-open_stats(krb5_context context)
-{
-    char *statfile = NULL;
-    const char *fn;
-    FILE *f;
-
-    if (slave_stats_file)
-	fn = slave_stats_file;
-    else {
-	asprintf(&statfile,  "%s/slaves-stats", hdb_db_dir(context));
-	fn = krb5_config_get_string_default(context,
-					    NULL,
-					    statfile,
-					    "kdc",
-					    "iprop-stats",
-					    NULL);
-    }
-    f = fopen(fn, "w");
-    if (statfile)
-	free(statfile);
-
-    return f;
-}
-
-static void
-write_master_down(krb5_context context)
-{
-    char str[100];
-    time_t t = time(NULL);
-    FILE *fp;
-
-    fp = open_stats(context);
-    if (fp == NULL)
-	return;
-    krb5_format_time(context, t, str, sizeof(str), TRUE); 
-    fprintf(fp, "master down at %s\n", str);
-
-    fclose(fp);
-}
-
-static void
-write_stats(krb5_context context, slave *slaves, uint32_t current_version)
-{
-    char str[100];
-    rtbl_t tbl;
-    time_t t = time(NULL);
-    FILE *fp;
-
-    fp = open_stats(context);
-    if (fp == NULL)
-	return;
-
-    krb5_format_time(context, t, str, sizeof(str), TRUE); 
-    fprintf(fp, "Status for slaves, last updated: %s\n\n", str);
-
-    fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version);
-
-    tbl = rtbl_create();
-    if (tbl == NULL) {
-	fclose(fp);
-	return;
-    }
-
-    rtbl_add_column(tbl, SLAVE_NAME, 0);
-    rtbl_add_column(tbl, SLAVE_ADDRESS, 0);
-    rtbl_add_column(tbl, SLAVE_VERSION, RTBL_ALIGN_RIGHT);
-    rtbl_add_column(tbl, SLAVE_STATUS, 0);
-    rtbl_add_column(tbl, SLAVE_SEEN, 0);
-
-    rtbl_set_prefix(tbl, "  ");
-    rtbl_set_column_prefix(tbl, SLAVE_NAME, "");
-
-    while (slaves) {
-	krb5_address addr;
-	krb5_error_code ret;
-	rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name);
-	ret = krb5_sockaddr2address (context, 
-				     (struct sockaddr*)&slaves->addr, &addr);
-	if(ret == 0) {
-	    krb5_print_address(&addr, str, sizeof(str), NULL);
-	    krb5_free_address(context, &addr);
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str);
-	} else
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>");
-	
-	snprintf(str, sizeof(str), "%u", (unsigned)slaves->version);
-	rtbl_add_column_entry(tbl, SLAVE_VERSION, str);
-
-	if (slaves->flags & SLAVE_F_DEAD)
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Down");
-	else
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
-
-	ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); 
-	rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
-
-	slaves = slaves->next;
-    }
-
-    rtbl_format(tbl, fp);
-    rtbl_destroy(tbl);
-
-    fclose(fp);
-}
-
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str = "HDB:";
-static char *database;
-static char *config_file;
-static char *port_str;
-static int detach_from_console = 0;
-
-static struct getargs args[] = {
-    { "config-file", 'c', arg_string, &config_file },
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "database", 'd', arg_string, &database, "database", "file"},
-    { "slave-stats-file", 0, arg_string, &slave_stats_file, 
-      "file for slave status information", "file"},
-    { "time-missing", 0, arg_string, &slave_time_missing, 
-      "time before slave is polled for presence", "time"},
-    { "time-gone", 0, arg_string, &slave_time_gone,
-      "time of inactivity after which a slave is considered gone", "time"},
-    { "port", 0, arg_string, &port_str,
-      "port ipropd will listen to", "port"},
-    { "detach", 0, arg_flag, &detach_from_console, 
-      "detach from console" },
-    { "hostname", 0, arg_string, &master_hostname, 
-      "hostname of master (if not same as hostname)", "hostname" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int signal_fd, listen_fd;
-    int log_fd;
-    slave *slaves = NULL;
-    uint32_t current_version = 0, old_version = 0;
-    krb5_keytab keytab;
-    int optidx;
-    char **files;
-    
-    optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    setup_signal();
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    time_before_gone = parse_time (slave_time_gone,  "s");
-    if (time_before_gone < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", slave_time_gone);
-    time_before_missing = parse_time (slave_time_missing,  "s");
-    if (time_before_missing < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing);
-
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-master", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str);
-    
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_skey_ctx (context,
-				    KADM5_ADMIN_SERVICE,
-				    NULL,
-				    KADM5_ADMIN_SERVICE,
-				    &conf, 0, 0, 
-				    &kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    log_fd = open (server_context->log_context.log_file, O_RDONLY, 0);
-    if (log_fd < 0)
-	krb5_err (context, 1, errno, "open %s",
-		  server_context->log_context.log_file);
-
-    signal_fd = make_signal_socket (context);
-    listen_fd = make_listen_socket (context, port_str);
-
-    kadm5_log_get_version_fd (log_fd, &current_version);
-
-    krb5_warnx(context, "ipropd-master started at version: %lu", 
-	       (unsigned long)current_version);
-
-    while(exit_flag == 0){
-	slave *p;
-	fd_set readset;
-	int max_fd = 0;
-	struct timeval to = {30, 0};
-	uint32_t vers;
-
-	if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-
-	FD_ZERO(&readset);
-	FD_SET(signal_fd, &readset);
-	max_fd = max(max_fd, signal_fd);
-	FD_SET(listen_fd, &readset);
-	max_fd = max(max_fd, listen_fd);
-
-	for (p = slaves; p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-		continue;
-	    FD_SET(p->fd, &readset);
-	    max_fd = max(max_fd, p->fd);
-	}
-
-	ret = select (max_fd + 1,
-		      &readset, NULL, NULL, &to);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-
-	if (ret == 0) {
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-
-	    if (current_version > old_version) {
-		krb5_warnx(context, 
-			   "Missed a signal, updating slaves %lu to %lu",
-			   (unsigned long)old_version,
-			   (unsigned long)current_version);
-		for (p = slaves; p != NULL; p = p->next) {
-		    if (p->flags & SLAVE_F_DEAD)
-			continue;
-		    send_diffs (context, p, log_fd, database, current_version);
-		}
-	    }
-	}
-
-	if (ret && FD_ISSET(signal_fd, &readset)) {
-	    struct sockaddr_un peer_addr;
-	    socklen_t peer_len = sizeof(peer_addr);
-
-	    if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
-			(struct sockaddr *)&peer_addr, &peer_len) < 0) {
-		krb5_warn (context, errno, "recvfrom");
-		continue;
-	    }
-	    --ret;
-	    assert(ret >= 0);
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-	    if (current_version > old_version) {
-		krb5_warnx(context, 
-			   "Got a signal, updating slaves %lu to %lu",
-			   (unsigned long)old_version,
-			   (unsigned long)current_version);
-		for (p = slaves; p != NULL; p = p->next)
-		    send_diffs (context, p, log_fd, database, current_version);
-	    } else {
-		krb5_warnx(context, 
-			   "Got a signal, but no update in log version %lu",
-			   (unsigned long)current_version);
-	    }
-        }
-
-	for(p = slaves; p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-	        continue;
-	    if (ret && FD_ISSET(p->fd, &readset)) {
-		--ret;
-		assert(ret >= 0);
-		if(process_msg (context, p, log_fd, database, current_version))
-		    slave_dead(context, p);
-	    } else if (slave_gone_p (p))
-		slave_dead(context, p);
-	    else if (slave_missing_p (p)) {
-		krb5_warnx(context, "slave %s missing, sending AYT", p->name);
-		send_are_you_there (context, p);
-	    }
-	}
-
-	if (ret && FD_ISSET(listen_fd, &readset)) {
-	    add_slave (context, keytab, &slaves, listen_fd);
-	    --ret;
-	    assert(ret >= 0);
-	}
-	write_stats(context, slaves, current_version);
-    }
-
-    if(exit_flag == SIGXCPU)
-	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
-    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
-	krb5_warnx(context, "%s terminated", getprogname());
-    else
-	krb5_warnx(context, "%s unexpected exit reason: %d", 
-		   getprogname(), exit_flag);
-
-    write_master_down(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c
deleted file mode 100644
index 482a3f7..0000000
--- a/crypto/heimdal/lib/kadm5/ipropd_slave.c
+++ /dev/null
@@ -1,632 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: ipropd_slave.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_log_facility *log_facility;
-static char *server_time_lost = "5 min";
-static int time_before_lost;
-const char *slave_str = NULL;
-
-static int
-connect_to_master (krb5_context context, const char *master,
-		   const char *port_str)
-{
-    int fd;
-    struct sockaddr_in addr;
-    struct hostent *he;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    if (port_str) {
-	addr.sin_port = krb5_getportbyname (context,
-					    port_str, "tcp", 
-					    0);
-	if (addr.sin_port == 0) {
-	    char *ptr;
-	    long port;
-	    
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    addr.sin_port = htons(port);
-	}
-    } else {
-	addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, 
-					    "tcp", IPROP_PORT);
-    }
-    he = roken_gethostbyname (master);
-    if (he == NULL)
-	krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
-    memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr));
-    if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "connect");
-    return fd;
-}
-
-static void
-get_creds(krb5_context context, const char *keytab_str,
-	  krb5_ccache *cache, const char *serverhost)
-{
-    krb5_keytab keytab;
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *init_opts;
-    krb5_creds creds;
-    char *server;
-    char keytab_buf[256];
-    
-    if (keytab_str == NULL) {
-	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_kt_default_name");
-	keytab_str = keytab_buf;
-    }
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", keytab_str);
-    
-
-    ret = krb5_sname_to_principal (context, slave_str, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &client);
-    if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
-
-    ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
-    if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-
-    asprintf (&server, "%s/%s", IPROP_NAME, serverhost);
-    if (server == NULL)
-	krb5_errx (context, 1, "malloc: no memory");
-
-    ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
-				     0, server, init_opts);
-    free (server);
-    krb5_get_init_creds_opt_free(context, init_opts);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
-    
-    ret = krb5_kt_close(context, keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
-    
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, *cache, client);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_store_cred(context, *cache, &creds);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
-}
-
-static void
-ihave (krb5_context context, krb5_auth_context auth_context,
-       int fd, uint32_t version)
-{
-    int ret;
-    u_char buf[8];
-    krb5_storage *sp;
-    krb5_data data;
-
-    sp = krb5_storage_from_mem (buf, 8);
-    krb5_store_int32 (sp, I_HAVE);
-    krb5_store_int32 (sp, version);
-    krb5_storage_free (sp);
-    data.length = 8;
-    data.data   = buf;
-    
-    ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_write_priv_message");
-}
-
-static void
-receive_loop (krb5_context context,
-	      krb5_storage *sp,
-	      kadm5_server_context *server_context)
-{
-    int ret;
-    off_t left, right;
-    void *buf;
-    int32_t vers, vers2;
-    ssize_t sret;
-
-    /*
-     * Seek to the current version of the local database.
-     */
-    do {
-	int32_t len, timestamp, tmp;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    return;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &tmp);
-	op = tmp;
-	krb5_ret_int32 (sp, &len);
-	if (vers <= server_context->log_context.version)
-	    krb5_storage_seek(sp, len + 8, SEEK_CUR);
-    } while(vers <= server_context->log_context.version);
-
-    /*
-     * Read up rest of the entires into the memory...
-     */
-    left  = krb5_storage_seek (sp, -16, SEEK_CUR);
-    right = krb5_storage_seek (sp, 0, SEEK_END);
-    buf = malloc (right - left);
-    if (buf == NULL && (right - left) != 0)
-	krb5_errx (context, 1, "malloc: no memory");
-
-    /*
-     * ...and then write them out to the on-disk log.
-     */
-    krb5_storage_seek (sp, left, SEEK_SET);
-    krb5_storage_read (sp, buf, right - left);
-    sret = write (server_context->log_context.log_fd, buf, right-left);
-    if (sret != right - left)
-	krb5_err(context, 1, errno, "Failed to write log to disk");
-    ret = fsync (server_context->log_context.log_fd);
-    if (ret)
-	krb5_err(context, 1, errno, "Failed to sync log to disk");
-    free (buf);
-
-    /*
-     * Go back to the startpoint and start to commit the entires to
-     * the database.
-     */
-    krb5_storage_seek (sp, left, SEEK_SET);
-
-    for(;;) {
-	int32_t len, len2, timestamp, tmp;
-	off_t cur, cur2;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    break;
-	ret = krb5_ret_int32 (sp, &timestamp);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	ret = krb5_ret_int32 (sp, &tmp);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	op = tmp;
-	ret = krb5_ret_int32 (sp, &len);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	if (len < 0)
-	    krb5_errx(context, 1, "log is corrupted, "
-			"negative length of entry version %ld: %ld",
-			(long)vers, (long)len);
-	cur = krb5_storage_seek(sp, 0, SEEK_CUR);
-
-	krb5_warnx (context, "replaying entry %d", (int)vers);
-
-	ret = kadm5_log_replay (server_context,
-				op, vers, len, sp);
-	if (ret) {
-	    char *s = krb5_get_error_message(server_context->context, ret);
-	    krb5_warnx (context,
-		       "kadm5_log_replay: %ld. Lost entry entry, "
-		       "Database out of sync ?: %s (%d)",
-			(long)vers, s ? s : "unknown error", ret);
-	    krb5_xfree(s);
-	}
-
-	{
-	    /* 
-	     * Make sure the krb5_log_replay does the right thing wrt
-	     * reading out data from the sp.
-	     */
-	    cur2 = krb5_storage_seek(sp, 0, SEEK_CUR);
-	    if (cur + len != cur2)
-		krb5_errx(context, 1, 
-			  "kadm5_log_reply version: %ld didn't read the whole entry",
-			  (long)vers);
-	}
-
-	if (krb5_ret_int32 (sp, &len2) != 0)
-	    krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
-	if(krb5_ret_int32 (sp, &vers2) != 0)
-	    krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
-
-	if (len != len2)
-	    krb5_errx(context, 1, "entry %ld: len != len2", (long)vers);
-	if (vers != vers2)
-	    krb5_errx(context, 1, "entry %ld: vers != vers2", (long)vers);
-    }
-
-    /*
-     * Update version
-     */
-
-    server_context->log_context.version = vers;
-}
-
-static void
-receive (krb5_context context,
-	 krb5_storage *sp,
-	 kadm5_server_context *server_context)
-{
-    int ret;
-
-    ret = server_context->db->hdb_open(context,
-				       server_context->db,
-				       O_RDWR | O_CREAT, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    receive_loop (context, sp, server_context);
-
-    ret = server_context->db->hdb_close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-}
-
-static void
-send_im_here (krb5_context context, int fd,
-	      krb5_auth_context auth_context)
-{
-    krb5_storage *sp;
-    krb5_data data;
-    int ret;
-
-    ret = krb5_data_alloc (&data, 4);
-    if (ret)
-	krb5_err (context, 1, ret, "send_im_here");
-
-    sp = krb5_storage_from_data (&data);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_data");
-    krb5_store_int32(sp, I_AM_HERE);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-    krb5_data_free(&data);
-
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_write_priv_message");
-}
-
-static void
-receive_everything (krb5_context context, int fd,
-		    kadm5_server_context *server_context,
-		    krb5_auth_context auth_context)
-{
-    int ret;
-    krb5_data data;
-    int32_t vno;
-    int32_t opcode;
-    krb5_storage *sp;
-
-    char *dbname;
-    HDB *mydb;
-  
-    krb5_warnx(context, "receive complete database");
-
-    asprintf(&dbname, "%s-NEW", server_context->db->hdb_name);
-    ret = hdb_create(context, &mydb, dbname);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_create");
-    free(dbname);
- 
-    ret = hdb_set_master_keyfile (context,
-				  mydb, server_context->config.stash_file);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_set_master_keyfile");
- 
-    /* I really want to use O_EXCL here, but given that I can't easily clean
-       up on error, I won't */
-    ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    sp = NULL;
-    do {
-	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_data (&data);
-	if (sp == NULL)
-	    krb5_errx (context, 1, "krb5_storage_from_data");
-	krb5_ret_int32 (sp, &opcode);
-	if (opcode == ONE_PRINC) {
-	    krb5_data fake_data;
-	    hdb_entry_ex entry;
-
-	    krb5_storage_free(sp);
-
-	    fake_data.data   = (char *)data.data + 4;
-	    fake_data.length = data.length - 4;
-
-	    memset(&entry, 0, sizeof(entry));
-
-	    ret = hdb_value2entry (context, &fake_data, &entry.entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_value2entry");
-	    ret = mydb->hdb_store(server_context->context,
-				  mydb,
-				  0, &entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_store");
-
-	    hdb_free_entry (context, &entry);
-	    krb5_data_free (&data);
-	} else if (opcode == NOW_YOU_HAVE)
-	    ;
-	else
-	    krb5_errx (context, 1, "strange opcode %d", opcode);
-    } while (opcode == ONE_PRINC);
-
-    if (opcode != NOW_YOU_HAVE)
-	krb5_errx (context, 1, "receive_everything: strange %d", opcode);
-
-    krb5_ret_int32 (sp, &vno);
-    krb5_storage_free(sp);
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	krb5_err(context, 1, ret, "kadm5_log_reinit");
-
-    ret = kadm5_log_set_version (server_context, vno - 1);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_set_version");
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_nop");
-
-    krb5_data_free (&data);
-
-    ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name);
-    if (ret)
-	krb5_err (context, 1, ret, "db->rename");
-
-    ret = mydb->hdb_close (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-
-    ret = mydb->hdb_destroy (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->destroy");
-
-    krb5_warnx(context, "receive complete database, version %ld", (long)vno);
-}
-
-static char *config_file;
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str;
-static char *port_str;
-static int detach_from_console = 0;
-
-static struct getargs args[] = {
-    { "config-file", 'c', arg_string, &config_file },
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "time-lost", 0, arg_string, &server_time_lost,
-      "time before server is considered lost", "time" },
-    { "port", 0, arg_string, &port_str,
-      "port ipropd-slave will connect to", "port"},
-    { "detach", 0, arg_flag, &detach_from_console, 
-      "detach from console" },
-    { "hostname", 0, arg_string, &slave_str, 
-      "hostname of slave (if not same as hostname)", "hostname" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context auth_context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int master_fd;
-    krb5_ccache ccache;
-    krb5_principal server;
-    char **files;
-    int optidx;
-
-    const char *master;
-    
-    optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    setup_signal();
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	krb5_std_usage(1, args, num_args);
-
-    master = argv[0];
-
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-slave", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    time_before_lost = parse_time (server_time_lost,  "s");
-    if (time_before_lost < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", server_time_lost);
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    get_creds(context, keytab_str, &ccache, master);
-
-    master_fd = connect_to_master (context, master, port_str);
-
-    ret = krb5_sname_to_principal (context, master, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sname_to_principal");
-
-    auth_context = NULL;
-    ret = krb5_sendauth (context, &auth_context, &master_fd,
-			 IPROP_VERSION, NULL, server,
-			 AP_OPTS_MUTUAL_REQUIRED, NULL, NULL,
-			 ccache, NULL, NULL, NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sendauth");
-
-    krb5_warnx(context, "ipropd-slave started at version: %ld",
-	       (long)server_context->log_context.version);
-
-    ihave (context, auth_context, master_fd,
-	   server_context->log_context.version);
-
-    while (exit_flag == 0) {
-	krb5_data out;
-	krb5_storage *sp;
-	int32_t tmp;
-	fd_set readset;
-	struct timeval to;
-
-	if (master_fd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-
-	FD_ZERO(&readset);
-	FD_SET(master_fd, &readset);
-
-	to.tv_sec = time_before_lost;
-	to.tv_usec = 0;
-
-	ret = select (master_fd + 1,
-		      &readset, NULL, NULL, &to);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-	if (ret == 0)
-	    krb5_errx (context, 1, "server didn't send a message "
-		       "in %d seconds", time_before_lost);
-
-	ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_mem (out.data, out.length);
-	krb5_ret_int32 (sp, &tmp);
-	switch (tmp) {
-	case FOR_YOU :
-	    receive (context, sp, server_context);
-	    ihave (context, auth_context, master_fd,
-		   server_context->log_context.version);
-	    break;
-	case TELL_YOU_EVERYTHING :
-	    receive_everything (context, master_fd, server_context,
-				auth_context);
-	    break;
-	case ARE_YOU_THERE :
-	    send_im_here (context, master_fd, auth_context);
-	    break;
-	case NOW_YOU_HAVE :
-	case I_HAVE :
-	case ONE_PRINC :
-	case I_AM_HERE :
-	default :
-	    krb5_warnx (context, "Ignoring command %d", tmp);
-	    break;
-	}
-	krb5_storage_free (sp);
-	krb5_data_free (&out);
-    }
-    
-    if(exit_flag == SIGXCPU)
-	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
-    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
-	krb5_warnx(context, "%s terminated", getprogname());
-    else
-	krb5_warnx(context, "%s unexpected exit reason: %d", 
-		   getprogname(), exit_flag);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h
deleted file mode 100644
index 56b2b32..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5-private.h
+++ /dev/null
@@ -1,503 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_private_h__
-#define __kadm5_private_h__
-
-#include <stdarg.h>
-
-kadm5_ret_t
-_kadm5_acl_check_permission (
-	kadm5_server_context */*context*/,
-	unsigned /*op*/,
-	krb5_const_principal /*princ*/);
-
-kadm5_ret_t
-_kadm5_acl_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-_kadm5_bump_pw_expire (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-_kadm5_c_get_cred_cache (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*server_name*/,
-	const char */*password*/,
-	krb5_prompter_fct /*prompter*/,
-	const char */*keytab*/,
-	krb5_ccache /*ccache*/,
-	krb5_ccache */*ret_cache*/);
-
-kadm5_ret_t
-_kadm5_c_init_context (
-	kadm5_client_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_client_recv (
-	kadm5_client_context */*context*/,
-	krb5_data */*reply*/);
-
-kadm5_ret_t
-_kadm5_client_send (
-	kadm5_client_context */*context*/,
-	krb5_storage */*sp*/);
-
-int
-_kadm5_cmp_keys (
-	Key */*keys1*/,
-	int /*len1*/,
-	Key */*keys2*/,
-	int /*len2*/);
-
-kadm5_ret_t
-_kadm5_connect (void */*handle*/);
-
-kadm5_ret_t
-_kadm5_error_code (kadm5_ret_t /*code*/);
-
-void
-_kadm5_free_keys (
-	krb5_context /*context*/,
-	int /*len*/,
-	Key */*keys*/);
-
-void
-_kadm5_init_keys (
-	Key */*keys*/,
-	int /*len*/);
-
-kadm5_ret_t
-_kadm5_marshal_params (
-	krb5_context /*context*/,
-	kadm5_config_params */*params*/,
-	krb5_data */*out*/);
-
-kadm5_ret_t
-_kadm5_privs_to_string (
-	uint32_t /*privs*/,
-	char */*string*/,
-	size_t /*len*/);
-
-HDB *
-_kadm5_s_get_db (void */*server_handle*/);
-
-kadm5_ret_t
-_kadm5_s_init_context (
-	kadm5_server_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_set_keys (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	const char */*password*/);
-
-kadm5_ret_t
-_kadm5_set_keys2 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int16_t /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-_kadm5_set_keys3 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int /*n_keys*/,
-	krb5_keyblock */*keyblocks*/);
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-_kadm5_set_modifier (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-_kadm5_setup_entry (
-	kadm5_server_context */*context*/,
-	hdb_entry_ex */*ent*/,
-	uint32_t /*mask*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*princ_mask*/,
-	kadm5_principal_ent_t /*def*/,
-	uint32_t /*def_mask*/);
-
-kadm5_ret_t
-_kadm5_string_to_privs (
-	const char */*s*/,
-	uint32_t* /*privs*/);
-
-kadm5_ret_t
-_kadm5_unmarshal_params (
-	krb5_context /*context*/,
-	krb5_data */*in*/,
-	kadm5_config_params */*params*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_c_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_c_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_c_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_c_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_c_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_log_create (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_delete (
-	kadm5_server_context */*context*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_foreach (
-	kadm5_server_context */*context*/,
-	void (*/*func*/)(kadm5_server_context *server_context, uint32_t ver, time_t timestamp, enum kadm_ops op, uint32_t len, krb5_storage *, void *),
-	void */*ctx*/);
-
-kadm5_ret_t
-kadm5_log_get_version (
-	kadm5_server_context */*context*/,
-	uint32_t */*ver*/);
-
-kadm5_ret_t
-kadm5_log_get_version_fd (
-	int /*fd*/,
-	uint32_t */*ver*/);
-
-krb5_storage *
-kadm5_log_goto_end (int /*fd*/);
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_modify (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_previous (
-	krb5_context /*context*/,
-	krb5_storage */*sp*/,
-	uint32_t */*ver*/,
-	time_t */*timestamp*/,
-	enum kadm_ops */*op*/,
-	uint32_t */*len*/);
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_rename (
-	kadm5_server_context */*context*/,
-	krb5_principal /*source*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_replay (
-	kadm5_server_context */*context*/,
-	enum kadm_ops /*op*/,
-	uint32_t /*ver*/,
-	uint32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_set_version (
-	kadm5_server_context */*context*/,
-	uint32_t /*vno*/);
-
-const char *
-kadm5_log_signal_socket (krb5_context /*context*/);
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context */*server_context*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_s_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_s_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_s_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_s_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-#endif /* __kadm5_private_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5-protos.h b/crypto/heimdal/lib/kadm5/kadm5-protos.h
deleted file mode 100644
index eebae95..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5-protos.h
+++ /dev/null
@@ -1,244 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_protos_h__
-#define __kadm5_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-kadm5_ret_t
-kadm5_ad_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_ad_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-krb5_error_code
-kadm5_add_passwd_quality_verifier (
-	krb5_context /*context*/,
-	const char */*check_library*/);
-
-const char *
-kadm5_check_password_quality (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_data */*pwd_data*/);
-
-kadm5_ret_t
-kadm5_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_flush (void */*server_handle*/);
-
-void
-kadm5_free_key_data (
-	void */*server_handle*/,
-	int16_t */*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-void
-kadm5_free_name_list (
-	void */*server_handle*/,
-	char **/*names*/,
-	int */*count*/);
-
-void
-kadm5_free_principal_ent (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_ret_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t */*mask*/);
-
-kadm5_ret_t
-kadm5_ret_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-void
-kadm5_setup_passwd_quality_check (
-	krb5_context /*context*/,
-	const char */*check_library*/,
-	const char */*check_function*/);
-
-kadm5_ret_t
-kadm5_store_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_store_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __kadm5_protos_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h
deleted file mode 100644
index 96f3f18..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadm5-pwcheck.h 15489 2005-06-17 06:45:52Z lha $ */
-
-#ifndef KADM5_PWCHECK_H
-#define KADM5_PWCHECK_H 1
-
-
-#define KADM5_PASSWD_VERSION_V0 0
-#define KADM5_PASSWD_VERSION_V1 1
-
-typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context,
-							  krb5_principal,
-							  krb5_data*);
-
-/* 
- * The 4th argument, is a tuning parameter for the quality check
- * function, the lib/caller will providing it for the password quality
- * module.
- */
-
-typedef int
-(*kadm5_passwd_quality_check_func)(krb5_context context,
-				   krb5_principal principal,
-				   krb5_data *password,
-				   const char *tuning,
-				   char *message,
-				   size_t length);
-
-struct kadm5_pw_policy_check_func {
-    const char *name;
-    kadm5_passwd_quality_check_func func;
-};
-
-struct kadm5_pw_policy_verifier {
-    const char *name;
-    int version;
-    const char *vendor;
-    const struct kadm5_pw_policy_check_func *funcs;
-};
-
-#endif /* KADM5_PWCHECK_H */
diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et
deleted file mode 100644
index 1ac624a..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5_err.et
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Error messages for the kadm5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: kadm5_err.et 16683 2006-02-02 13:11:47Z lha $"
-
-error_table ovk kadm5
-
-prefix KADM5
-error_code FAILURE,		"Operation failed for unspecified reason"
-error_code AUTH_GET,		"Operation requires `get' privilege"
-error_code AUTH_ADD,		"Operation requires `add' privilege"
-error_code AUTH_MODIFY,		"Operation requires `modify' privilege"
-error_code AUTH_DELETE,		"Operation requires `delete' privilege"
-error_code AUTH_INSUFFICIENT,	"Insufficient authorization for operation"
-error_code BAD_DB,		"Database inconsistency detected"
-error_code DUP,			"Principal or policy already exists"
-error_code RPC_ERROR,		"Communication failure with server"
-error_code NO_SRV,		"No administration server found for realm"
-error_code BAD_HIST_KEY,	"Password history principal key version mismatch"
-error_code NOT_INIT,		"Connection to server not initialized"
-error_code UNK_PRINC,		"Principal does not exist"
-error_code UNK_POLICY,		"Policy does not exist"
-error_code BAD_MASK,		"Invalid field mask for operation"
-error_code BAD_CLASS,		"Invalid number of character classes"
-error_code BAD_LENGTH,		"Invalid password length"
-error_code BAD_POLICY,		"Invalid policy name"
-error_code BAD_PRINCIPAL,	"Invalid principal name."
-error_code BAD_AUX_ATTR,	"Invalid auxillary attributes"
-error_code BAD_HISTORY,		"Invalid password history count"
-error_code BAD_MIN_PASS_LIFE,	"Password minimum life is greater than password maximum life"
-error_code PASS_Q_TOOSHORT,	"Password is too short"
-error_code PASS_Q_CLASS,	"Password does not contain enough character classes"
-error_code PASS_Q_DICT,		"Password is in the password dictionary"
-error_code PASS_REUSE,		"Can't reuse password"
-error_code PASS_TOOSOON,	"Current password's minimum life has not expired"
-error_code POLICY_REF,		"Policy is in use"
-error_code INIT,		"Connection to server already initialized"
-error_code BAD_PASSWORD,	"Incorrect password"
-error_code PROTECT_PRINCIPAL,	"Can't change protected principal"
-error_code BAD_SERVER_HANDLE,	"Programmer error!  Bad Admin server handle"
-error_code BAD_STRUCT_VERSION,	"Programmer error!  Bad API structure version"
-error_code OLD_STRUCT_VERSION,	"API structure version specified by application is no longer supported"
-error_code NEW_STRUCT_VERSION,	"API structure version specified by application is unknown to libraries"
-error_code BAD_API_VERSION,	"Programmer error!  Bad API version"
-error_code OLD_LIB_API_VERSION,	"API version specified by application is no longer supported by libraries"
-error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
-error_code NEW_LIB_API_VERSION,	"API version specified by application is unknown to libraries"
-error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
-error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
-error_code NO_RENAME_SALT,	"The salt type of the specified principal does not support renaming"
-error_code BAD_CLIENT_PARAMS,	"Invalid configuration parameter for remote KADM5 client"
-error_code BAD_SERVER_PARAMS,	"Invalid configuration parameter for local KADM5 client."
-error_code AUTH_LIST,		"Operation requires `list' privilege"
-error_code AUTH_CHANGEPW,	"Operation requires `change-password' privilege"
-error_code BAD_TL_TYPE,		"Invalid tagged data list element type"
-error_code MISSING_CONF_PARAMS,	"Required parameters in kdc.conf missing"
-error_code BAD_SERVER_NAME,	"Bad krb5 admin server hostname"
diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h
deleted file mode 100644
index c79e644..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5_locl.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadm5_locl.h 8579 2000-07-08 11:57:40Z assar $ */
-
-#ifndef __KADM5_LOCL_H__
-#define __KADM5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <limits.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <fnmatch.h>
-#include "admin.h"
-#include "kadm5_err.h"
-#include <hdb.h>
-#include <der.h>
-#include <roken.h>
-#include <parse_units.h>
-#include "private.h"
-
-#endif /* __KADM5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3
deleted file mode 100644
index ee045c9..0000000
--- a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3
+++ /dev/null
@@ -1,146 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: kadm5_pwcheck.3 15237 2005-05-25 13:16:27Z lha $
-.\"
-.Dd February 29, 2004
-.Dt KADM5_PWCHECK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_pwcheck ,
-.Nm kadm5_setup_passwd_quality_check ,
-.Nm kadm5_add_passwd_quality_verifier ,
-.Nm kadm5_check_password_quality
-.Nd Heimdal warning and error functions
-.Sh LIBRARY
-Kerberos 5 Library (libkadm5srv, -lkadm5srv)
-.Sh SYNOPSIS
-.In kadm5-protos.h
-.In kadm5-pwcheck.h
-.Ft void
-.Fo kadm5_setup_passwd_quality_check
-.Fa "krb5_context context"
-.Fa "const char *check_library"
-.Fa "const char *check_function"
-.Fc
-.Ft "krb5_error_code"
-.Fo kadm5_add_passwd_quality_verifier
-.Fa "krb5_context context"
-.Fa "const char *check_library"
-.Fc
-.Ft "const char *"
-.Fo kadm5_check_password_quality
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "krb5_data *pwd_data"
-.Fc
-.Ft int
-.Fo "(*kadm5_passwd_quality_check_func)"
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "krb5_data *password"
-.Fa "const char *tuning"
-.Fa "char *message"
-.Fa "size_t length"
-.Fc
-.Sh DESCRIPTION
-These functions perform the quality check for the heimdal database
-library.
-.Pp
-There are two versions of the shared object API; the old version (0)
-is deprecated, but still supported.  The new version (1) supports
-multiple password quality checking modules in the same shared object.
-See below for details.
-.Pp
-The password quality checker will run over all tests that are
-configured by the user.
-.Pp
-Module names are of the form
-.Ql vendor:test-name
-or, if the the test name is unique enough, just
-.Ql test-name .
-.Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT
-(This refers to the version 1 API only.)
-.Pp
-Module shared objects may conveniently be compiled and linked with
-.Xr libtool 1 .
-An object needs to export a symbol called
-.Ql kadm5_password_verifier
-of the type
-.Ft "struct kadm5_pw_policy_verifier" .
-.Pp
-Its
-.Ft name
-and
-.Ft vendor
-fields should be contain the obvious information and
-.Ft version
-should be
-.Dv KADM5_PASSWD_VERSION_V1 .
-.Ft funcs
-contains an array of
-.Ft "struct kadm5_pw_policy_check_func"
-structures that is terminated with an entry whose
-.Ft name
-component is
-.Dv NULL .
-The
-.Ft func
-Fields of the array elements are functions that are exported by the
-module to be called to check the password.  They get the following
-arguments:  the Kerberos context, principal, password, a tuning parameter, and
-a pointer to a message buffer and its length.  The tuning parameter
-for the quality check function is currently always
-.Dv NULL .
-If the password is acceptable, the function returns zero.  Otherwise
-it returns non-zero and fills in the message buffer with an
-appropriate explanation.
-.Sh RUNNING THE CHECKS
-.Nm kadm5_setup_passwd_quality_check
-sets up type 0 checks.  It sets up all type 0 checks defined in
-.Xr krb5.conf 5
-if called with the last two arguments null.
-.Pp
-.Nm kadm5_add_passwd_quality_verifier
-sets up type 1 checks.  It sets up all type 1 tests defined in
-.Xr krb5.conf 5
-if called with a null second argument.
-.Nm kadm5_check_password_quality
-runs the checks in the order in which they are defined in
-.Xr krb5.conf 5
-and the order in which they occur in a
-module's
-.Ft funcs
-array until one returns non-zero.
-.Sh SEE ALSO
-.Xr libtool 1 ,
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c
deleted file mode 100644
index 2521fae..0000000
--- a/crypto/heimdal/lib/kadm5/keys.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: keys.c 14297 2004-10-11 23:50:25Z lha $");
-
-/*
- * free all the memory used by (len, keys)
- */
-
-void
-_kadm5_free_keys (krb5_context context,
-		  int len, Key *keys)
-{
-    hdb_free_keys(context, len, keys);
-}
-
-/*
- * null-ify `len', `keys'
- */
-
-void
-_kadm5_init_keys (Key *keys, int len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i) {
-	keys[i].mkvno               = NULL;
-	keys[i].salt                = NULL;
-	keys[i].key.keyvalue.length = 0;
-	keys[i].key.keyvalue.data   = NULL;
-    }
-}
-
-/*
- * return 0 iff `keys1, len1' and `keys2, len2' are identical
- */
-
-int
-_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2)
-{
-    int i;
-
-    if (len1 != len2)
-	return 1;
-
-    for (i = 0; i < len1; ++i) {
-	if ((keys1[i].salt != NULL && keys2[i].salt == NULL)
-	    || (keys1[i].salt == NULL && keys2[i].salt != NULL))
-	    return 1;
-	if (keys1[i].salt != NULL) {
-	    if (keys1[i].salt->type != keys2[i].salt->type)
-		return 1;
-	    if (keys1[i].salt->salt.length != keys2[i].salt->salt.length)
-		return 1;
-	    if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data,
-			keys1[i].salt->salt.length) != 0)
-		return 1;
-	}
-	if (keys1[i].key.keytype != keys2[i].key.keytype)
-	    return 1;
-	if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length)
-	    return 1;
-	if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data,
-		    keys1[i].key.keyvalue.length) != 0)
-	    return 1;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c
deleted file mode 100644
index 5c4aaef..0000000
--- a/crypto/heimdal/lib/kadm5/log.c
+++ /dev/null
@@ -1,982 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include "heim_threads.h"
-
-RCSID("$Id: log.c 22211 2007-12-07 19:27:27Z lha $");
-
-/*
- * A log record consists of:
- *
- * version number		4 bytes
- * time in seconds		4 bytes
- * operation (enum kadm_ops)	4 bytes
- * length of record		4 bytes
- * data...			n bytes
- * length of record		4 bytes
- * version number		4 bytes
- *
- */
-
-kadm5_ret_t
-kadm5_log_get_version_fd (int fd,
-			  uint32_t *ver)
-{
-    int ret;
-    krb5_storage *sp;
-    int32_t old_version;
-
-    ret = lseek (fd, 0, SEEK_END);
-    if(ret < 0)
-	return errno;
-    if(ret == 0) {
-	*ver = 0;
-	return 0;
-    }
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, -4, SEEK_CUR);
-    krb5_ret_int32 (sp, &old_version);
-    *ver = old_version;
-    krb5_storage_free(sp);
-    lseek (fd, 0, SEEK_END);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_get_version (kadm5_server_context *context, uint32_t *ver)
-{
-    return kadm5_log_get_version_fd (context->log_context.log_fd, ver);
-}
-
-kadm5_ret_t
-kadm5_log_set_version (kadm5_server_context *context, uint32_t vno)
-{
-    kadm5_log_context *log_context = &context->log_context;
-
-    log_context->version = vno;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1)
-	return 0;
-    fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600);
-    if (fd < 0) {
-	krb5_set_error_string(context->context, "kadm5_log_init: open %s",
-			      log_context->log_file);
-	return errno;
-    }
-    if (flock (fd, LOCK_EX) < 0) {
-	krb5_set_error_string(context->context, "kadm5_log_init: flock %s",
-			      log_context->log_file);
-	close (fd);
-	return errno;
-    }
-
-    ret = kadm5_log_get_version_fd (fd, &log_context->version);
-    if (ret)
-	return ret;
-
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1) {
-	flock (log_context->log_fd, LOCK_UN);
-	close (log_context->log_fd);
-	log_context->log_fd = -1;
-    }
-    fd = open (log_context->log_file, O_RDWR | O_CREAT | O_TRUNC, 0600);
-    if (fd < 0)
-	return errno;
-    if (flock (fd, LOCK_EX) < 0) {
-	close (fd);
-	return errno;
-    }
-
-    log_context->version = 0;
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context *context)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    int fd = log_context->log_fd;
-
-    flock (fd, LOCK_UN);
-    close(fd);
-    log_context->log_fd = -1;
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_preamble (kadm5_server_context *context,
-		    krb5_storage *sp,
-		    enum kadm_ops op)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    kadm5_ret_t kadm_ret;
-
-    kadm_ret = kadm5_log_init (context);
-    if (kadm_ret)
-	return kadm_ret;
-
-    krb5_store_int32 (sp, ++log_context->version);
-    krb5_store_int32 (sp, time(NULL));
-    krb5_store_int32 (sp, op);
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_postamble (kadm5_log_context *context,
-		     krb5_storage *sp)
-{
-    krb5_store_int32 (sp, context->version);
-    return 0;
-}
-
-/*
- * flush the log record in `sp'.
- */
-
-static kadm5_ret_t
-kadm5_log_flush (kadm5_log_context *log_context,
-		 krb5_storage *sp)
-{
-    krb5_data data;
-    size_t len;
-    int ret;
-
-    krb5_storage_to_data(sp, &data);
-    len = data.length;
-    ret = write (log_context->log_fd, data.data, len);
-    if (ret != len) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    if (fsync (log_context->log_fd) < 0) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    /*
-     * Try to send a signal to any running `ipropd-master'
-     */
-    sendto (log_context->socket_fd,
-	    (void *)&log_context->version,
-	    sizeof(log_context->version),
-	    0,
-	    (struct sockaddr *)&log_context->socket_name,
-	    sizeof(log_context->socket_name));
-
-    krb5_data_free(&data);
-    return 0;
-}
-
-/*
- * Add a `create' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_create (kadm5_server_context *context,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    ret = kadm5_log_preamble (context, sp, kadm_create);
-    if (ret) {
-	krb5_data_free (&value);
-	krb5_storage_free(sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, value.length);
-    krb5_storage_write(sp, value.data, value.length);
-    krb5_store_int32 (sp, value.length);
-    krb5_data_free (&value);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read the data of a create log record from `sp' and change the
- * database.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_create (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    hdb_entry_ex ent;
-
-    memset(&ent, 0, sizeof(ent));
-
-    ret = krb5_data_alloc (&data, len);
-    if (ret) {
-	krb5_set_error_string(context->context, "out of memory");
-	return ret;
-    }
-    krb5_storage_read (sp, data.data, len);
-    ret = hdb_value2entry (context->context, &data, &ent.entry);
-    krb5_data_free(&data);
-    if (ret) {
-	krb5_set_error_string(context->context, 
-			      "Unmarshaling hdb entry failed");
-	return ret;
-    }
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    hdb_free_entry (context->context, &ent);
-    return ret;
-}
-
-/*
- * Add a `delete' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_delete (kadm5_server_context *context,
-		  krb5_principal princ)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-    ret = kadm5_log_preamble (context, sp, kadm_delete);
-    if (ret)
-	goto out;
-    ret = krb5_store_int32 (sp, 0);
-    if (ret)
-	goto out;
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    ret = krb5_store_principal (sp, princ);
-    if (ret)
-	goto out;
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto out;
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto out;
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto out;
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto out;
-    ret = kadm5_log_end (context);
-out:
-    krb5_storage_free (sp);
-    return ret;
-}
-
-/*
- * Read a `delete' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_delete (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-
-    ret = krb5_ret_principal (sp, &principal);
-    if (ret) {
-	krb5_set_error_string(context->context,  "Failed to read deleted "
-			      "principal from log version: %ld",  (long)ver);
-	return ret;
-    }
-
-    ret = context->db->hdb_remove(context->context, context->db, principal);
-    krb5_free_principal (context->context, principal);
-    return ret;
-}
-
-/*
- * Add a `rename' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_rename (kadm5_server_context *context,
-		  krb5_principal source,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    krb5_data_zero(&value);
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_preamble (context, sp, kadm_rename);
-    if (ret)
-	goto failed;
-
-    ret = krb5_store_int32 (sp, 0);
-    if (ret)
-	goto failed;
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    ret = krb5_store_principal (sp, source);
-    if (ret)
-	goto failed;
-
-    krb5_storage_write(sp, value.data, value.length);
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto failed;
-    krb5_storage_free (sp);
-    krb5_data_free (&value);
-
-    return kadm5_log_end (context);
-
-failed:
-    krb5_data_free(&value);
-    krb5_storage_free(sp);
-    return ret;
-}
-
-/*
- * Read a `rename' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_rename (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_principal source;
-    hdb_entry_ex target_ent;
-    krb5_data value;
-    off_t off;
-    size_t princ_len, data_len;
-
-    memset(&target_ent, 0, sizeof(target_ent));
-
-    off = krb5_storage_seek(sp, 0, SEEK_CUR);
-    ret = krb5_ret_principal (sp, &source);
-    if (ret) {
-	krb5_set_error_string(context->context, "Failed to read renamed "
-			      "principal in log, version: %ld", (long)ver);
-	return ret;
-    }
-    princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
-    data_len = len - princ_len;
-    ret = krb5_data_alloc (&value, data_len);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    krb5_storage_read (sp, value.data, data_len);
-    ret = hdb_value2entry (context->context, &value, &target_ent.entry);
-    krb5_data_free(&value);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    ret = context->db->hdb_store (context->context, context->db, 
-				  0, &target_ent);
-    hdb_free_entry (context->context, &target_ent);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    ret = context->db->hdb_remove (context->context, context->db, source);
-    krb5_free_principal (context->context, source);
-    return ret;
-}
-
-
-/*
- * Add a `modify' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_modify (kadm5_server_context *context,
-		  hdb_entry *ent,
-		  uint32_t mask)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    uint32_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    krb5_data_zero(&value);
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_preamble (context, sp, kadm_modify);
-    if (ret)
-	goto failed;
-
-    len = value.length + 4;
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-    ret = krb5_store_int32 (sp, mask);
-    if (ret)
-	goto failed;
-    krb5_storage_write (sp, value.data, value.length);
-
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto failed;
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto failed;
-    krb5_data_free(&value);
-    krb5_storage_free (sp);
-    return kadm5_log_end (context);
-failed:
-    krb5_data_free(&value);
-    krb5_storage_free(sp);
-    return ret;
-}
-
-/*
- * Read a `modify' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_modify (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int32_t mask;
-    krb5_data value;
-    hdb_entry_ex ent, log_ent;
-
-    memset(&log_ent, 0, sizeof(log_ent));
-
-    krb5_ret_int32 (sp, &mask);
-    len -= 4;
-    ret = krb5_data_alloc (&value, len);
-    if (ret) {
-	krb5_set_error_string(context->context, "out of memory");
-	return ret;
-    }
-    krb5_storage_read (sp, value.data, len);
-    ret = hdb_value2entry (context->context, &value, &log_ent.entry);
-    krb5_data_free(&value);
-    if (ret)
-	return ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_fetch(context->context, context->db,
-				 log_ent.entry.principal,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if (ret)
-	goto out;
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (log_ent.entry.valid_end == NULL) {
-	    ent.entry.valid_end = NULL;
-	} else {
-	    if (ent.entry.valid_end == NULL) {
-		ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
-		if (ent.entry.valid_end == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.valid_end = *log_ent.entry.valid_end;
-	}
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	if (log_ent.entry.pw_end == NULL) {
-	    ent.entry.pw_end = NULL;
-	} else {
-	    if (ent.entry.pw_end == NULL) {
-		ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
-		if (ent.entry.pw_end == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.pw_end = *log_ent.entry.pw_end;
-	}
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	ent.entry.flags = log_ent.entry.flags;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	if (log_ent.entry.max_life == NULL) {
-	    ent.entry.max_life = NULL;
-	} else {
-	    if (ent.entry.max_life == NULL) {
-		ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
-		if (ent.entry.max_life == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.max_life = *log_ent.entry.max_life;
-	}
-    }
-    if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
-	if (ent.entry.modified_by == NULL) {
-	    ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
-	    if (ent.entry.modified_by == NULL) {
-		krb5_set_error_string(context->context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	} else
-	    free_Event(ent.entry.modified_by);
-	ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
-	if (ret) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    goto out;
-	}
-    }
-    if (mask & KADM5_KVNO) {
-	ent.entry.kvno = log_ent.entry.kvno;
-    }
-    if (mask & KADM5_MKVNO) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY_CLR) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	if (log_ent.entry.max_renew == NULL) {
-	    ent.entry.max_renew = NULL;
-	} else {
-	    if (ent.entry.max_renew == NULL) {
-		ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
-		if (ent.entry.max_renew == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.max_renew = *log_ent.entry.max_renew;
-	}
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_KEY_DATA) {
-	size_t num;
-	int i;
-
-	for (i = 0; i < ent.entry.keys.len; ++i)
-	    free_Key(&ent.entry.keys.val[i]);
-	free (ent.entry.keys.val);
-
-	num = log_ent.entry.keys.len;
-
-	ent.entry.keys.len = num;
-	ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
-	if (ent.entry.keys.val == NULL) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    return ENOMEM;
-	}
-	for (i = 0; i < ent.entry.keys.len; ++i) {
-	    ret = copy_Key(&log_ent.entry.keys.val[i],
-			   &ent.entry.keys.val[i]);
-	    if (ret) {
-		krb5_set_error_string(context->context, "out of memory");
-		goto out;
-	    }
-	}
-    }
-    if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
-	HDB_extensions *es = ent.entry.extensions;
-
-	ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
-	if (ent.entry.extensions == NULL)
-	    goto out;
-
-	ret = copy_HDB_extensions(log_ent.entry.extensions,
-				  ent.entry.extensions);
-	if (ret) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    free(ent.entry.extensions);
-	    ent.entry.extensions = es;
-	    goto out;
-	}
-	if (es) {
-	    free_HDB_extensions(es);
-	    free(es);
-	}
-    }
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
- out:
-    hdb_free_entry (context->context, &ent);
-    hdb_free_entry (context->context, &log_ent);
-    return ret;
-}
-
-/*
- * Add a `nop' operation to the log. Does not close the log.
- */
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context *context)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = kadm5_log_preamble (context, sp, kadm_nop);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, 0);
-    krb5_store_int32 (sp, 0);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-
-    return ret;
-}
-
-/*
- * Read a `nop' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_nop (kadm5_server_context *context,
-		      uint32_t ver,
-		      uint32_t len,
-		      krb5_storage *sp)
-{
-    return 0;
-}
-
-/*
- * Call `func' for each log record in the log in `context'
- */
-
-kadm5_ret_t
-kadm5_log_foreach (kadm5_server_context *context,
-		   void (*func)(kadm5_server_context *server_context,
-				uint32_t ver,
-				time_t timestamp,
-				enum kadm_ops op,
-				uint32_t len,
-				krb5_storage *,
-				void *),
-		   void *ctx)
-{
-    int fd = context->log_context.log_fd;
-    krb5_storage *sp;
-
-    lseek (fd, 0, SEEK_SET);
-    sp = krb5_storage_from_fd (fd);
-    for (;;) {
-	int32_t ver, timestamp, op, len, len2, ver2;
-
-	if(krb5_ret_int32 (sp, &ver) != 0)
-	    break;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &op);
-	krb5_ret_int32 (sp, &len);
-	(*func)(context, ver, timestamp, op, len, sp, ctx);
-	krb5_ret_int32 (sp, &len2);
-	krb5_ret_int32 (sp, &ver2);
-	if (len != len2)
-	    abort();
-	if (ver != ver2)
-	    abort();
-    }
-    krb5_storage_free(sp);
-    return 0;
-}
-
-/*
- * Go to end of log.
- */
-
-krb5_storage *
-kadm5_log_goto_end (int fd)
-{
-    krb5_storage *sp;
-
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, 0, SEEK_END);
-    return sp;
-}
-
-/*
- * Return previous log entry.
- * 
- * The pointer in `sp� is assumed to be at the top of the entry before
- * previous entry. On success, the `sp� pointer is set to data portion
- * of previous entry. In case of error, it's not changed at all.
- */
-
-kadm5_ret_t
-kadm5_log_previous (krb5_context context,
-		    krb5_storage *sp,
-		    uint32_t *ver,
-		    time_t *timestamp,
-		    enum kadm_ops *op,
-		    uint32_t *len)
-{
-    krb5_error_code ret;
-    off_t off, oldoff;
-    int32_t tmp;
-
-    oldoff = krb5_storage_seek(sp, 0, SEEK_CUR);
-
-    krb5_storage_seek(sp, -8, SEEK_CUR);
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    *len = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    *ver = tmp;
-    off = 24 + *len;
-    krb5_storage_seek(sp, -off, SEEK_CUR);
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    if (tmp != *ver) {
-	krb5_storage_seek(sp, oldoff, SEEK_SET);
-	krb5_set_error_string(context, "kadm5_log_previous: log entry "
-			      "have consistency failure, version number wrong");
-	return KADM5_BAD_DB;
-    }
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    *timestamp = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    *op = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    if (tmp != *len) {
-	krb5_storage_seek(sp, oldoff, SEEK_SET);
-	krb5_set_error_string(context, "kadm5_log_previous: log entry "
-			      "have consistency failure, length wrong");
-	return KADM5_BAD_DB;
-    }
-    return 0;
-
- end_of_storage:
-    krb5_storage_seek(sp, oldoff, SEEK_SET);
-    krb5_set_error_string(context, "kadm5_log_previous: end of storage "
-			  "reached before end");
-    return ret;
-}
-
-/*
- * Replay a record from the log
- */
-
-kadm5_ret_t
-kadm5_log_replay (kadm5_server_context *context,
-		  enum kadm_ops op,
-		  uint32_t ver,
-		  uint32_t len,
-		  krb5_storage *sp)
-{
-    switch (op) {
-    case kadm_create :
-	return kadm5_log_replay_create (context, ver, len, sp);
-    case kadm_delete :
-	return kadm5_log_replay_delete (context, ver, len, sp);
-    case kadm_rename :
-	return kadm5_log_replay_rename (context, ver, len, sp);
-    case kadm_modify :
-	return kadm5_log_replay_modify (context, ver, len, sp);
-    case kadm_nop :
-	return kadm5_log_replay_nop (context, ver, len, sp);
-    default :
-	krb5_set_error_string(context->context, 
-			      "Unsupported replay op %d", (int)op);
-	return KADM5_FAILURE;
-    }
-}
-
-/*
- * truncate the log - i.e. create an empty file with just (nop vno + 2)
- */
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context *server_context)
-{
-    kadm5_ret_t ret;
-    uint32_t vno;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_get_version (server_context, &vno);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_set_version (server_context, vno);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	return ret;
-    return 0;
-
-}
-
-static char *default_signal = NULL;
-static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
-const char *
-kadm5_log_signal_socket(krb5_context context)
-{
-    HEIMDAL_MUTEX_lock(&signal_mutex);
-    if (!default_signal)
-	asprintf(&default_signal, "%s/signal", hdb_db_dir(context));
-    HEIMDAL_MUTEX_unlock(&signal_mutex);
-
-    return krb5_config_get_string_default(context,
-					  NULL,
-					  default_signal,
-					  "kdc",
-					  "signal_socket",
-					  NULL);
-}
diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c
deleted file mode 100644
index 05ca33f..0000000
--- a/crypto/heimdal/lib/kadm5/marshall.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: marshall.c 21745 2007-07-31 16:11:25Z lha $");
-
-kadm5_ret_t
-kadm5_store_key_data(krb5_storage *sp,
-		     krb5_key_data *key)
-{
-    krb5_data c;
-    krb5_store_int32(sp, key->key_data_ver);
-    krb5_store_int32(sp, key->key_data_kvno);
-    krb5_store_int32(sp, key->key_data_type[0]);
-    c.length = key->key_data_length[0];
-    c.data = key->key_data_contents[0];
-    krb5_store_data(sp, c);
-    krb5_store_int32(sp, key->key_data_type[1]);
-    c.length = key->key_data_length[1];
-    c.data = key->key_data_contents[1];
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_key_data(krb5_storage *sp,
-		   krb5_key_data *key)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_ver = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_kvno = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[0] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[0] = c.length;
-    key->key_data_contents[0] = c.data;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[1] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[1] = c.length;
-    key->key_data_contents[1] = c.data;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_store_tl_data(krb5_storage *sp,
-		    krb5_tl_data *tl)
-{
-    krb5_data c;
-    krb5_store_int32(sp, tl->tl_data_type);
-    c.length = tl->tl_data_length;
-    c.data = tl->tl_data_contents;
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_tl_data(krb5_storage *sp,
-		  krb5_tl_data *tl)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    tl->tl_data_type = tmp;
-    krb5_ret_data(sp, &c);
-    tl->tl_data_length = c.length;
-    tl->tl_data_contents = c.data;
-    return 0;
-}
-
-static kadm5_ret_t
-store_principal_ent(krb5_storage *sp,
-		    kadm5_principal_ent_t princ,
-		    uint32_t mask)
-{
-    int i;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_store_principal(sp, princ->principal);
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-	krb5_store_int32(sp, princ->princ_expire_time);
-    if (mask & KADM5_PW_EXPIRATION)
-	krb5_store_int32(sp, princ->pw_expiration);
-    if (mask & KADM5_LAST_PWD_CHANGE)
-	krb5_store_int32(sp, princ->last_pwd_change);
-    if (mask & KADM5_MAX_LIFE)
-	krb5_store_int32(sp, princ->max_life);
-    if (mask & KADM5_MOD_NAME) {
-	krb5_store_int32(sp, princ->mod_name != NULL);
-	if(princ->mod_name)
-	    krb5_store_principal(sp, princ->mod_name);
-    }
-    if (mask & KADM5_MOD_TIME)
-	krb5_store_int32(sp, princ->mod_date);
-    if (mask & KADM5_ATTRIBUTES)
-	krb5_store_int32(sp, princ->attributes);
-    if (mask & KADM5_KVNO)
-	krb5_store_int32(sp, princ->kvno);
-    if (mask & KADM5_MKVNO)
-	krb5_store_int32(sp, princ->mkvno);
-    if (mask & KADM5_POLICY) {
-	krb5_store_int32(sp, princ->policy != NULL);
-	if(princ->policy)
-	    krb5_store_string(sp, princ->policy);
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES)
-	krb5_store_int32(sp, princ->aux_attributes);
-    if (mask & KADM5_MAX_RLIFE)
-	krb5_store_int32(sp, princ->max_renewable_life);
-    if (mask & KADM5_LAST_SUCCESS)
-	krb5_store_int32(sp, princ->last_success);
-    if (mask & KADM5_LAST_FAILED)
-	krb5_store_int32(sp, princ->last_failed);
-    if (mask & KADM5_FAIL_AUTH_COUNT)
-	krb5_store_int32(sp, princ->fail_auth_count);
-    if (mask & KADM5_KEY_DATA) {
-	krb5_store_int32(sp, princ->n_key_data);
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_store_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_tl_data *tp;
-
-	krb5_store_int32(sp, princ->n_tl_data);
-	for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
-	    kadm5_store_tl_data(sp, tp);
-    }
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_store_principal_ent(krb5_storage *sp,
-			  kadm5_principal_ent_t princ)
-{
-    return store_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask(krb5_storage *sp,
-			       kadm5_principal_ent_t princ,
-			       uint32_t mask)
-{
-    krb5_store_int32(sp, mask);
-    return store_principal_ent (sp, princ, mask);
-}
-
-static kadm5_ret_t
-ret_principal_ent(krb5_storage *sp,
-		  kadm5_principal_ent_t princ,
-		  uint32_t mask)
-{
-    int i;
-    int32_t tmp;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_ret_principal(sp, &princ->principal);
-    
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->princ_expire_time = tmp;
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	krb5_ret_int32(sp, &tmp);
-	princ->pw_expiration = tmp;
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_pwd_change = tmp;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_life = tmp;
-    }
-    if (mask & KADM5_MOD_NAME) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_principal(sp, &princ->mod_name);
-	else
-	    princ->mod_name = NULL;
-    }
-    if (mask & KADM5_MOD_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mod_date = tmp;
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->attributes = tmp;
-    }
-    if (mask & KADM5_KVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->kvno = tmp;
-    }
-    if (mask & KADM5_MKVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mkvno = tmp;
-    }
-    if (mask & KADM5_POLICY) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_string(sp, &princ->policy);
-	else
-	    princ->policy = NULL;
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->aux_attributes = tmp;
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_renewable_life = tmp;
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_success = tmp;
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_failed = tmp;
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	krb5_ret_int32(sp, &tmp);
-	princ->fail_auth_count = tmp;
-    }
-    if (mask & KADM5_KEY_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_key_data = tmp;
-	princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
-	if (princ->key_data == NULL)
-	    return ENOMEM;
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_ret_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_tl_data = tmp;
-	princ->tl_data = NULL;
-	for(i = 0; i < princ->n_tl_data; i++){
-	    krb5_tl_data *tp = malloc(sizeof(*tp));
-	    if (tp == NULL)
-		return ENOMEM;
-	    kadm5_ret_tl_data(sp, tp);
-	    tp->tl_data_next = princ->tl_data;
-	    princ->tl_data = tp;
-	}
-    }
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent(krb5_storage *sp,
-			kadm5_principal_ent_t princ)
-{
-    return ret_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask(krb5_storage *sp,
-			     kadm5_principal_ent_t princ,
-			     uint32_t *mask)
-{
-    int32_t tmp;
-
-    krb5_ret_int32 (sp, &tmp);
-    *mask = tmp;
-    return ret_principal_ent (sp, princ, *mask);
-}
-
-kadm5_ret_t
-_kadm5_marshal_params(krb5_context context, 
-		      kadm5_config_params *params, 
-		      krb5_data *out)
-{
-    krb5_storage *sp = krb5_storage_emem();
-    
-    krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_store_string(sp, params->realm);
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_unmarshal_params(krb5_context context,
-			krb5_data *in,
-			kadm5_config_params *params)
-{
-    krb5_storage *sp = krb5_storage_from_data(in);
-    int32_t mask;
-    
-    krb5_ret_int32(sp, &mask);
-    params->mask = mask;
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_ret_string(sp, &params->realm);
-    krb5_storage_free(sp);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c
deleted file mode 100644
index ed399b3..0000000
--- a/crypto/heimdal/lib/kadm5/modify_c.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_modify);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c
deleted file mode 100644
index 449f619..0000000
--- a/crypto/heimdal/lib/kadm5/modify_s.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_s.c 20610 2007-05-08 07:12:37Z lha $");
-
-static kadm5_ret_t
-modify_principal(void *server_handle,
-		 kadm5_principal_ent_t princ, 
-		 uint32_t mask,
-		 uint32_t forbidden_mask)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	return KADM5_UNK_POLICY;
-    
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, 
-				 princ->principal, HDB_F_GET_ANY, &ent);
-    if(ret)
-	goto out;
-    ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
-    if(ret)
-	goto out2;
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-kadm5_ret_t
-kadm5_s_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask)
-{
-    return modify_principal(server_handle, princ, mask, 
-			    KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			    | KADM5_MOD_NAME | KADM5_MKVNO 
-			    | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS
-			    | KADM5_LAST_FAILED);
-}
diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c
deleted file mode 100644
index 2610ce8..0000000
--- a/crypto/heimdal/lib/kadm5/password_quality.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include "kadm5-pwcheck.h"
-
-RCSID("$Id: password_quality.c 17595 2006-05-30 21:51:55Z lha $");
-
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-static int
-min_length_passwd_quality (krb5_context context,
-			   krb5_principal principal,
-			   krb5_data *pwd,
-			   const char *opaque,
-			   char *message,
-			   size_t length)
-{
-    uint32_t min_length = krb5_config_get_int_default(context, NULL, 6,
-						      "password_quality",
-						      "min_length",
-						      NULL);
-
-    if (pwd->length < min_length) {
-	strlcpy(message, "Password too short", length);
-	return 1;
-    } else
-	return 0;
-}
-
-static const char *
-min_length_passwd_quality_v0 (krb5_context context,
-			      krb5_principal principal,
-			      krb5_data *pwd)
-{
-    static char message[1024];
-    int ret;
-
-    message[0] = '\0';
-
-    ret = min_length_passwd_quality(context, principal, pwd, NULL,
-				    message, sizeof(message));
-    if (ret)
-	return message;
-    return NULL;
-}
-
-
-static int
-char_class_passwd_quality (krb5_context context,
-			   krb5_principal principal,
-			   krb5_data *pwd,
-			   const char *opaque,
-			   char *message,
-			   size_t length)
-{
-    const char *classes[] = {
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-	"abcdefghijklmnopqrstuvwxyz",
-	"1234567890",
-	"!@#$%^&*()/?<>,.{[]}\\|'~`\" "
-    };
-    int i, counter = 0, req_classes;
-    size_t len;
-    char *pw;
-
-    req_classes = krb5_config_get_int_default(context, NULL, 3,
-					      "password_quality",
-					      "min_classes",
-					      NULL);
-
-    len = pwd->length + 1;
-    pw = malloc(len);
-    if (pw == NULL) {
-	strlcpy(message, "out of memory", length);
-	return 1;
-    }
-    strlcpy(pw, pwd->data, len);
-    len = strlen(pw);
-
-    for (i = 0; i < sizeof(classes)/sizeof(classes[0]); i++) {
-	if (strcspn(pw, classes[i]) < len)
-	    counter++;
-    }
-    memset(pw, 0, pwd->length + 1);
-    free(pw);
-    if (counter < req_classes) {
-	snprintf(message, length,
-	    "Password doesn't meet complexity requirement.\n"
-	    "Add more characters from the following classes:\n"
-	    "1. English uppercase characters (A through Z)\n"
-	    "2. English lowercase characters (a through z)\n"
-	    "3. Base 10 digits (0 through 9)\n"
-	    "4. Nonalphanumeric characters (e.g., !, $, #, %%)");
-	return 1;
-    }
-    return 0;
-}
-
-static int
-external_passwd_quality (krb5_context context,
-			 krb5_principal principal,
-			 krb5_data *pwd,
-			 const char *opaque,
-			 char *message,
-			 size_t length)
-{
-    krb5_error_code ret;
-    const char *program;
-    char *p;
-    pid_t child;
-    int status;
-    char reply[1024];
-    FILE *in = NULL, *out = NULL, *error = NULL;
-
-    if (memchr(pwd->data, pwd->length, '\n') != NULL) {
-	snprintf(message, length, "password contains newline, "
-		 "not valid for external test");
-	return 1;
-    }
-
-    program = krb5_config_get_string(context, NULL,
-				     "password_quality",
-				     "external_program",
-				     NULL);
-    if (program == NULL) {
-	snprintf(message, length, "external password quality "
-		 "program not configured");
-	return 1;
-    }
-
-    ret = krb5_unparse_name(context, principal, &p);
-    if (ret) {
-	strlcpy(message, "out of memory", length);
-	return 1;
-    }
-
-    child = pipe_execv(&in, &out, &error, program, p, NULL);
-    if (child < 0) {
-	snprintf(message, length, "external password quality "
-		 "program failed to execute for principal %s", p);
-	free(p);
-	return 1;
-    }
-
-    fprintf(in, "principal: %s\n"
-	    "new-password: %.*s\n"
-	    "end\n",
-	    p, (int)pwd->length, (char *)pwd->data);
-    
-    fclose(in);
-
-    if (fgets(reply, sizeof(reply), out) == NULL) {
-
-	if (fgets(reply, sizeof(reply), error) == NULL) {
-	    snprintf(message, length, "external password quality "
-		     "program failed without error");
-
-	} else {
-	    reply[strcspn(reply, "\n")] = '\0';
-	    snprintf(message, length, "External password quality "
-		     "program failed: %s", reply);
-	}
-
-	fclose(out);
-	fclose(error);
-	waitpid(child, &status, 0);
-	return 1;
-    }
-    reply[strcspn(reply, "\n")] = '\0';
-
-    fclose(out);
-    fclose(error);
-
-    if (waitpid(child, &status, 0) < 0) {
-	snprintf(message, length, "external program failed: %s", reply);
-	free(p);
-	return 1;
-    }
-    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
-	snprintf(message, length, "external program failed: %s", reply);
-	free(p);
-	return 1;
-    }
-
-    if (strcmp(reply, "APPROVED") != 0) {
-	snprintf(message, length, "%s", reply);
-	free(p);
-	return 1;
-    }
-
-    free(p);
-
-    return 0;
-}
-
-
-static kadm5_passwd_quality_check_func_v0 passwd_quality_check = 
-	min_length_passwd_quality_v0;
-
-struct kadm5_pw_policy_check_func builtin_funcs[] = {
-    { "minimum-length", min_length_passwd_quality },
-    { "character-class", char_class_passwd_quality },
-    { "external-check", external_passwd_quality },
-    { NULL }
-};
-struct kadm5_pw_policy_verifier builtin_verifier = {
-    "builtin", 
-    KADM5_PASSWD_VERSION_V1, 
-    "Heimdal builtin",
-    builtin_funcs
-};
-
-static struct kadm5_pw_policy_verifier **verifiers;
-static int num_verifiers;
-
-/*
- * setup the password quality hook
- */
-
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-
-void
-kadm5_setup_passwd_quality_check(krb5_context context,
-				 const char *check_library,
-				 const char *check_function)
-{
-#ifdef HAVE_DLOPEN
-    void *handle;
-    void *sym;
-    int *version;
-    const char *tmp;
-
-    if(check_library == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_library", 
-				     NULL);
-	if(tmp != NULL)
-	    check_library = tmp;
-    }
-    if(check_function == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_function", 
-				     NULL);
-	if(tmp != NULL)
-	    check_function = tmp;
-    }
-    if(check_library != NULL && check_function == NULL)
-	check_function = "passwd_check";
-
-    if(check_library == NULL)
-	return;
-    handle = dlopen(check_library, RTLD_NOW);
-    if(handle == NULL) {
-	krb5_warnx(context, "failed to open `%s'", check_library);
-	return;
-    }
-    version = dlsym(handle, "version");
-    if(version == NULL) {
-	krb5_warnx(context,
-		   "didn't find `version' symbol in `%s'", check_library);
-	dlclose(handle);
-	return;
-    }
-    if(*version != KADM5_PASSWD_VERSION_V0) {
-	krb5_warnx(context,
-		   "version of loaded library is %d (expected %d)",
-		   *version, KADM5_PASSWD_VERSION_V0);
-	dlclose(handle);
-	return;
-    }
-    sym = dlsym(handle, check_function);
-    if(sym == NULL) {
-	krb5_warnx(context, 
-		   "didn't find `%s' symbol in `%s'", 
-		   check_function, check_library);
-	dlclose(handle);
-	return;
-    }
-    passwd_quality_check = (kadm5_passwd_quality_check_func_v0) sym;
-#endif /* HAVE_DLOPEN */
-}
-
-#ifdef HAVE_DLOPEN
-
-static krb5_error_code
-add_verifier(krb5_context context, const char *check_library)
-{
-    struct kadm5_pw_policy_verifier *v, **tmp;
-    void *handle;
-    int i;
-
-    handle = dlopen(check_library, RTLD_NOW);
-    if(handle == NULL) {
-	krb5_warnx(context, "failed to open `%s'", check_library);
-	return ENOENT;
-    }
-    v = dlsym(handle, "kadm5_password_verifier");
-    if(v == NULL) {
-	krb5_warnx(context,
-		   "didn't find `kadm5_password_verifier' symbol "
-		   "in `%s'", check_library);
-	dlclose(handle);
-	return ENOENT;
-    }
-    if(v->version != KADM5_PASSWD_VERSION_V1) {
-	krb5_warnx(context,
-		   "version of loaded library is %d (expected %d)",
-		   v->version, KADM5_PASSWD_VERSION_V1);
-	dlclose(handle);
-	return EINVAL;
-    }
-    for (i = 0; i < num_verifiers; i++) {
-	if (strcmp(v->name, verifiers[i]->name) == 0)
-	    break;
-    }
-    if (i < num_verifiers) {
-	krb5_warnx(context, "password verifier library `%s' is already loaded",
-		   v->name);
-	dlclose(handle);
-	return 0;
-    }
-
-    tmp = realloc(verifiers, (num_verifiers + 1) * sizeof(*verifiers));
-    if (tmp == NULL) {
-	krb5_warnx(context, "out of memory");
-	dlclose(handle);
-	return 0;
-    }
-    verifiers = tmp;
-    verifiers[num_verifiers] = v;
-    num_verifiers++;
-
-    return 0;
-}
-
-#endif
-
-krb5_error_code
-kadm5_add_passwd_quality_verifier(krb5_context context,
-				  const char *check_library)
-{
-#ifdef HAVE_DLOPEN
-
-    if(check_library == NULL) {
-	krb5_error_code ret;
-	char **tmp;
-
-	tmp = krb5_config_get_strings(context, NULL, 
-				      "password_quality", 
-				      "policy_libraries", 
-				      NULL);
-	if(tmp == NULL)
-	    return 0;
-
-	while(tmp) {
-	    ret = add_verifier(context, *tmp);
-	    if (ret)
-		return ret;
-	    tmp++;
-	}
-    }
-    return add_verifier(context, check_library);
-#else
-    return 0;
-#endif /* HAVE_DLOPEN */
-}
-
-/*
- *
- */
-
-static const struct kadm5_pw_policy_check_func *
-find_func(krb5_context context, const char *name)
-{
-    const struct kadm5_pw_policy_check_func *f;
-    char *module = NULL;
-    const char *p, *func;
-    int i;
-
-    p = strchr(name, ':');
-    if (p) {
-	func = p + 1;
-	module = strndup(name, p - name);
-	if (module == NULL)
-	    return NULL;
-    } else
-	func = name;
-
-    /* Find module in loaded modules first */
-    for (i = 0; i < num_verifiers; i++) {
-	if (module && strcmp(module, verifiers[i]->name) != 0)
-	    continue;
-	for (f = verifiers[i]->funcs; f->name ; f++)
-	    if (strcmp(name, f->name) == 0) {
-		if (module)
-		    free(module);
-		return f;
-	    }
-    }
-    /* Lets try try the builtin modules */
-    if (module == NULL || strcmp(module, "builtin") == 0) {
-	for (f = builtin_verifier.funcs; f->name ; f++)
-	    if (strcmp(func, f->name) == 0) {
-		if (module)
-		    free(module);
-		return f;
-	    }
-    }
-    if (module)
-	free(module);
-    return NULL;
-}
-
-const char *
-kadm5_check_password_quality (krb5_context context,
-			      krb5_principal principal,
-			      krb5_data *pwd_data)
-{
-    const struct kadm5_pw_policy_check_func *proc;
-    static char error_msg[1024];
-    const char *msg;
-    char **v, **vp;
-    int ret;
-
-    /*
-     * Check if we should use the old version of policy function.
-     */
-
-    v = krb5_config_get_strings(context, NULL, 
-				"password_quality", 
-				"policies", 
-				NULL);
-    if (v == NULL) {
-	msg = (*passwd_quality_check) (context, principal, pwd_data);
-	krb5_set_error_string(context, "password policy failed: %s", msg);
-	return msg;
-    }
-
-    error_msg[0] = '\0';
-
-    msg = NULL;
-    for(vp = v; *vp; vp++) {
-	proc = find_func(context, *vp);
-	if (proc == NULL) {
-	    msg = "failed to find password verifier function";
-	    krb5_set_error_string(context, "Failed to find password policy "
-				  "function: %s", *vp);
-	    break;
-	}
-	ret = (proc->func)(context, principal, pwd_data, NULL,
-			   error_msg, sizeof(error_msg));
-	if (ret) {
-	    krb5_set_error_string(context, "Password policy "
-				  "%s failed with %s", 
-				  proc->name, error_msg);
-	    msg = error_msg;
-	    break;
-	}
-    }
-    krb5_config_free_strings(v);
-
-    /* If the default quality check isn't used, lets check that the
-     * old quality function the user have set too */
-    if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) {
-	msg = (*passwd_quality_check) (context, principal, pwd_data);
-	if (msg)
-	    krb5_set_error_string(context, "(old) password policy "
-				  "failed with %s", msg);
-	    
-    }
-    return msg;
-}
diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h
deleted file mode 100644
index d5e1380..0000000
--- a/crypto/heimdal/lib/kadm5/private.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: private.h 22211 2007-12-07 19:27:27Z lha $ */
-
-#ifndef __kadm5_privatex_h__
-#define __kadm5_privatex_h__
-
-struct kadm_func {
-    kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*);
-    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, 
-				     uint32_t, const char*);
-    kadm5_ret_t (*delete_principal) (void*, krb5_principal);
-    kadm5_ret_t (*destroy) (void*);
-    kadm5_ret_t (*flush) (void*);
-    kadm5_ret_t (*get_principal) (void*, krb5_principal, 
-				  kadm5_principal_ent_t, uint32_t);
-    kadm5_ret_t (*get_principals) (void*, const char*, char***, int*);
-    kadm5_ret_t (*get_privs) (void*, uint32_t*);
-    kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t);
-    kadm5_ret_t (*randkey_principal) (void*, krb5_principal, 
-				      krb5_keyblock**, int*);
-    kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
-    kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
-					      int, krb5_key_data *);
-};
-
-/* XXX should be integrated */
-typedef struct kadm5_common_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    void *data;
-}kadm5_common_context;
-
-typedef struct kadm5_log_peer {
-    int fd;
-    char *name;
-    krb5_auth_context ac;
-    struct kadm5_log_peer *next;
-} kadm5_log_peer;
-
-typedef struct kadm5_log_context {
-    char *log_file;
-    int log_fd;
-    uint32_t version;
-    struct sockaddr_un socket_name;
-    int socket_fd;
-} kadm5_log_context;
-
-typedef struct kadm5_server_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    kadm5_config_params config;
-    HDB *db;
-    krb5_principal caller;
-    unsigned acl_flags;
-    kadm5_log_context log_context;
-} kadm5_server_context;
-
-typedef struct kadm5_client_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    krb5_auth_context ac;
-    char *realm;
-    char *admin_server;
-    int kadmind_port;
-    int sock;
-    char *client_name;
-    char *service_name;
-    krb5_prompter_fct prompter;
-    const char *keytab;
-    krb5_ccache ccache;
-    kadm5_config_params *realm_params;
-}kadm5_client_context;
-
-typedef struct kadm5_ad_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    kadm5_config_params config;
-    krb5_principal caller;
-    krb5_ccache ccache;
-    char *client_name;
-    char *realm;
-    void *ldap_conn;
-    char *base_dn;
-} kadm5_ad_context;
-
-enum kadm_ops {
-    kadm_get,
-    kadm_delete,
-    kadm_create,
-    kadm_rename,
-    kadm_chpass,
-    kadm_modify,
-    kadm_randkey,
-    kadm_get_privs,
-    kadm_get_princs,
-    kadm_chpass_with_key,
-    kadm_nop
-};
-
-#define KADMIN_APPL_VERSION "KADM0.1"
-#define KADMIN_OLD_APPL_VERSION "KADM0.0"
-
-#include "kadm5-private.h"
-
-#endif /* __kadm5_privatex_h__ */
diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c
deleted file mode 100644
index 58e6824..0000000
--- a/crypto/heimdal/lib/kadm5/privs_c.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_c.c 17512 2006-05-08 13:43:17Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_privs(void *server_handle, uint32_t *privs)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    *privs = 0;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_get_privs);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    ret = tmp;
-    if(ret == 0){
-	krb5_ret_uint32(sp, privs);
-    }
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c
deleted file mode 100644
index 9c345e3..0000000
--- a/crypto/heimdal/lib/kadm5/privs_s.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_s.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_s_get_privs(void *server_handle, uint32_t *privs)
-{
-    kadm5_server_context *context = server_handle;
-    *privs = context->acl_flags;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c
deleted file mode 100644
index 60a3f53..0000000
--- a/crypto/heimdal/lib/kadm5/randkey_c.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_c.c 16662 2006-01-25 12:53:09Z lha $");
-
-kadm5_ret_t
-kadm5_c_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_randkey);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_clear_error_string(context->context);
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0){
-	krb5_keyblock *k;
-	int i;
-
-	krb5_ret_int32(sp, &tmp);
-	k = malloc(tmp * sizeof(*k));
-	if (k == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_keyblock(sp, &k[i]);
-	*n_keys = tmp;
-	*new_keys = k;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c
deleted file mode 100644
index cb0f0fa..0000000
--- a/crypto/heimdal/lib/kadm5/randkey_s.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $");
-
-/*
- * Set the keys of `princ' to random values, returning the random keys
- * in `new_keys', `n_keys'.
- */
-
-kadm5_ret_t
-kadm5_s_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ, 
-				 HDB_F_GET_ANY, &ent);
-    if(ret)
-	goto out;
-
-    ret = _kadm5_set_keys_randomly (context,
-				    &ent.entry,
-				    new_keys,
-				    n_keys);
-    if (ret)
-	goto out2;
-    ent.entry.kvno++;
-
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out3;
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out3:
-    if (ret) {
-	int i;
-
-	for (i = 0; i < *n_keys; ++i)
-	    krb5_free_keyblock_contents (context->context, &(*new_keys)[i]);
-	free (*new_keys);
-	*new_keys = NULL;
-	*n_keys = 0;
-    }
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c
deleted file mode 100644
index cec2fd3..0000000
--- a/crypto/heimdal/lib/kadm5/rename_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_c.c 8655 2000-07-11 16:00:19Z joda $");
-
-kadm5_ret_t
-kadm5_c_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_rename);
-    krb5_store_principal(sp, source);
-    krb5_store_principal(sp, target);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c
deleted file mode 100644
index 2a19426..0000000
--- a/crypto/heimdal/lib/kadm5/rename_s.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_s.c 21745 2007-07-31 16:11:25Z lha $");
-
-kadm5_ret_t
-kadm5_s_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    krb5_principal oldname;
-
-    memset(&ent, 0, sizeof(ent));
-    if(krb5_principal_compare(context->context, source, target))
-	return KADM5_DUP; /* XXX is this right? */
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, 
-				 source, HDB_F_GET_ANY, &ent);
-    if(ret){
-	context->db->hdb_close(context->context, context->db);
-	goto out;
-    }
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-    {
-	/* fix salt */
-	int i;
-	Salt salt;
-	krb5_salt salt2;
-	krb5_get_pw_salt(context->context, source, &salt2);
-	salt.type = hdb_pw_salt;
-	salt.salt = salt2.saltvalue;
-	for(i = 0; i < ent.entry.keys.len; i++){
-	    if(ent.entry.keys.val[i].salt == NULL){
-		ent.entry.keys.val[i].salt = 
-		    malloc(sizeof(*ent.entry.keys.val[i].salt));
-		if(ent.entry.keys.val[i].salt == NULL)
-		    return ENOMEM;
-		ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
-		if(ret)
-		    break;
-	    }
-	}
-	krb5_free_salt(context->context, salt2);
-    }
-    if(ret)
-	goto out2;
-    oldname = ent.entry.principal;
-    ent.entry.principal = target;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret) {
-	ent.entry.principal = oldname;
-	goto out2;
-    }
-
-    kadm5_log_rename (context, source, &ent.entry);
-
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    if(ret){
-	ent.entry.principal = oldname;
-	goto out2;
-    }
-    ret = context->db->hdb_remove(context->context, context->db, oldname);
-    ent.entry.principal = oldname;
-out2:
-    context->db->hdb_close(context->context, context->db);
-    hdb_free_entry(context->context, &ent);
-out:
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c
deleted file mode 100644
index 1b2d716..0000000
--- a/crypto/heimdal/lib/kadm5/replay_log.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    krb5_error_code ret;
-
-    if((start_version != -1 && ver < start_version) ||
-       (end_version != -1 && ver > end_version)) {
-	/* XXX skip this entry */
-	krb5_storage_seek(sp, len, SEEK_CUR);
-	return;
-    }
-    printf ("ver %u... ", ver);
-    fflush (stdout);
-
-    ret = kadm5_log_replay (server_context,
-			    op, ver, len, sp);
-    if (ret)
-	krb5_warn (server_context->context, ret, "kadm5_log_replay");
-
-    
-    printf ("done\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "start-version", 0, arg_integer, &start_version, "start replay with this version" },
-    { "end-version", 0, arg_integer, &end_version, "end replay with this version" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_config_params conf;
-    kadm5_server_context *server_context;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = server_context->db->open(context,
-				   server_context->db,
-				   O_RDWR | O_CREAT, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, apply_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    ret = server_context->db->close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c
deleted file mode 100644
index 1a21c10..0000000
--- a/crypto/heimdal/lib/kadm5/sample_passwd_check.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $ */
-
-#include <string.h>
-#include <stdlib.h>
-#include <krb5.h>
-
-const char* check_length(krb5_context, krb5_principal, krb5_data *);
-
-/* specify the api-version this library conforms to */
-
-int version = 0;
-
-/* just check the length of the password, this is what the default
-   check does, but this lets you specify the minimum length in
-   krb5.conf */
-const char*
-check_length(krb5_context context,
-             krb5_principal prinipal,
-             krb5_data *password)
-{
-    int min_length = krb5_config_get_int_default(context, NULL, 6,
-						 "password_quality",
-						 "min_length",
-						 NULL);
-    if(password->length < min_length)
-	return "Password too short";
-    return NULL;
-}
-
-#ifdef DICTPATH
-
-/* use cracklib to check password quality; this requires a patch for
-   cracklib that can be found at
-   ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
-
-const char*
-check_cracklib(krb5_context context,
-	       krb5_principal principal,
-	       krb5_data *password)
-{
-    char *s = malloc(password->length + 1);
-    char *msg;
-    char *strings[2];
-    if(s == NULL)
-	return NULL; /* XXX */
-    strings[0] = principal->name.name_string.val[0]; /* XXX */
-    strings[1] = NULL;
-    memcpy(s, password->data, password->length);
-    s[password->length] = '\0';
-    msg = FascistCheck(s, DICTPATH, strings);
-    memset(s, 0, password->length);
-    free(s);
-    return msg;
-}
-#endif
diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c
deleted file mode 100644
index b64bbfe..0000000
--- a/crypto/heimdal/lib/kadm5/send_recv.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 1997-2003, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: send_recv.c 17311 2006-04-27 11:10:07Z lha $");
-
-kadm5_ret_t 
-_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
-{
-    krb5_data msg, out;
-    krb5_error_code ret;
-    size_t len;
-    krb5_storage *sock;
-
-    assert(context->sock != -1);
-
-    len = krb5_storage_seek(sp, 0, SEEK_CUR);
-    ret = krb5_data_alloc(&msg, len);
-    if (ret) {
-	krb5_clear_error_string(context->context);
-	return ret;
-    }
-    krb5_storage_seek(sp, 0, SEEK_SET);
-    krb5_storage_read(sp, msg.data, msg.length);
-    
-    ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
-    krb5_data_free(&msg);
-    if(ret)
-	return ret;
-    
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free(&out);
-	return ENOMEM;
-    }
-    
-    ret = krb5_store_data(sock, out);
-    if (ret)
-	krb5_clear_error_string(context->context);
-    krb5_storage_free(sock);
-    krb5_data_free(&out);
-    return ret;
-}
-
-kadm5_ret_t
-_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sock;
-
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    ret = krb5_ret_data(sock, &data);
-    krb5_storage_free(sock);
-    krb5_clear_error_string(context->context);
-    if(ret == KRB5_CC_END)
-	return KADM5_RPC_ERROR;
-    else if(ret)
-	return ret;
-
-    ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL);
-    krb5_data_free(&data);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c
deleted file mode 100644
index 2862c36..0000000
--- a/crypto/heimdal/lib/kadm5/server_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: server_glue.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_s_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_s_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_s_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_s_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c
deleted file mode 100644
index ee4de3b..0000000
--- a/crypto/heimdal/lib/kadm5/set_keys.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $");
-
-/*
- * Set the keys of `ent' to the string-to-key of `password'
- */
-
-kadm5_ret_t
-_kadm5_set_keys(kadm5_server_context *context,
-		hdb_entry *ent, 
-		const char *password)
-{
-    Key *keys;
-    size_t num_keys;
-    kadm5_ret_t ret;
-
-    ret = hdb_generate_key_set_password(context->context,
-					ent->principal, 
-					password, &keys, &num_keys);
-    if (ret)
-	return ret;
-
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.val = keys;
-    ent->keys.len = num_keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-
-    if (krb5_config_get_bool_default(context->context, NULL, FALSE, 
-				     "kadmin", "save-password", NULL))
-    {
-	ret = hdb_entry_set_password(context->context, context->db,
-				     ent, password);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-/*
- * Set the keys of `ent' to (`n_key_data', `key_data')
- */
-
-kadm5_ret_t
-_kadm5_set_keys2(kadm5_server_context *context,
-		 hdb_entry *ent, 
-		 int16_t n_key_data, 
-		 krb5_key_data *key_data)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_key_data;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_key_data; i++) {
-	keys[i].mkvno = NULL;
-	keys[i].key.keytype = key_data[i].key_data_type[0];
-	ret = krb5_data_copy(&keys[i].key.keyvalue,
-			     key_data[i].key_data_contents[0],
-			     key_data[i].key_data_length[0]);
-	if(ret)
-	    goto out;
-	if(key_data[i].key_data_ver == 2) {
-	    Salt *salt;
-
-	    salt = malloc(sizeof(*salt));
-	    if(salt == NULL) {
-		ret = ENOMEM;
-		goto out;
-	    }
-	    keys[i].salt = salt;
-	    salt->type = key_data[i].key_data_type[1];
-	    krb5_data_copy(&salt->salt, 
-			   key_data[i].key_data_contents[1],
-			   key_data[i].key_data_length[1]);
-	} else
-	    keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-    hdb_entry_clear_password(context->context, ent);
-
-    return 0;
- out:
-    _kadm5_free_keys (context->context, len, keys);
-    return ret;
-}
-
-/*
- * Set the keys of `ent' to `n_keys, keys'
- */
-
-kadm5_ret_t
-_kadm5_set_keys3(kadm5_server_context *context,
-		 hdb_entry *ent,
-		 int n_keys,
-		 krb5_keyblock *keyblocks)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_keys;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_keys; i++) {
-	keys[i].mkvno = NULL;
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &keyblocks[i],
-					   &keys[i].key);
-	if(ret)
-	    goto out;
-	keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-    hdb_entry_clear_password(context->context, ent);
-
-    return 0;
- out:
-    _kadm5_free_keys (context->context, len, keys);
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-is_des_key_p(int keytype)
-{
-    return keytype == ETYPE_DES_CBC_CRC ||
-    	keytype == ETYPE_DES_CBC_MD4 ||
-	keytype == ETYPE_DES_CBC_MD5;
-}
-
-
-/*
- * Set the keys of `ent' to random keys and return them in `n_keys'
- * and `new_keys'.
- */
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (kadm5_server_context *context,
-			  hdb_entry *ent,
-			  krb5_keyblock **new_keys,
-			  int *n_keys)
-{
-   krb5_keyblock *kblock = NULL;
-   kadm5_ret_t ret = 0;
-   int i, des_keyblock;
-   size_t num_keys;
-   Key *keys;
-
-   ret = hdb_generate_key_set(context->context, ent->principal,
-			       &keys, &num_keys, 1);
-   if (ret)
-	return ret;
-
-   kblock = malloc(num_keys * sizeof(kblock[0]));
-   if (kblock == NULL) {
-	ret = ENOMEM;
-	_kadm5_free_keys (context->context, num_keys, keys);
-	return ret;
-   }
-   memset(kblock, 0, num_keys * sizeof(kblock[0]));
-
-   des_keyblock = -1;
-   for (i = 0; i < num_keys; i++) {
-
-	/* 
-	 * To make sure all des keys are the the same we generate only
-	 * the first one and then copy key to all other des keys.
-	 */
-
-	if (des_keyblock != -1 && is_des_key_p(keys[i].key.keytype)) {
-	    ret = krb5_copy_keyblock_contents (context->context,
-					       &kblock[des_keyblock],
-					       &kblock[i]);
-	    if (ret)
-		goto out;
-	    kblock[i].keytype = keys[i].key.keytype;
-	} else {
-	    ret = krb5_generate_random_keyblock (context->context,
-						 keys[i].key.keytype,
-						 &kblock[i]);
-	    if (ret)
-		goto out;
-
-	    if (is_des_key_p(keys[i].key.keytype))
-		des_keyblock = i;
-	}
-
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &kblock[i],
-					   &keys[i].key);
-	if (ret)
-	    goto out;
-   }
-
-out:
-   if(ret) {
-	for (i = 0; i < num_keys; ++i)
-	    krb5_free_keyblock_contents (context->context, &kblock[i]);
-	free(kblock);
-	_kadm5_free_keys (context->context, num_keys, keys);
-	return ret;
-   }
-   
-   _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-   ent->keys.val = keys;
-   ent->keys.len = num_keys;
-   *new_keys     = kblock;
-   *n_keys       = num_keys;
-
-   hdb_entry_set_pw_change_time(context->context, ent, 0);
-   hdb_entry_clear_password(context->context, ent);
-
-   return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c
deleted file mode 100644
index 6296519..0000000
--- a/crypto/heimdal/lib/kadm5/set_modifier.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_modifier.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-_kadm5_set_modifier(kadm5_server_context *context,
-		    hdb_entry *ent)
-{
-    kadm5_ret_t ret;
-    if(ent->modified_by == NULL){
-	ent->modified_by = malloc(sizeof(*ent->modified_by));
-	if(ent->modified_by == NULL)
-	    return ENOMEM;
-    } else
-	free_Event(ent->modified_by);
-    ent->modified_by->time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->modified_by->principal);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/test_pw_quality.c b/crypto/heimdal/lib/kadm5/test_pw_quality.c
deleted file mode 100644
index 745e03e..0000000
--- a/crypto/heimdal/lib/kadm5/test_pw_quality.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2003, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_pw_quality.c 15105 2005-05-09 19:13:29Z lha $");
-
-static int version_flag;
-static int help_flag;
-static char *principal;
-static char *password;
-
-static struct getargs args[] = {
-    { "principal", 0, arg_string, &principal },
-    { "password", 0, arg_string, &password },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal p;
-    const char *s;
-    krb5_data pw_data;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if (principal == NULL)
-	krb5_errx(context, 1, "no principal given");
-    if (password == NULL)
-	krb5_errx(context, 1, "no password given");
-
-    ret = krb5_parse_name(context, principal, &p);
-    if (ret)
-	krb5_errx(context, 1, "krb5_parse_name: %s", principal);
-
-    pw_data.data = password;
-    pw_data.length = strlen(password);
-
-    kadm5_setup_passwd_quality_check (context, NULL, NULL);
-    ret = kadm5_add_passwd_quality_verifier(context, NULL);
-    if (ret)
-	krb5_errx(context, 1, "kadm5_add_passwd_quality_verifier");
-
-    s = kadm5_check_password_quality (context, p, &pw_data);
-    if (s)
-	krb5_errx(context, 1, "kadm5_check_password_quality:\n%s", s);
-
-    krb5_free_principal(context, p);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c
deleted file mode 100644
index cf4af26..0000000
--- a/crypto/heimdal/lib/kadm5/truncate_log.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $");
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_truncate (server_context);
-    if(ret)
-	krb5_err (context, 1, ret, "kadm5_log_truncate");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/version-script.map b/crypto/heimdal/lib/kadm5/version-script.map
deleted file mode 100644
index 90bd6fe..0000000
--- a/crypto/heimdal/lib/kadm5/version-script.map
+++ /dev/null
@@ -1,66 +0,0 @@
-# $Id$
-
-HEIMDAL_KAMD5_SERVER_1.0 {
-	global:
-		kadm5_ad_init_with_password;
-		kadm5_ad_init_with_password_ctx;
-		kadm5_add_passwd_quality_verifier;
-		kadm5_check_password_quality;
-		kadm5_chpass_principal;
-		kadm5_chpass_principal_with_key;
-		kadm5_create_principal;
-		kadm5_delete_principal;
-		kadm5_destroy;
-		kadm5_flush;
-		kadm5_free_key_data;
-		kadm5_free_name_list;
-		kadm5_free_principal_ent;
-		kadm5_get_principal;
-		kadm5_get_principals;
-		kadm5_get_privs;
-		kadm5_init_with_creds;
-		kadm5_init_with_creds_ctx;
-		kadm5_init_with_password;
-		kadm5_init_with_password_ctx;
-		kadm5_init_with_skey;
-		kadm5_init_with_skey_ctx;
-		kadm5_modify_principal;
-		kadm5_randkey_principal;
-		kadm5_rename_principal;
-		kadm5_ret_key_data;
-		kadm5_ret_principal_ent;
-		kadm5_ret_principal_ent_mask;
-		kadm5_ret_tl_data;
-		kadm5_setup_passwd_quality_check;
-		kadm5_store_key_data;
-		kadm5_store_principal_ent;
-		kadm5_store_principal_ent_mask;
-		kadm5_store_tl_data;
-		kadm5_s_init_with_password_ctx;
-		kadm5_s_init_with_password;
-		kadm5_s_init_with_skey_ctx;
-		kadm5_s_init_with_skey;
-		kadm5_s_init_with_creds_ctx;
-		kadm5_s_init_with_creds;
-		kadm5_s_chpass_principal_cond;
-		kadm5_log_set_version;
-		kadm5_log_signal_socket;
-		kadm5_log_previous;
-		kadm5_log_goto_end;
-		kadm5_log_foreach;
-		kadm5_log_get_version_fd;
-		kadm5_log_get_version;
-		kadm5_log_replay;
-		kadm5_log_end;
-		kadm5_log_reinit;
-		kadm5_log_init;
-		kadm5_log_nop;
-		kadm5_log_truncate;
-		kadm5_log_modify;
-		_kadm5_acl_check_permission;
-		_kadm5_unmarshal_params;
-		_kadm5_s_get_db;
-		_kadm5_privs_to_string;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog
deleted file mode 100644
index 861796a..0000000
--- a/crypto/heimdal/lib/kafs/ChangeLog
+++ /dev/null
@@ -1,562 +0,0 @@
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.h: Add VIOCSETTOK2
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: unbreak previous
-	
-	* Makefile.am: split dist and nodist sources
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add more files
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: Spelling, from Bj�rn Sandell.
-	
-2006-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: use afs_ioctlnum, From Tomas Olsson <tol@it.su.se>
-	
-2006-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: Try harder to get the pioctl to work via the /proc or
-	/dev interface, OpenAFS choose to reuse the same ioctl number,
-	while Arla didn't.  Also, try new ioctl before the the old
-	syscalls.
-
-	* afskrb5.c (afslog_uid_int): use the simpler
-	krb5_principal_get_realm function.
-	
-2005-12-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove dependency on config.h, breaks IRIX build,
-	could depend on libkafs_la_OBJECTS, but that is just asking for
-	trubble.
-	
-2005-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c (k_hasafs_recheck): new function, allow rechecking if
-	AFS client have started now, internaly it resets the internal
-	state from k_hasafs() and retry retry the probing. The problem
-	with calling k_hasaf() is that is plays around with signals, and
-	that cases problem for some systems/applications.
-	
-2005-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs_locl.h: Maybe include <sys/sysctl.h>.
-
-	* afssys.c: Mac OS X 10.4 needs a runtime check if we are going to
-	use the syscall, there is no cpp define to use to check the
-	version.  Every after 10.0 (darwin 8.0) uses the /dev/ version of
-	the pioctl.
-	
-2005-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: Support the new MacOS X 10.4 ioctl interface that is a
-	device node. Patched from Tomas Olson <tol@it.su.se>.
-	
-2005-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c: Default to use 2b tokens.
-
-2005-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: rename index to idx
-
-	* afssys.c (k_afs_cell_of_file): unconst path
-	
-2005-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use struct kafs_data everywhere, don't mix with the typedef
-	kafs_data
-
-	* roken_rename.h: rename more resolve.c symbols
-	
-	* afssys.c: Don't building map_syscall_name_to_number where its
-	not used.
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 4:1:4
-
-2005-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.h: de-__P
-	
-2004-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c: s/KEYTYPE_DES/ETYPE_DES_CBC_CRC/
-	
-2004-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssysdefs.h: ifdef protect AFS_SYSCALL for DragonFly since they
-	still define __FreeBSD__ (and __FreeBSD_version), but claim that
-	they will stop doing it some time...
-	
-	* afssysdefs.h: dragonflybsd uses 339 just like freebsd5
-	
-2004-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: s/arla/nnpfs/
-	
-	* afssys.c: support the linux /proc/fs/mumel/afs_ioctl afs
-	"syscall" interface
-
-2004-01-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: search paths for AFS configuration files for the
-	OpenAFS MacOS X, fix comment
-	
-	* kafs.h: search paths for AFS configuration files for the OpenAFS
-	MacOS X
-
-2003-12-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: add _PATH_ARLA_OPENBSD & c/o
-	
-	* kafs.h: add _PATH_ARLA_OPENBSD & c/o
-	
-2003-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: typo, Bruno Rohee <bruno@rohee.com>
-	
-2003-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: spelling, partly from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-09-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (krb5_afslog_uid_home): be even more friendly to the
-	user and fetch context and id ourself
-	
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (afslog_uid_int): just belive that realm hint the user
-	passed us
-
-2003-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: always include v4 symbols
-	
-	* afskrb.c: provide dummy krb_ function to there is no need to
-	bump major
-
-2003-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (v5_convert): rename one of the two c to cred4
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c, kafs.h: drop the int argument (the error code) from
-	the logging function
-
-2003-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskrb5.c (v5_convert): better match what other functions do
-	with values from krb5.conf, like case insensitivity
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: (libkafs_la_LDFLAGS): update version
-	
-	* Makefile.am (ROKEN_SRCS): drop strupr.c
-	
-	* kafs.3: document kafs_set_verbose
-	
-	* common.c (kafs_set_verbose): add function that (re)sets the
-	logging function
-	(_kafs_try_get_cred): add function that does (krb_data->get_cred) to
-	make logging easier (that is now done in this function)
-	(*): use _kafs_try_get_cred
-
-	* afskrb5.c (get_cred): handle that inst can be the empty string too
-	(v5_convert): use _kafs_foldup
-	(krb5_afslog_uid_home): set name
-	(krb5_afslog_uid_home): ditto
-
-	* afskrb.c (krb_afslog_uid_home): set name
-	(krb_afslog_uid_home): ditto
-
-	* kafs_locl.h (kafs_data): add name
-	(_kafs_foldup): internally export
-
-2003-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: tell that cell-name is uppercased
-	
-	* Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des
-	when using krb5, add strupr.c
-	
-	* afskrb5.c: Check the cell part of the name, not the realm part
-	when checking if 2b should be used. The reson is afs@REALM might
-	have updated their servers but not afs/cell@REALM. Add constant
-	KAFS_RXKAD_2B_KVNO.
-
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: s/kerberos/Kerberos/
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-	* kafs.3: document the kafs_settoken functions write about the
-	krb5_appdefault option for kerberos 5 afs tokens fix prototypes
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (kafs_settoken5): change signature to include a
-	krb5_context, use v5_convert
-	(v5_convert): new function, converts a krb5_ccreds to a kafs_token in
-	three diffrent ways, not at all, local 524/2b, and using 524
-	(v5_to_kt): add code to do local 524/2b
-	(get_cred): use v5_convert
-
-
-	* kafs.h (kafs_settoken5): change signature to include a
-	krb5_context
-
-	* Makefile.am: always build the libkafs library now that the
-	kerberos 5 can stand on their own
-	
-	* kafs.3: expose the krb5 functions
-	
-	* common.c (kafs_settoken_rxkad): move all content kerberos
-	version from kafs_settoken to kafs_settoken_rxkad
-	(_kafs_fixup_viceid): move the fixup the timestamp to make client
-	happy code here.
-	(_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
-	kafs_settoken here.
-	(*): adapt to kafs_token
-
-	* afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds
-	into kernel
-	(v5_to_kt): new function, stores a krb5_creds in struct kafs_token
-	(get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524")
-	that can used to toggle if there should v5 token should be used
-	directly or converted via 524 first.
-
-	* afskrb.c: move kafs_settoken here, use struct kafs_token
-	
-	* kafs_locl.h: include krb5-v4compat.h if needed, define an
-	internal structure struct kafs_token that carries around for rxkad
-	data that is independant of kerberos version
-	
-2003-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dlfcn.h: s/intialize/initialize, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-02-08  Assar Westerlund  <assar@kth.se>
-
-	* afssysdefs.h: fix FreeBSD section
-
-2003-02-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssysdefs.h: use syscall 208 on openbsd (all version) use
-	syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier
-	
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kafs.3: move around sections (from NetBSD)
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* common.c: remove the trial of afs@REALM for cell != realm, it
-	tries to use the wrong key for foreign cells
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: version number
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* common.c (find_cells): make file parameter const
-
-2001-11-01  Assar Westerlund  <assar@sics.se>
-
-	* add strsep, and bump version to 3:3:3
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:2:3
-
-2001-10-24  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): handle krb_get_tf_fullname that
-	cannot take NULLs
-	(such as the MIT one)
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strlcpy.c
-
-2001-10-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strtok_r.c
-	* roken_rename.h (dns_srv_order): rename correctly
-	(strtok_r): add renaming
-
-2001-09-10  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h, common.c: look for configuration files in /etc/arla (the
-	location in debian's arla package)
-
-2001-08-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: handle both krb5 and krb4 cases
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:0:3
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* common.c: look in /etc/openafs for debian openafs
-	* kafs.h: add paths for openafs debian (/etc/openafs)
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set versoin to 2:4:2
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* common.c (_kafs_realm_of_cell): changed to first try exact match
-	in CellServDB, then exact match in DNS, and finally in-exact match
-	in CellServDB
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: only build resolve.c if doing renaming
-
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am, roken_rename.h: add rename of dns functions
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 2:3:2
-
-2000-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: solaris 8 apperently uses 65
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): bump version to 2:2:2
-
-2000-09-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dlfcn.c: correct arguments to some snprintf:s
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:1:2
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 2:0:2
-
-2000-03-20  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: make versions later than 5.7 of solaris also use
-	73
-
-2000-03-16  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): use krb_get_tf_fullname instead of
-	krb_get_default_principal
-
-2000-03-15  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): ignore # at
-	beginning-of-line
-
-2000-03-13  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: add 230 for MacOS X per information from
-	<warner.c@apple.com>
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:2:1
-
-1999-11-22  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): handle d->realm == NULL
-	
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): don't look at the local realm at
- 	all.  just use the realm from the ticket file.
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:1:1
-
-	* afskrb5.c (get_cred): always request a DES key
-
-Mon Oct 18 17:40:21 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* common.c (find_cells): Trim trailing whitespace from
- 	cellname. Lines starting with # are regarded as comments.
-
-Fri Oct  8 18:17:22 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* afskrb.c, common.c : Change code to make a clear distinction
- 	between hinted realm and ticket realm.
-
-	* kafs_locl.h: Added argument realm_hint.
-
-	* common.c (_kafs_get_cred): Change code to acquire the ``best''
- 	possible ticket. Use cross-cell authentication only as method of
- 	last resort.
-
-	* afskrb.c (afslog_uid_int): Add realm_hint argument and extract
- 	realm from ticket file.
-
-	* afskrb5.c (afslog_uid_int): Added argument realm_hint.
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (get_cred): update to new krb524_convert_creds_kdc
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: ignore the comlicated aix construct if !krb4
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (krb5_realm_of_cell): new function
-
-	* afskrb.c (krb_realm_of_cell): new function
-	(afslog_uid_int): call krb_get_lrealm correctly
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
- 	un-staticize
-
-Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
- 	1.4)
-
-Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: set AIX_SRC also if !AIX
-
-Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: fix AIX linkage
-
-Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* afskrb5.c: add homedir support
-
-Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
-
-	* add new functionality for specifying the homedir to krb_afslog
- 	et al
-
-Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: reorganize order of definitions.
-	(try_one, try_two): conditionalize
-
-Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c (realm_of_cell): make the dns fallback work
-
-Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): new function for finding
- 	the number of a syscall given the name on solaris
-	(k_hasafs): try using map_syscall_name_to_number
-
-Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: rewrite and add support for environment variable
- 	AFS_SYSCALL
-
-	* Makefile.in (distclean): don't remove roken_rename.h
-
-Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (roken_rename.h): remove dependency
-
-Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: add arla paths
-
-	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
-	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
-
-Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c: Don't store expired tokens (this broke when using
- 	pag-less rsh-sessions, and `non-standard' ticket files).
-
-Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install/uninstall one library at a time.
-
-Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (install): one library at a time.
-
-Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
-
-	* common.c (find_cells): ignore empty lines
-
-Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
-
-Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
-
-	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am
deleted file mode 100644
index 15282f0..0000000
--- a/crypto/heimdal/lib/kafs/Makefile.am
+++ /dev/null
@@ -1,107 +0,0 @@
-# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME)
-
-if KRB4
-DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
-krb4_am_workaround = $(INCLUDE_krb4)
-else
-DEPLIB_krb4  =
-krb4_am_workaround = 
-endif # KRB4
-AM_CPPFLAGS += $(krb4_am_workaround)
-
-if KRB5
-DEPLIB_krb5 = ../krb5/libkrb5.la 
-krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
-else
-DEPLIB_krb5  =
-krb5_am_workaround = 
-endif # KRB5
-AM_CPPFLAGS += $(krb5_am_workaround)
-
-
-if AIX
-AFSL_EXP = $(srcdir)/afsl.exp
-
-if AIX4
-AFS_EXTRA_LD = -bnoentry
-else
-AFS_EXTRA_LD = -e _nostart
-endif
-
-if AIX_DYNAMIC_AFS
-if HAVE_DLOPEN
-AIX_SRC = 
-else
-AIX_SRC = dlfcn.c
-endif
-AFS_EXTRA_LIBS = afslib.so
-AFS_EXTRA_DEFS =
-else
-AIX_SRC = afslib.c
-AFS_EXTRA_LIBS = 
-AFS_EXTRA_DEFS = -DSTATIC_AFS
-endif
-
-else
-AFSL_EXP =
-AIX_SRC =
-endif # AIX
-
-libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
-
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 5:1:5
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-# EXTRA_DATA = afslib.so
-
-CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-
-include_HEADERS = kafs.h
-
-if KRB5
-afskrb5_c = afskrb5.c
-endif
-
-if do_roken_rename
-ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-endif
-
-dist_libkafs_la_SOURCES =			\
-	afssys.c				\
-	afskrb.c				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	roken_rename.h
-
-nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
-
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
-
-man_MANS = kafs.3
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in
deleted file mode 100644
index ae9a12a..0000000
--- a/crypto/heimdal/lib/kafs/Makefile.in
+++ /dev/null
@@ -1,956 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = lib/kafs
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-@KRB5_TRUE@am__DEPENDENCIES_1 = ../krb5/libkrb5.la
-am__DEPENDENCIES_2 =
-@KRB4_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
-@KRB4_TRUE@	$(am__DEPENDENCIES_2)
-libkafs_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_3)
-am__dist_libkafs_la_SOURCES_DIST = afssys.c afskrb.c afskrb5.c \
-	common.c afslib.c dlfcn.c kafs_locl.h afssysdefs.h \
-	roken_rename.h
-@KRB5_TRUE@am__objects_1 = afskrb5.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_2 = afslib.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_2 =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@	dlfcn.lo
-dist_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_1) \
-	common.lo $(am__objects_2)
-@do_roken_rename_TRUE@am__objects_3 = resolve.lo strtok_r.lo \
-@do_roken_rename_TRUE@	strlcpy.lo strsep.lo
-nodist_libkafs_la_OBJECTS = $(am__objects_3)
-libkafs_la_OBJECTS = $(dist_libkafs_la_OBJECTS) \
-	$(nodist_libkafs_la_OBJECTS)
-libkafs_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkafs_la_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(EXTRA_libkafs_la_SOURCES) $(dist_libkafs_la_SOURCES) \
-	$(nodist_libkafs_la_SOURCES)
-DIST_SOURCES = $(EXTRA_libkafs_la_SOURCES) \
-	$(am__dist_libkafs_la_SOURCES_DIST)
-man3dir = $(mandir)/man3
-MANS = $(man_MANS)
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) \
-	$(krb5_am_workaround)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_FALSE@DEPLIB_krb4 = 
-@KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
-@KRB4_FALSE@krb4_am_workaround = 
-@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4)
-@KRB5_FALSE@DEPLIB_krb5 = 
-@KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la 
-@KRB5_FALSE@krb5_am_workaround = 
-@KRB5_TRUE@krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
-@AIX_FALSE@AFSL_EXP = 
-@AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp
-@AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart
-@AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = 
-@AIX_FALSE@AIX_SRC = 
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = 
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = 
-libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 5:1:5
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-# EXTRA_DATA = afslib.so
-CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-include_HEADERS = kafs.h
-@KRB5_TRUE@afskrb5_c = afskrb5.c
-@do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-dist_libkafs_la_SOURCES = \
-	afssys.c				\
-	afskrb.c				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	roken_rename.h
-
-nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
-man_MANS = kafs.3
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/kafs/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/kafs/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkafs.la: $(libkafs_la_OBJECTS) $(libkafs_la_DEPENDENCIES) 
-	$(libkafs_la_LINK) -rpath $(libdir) $(libkafs_la_OBJECTS) $(libkafs_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA install-includeHEADERS install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES \
-	install-man install-man3 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-fooDATA uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-man uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kafs/README.dlfcn b/crypto/heimdal/lib/kafs/README.dlfcn
deleted file mode 100644
index cee1b75..0000000
--- a/crypto/heimdal/lib/kafs/README.dlfcn
+++ /dev/null
@@ -1,246 +0,0 @@
-Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
-Not derived from licensed software.
-
-Permission is granted to freely use, copy, modify, and redistribute
-this software, provided that the author is not construed to be liable
-for any results of using the software, alterations are clearly marked
-as such, and this notice is not modified.
-
-libdl.a
--------
-
-This is an emulation library to emulate the SunOS/System V.4 functions
-to access the runtime linker. The functions are emulated by using the
-AIX load() function and by reading the .loader section of the loaded
-module to find the exports. The to be loaded module should be linked as
-follows (if using AIX 3):
-
-	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
-
-For AIX 4:
-
-	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
-
-If you want to reference symbols from the main part of the program in a
-loaded module, you will have to link against the export file of the
-main part:
-
-	cc -o main -bE:main.exp $(MAIN_OBJS)
-	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
-
-Note that you explicitely have to specify what functions are supposed
-to be accessible from your loaded modules, this is different from
-SunOS/System V.4 where any global is automatically exported. If you
-want to export all globals, the following script might be of help:
-
-#!/bin/sh
-/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
-
-The module export file contains the symbols to be exported. Because
-this library uses the loader section, the final module.so file can be
-stripped. C++ users should build their shared objects using the script
-makeC++SharedLib (part of the IBM C++ compiler), this will make sure
-that constructors and destructors for static and global objects will be
-called upon loading and unloading the module. GNU C++ users should use
-the -shared option to g++ to link the shared object:
-
-	g++ -o module.so -shared $(OBJS)
-
-If the shared object does have permissions for anybody, the shared
-object will be loaded into the shared library segment and it will stay
-there even if the main application terminates. If you rebuild your
-shared object after a bugfix and you want to make sure that you really
-get the newest version you will have to use the "slibclean" command
-before starting the application again to garbage collect the shared
-library segment. If the performance utilities (bosperf) are installed
-you can use the following command to see what shared objects are
-loaded:
-
-/usr/lpp/bosperf/genkld | sort | uniq
-
-For easier debugging you can avoid loading the shared object into the
-shared library segment alltogether by removing permissions for others
-from the module.so file:
-
-chmod o-rwx module.so
-
-This will ensure you get a fresh copy of the shared object for every
-dlopen() call which is loaded into the application's data segment.
-
-Usage
------
-
-void *dlopen(const char *path, int mode);
-
-This routine loads the module pointed to by path and reads its export
-table. If the path does not contain a '/' character, dlopen will search
-for the module using the LIBPATH environment variable. It returns an
-opaque handle to the module or NULL on error. The mode parameter can be
-either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
-function binding. The AIX implementation currently does treat RTLD_NOW
-the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
-mode parameter to allow loaded modules to bind to global variables or
-functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
-not specified, only globals from the main part of the executable or
-shared libraries are used to look for undefined symbols in loaded
-modules.
-
-
-void *dlsym(void *handle, const char *symbol);
-
-This routine searches for the symbol in the module referred to by
-handle and returns its address. If the symbol could not be found, the
-function returns NULL. The return value must be casted to a proper
-function pointer before it can be used. SunOS/System V.4 allows handle
-to be a NULL pointer to refer to the module the call is made from, this
-is not implemented.
-
-int dlclose(void *handle);
-
-This routine unloads the module referred to by the handle and disposes
-of any local storage. this function returns -1 on failure. Any function
-pointers obtained through dlsym() should be considered invalid after
-closing a module.
-
-As AIX caches shared objects in the shared library segment, function
-pointers obtained through dlsym() might still work even though the
-module has been unloaded. This can introduce subtle bugs that will
-segment fault later if AIX garbage collects or immediatly on
-SunOS/System V.4 as the text segment is unmapped.
-
-char *dlerror(void);
-
-This routine can be used to retrieve a text message describing the most
-recent error that occured on on of the above routines. This function
-returns NULL if there is no error information.
-
-Initialization and termination handlers
----------------------------------------
-
-The emulation provides for an initialization and a termination
-handler.  The dlfcn.h file contains a structure declaration named
-dl_info with following members:
-
-	void (*init)(void);
-	void (*fini)(void);
-
-The init function is called upon first referencing the library. The
-fini function is called at dlclose() time or when the process exits.
-The module should declare a variable named dl_info that contains this
-structure which must be exported.  These functions correspond to the
-documented _init() and _fini() functions of SunOS 4.x, but these are
-appearently not implemented in SunOS.  When using SunOS 5.0, these
-correspond to #pragma init and #pragma fini respectively. At the same
-time any static or global C++ object's constructors or destructors will
-be called.
-
-BUGS
-----
-
-Please note that there is currently a problem with implicitely loaded
-shared C++ libaries: if you refer to a shared C++ library from a loaded
-module that is not yet used by the main program, the dlopen() emulator
-does not notice this and does not call the static constructors for the
-implicitely loaded library. This can be easily demonstrated by
-referencing the C++ standard streams from a loaded module if the main
-program is a plain C program.
-
-Jens-Uwe Mager
-
-HELIOS Software GmbH
-Lavesstr. 80
-30159 Hannover
-Germany
-
-Phone:		+49 511 36482-0
-FAX:		+49 511 36482-69
-AppleLink:	helios.de/jum
-Internet:	jum@helios.de
-
-Revison History
----------------
-
-SCCS/s.dlfcn.h:
-
-D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
-MRs:
-COMMENTS:
-added RTLD_GLOBAL, include and C++ guards
-
-D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
-MRs:
-COMMENTS:
-we always have prototypes on RS/6000
-
-D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
-MRs:
-COMMENTS:
-added dl_info structure to implement initialize and terminate functions
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
-SCCS/s.dlfcn.c:
-
-D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
-MRs:
-COMMENTS:
-Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
-g++ generated shared objects.
-
-D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
-MRs:
-COMMENTS:
-the C++ constructor and destructor chains are now called properly for either
-xlC 2 or xlC 3 (CSet++).
-
-D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
-MRs:
-COMMENTS:
-Fix version number
-
-D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
-MRs:
-COMMENTS:
-Added version number for dl lib
-
-D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
-MRs:
-COMMENTS:
-Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
-shared objects generated under AIX 4. Fixed bug that symbols with exactly
-8 characters would use garbage characters from the following symbol value.
-
-D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
-MRs:
-COMMENTS:
-added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
-
-D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
-MRs:
-COMMENTS:
-added path to dlopen error message to make clear where there error occured.
-
-D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
-MRs:
-COMMENTS:
-to allow calling symbols in the main module call load with L_NOAUTODEFER and 
-do a loadbind later with the main module.
-
-D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
-MRs:
-COMMENTS:
-added search by L_GETINFO if module got loaded by LIBPATH
-
-D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
-MRs:
-COMMENTS:
-implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c
deleted file mode 100644
index f5516a8..0000000
--- a/crypto/heimdal/lib/kafs/afskrb.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb.c 15342 2005-06-02 07:38:22Z lha $");
-
-#ifdef KRB4
-
-struct krb_kafs_data {
-    const char *realm;
-};
-
-static int
-get_cred(struct kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    CREDENTIALS c;
-    KTEXT_ST tkt;
-    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    
-    if (ret) {
-	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
-	if (ret == KSUCCESS)
-	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    }
-    if (ret == 0)
-	ret = _kafs_v4_to_kt(&c, uid, kt);
-    return ret;
-}
-
-static int
-afslog_uid_int(struct kafs_data *data,
-	       const char *cell,
-	       const char *realm_hint,
-	       uid_t uid,
-	       const char *homedir)
-{
-    int ret;
-    struct kafs_token kt;
-    char name[ANAME_SZ];
-    char inst[INST_SZ];
-    char realm[REALM_SZ];
-    
-    kt.ticket = NULL;
-
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    /* Extract realm from ticket file. */
-    ret = krb_get_tf_fullname(tkt_string(), name, inst, realm);
-    if (ret != KSUCCESS)
-	return ret;
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt);
-    
-    if (ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(struct kafs_data *data, const char *host)
-{
-    char *r = krb_realmofhost(host);
-    if(r != NULL)
-	return strdup(r);
-    else
-	return NULL;
-}
-
-int
-krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
-		    const char *homedir)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb4";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = 0;
-    return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
-{
-    return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
-}
-
-int
-krb_afslog(const char *cell, const char *realm_hint)
-{
-    return krb_afslog_uid(cell, realm_hint, getuid());
-}
-
-int
-krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
-{
-    return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
-}
-
-/*
- *
- */
-
-int
-krb_realm_of_cell(const char *cell, char **realm)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb4";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-int
-kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
-{
-    struct kafs_token kt;
-    int ret;
-
-    kt.ticket = NULL;
-
-    ret = _kafs_v4_to_kt(c, uid, &kt);
-    if (ret)
-	return ret;
-
-    if (kt.ct.EndTimestamp < time(NULL)) {
-	free(kt.ticket);
-	return 0;
-    }
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-    free(kt.ticket);
-    return ret;
-}
-
-#else /* KRB4 */
-
-#define KAFS_KRBET_KDC_SERVICE_EXP 39525378
-
-int
-krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
-		    const char *homedir)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog(const char *cell, const char *realm_hint)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_realm_of_cell(const char *cell, char **realm)
-{
-    *realm = NULL;
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int kafs_settoken (const char*, uid_t, struct credentials *);
-
-int
-kafs_settoken(const char *cell, uid_t uid, struct credentials *c)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-#endif /* KRB4 */
diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c
deleted file mode 100644
index 2b05267..0000000
--- a/crypto/heimdal/lib/kafs/afskrb5.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb5.c 17032 2006-04-10 08:45:04Z lha $");
-
-struct krb5_kafs_data {
-    krb5_context context;
-    krb5_ccache id;
-    krb5_const_realm realm;
-};
-
-enum { 
-    KAFS_RXKAD_2B_KVNO = 213,
-    KAFS_RXKAD_K5_KVNO = 256
-};
-
-static int
-v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
-{
-    int kvno, ret;
-
-    kt->ticket = NULL;
-
-    /* check if des key */
-    if (cred->session.keyvalue.length != 8)
-	return EINVAL;
-
-    if (local524) {
-	Ticket t;
-	unsigned char *buf;
-	size_t buf_len;
-	size_t len;
-
-	kvno = KAFS_RXKAD_2B_KVNO;
-
-	ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-	if (ret)
-	    return ret;
-	if (t.tkt_vno != 5)
-	    return -1;
-
-	ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part,
-			   &len, ret);
-	free_Ticket(&t);
-	if (ret)
-	    return ret;
-	if(buf_len != len) {
-	    free(buf);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-
-	kt->ticket = buf;
-	kt->ticket_len = buf_len;
-
-    } else {
-	kvno = KAFS_RXKAD_K5_KVNO;
-	kt->ticket = malloc(cred->ticket.length);
-	if (kt->ticket == NULL)
-	    return ENOMEM;
-	kt->ticket_len = cred->ticket.length;
-	memcpy(kt->ticket, cred->ticket.data, kt->ticket_len);
-
-	ret = 0;
-    }
-
-
-    /*
-     * Build a struct ClearToken
-     */
-
-    kt->ct.AuthHandle = kvno;
-    memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8);
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = cred->times.starttime;
-    kt->ct.EndTimestamp = cred->times.endtime;
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-static krb5_error_code
-v5_convert(krb5_context context, krb5_ccache id,
-	   krb5_creds *cred, uid_t uid, 
-	   const char *cell,
-	   struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    char *c, *val;
-
-    c = strdup(cell);
-    if (c == NULL)
-	return ENOMEM;
-    _kafs_foldup(c, c);
-    krb5_appdefault_string (context, "libkafs",
-			    c,
-			    "afs-use-524", "2b", &val);
-    free(c);
-
-    if (strcasecmp(val, "local") == 0 || 
-	strcasecmp(val, "2b") == 0)
-	ret = v5_to_kt(cred, uid, kt, 1);
-    else if(strcasecmp(val, "yes") == 0 ||
-	    strcasecmp(val, "true") == 0 ||
-	    atoi(val)) {
-	struct credentials cred4;
-	
-	if (id == NULL)
-	    ret = krb524_convert_creds_kdc(context, cred, &cred4);
-	else
-	    ret = krb524_convert_creds_kdc_ccache(context, id, cred, &cred4);
-	if (ret)
-	    goto out;
-
-	ret = _kafs_v4_to_kt(&cred4, uid, kt);
-    } else 
-	ret = v5_to_kt(cred, uid, kt, 0);
-
- out:
-    free(val);
-    return ret;
-}
-
-
-/*
- *
- */
-
-static int
-get_cred(struct kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    krb5_creds in_creds, *out_creds;
-    struct krb5_kafs_data *d = data->data;
-
-    memset(&in_creds, 0, sizeof(in_creds));
-    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
-				  &in_creds.server);
-    if(ret)
-	return ret;
-    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
-    if(ret){
-	krb5_free_principal(d->context, in_creds.server);
-	return ret;
-    }
-    in_creds.session.keytype = ETYPE_DES_CBC_CRC;
-    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
-    krb5_free_principal(d->context, in_creds.server);
-    krb5_free_principal(d->context, in_creds.client);
-    if(ret)
-	return ret;
-
-    ret = v5_convert(d->context, d->id, out_creds, uid, 
-		     (inst != NULL && inst[0] != '\0') ? inst : realm, kt);
-    krb5_free_creds(d->context, out_creds);
-
-    return ret;
-}
-
-static krb5_error_code
-afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh,
-	       uid_t uid, const char *homedir)
-{
-    krb5_error_code ret;
-    struct kafs_token kt;
-    krb5_principal princ;
-    const char *trealm; /* ticket realm */
-    struct krb5_kafs_data *d = data->data;
-    
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    ret = krb5_cc_get_principal (d->context, d->id, &princ);
-    if (ret)
-	return ret;
-
-    trealm = krb5_principal_get_realm (d->context, princ);
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, d->realm, trealm, uid, &kt);
-    krb5_free_principal (d->context, princ);
-    
-    if(ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(struct kafs_data *data, const char *host)
-{
-    struct krb5_kafs_data *d = data->data;
-    krb5_realm *realms;
-    char *r;
-    if(krb5_get_host_realm(d->context, host, &realms))
-	return NULL;
-    r = strdup(realms[0]);
-    krb5_free_host_realm(d->context, realms);
-    return r;
-}
-
-krb5_error_code
-krb5_afslog_uid_home(krb5_context context,
-		     krb5_ccache id,
-		     const char *cell,
-		     krb5_const_realm realm,
-		     uid_t uid,
-		     const char *homedir)
-{
-    struct kafs_data kd;
-    struct krb5_kafs_data d;
-    krb5_error_code ret;
-
-    kd.name = "krb5";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = &d;
-    if (context == NULL) {
-	ret = krb5_init_context(&d.context);
-	if (ret)
-	    return ret;
-    } else
-	d.context = context;
-    if (id == NULL) {
-	ret = krb5_cc_default(d.context, &d.id);
-	if (ret)
-	    goto out;
-    } else
-	d.id = id;
-    d.realm = realm;
-    ret = afslog_uid_int(&kd, cell, 0, uid, homedir);
-    if (id == NULL)
-	krb5_cc_close(context, d.id);
- out:
-    if (context == NULL)
-	krb5_free_context(d.context);
-    return ret;
-}
-
-krb5_error_code
-krb5_afslog_uid(krb5_context context,
-		krb5_ccache id,
-		const char *cell,
-		krb5_const_realm realm,
-		uid_t uid)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
-}
-
-krb5_error_code
-krb5_afslog(krb5_context context,
-	    krb5_ccache id, 
-	    const char *cell,
-	    krb5_const_realm realm)
-{
-    return krb5_afslog_uid (context, id, cell, realm, getuid());
-}
-
-krb5_error_code
-krb5_afslog_home(krb5_context context,
-		 krb5_ccache id, 
-		 const char *cell,
-		 krb5_const_realm realm,
-		 const char *homedir)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_realm_of_cell(const char *cell, char **realm)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb5";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-/*
- *
- */
-
-int
-kafs_settoken5(krb5_context context, const char *cell, uid_t uid,
-	       krb5_creds *cred)
-{
-    struct kafs_token kt;
-    int ret;
-
-    ret = v5_convert(context, NULL, cred, uid, cell, &kt);
-    if (ret)
-	return ret;
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-
-    free(kt.ticket);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/afsl.exp b/crypto/heimdal/lib/kafs/afsl.exp
deleted file mode 100644
index 4d2b00e..0000000
--- a/crypto/heimdal/lib/kafs/afsl.exp
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/unix
-
-* This mumbo jumbo creates entry points to syscalls in _AIX
-
-lpioctl	syscall
-lsetpag	syscall
diff --git a/crypto/heimdal/lib/kafs/afslib.c b/crypto/heimdal/lib/kafs/afslib.c
deleted file mode 100644
index 4845b7f..0000000
--- a/crypto/heimdal/lib/kafs/afslib.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* 
- * This file is only used with AIX 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afslib.c 7463 1999-12-02 16:58:55Z joda $");
-
-int
-aix_pioctl(char *a_path,
-	   int o_opcode,
-	   struct ViceIoctl *a_paramsP,
-	   int a_followSymlinks)
-{
-    return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-}
-
-int
-aix_setpag(void)
-{
-    return lsetpag();
-}
diff --git a/crypto/heimdal/lib/kafs/afslib.exp b/crypto/heimdal/lib/kafs/afslib.exp
deleted file mode 100644
index f288717..0000000
--- a/crypto/heimdal/lib/kafs/afslib.exp
+++ /dev/null
@@ -1,3 +0,0 @@
-#!
-aix_pioctl
-aix_setpag
diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c
deleted file mode 100644
index d9c6b80..0000000
--- a/crypto/heimdal/lib/kafs/afssys.c
+++ /dev/null
@@ -1,562 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000, 2002, 2004, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afssys.c 17050 2006-04-11 08:12:29Z lha $");
-
-struct procdata {
-    unsigned long param4;
-    unsigned long param3;
-    unsigned long param2;
-    unsigned long param1;
-    unsigned long syscall;
-};
-#define VIOC_SYSCALL_PROC _IOW('C', 1, void *)
-
-struct devdata {
-    unsigned long syscall;
-    unsigned long param1;
-    unsigned long param2;
-    unsigned long param3;
-    unsigned long param4;
-    unsigned long param5;
-    unsigned long param6;
-    unsigned long retval;
-};
-#define VIOC_SYSCALL_DEV _IOWR('C', 2, struct devdata)
-#define VIOC_SYSCALL_DEV_OPENAFS _IOWR('C', 1, struct devdata)
-
-
-int _kafs_debug; /* this should be done in a better way */
-
-#define UNKNOWN_ENTRY_POINT	(-1)
-#define NO_ENTRY_POINT		0
-#define SINGLE_ENTRY_POINT	1
-#define MULTIPLE_ENTRY_POINT	2
-#define SINGLE_ENTRY_POINT2	3
-#define SINGLE_ENTRY_POINT3	4
-#define LINUX_PROC_POINT	5
-#define AIX_ENTRY_POINTS	6
-#define MACOS_DEV_POINT		7
-
-static int afs_entry_point = UNKNOWN_ENTRY_POINT;
-static int afs_syscalls[2];
-static char *afs_ioctlpath;
-static unsigned long afs_ioctlnum;
-
-/* Magic to get AIX syscalls to work */
-#ifdef _AIX
-
-static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
-static int (*Setpag)(void);
-
-#include "dlfcn.h"
-
-/*
- *
- */
-
-static int
-try_aix(void)
-{
-#ifdef STATIC_AFS_SYSCALLS
-    Pioctl = aix_pioctl;
-    Setpag = aix_setpag;
-#else
-    void *ptr;
-    char path[MaxPathLen], *p;
-    /*
-     * If we are root or running setuid don't trust AFSLIBPATH!
-     */
-    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
-	strlcpy(path, p, sizeof(path));
-    else
-	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
-	
-    ptr = dlopen(path, RTLD_NOW);
-    if(ptr == NULL) {
-	if(_kafs_debug) {
-	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
-		fprintf(stderr, "dlopen(%s): %s\n", path, p);
-	    else if (errno != ENOENT)
-		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
-	}
-	return 1;
-    }
-    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
-    Pioctl = (int (*)(char*, int, 
-		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
-#endif
-    afs_entry_point = AIX_ENTRY_POINTS;
-    return 0;
-}
-#endif /* _AIX */
-
-/* 
- * This probably only works under Solaris and could get confused if
- * there's a /etc/name_to_sysnum file.  
- */
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-
-#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
-
-static int
-map_syscall_name_to_number (const char *str, int *res)
-{
-    FILE *f;
-    char buf[256];
-    size_t str_len = strlen (str);
-
-    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
-    if (f == NULL)
-	return -1;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if (buf[0] == '#')
-	    continue;
-
-	if (strncmp (str, buf, str_len) == 0) {
-	    char *begptr = buf + str_len;
-	    char *endptr;
-	    long val = strtol (begptr, &endptr, 0);
-
-	    if (val != 0 && endptr != begptr) {
-		fclose (f);
-		*res = val;
-		return 0;
-	    }
-	}
-    }
-    fclose (f);
-    return -1;
-}
-#endif
-
-static int 
-try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint)
-{
-    int fd, ret, saved_errno;
-
-    fd = open(path, O_RDWR);
-    if (fd < 0)
-	return 1;
-    switch (entrypoint) {
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
-	data.param2 = (unsigned long)VIOCGETTOK;
-	ret = ioctl(fd, ioctlnum, &data);
-	break;
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
-	data.param2 = (unsigned long)VIOCGETTOK;
-	ret = ioctl(fd, ioctlnum, &data);
-	break;
-    }
-    default:
-	abort();
-    }
-    saved_errno = errno;
-    close(fd);
-    /* 
-     * Be quite liberal in what error are ok, the first is the one
-     * that should trigger given that params is NULL.
-     */
-    if (ret && 
-	(saved_errno != EFAULT &&
-	 saved_errno != EDOM && 
-	 saved_errno != ENOTCONN))
-	return 1;
-    afs_ioctlnum = ioctlnum;
-    afs_ioctlpath = strdup(path);
-    if (afs_ioctlpath == NULL)
-	return 1;
-    afs_entry_point = entrypoint;
-    return 0;
-}
-
-static int
-do_ioctl(void *data)
-{
-    int fd, ret, saved_errno;
-    fd = open(afs_ioctlpath, O_RDWR);
-    if (fd < 0) {
-	errno = EINVAL;
-	return -1;
-    }
-    ret = ioctl(fd, afs_ioctlnum, data);
-    saved_errno = errno;
-    close(fd);
-    errno = saved_errno;
-    return ret;
-}
-
-int
-k_pioctl(char *a_path,
-	 int o_opcode,
-	 struct ViceIoctl *a_paramsP,
-	 int a_followSymlinks)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[0],
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
-	data.param1 = (unsigned long)a_path;
-	data.param2 = (unsigned long)o_opcode;
-	data.param3 = (unsigned long)a_paramsP;
-	data.param4 = (unsigned long)a_followSymlinks;
-	return do_ioctl(&data);
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
-	int ret;
-	
-	data.param1 = (unsigned long)a_path;
-	data.param2 = (unsigned long)o_opcode;
-	data.param3 = (unsigned long)a_paramsP;
-	data.param4 = (unsigned long)a_followSymlinks;
-	
-	ret = do_ioctl(&data);
-	if (ret)
-	    return ret;
-	
-	return data.retval;
-    }
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-    }    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-int
-k_afs_cell_of_file(const char *path, char *cell, int len)
-{
-    struct ViceIoctl parms;
-    parms.in = NULL;
-    parms.in_size = 0;
-    parms.out = cell;
-    parms.out_size = len;
-    return k_pioctl(rk_UNCONST(path), VIOC_FILE_CELL_NAME, &parms, 1);
-}
-
-int
-k_unlog(void)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-    return k_pioctl(0, VIOCUNLOG, &parms, 0);
-}
-
-int
-k_setpag(void)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_SETPAG);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[1]);
-#endif
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_SETPAG };
-	return do_ioctl(&data);
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_SETPAG, 0, 0, 0, 0, 0, 0, 0 };
-	int ret = do_ioctl(&data);
-	if (ret)
-	    return ret;
-	return data.retval;
-     }
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Setpag();
-#endif
-    }
-    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-static jmp_buf catch_SIGSYS;
-
-#ifdef SIGSYS
-
-static RETSIGTYPE
-SIGSYS_handler(int sig)
-{
-    errno = 0;
-    signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
-    longjmp(catch_SIGSYS, 1);
-}
-
-#endif
-
-/*
- * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
- */
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-static int
-try_one (int syscall_num)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_num, AFSCALL_PIOCTL,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = SINGLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_num;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-/*
- * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
- * succesful.
- *
- */
-
-#ifdef AFS_PIOCTL
-static int
-try_two (int syscall_pioctl, int syscall_setpag)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_pioctl,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = MULTIPLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_pioctl;
-	    afs_syscalls[1] = syscall_setpag;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-int
-k_hasafs(void)
-{
-#if !defined(NO_AFS) && defined(SIGSYS)
-    RETSIGTYPE (*saved_func)(int);
-#endif
-    int saved_errno, ret;
-    char *env = NULL;
-
-    if (!issuid())
-	env = getenv ("AFS_SYSCALL");
-  
-    /*
-     * Already checked presence of AFS syscalls?
-     */
-    if (afs_entry_point != UNKNOWN_ENTRY_POINT)
-	return afs_entry_point != NO_ENTRY_POINT;
-
-    /*
-     * Probe kernel for AFS specific syscalls,
-     * they (currently) come in two flavors.
-     * If the syscall is absent we recive a SIGSYS.
-     */
-    afs_entry_point = NO_ENTRY_POINT;
-  
-    saved_errno = errno;
-#ifndef NO_AFS
-#ifdef SIGSYS
-    saved_func = signal(SIGSYS, SIGSYS_handler);
-#endif
-    if (env && strstr(env, "..") == NULL) {
-
-	if (strncmp("/proc/", env, 6) == 0) {
-	    if (try_ioctlpath(env, VIOC_SYSCALL_PROC, LINUX_PROC_POINT) == 0)
-		goto done;
-	}
-	if (strncmp("/dev/", env, 5) == 0) {
-	    if (try_ioctlpath(env, VIOC_SYSCALL_DEV, MACOS_DEV_POINT) == 0)
-		goto done;
-	    if (try_ioctlpath(env,VIOC_SYSCALL_DEV_OPENAFS,MACOS_DEV_POINT) ==0)
-		goto done;
-	}
-    }
-
-    ret = try_ioctlpath("/proc/fs/openafs/afs_ioctl",
-			VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
-    if (ret == 0)
-	goto done;
-    ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl", 
-			VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
-    if (ret == 0)
-	goto done;
-
-    ret = try_ioctlpath("/dev/openafs_ioctl", 
-			VIOC_SYSCALL_DEV_OPENAFS, MACOS_DEV_POINT);
-    if (ret == 0)
-	goto done;
-    ret = try_ioctlpath("/dev/nnpfs_ioctl", VIOC_SYSCALL_DEV, MACOS_DEV_POINT);
-    if (ret == 0)
-	goto done;
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    {
-	int tmp;
-
-	if (env != NULL) {
-	    if (sscanf (env, "%d", &tmp) == 1) {
-		if (try_one (tmp) == 0)
-		    goto done;
-	    } else {
-		char *end = NULL;
-		char *p;
-		char *s = strdup (env);
-
-		if (s != NULL) {
-		    for (p = strtok_r (s, ",", &end);
-			 p != NULL;
-			 p = strtok_r (NULL, ",", &end)) {
-			if (map_syscall_name_to_number (p, &tmp) == 0)
-			    if (try_one (tmp) == 0) {
-				free (s);
-				goto done;
-			    }
-		    }
-		    free (s);
-		}
-	    }
-	}
-    }
-#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
-
-#ifdef AFS_SYSCALL
-    if (try_one (AFS_SYSCALL) == 0)
-	goto done;
-#endif /* AFS_SYSCALL */
-
-#ifdef AFS_PIOCTL
-    {
-	int tmp[2];
-
-	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
-	    if (try_two (tmp[0], tmp[1]) == 2)
-		goto done;
-    }
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_PIOCTL
-    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
-	goto done;
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_SYSCALL2
-    if (try_one (AFS_SYSCALL2) == 0)
-	goto done;
-#endif /* AFS_SYSCALL2 */
-
-#ifdef AFS_SYSCALL3
-    if (try_one (AFS_SYSCALL3) == 0)
-	goto done;
-#endif /* AFS_SYSCALL3 */
-
-#ifdef _AIX
-#if 0
-    if (env != NULL) {
-	char *pos = NULL;
-	char *pioctl_name;
-	char *setpag_name;
-
-	pioctl_name = strtok_r (env, ", \t", &pos);
-	if (pioctl_name != NULL) {
-	    setpag_name = strtok_r (NULL, ", \t", &pos);
-	    if (setpag_name != NULL)
-		if (try_aix (pioctl_name, setpag_name) == 0)
-		    goto done;
-	}
-    }
-#endif
-
-    if(try_aix() == 0)
-	goto done;
-#endif
-
-
-done:
-#ifdef SIGSYS
-    signal(SIGSYS, saved_func);
-#endif
-#endif /* NO_AFS */
-    errno = saved_errno;
-    return afs_entry_point != NO_ENTRY_POINT;
-}
-
-int
-k_hasafs_recheck(void)
-{
-    afs_entry_point = UNKNOWN_ENTRY_POINT;
-    return k_hasafs();
-}
diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h
deleted file mode 100644
index dd52a21..0000000
--- a/crypto/heimdal/lib/kafs/afssysdefs.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1995 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: afssysdefs.h 14102 2004-08-09 13:41:32Z lha $ */
-
-/*
- * This section is for machines using single entry point AFS syscalls!
- * and/or
- * This section is for machines using multiple entry point AFS syscalls!
- *
- * SunOS 4 is an example of single entry point and sgi of multiple
- * entry point syscalls.
- */
-
-#if SunOS == 40
-#define AFS_SYSCALL	31
-#endif
-
-#if SunOS >= 50 && SunOS < 57
-#define AFS_SYSCALL	105
-#endif
-
-#if SunOS == 57
-#define AFS_SYSCALL	73
-#endif
-
-#if SunOS >= 58
-#define AFS_SYSCALL	65
-#endif
-
-#if defined(__hpux)
-#define AFS_SYSCALL	50
-#define AFS_SYSCALL2	49
-#define AFS_SYSCALL3	48
-#endif
-
-#if defined(_AIX)
-/* _AIX is too weird */
-#endif
-
-#if defined(__sgi)
-#define AFS_PIOCTL      (64+1000)
-#define AFS_SETPAG      (65+1000)
-#endif
-
-#if defined(__osf__)
-#define AFS_SYSCALL	232
-#define AFS_SYSCALL2	258
-#endif
-
-#if defined(__ultrix)
-#define AFS_SYSCALL	31
-#endif
-
-#if defined(__FreeBSD__)
-#if __FreeBSD_version >= 500000
-#define AFS_SYSCALL 339
-#else
-#define AFS_SYSCALL 210
-#endif
-#endif /* __FreeBSD__ */
-
-#ifdef __DragonFly__
-#ifndef AFS_SYSCALL
-#define AFS_SYSCALL 339
-#endif
-#endif
-
-#ifdef __OpenBSD__
-#define AFS_SYSCALL 208
-#endif
-
-#if defined(__NetBSD__)
-#define AFS_SYSCALL 210
-#endif
-
-#ifdef __APPLE__		/* MacOS X */
-#define AFS_SYSCALL 230
-#endif
-
-#ifdef SYS_afs_syscall
-#define AFS_SYSCALL3	SYS_afs_syscall
-#endif
diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c
deleted file mode 100644
index 3466d95..0000000
--- a/crypto/heimdal/lib/kafs/common.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: common.c 15461 2005-06-16 22:52:33Z lha $");
-
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void (*kafs_verbose)(void *, const char *);
-static void *kafs_verbose_ctx;
-
-void
-_kafs_foldup(char *a, const char *b)
-{
-  for (; *b; a++, b++)
-    if (IsAsciiLower(*b))
-      *a = ToAsciiUpper(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
-
-void
-kafs_set_verbose(void (*f)(void *, const char *), void *ctx)
-{
-    if (f) {
-	kafs_verbose = f;
-	kafs_verbose_ctx = ctx;
-    }
-}
-
-int
-kafs_settoken_rxkad(const char *cell, struct ClearToken *ct,
-		    void *ticket, size_t ticket_len)
-{
-    struct ViceIoctl parms;
-    char buf[2048], *t;
-    int32_t sizeof_x;
-    
-    t = buf;
-    /*
-     * length of secret token followed by secret token
-     */
-    sizeof_x = ticket_len;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ticket, sizeof_x);
-    t += sizeof_x;
-    /*
-     * length of clear token followed by clear token
-     */
-    sizeof_x = sizeof(*ct);
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ct, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * do *not* mark as primary cell
-     */
-    sizeof_x = 0;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    /*
-     * follow with cell name
-     */
-    sizeof_x = strlen(cell) + 1;
-    memcpy(t, cell, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * Build argument block
-     */
-    parms.in = buf;
-    parms.in_size = t - buf;
-    parms.out = 0;
-    parms.out_size = 0;
-
-    return k_pioctl(0, VIOCSETTOK, &parms, 0);
-}
-
-void
-_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid)
-{
-#define ODD(x) ((x) & 1)
-    /* According to Transarc conventions ViceId is valid iff
-     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
-     * the transformations:
-     *
-     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
-     * preserves the original values.
-     */
-    if (uid != 0)		/* valid ViceId */
-    {
-	if (!ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-    else			/* not valid ViceId */
-    {
-	if (ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-}
-
-
-int
-_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt)
-{
-    kt->ticket = NULL;
-
-    if (c->ticket_st.length > MAX_KTXT_LEN)
-	return EINVAL;
-
-    kt->ticket = malloc(c->ticket_st.length);
-    if (kt->ticket == NULL)
-	return ENOMEM;
-    kt->ticket_len = c->ticket_st.length;
-    memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len);
-    
-    /*
-     * Build a struct ClearToken
-     */
-    kt->ct.AuthHandle = c->kvno;
-    memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session));
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = c->issue_date;
-    kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
-static int
-dns_find_cell(const char *cell, char *dbserver, size_t len)
-{
-    struct dns_reply *r;
-    int ok = -1;
-    r = dns_lookup(cell, "afsdb");
-    if(r){
-	struct resource_record *rr = r->head;
-	while(rr){
-	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
-		strlcpy(dbserver,
-				rr->u.afsdb->domain,
-				len);
-		ok = 0;
-		break;
-	    }
-	    rr = rr->next;
-	}
-	dns_free_data(r);
-    }
-    return ok;
-}
-
-
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-find_cells(const char *file, char ***cells, int *idx)
-{
-    FILE *f;
-    char cell[64];
-    int i;
-    int ind = *idx;
-
-    f = fopen(file, "r");
-    if (f == NULL)
-	return;
-    while (fgets(cell, sizeof(cell), f)) {
-	char *t;
-	t = cell + strlen(cell);
-	for (; t >= cell; t--)
-	  if (*t == '\n' || *t == '\t' || *t == ' ')
-	    *t = 0;
-	if (cell[0] == '\0' || cell[0] == '#')
-	    continue;
-	for(i = 0; i < ind; i++)
-	    if(strcmp((*cells)[i], cell) == 0)
-		break;
-	if(i == ind){
-	    char **tmp;
-
-	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
-	    if (tmp == NULL)
-		break;
-	    *cells = tmp;
-	    (*cells)[ind] = strdup(cell);
-	    if ((*cells)[ind] == NULL)
-		break;
-	    ++ind;
-	}
-    }
-    fclose(f);
-    *idx = ind;
-}
-
-/*
- * Get tokens for all cells[]
- */
-static int
-afslog_cells(struct kafs_data *data, char **cells, int max, uid_t uid,
-	     const char *homedir)
-{
-    int ret = 0;
-    int i;
-    for (i = 0; i < max; i++) {
-        int er = (*data->afslog_uid)(data, cells[i], 0, uid, homedir);
-	if (er)
-	    ret = er;
-    }
-    return ret;
-}
-
-int
-_kafs_afslog_all_local_cells(struct kafs_data *data,
-			     uid_t uid, const char *homedir)
-{
-    int ret;
-    char **cells = NULL;
-    int idx = 0;
-
-    if (homedir == NULL)
-	homedir = getenv("HOME");
-    if (homedir != NULL) {
-	char home[MaxPathLen];
-	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
-	find_cells(home, &cells, &idx);
-    }
-    find_cells(_PATH_THESECELLS, &cells, &idx);
-    find_cells(_PATH_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_THISCELL, &cells, &idx);
-    find_cells(_PATH_OPENAFS_DEBIAN_THESECELLS, &cells, &idx);
-    find_cells(_PATH_OPENAFS_DEBIAN_THISCELL, &cells, &idx);
-    find_cells(_PATH_OPENAFS_MACOSX_THESECELLS, &cells, &idx);
-    find_cells(_PATH_OPENAFS_MACOSX_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_DEBIAN_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_OPENBSD_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_OPENBSD_THISCELL, &cells, &idx);
-    
-    ret = afslog_cells(data, cells, idx, uid, homedir);
-    while(idx > 0)
-	free(cells[--idx]);
-    free(cells);
-    return ret;
-}
-
-
-static int
-file_find_cell(struct kafs_data *data, 
-	       const char *cell, char **realm, int exact)
-{
-    FILE *F;
-    char buf[1024];
-    char *p;
-    int ret = -1;
-
-    if ((F = fopen(_PATH_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_OPENAFS_DEBIAN_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_OPENAFS_MACOSX_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_DEBIAN_CELLSERVDB, "r"))) {
-	while (fgets(buf, sizeof(buf), F)) {
-	    int cmp;
-
-	    if (buf[0] != '>')
-		continue; /* Not a cell name line, try next line */
-	    p = buf;
-	    strsep(&p, " \t\n#");
-
-	    if (exact)
-		cmp = strcmp(buf + 1, cell);
-	    else
-		cmp = strncmp(buf + 1, cell, strlen(cell));
-
-	    if (cmp == 0) {
-		/*
-		 * We found the cell name we're looking for.
-		 * Read next line on the form ip-address '#' hostname
-		 */
-		if (fgets(buf, sizeof(buf), F) == NULL)
-		    break;	/* Read failed, give up */
-		p = strchr(buf, '#');
-		if (p == NULL)
-		    break;	/* No '#', give up */
-		p++;
-		if (buf[strlen(buf) - 1] == '\n')
-		    buf[strlen(buf) - 1] = '\0';
-		*realm = (*data->get_realm)(data, p);
-		if (*realm && **realm != '\0')
-		    ret = 0;
-		break;		/* Won't try any more */
-	    }
-	}
-	fclose(F);
-    }
-    return ret;
-}
-
-/* Find the realm associated with cell. Do this by opening CellServDB
-   file and getting the realm-of-host for the first VL-server for the
-   cell.
-
-   This does not work when the VL-server is living in one realm, but
-   the cell it is serving is living in another realm.
-
-   Return 0 on success, -1 otherwise.
-   */
-
-int
-_kafs_realm_of_cell(struct kafs_data *data,
-		    const char *cell, char **realm)
-{
-    char buf[1024];
-    int ret;
-
-    ret = file_find_cell(data, cell, realm, 1);
-    if (ret == 0)
-	return ret;
-    if (dns_find_cell(cell, buf, sizeof(buf)) == 0) {
-	*realm = (*data->get_realm)(data, buf);
-	if(*realm != NULL)
-	    return 0;
-    }
-    return file_find_cell(data, cell, realm, 0);
-}
-
-static int
-_kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell,
-		   const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    int ret;
-
-    ret = (*data->get_cred)(data, user, cell, realm, uid, kt);
-    if (kafs_verbose) {
-	char *str;
-	asprintf(&str, "%s tried afs%s%s@%s -> %d",
-		 data->name, cell[0] == '\0' ? "" : "/", 
-		 cell, realm, ret);
-	(*kafs_verbose)(kafs_verbose_ctx, str);
-	free(str);
-    }
-
-    return ret;
-}
-
-
-int
-_kafs_get_cred(struct kafs_data *data,
-	       const char *cell, 
-	       const char *realm_hint,
-	       const char *realm,
-	       uid_t uid,
-	       struct kafs_token *kt)
-{
-    int ret = -1;
-    char *vl_realm;
-    char CELL[64];
-
-    /* We're about to find the realm that holds the key for afs in
-     * the specified cell. The problem is that null-instance
-     * afs-principals are common and that hitting the wrong realm might
-     * yield the wrong afs key. The following assumptions were made.
-     *
-     * Any realm passed to us is preferred.
-     *
-     * If there is a realm with the same name as the cell, it is most
-     * likely the correct realm to talk to.
-     *
-     * In most (maybe even all) cases the database servers of the cell
-     * will live in the realm we are looking for.
-     *
-     * Try the local realm, but if the previous cases fail, this is
-     * really a long shot.
-     *
-     */
-  
-    /* comments on the ordering of these tests */
-
-    /* If the user passes a realm, she probably knows something we don't
-     * know and we should try afs@realm_hint.
-     */
-  
-    if (realm_hint) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, realm_hint, uid, kt);
-	if (ret == 0) return 0;
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm_hint, uid, kt);
-	if (ret == 0) return 0;
-    }
-
-    _kafs_foldup(CELL, cell);
-
-    /*
-     * If cell == realm we don't need no cross-cell authentication.
-     * Try afs@REALM.
-     */
-    if (strcmp(CELL, realm) == 0) {
-        ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm, uid, kt);
-	if (ret == 0) return 0;
-	/* Try afs.cell@REALM below. */
-    }
-
-    /*
-     * If the AFS servers have a file /usr/afs/etc/krb.conf containing
-     * REALM we still don't have to resort to cross-cell authentication.
-     * Try afs.cell@REALM.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, realm, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * We failed to get ``first class tickets'' for afs,
-     * fall back to cross-cell authentication.
-     * Try afs@CELL.
-     * Try afs.cell@CELL.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-			     "", CELL, uid, kt);
-    if (ret == 0) return 0;
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, CELL, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * Perhaps the cell doesn't correspond to any realm?
-     * Use realm of first volume location DB server.
-     * Try afs.cell@VL_REALM.
-     * Try afs@VL_REALM???
-     */
-    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
-	&& strcmp(vl_realm, realm) != 0
-	&& strcmp(vl_realm, CELL) != 0) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, vl_realm, uid, kt);
-	if (ret)
-	    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				     "", vl_realm, uid, kt);
-	free(vl_realm);
-	if (ret == 0) return 0;
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.c b/crypto/heimdal/lib/kafs/dlfcn.c
deleted file mode 100644
index 728cf5c..0000000
--- a/crypto/heimdal/lib/kafs/dlfcn.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
- * @(#)dlfcn.c	1.11 revision of 96/04/10  20:12:51
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-/*
- * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
- * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave.
- */
-
-/*
- * This makes my life easier with Octave.  --jwe
- */
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/ldr.h>
-#include <a.out.h>
-#include <ldfcn.h>
-#include "dlfcn.h"
-
-/*
- * We simulate dlopen() et al. through a call to load. Because AIX has
- * no call to find an exported symbol we read the loader section of the
- * loaded module and build a list of exported symbols and their virtual
- * address.
- */
-
-typedef struct {
-	char		*name;		/* the symbols's name */
-	void		*addr;		/* its relocated virtual address */
-} Export, *ExportPtr;
-
-/*
- * xlC uses the following structure to list its constructors and
- * destructors. This is gleaned from the output of munch.
- */
-typedef struct {
-	void (*init)(void);		/* call static constructors */
-	void (*term)(void);		/* call static destructors */
-} Cdtor, *CdtorPtr;
-
-typedef void (*GccCDtorPtr)(void);
-
-/*
- * The void * handle returned from dlopen is actually a ModulePtr.
- */
-typedef struct Module {
-	struct Module	*next;
-	char		*name;		/* module name for refcounting */
-	int		refCnt;		/* the number of references */
-	void		*entry;		/* entry point from load */
-	struct dl_info	*info;		/* optional init/terminate functions */
-	CdtorPtr	cdtors;		/* optional C++ constructors */
-	GccCDtorPtr	gcc_ctor;	/* g++ constructors  --jwe */
-	GccCDtorPtr	gcc_dtor;	/* g++ destructors  --jwe */
-	int		nExports;	/* the number of exports found */
-	ExportPtr	exports;	/* the array of exports */
-} Module, *ModulePtr;
-
-/*
- * We keep a list of all loaded modules to be able to call the fini
- * handlers and destructors at atexit() time.
- */
-static ModulePtr modList;
-
-/*
- * The last error from one of the dl* routines is kept in static
- * variables here. Each error is returned only once to the caller.
- */
-static char errbuf[BUFSIZ];
-static int errvalid;
-
-/*
- * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
- * strdup().  --jwe
- */
-#ifndef HAVE_STRDUP
-extern char *strdup(const char *);
-#endif
-static void caterr(char *);
-static int readExports(ModulePtr);
-static void terminate(void);
-static void *findMain(void);
-
-void *dlopen(const char *path, int mode)
-{
-	ModulePtr mp;
-	static void *mainModule;
-
-	/*
-	 * Upon the first call register a terminate handler that will
-	 * close all libraries. Also get a reference to the main module
-	 * for use with loadbind.
-	 */
-	if (!mainModule) {
-		if ((mainModule = findMain()) == NULL)
-			return NULL;
-		atexit(terminate);
-	}
-	/*
-	 * Scan the list of modules if we have the module already loaded.
-	 */
-	for (mp = modList; mp; mp = mp->next)
-		if (strcmp(mp->name, path) == 0) {
-			mp->refCnt++;
-			return mp;
-		}
-	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
-		return NULL;
-	}
-	if ((mp->name = strdup(path)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
-		free(mp);
-		return NULL;
-	}
-	/*
-	 * load should be declared load(const char *...). Thus we
-	 * cast the path to a normal char *. Ugly.
-	 */
-	if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
-		free(mp->name);
-		free(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "dlopen: %s: ", path);
-		/*
-		 * If AIX says the file is not executable, the error
-		 * can be further described by querying the loader about
-		 * the last error.
-		 */
-		if (errno == ENOEXEC) {
-			char *tmp[BUFSIZ/sizeof(char *)];
-			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
-				strlcpy(errbuf,
-						strerror(errno),
-						sizeof(errbuf));
-			else {
-				char **p;
-				for (p = tmp; *p; p++)
-					caterr(*p);
-			}
-		} else
-			strlcat(errbuf,
-					strerror(errno),
-					sizeof(errbuf));
-		return NULL;
-	}
-	mp->refCnt = 1;
-	mp->next = modList;
-	modList = mp;
-	if (loadbind(0, mainModule, mp->entry) == -1) {
-		dlclose(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "loadbind: %s", strerror(errno));
-		return NULL;
-	}
-	/*
-	 * If the user wants global binding, loadbind against all other
-	 * loaded modules.
-	 */
-	if (mode & RTLD_GLOBAL) {
-		ModulePtr mp1;
-		for (mp1 = mp->next; mp1; mp1 = mp1->next)
-			if (loadbind(0, mp1->entry, mp->entry) == -1) {
-				dlclose(mp);
-				errvalid++;
-				snprintf (errbuf, sizeof(errbuf),
-					  "loadbind: %s",
-					  strerror(errno));
-				return NULL;
-			}
-	}
-	if (readExports(mp) == -1) {
-		dlclose(mp);
-		return NULL;
-	}
-	/*
-	 * If there is a dl_info structure, call the init function.
-	 */
-	if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
-		if (mp->info->init)
-			(*mp->info->init)();
-	} else
-		errvalid = 0;
-	/*
-	 * If the shared object was compiled using xlC we will need
-	 * to call static constructors (and later on dlclose destructors).
-	 */
-	if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->init && cp->init != (void (*)(void))0xffffffff)
-				(*cp->init)();
-			cp++;
-		}
-	/*
-	 * If the shared object was compiled using g++, we will need
-	 * to call global constructors using the _GLOBAL__DI function,
-	 * and later, global destructors using the _GLOBAL_DD
-	 * funciton.  --jwe
-	 */
-	} else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
-		(*mp->gcc_ctor)();
-		mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); 
-	} else
-		errvalid = 0;
-	return mp;
-}
-
-/*
- * Attempt to decipher an AIX loader error message and append it
- * to our static error message buffer.
- */
-static void caterr(char *s)
-{
-	char *p = s;
-
-	while (*p >= '0' && *p <= '9')
-		p++;
-	switch(atoi(s)) {
-	case L_ERROR_TOOMANY:
-		strlcat(errbuf, "to many errors", sizeof(errbuf));
-		break;
-	case L_ERROR_NOLIB:
-		strlcat(errbuf, "can't load library", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_UNDEF:
-		strlcat(errbuf, "can't find symbol", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_RLDBAD:
-		strlcat(errbuf, "bad RLD", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_FORMAT:
-		strlcat(errbuf, "bad exec format in", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_ERRNO:
-		strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf));
-		break;
-	default:
-		strlcat(errbuf, s, sizeof(errbuf));
-		break;
-	}
-}
-
-void *dlsym(void *handle, const char *symbol)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	ExportPtr ep;
-	int i;
-
-	/*
-	 * Could speed up the search, but I assume that one assigns
-	 * the result to function pointers anyways.
-	 */
-	for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-		if (strcmp(ep->name, symbol) == 0)
-			return ep->addr;
-	errvalid++;
-	snprintf (errbuf, sizeof(errbuf),
-		  "dlsym: undefined symbol %s", symbol);		  
-	return NULL;
-}
-
-char *dlerror(void)
-{
-	if (errvalid) {
-		errvalid = 0;
-		return errbuf;
-	}
-	return NULL;
-}
-
-int dlclose(void *handle)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	int result;
-	ModulePtr mp1;
-
-	if (--mp->refCnt > 0)
-		return 0;
-	if (mp->info && mp->info->fini)
-		(*mp->info->fini)();
-	if (mp->cdtors) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->term && cp->init != (void (*)(void))0xffffffff)
-				(*cp->term)();
-			cp++;
-		}
-	/*
-	 * If the function to handle global destructors for g++
-	 * exists, call it.  --jwe
-	 */
-	} else if (mp->gcc_dtor) {
-	        (*mp->gcc_dtor)();
-	}
-	result = unload(mp->entry);
-	if (result == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "%s", strerror(errno));
-	}
-	if (mp->exports) {
-		ExportPtr ep;
-		int i;
-		for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-			if (ep->name)
-				free(ep->name);
-		free(mp->exports);
-	}
-	if (mp == modList)
-		modList = mp->next;
-	else {
-		for (mp1 = modList; mp1; mp1 = mp1->next)
-			if (mp1->next == mp) {
-				mp1->next = mp->next;
-				break;
-			}
-	}
-	free(mp->name);
-	free(mp);
-	return result;
-}
-
-static void terminate(void)
-{
-	while (modList)
-		dlclose(modList);
-}
-
-/*
- * Build the export table from the XCOFF .loader section.
- */
-static int readExports(ModulePtr mp)
-{
-	LDFILE *ldp = NULL;
-	SCNHDR sh, shdata;
-	LDHDR *lhp;
-	char *ldbuf;
-	LDSYM *ls;
-	int i;
-	ExportPtr ep;
-
-	if ((ldp = ldopen(mp->name, ldp)) == NULL) {
-		struct ld_info *lp;
-		char *buf;
-		int size = 4*1024;
-		if (errno != ENOENT) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		/*
-		 * The module might be loaded due to the LIBPATH
-		 * environment variable. Search for the loaded
-		 * module using L_GETINFO.
-		 */
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-			free(buf);
-			size += 4*1024;
-			if ((buf = malloc(size)) == NULL) {
-				errvalid++;
-				snprintf(errbuf, sizeof(errbuf),
-					 "readExports: %s",
-					 strerror(errno));
-				return -1;
-			}
-		}
-		if (i == -1) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			free(buf);
-			return -1;
-		}
-		/*
-		 * Traverse the list of loaded modules. The entry point
-		 * returned by load() does actually point to the data
-		 * segment origin.
-		 */
-		lp = (struct ld_info *)buf;
-		while (lp) {
-			if (lp->ldinfo_dataorg == mp->entry) {
-				ldp = ldopen(lp->ldinfo_filename, ldp);
-				break;
-			}
-			if (lp->ldinfo_next == 0)
-				lp = NULL;
-			else
-				lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
-		}
-		free(buf);
-		if (!ldp) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "readExports: %s", strerror(errno));
-			return -1;
-		}
-	}
-	if (TYPE(ldp) != U802TOCMAGIC) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Get the padding for the data section. This is needed for
-	 * AIX 4.1 compilers. This is used when building the final
-	 * function pointer to the exported symbol.
-	 */
-	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read data section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * We read the complete loader section in one chunk, this makes
-	 * finding long symbol names residing in the string table easier.
-	 */
-	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot seek to loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	lhp = (LDHDR *)ldbuf;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	/*
-	 * Count the number of exports to include in our export table.
-	 */
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		if (!LDR_EXPORT(*ls))
-			continue;
-		mp->nExports++;
-	}
-	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Fill in the export table. All entries are relative to
-	 * the entry point we got from load.
-	 */
-	ep = mp->exports;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		char *symname;
-		char tmpsym[SYMNMLEN+1];
-		if (!LDR_EXPORT(*ls))
-			continue;
-		if (ls->l_zeroes == 0)
-			symname = ls->l_offset+lhp->l_stoff+ldbuf;
-		else {
-			/*
-			 * The l_name member is not zero terminated, we
-			 * must copy the first SYMNMLEN chars and make
-			 * sure we have a zero byte at the end.
-			 */
-		        strlcpy (tmpsym, ls->l_name,
-					 SYMNMLEN + 1);
-			symname = tmpsym;
-		}
-		ep->name = strdup(symname);
-		ep->addr = (void *)((unsigned long)mp->entry +
-					ls->l_value - shdata.s_vaddr);
-		ep++;
-	}
-	free(ldbuf);
-	while(ldclose(ldp) == FAILURE)
-		;
-	return 0;
-}
-
-/*
- * Find the main modules entry point. This is used as export pointer
- * for loadbind() to be able to resolve references to the main part.
- */
-static void * findMain(void)
-{
-	struct ld_info *lp;
-	char *buf;
-	int size = 4*1024;
-	int i;
-	void *ret;
-
-	if ((buf = malloc(size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		return NULL;
-	}
-	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-		free(buf);
-		size += 4*1024;
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "findMail: %s", strerror(errno));
-			return NULL;
-		}
-	}
-	if (i == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		free(buf);
-		return NULL;
-	}
-	/*
-	 * The first entry is the main module. The entry point
-	 * returned by load() does actually point to the data
-	 * segment origin.
-	 */
-	lp = (struct ld_info *)buf;
-	ret = lp->ldinfo_dataorg;
-	free(buf);
-	return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h
deleted file mode 100644
index b8dfd98..0000000
--- a/crypto/heimdal/lib/kafs/dlfcn.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * @(#)dlfcn.h	1.4 revision of 95/04/25  09:36:52
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-#ifndef __dlfcn_h__
-#define __dlfcn_h__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Mode flags for the dlopen routine.
- */
-#define RTLD_LAZY	1	/* lazy function call binding */
-#define RTLD_NOW	2	/* immediate function call binding */
-#define RTLD_GLOBAL	0x100	/* allow symbols to be global */
-
-/*
- * To be able to initialize, a library may provide a dl_info structure
- * that contains functions to be called to initialize and terminate.
- */
-struct dl_info {
-	void (*init)(void);
-	void (*fini)(void);
-};
-
-#if __STDC__ || defined(_IBMR2)
-void *dlopen(const char *path, int mode);
-void *dlsym(void *handle, const char *symbol);
-char *dlerror(void);
-int dlclose(void *handle);
-#else
-void *dlopen();
-void *dlsym();
-char *dlerror();
-int dlclose();
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __dlfcn_h__ */
diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3
deleted file mode 100644
index cd5b1fd..0000000
--- a/crypto/heimdal/lib/kafs/kafs.3
+++ /dev/null
@@ -1,284 +0,0 @@
-.\" Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\"	$Id: kafs.3 17380 2006-05-01 07:01:18Z lha $
-.\"
-.Dd May  1, 2006
-.Os HEIMDAL
-.Dt KAFS 3
-.Sh NAME
-.Nm k_hasafs ,
-.Nm k_hasafs_recheck ,
-.Nm k_pioctl ,
-.Nm k_unlog ,
-.Nm k_setpag ,
-.Nm k_afs_cell_of_file ,
-.Nm kafs_set_verbose ,
-.Nm kafs_settoken_rxkad ,
-.Nm kafs_settoken ,
-.Nm krb_afslog ,
-.Nm krb_afslog_uid ,
-.Nm kafs_settoken5 ,
-.Nm krb5_afslog ,
-.Nm krb5_afslog_uid
-.Nd AFS library
-.Sh LIBRARY
-AFS cache manager access library (libkafs, -lkafs)
-.Sh SYNOPSIS
-.In kafs.h
-.Ft int
-.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
-.Ft int
-.Fn k_hasafs "void"
-.Ft int
-.Fn k_hasafs_recheck "void"
-.Ft int
-.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
-.Ft int
-.Fn k_setpag "void"
-.Ft int
-.Fn k_unlog "void"
-.Ft void
-.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
-.Ft int
-.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
-.Ft int
-.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
-.Fn krb_afslog "char *cell" "char *realm"
-.Ft int
-.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-.Ft krb5_error_code
-.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-.Ft int
-.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
-.Ft krb5_error_code
-.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
-.Sh DESCRIPTION
-.Fn k_hasafs
-initializes some library internal structures, and tests for the
-presence of AFS in the kernel, none of the other functions should be
-called before
-.Fn k_hasafs
-is called, or if it fails.
-.Pp
-.Fn k_hasafs_recheck
-forces a recheck if a AFS client has started since last time
-.Fn k_hasafs
-or
-.Fn k_hasafs_recheck
-was called.
-.Pp
-.Fn kafs_set_verbose
-set a log function that will be called each time the kafs library does
-something important so that the application using libkafs can output
-verbose logging.
-Calling the function
-.Fa kafs_set_verbose
-with the function argument set to
-.Dv NULL
-will stop libkafs from calling the logging function (if set).
-.Pp
-.Fn kafs_settoken_rxkad
-set
-.Li rxkad
-with the
-.Fa token
-and
-.Fa ticket
-(that have the length
-.Fa ticket_len )
-for a given
-.Fa cell .
-.Pp
-.Fn kafs_settoken
-and
-.Fn kafs_settoken5
-work the same way as
-.Fn kafs_settoken_rxkad
-but internally converts the Kerberos 4 or 5 credential to a afs
-cleartoken and ticket.
-.Pp
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid
-obtains new tokens (and possibly tickets) for the specified
-.Fa cell
-and
-.Fa realm .
-If
-.Fa cell
-is
-.Dv NULL ,
-the local cell is used. If
-.Fa realm
-is
-.Dv NULL ,
-the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
-.Dv NULL .
-.Fn krb_afslog
-will use the real user-id for the
-.Dv ViceId
-field in the token,
-.Fn krb_afslog_uid
-will use
-.Fa uid .
-.Pp
-.Fn krb5_afslog ,
-and
-.Fn krb5_afslog_uid
-are the Kerberos 5 equivalents of
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid .
-.Pp
-.Fn krb5_afslog ,
-.Fn kafs_settoken5
-can be configured to behave differently via a 
-.Nm krb5_appdefault
-option
-.Li afs-use-524
-in
-.Pa krb5.conf .
-Possible values for
-.Li afs-use-524
-are:
-.Bl -tag -width local
-.It yes
-use the 524 server in the realm to convert the ticket
-.It no
-use the Kerberos 5 ticket directly, can be used with if the afs cell
-support 2b token.
-.It local, 2b
-convert the Kerberos 5 credential to a 2b token locally (the same work
-as a 2b 524 server should have done).
-.El
-.Pp
-Example:
-.Pp
-.Bd -literal
-[appdefaults]
-	SU.SE = { afs-use-524 = local }
-	PDC.KTH.SE = { afs-use-524 = yes }
-	afs-use-524 = yes
-.Ed
-.Pp
-libkafs will use the
-.Li libkafs
-as application name when running the
-.Nm krb5_appdefault
-function call.
-.Pp
-The (uppercased) cell name is used as the realm to the
-.Nm krb5_appdefault function.
-.Pp
-.\" The extra arguments are the ubiquitous context, and the cache id where
-.\" to store any obtained tickets. Since AFS servers normally can't handle
-.\" Kerberos 5 tickets directly, these functions will first obtain version
-.\" 5 tickets for the requested cells, and then convert them to version 4
-.\" tickets, that can be stashed in the kernel. To convert tickets the
-.\" .Fn krb524_convert_creds_kdc
-.\" function will be used.
-.\" .Pp
-.Fn k_afs_cell_of_file
-will in
-.Fa cell
-return the cell of a specified file, no more than
-.Fa len
-characters is put in
-.Fa cell .
-.Pp
-.Fn k_pioctl
-does a
-.Fn pioctl
-system call with the specified arguments. This function is equivalent to
-.Fn lpioctl .
-.Pp
-.Fn k_setpag
-initializes a new PAG.
-.Pp
-.Fn k_unlog
-removes destroys all tokens in the current PAG.
-.Sh RETURN VALUES
-.Fn k_hasafs
-returns 1 if AFS is present in the kernel, 0 otherwise.
-.Fn krb_afslog
-and
-.Fn krb_afslog_uid
-returns 0 on success, or a Kerberos error number on failure.
-.Fn k_afs_cell_of_file ,
-.Fn k_pioctl ,
-.Fn k_setpag ,
-and
-.Fn k_unlog
-all return the value of the underlaying system call, 0 on success.
-.Sh ENVIRONMENT
-The following environment variable affect the mode of operation of
-.Nm kafs :
-.Bl -tag -width AFS_SYSCALL
-.It Ev AFS_SYSCALL
-Normally,
-.Nm kafs
-will try to figure out the correct system call(s) that are used by AFS
-by itself.  If it does not manage to do that, or does it incorrectly,
-you can set this variable to the system call number or list of system
-call numbers that should be used.
-.El
-.Sh EXAMPLES
-The following code from
-.Nm login
-will obtain a new PAG and tokens for the local cell and the cell of
-the users home directory.
-.Bd -literal
-if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-		krb_afslog(cell, NULL);
-	krb_afslog(NULL, NULL);
-}
-.Ed
-.Sh ERRORS
-If any of these functions (apart from
-.Fn k_hasafs )
-is called without AFS being present in the kernel, the process will
-usually (depending on the operating system) receive a SIGSYS signal.
-.Sh SEE ALSO
-.Xr krb5_appdefault 3 ,
-.Xr krb5.conf 5
-.Rs
-.%A Transarc Corporation
-.%J AFS-3 Programmer's Reference
-.%T File Server/Cache Manager Interface
-.%D 1991
-.Re
-.Sh BUGS
-.Ev AFS_SYSCALL
-has no effect under AIX.
diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h
deleted file mode 100644
index d478039..0000000
--- a/crypto/heimdal/lib/kafs/kafs.h
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs.h 20652 2007-05-10 19:30:18Z lha $ */
-
-#ifndef __KAFS_H
-#define __KAFS_H
-
-/* XXX must include krb5.h or krb.h */
-
-/* sys/ioctl.h must be included manually before kafs.h */
-
-/*
- */
-#define AFSCALL_PIOCTL 20
-#define AFSCALL_SETPAG 21
-
-#ifndef _VICEIOCTL
-#define _VICEIOCTL(id)  ((unsigned int ) _IOW('V', id, struct ViceIoctl))
-#define _AFSCIOCTL(id)  ((unsigned int ) _IOW('C', id, struct ViceIoctl))
-#endif /* _VICEIOCTL */
-
-#define VIOCSETAL		_VICEIOCTL(1)
-#define VIOCGETAL		_VICEIOCTL(2)
-#define VIOCSETTOK		_VICEIOCTL(3)
-#define VIOCGETVOLSTAT		_VICEIOCTL(4)
-#define VIOCSETVOLSTAT		_VICEIOCTL(5)
-#define VIOCFLUSH		_VICEIOCTL(6)
-#define VIOCGETTOK		_VICEIOCTL(8)
-#define VIOCUNLOG		_VICEIOCTL(9)
-#define VIOCCKSERV		_VICEIOCTL(10)
-#define VIOCCKBACK		_VICEIOCTL(11)
-#define VIOCCKCONN		_VICEIOCTL(12)
-#define VIOCWHEREIS		_VICEIOCTL(14)
-#define VIOCACCESS		_VICEIOCTL(20)
-#define VIOCUNPAG		_VICEIOCTL(21)
-#define VIOCGETFID		_VICEIOCTL(22)
-#define VIOCSETCACHESIZE	_VICEIOCTL(24)
-#define VIOCFLUSHCB		_VICEIOCTL(25)
-#define VIOCNEWCELL		_VICEIOCTL(26)
-#define VIOCGETCELL		_VICEIOCTL(27)
-#define VIOC_AFS_DELETE_MT_PT	_VICEIOCTL(28)
-#define VIOC_AFS_STAT_MT_PT	_VICEIOCTL(29)
-#define VIOC_FILE_CELL_NAME	_VICEIOCTL(30)
-#define VIOC_GET_WS_CELL	_VICEIOCTL(31)
-#define VIOC_AFS_MARINER_HOST	_VICEIOCTL(32)
-#define VIOC_GET_PRIMARY_CELL	_VICEIOCTL(33)
-#define VIOC_VENUSLOG		_VICEIOCTL(34)
-#define VIOC_GETCELLSTATUS	_VICEIOCTL(35)
-#define VIOC_SETCELLSTATUS	_VICEIOCTL(36)
-#define VIOC_FLUSHVOLUME	_VICEIOCTL(37)
-#define VIOC_AFS_SYSNAME	_VICEIOCTL(38)
-#define VIOC_EXPORTAFS		_VICEIOCTL(39)
-#define VIOCGETCACHEPARAMS	_VICEIOCTL(40)
-#define VIOC_GCPAGS		_VICEIOCTL(48) 
-
-#define VIOCGETTOK2		_AFSCIOCTL(7)
-#define VIOCSETTOK2		_AFSCIOCTL(8)
-
-struct ViceIoctl {
-  caddr_t in, out;
-  short in_size;
-  short out_size;
-};
-
-struct ClearToken {
-  int32_t AuthHandle;
-  char HandShakeKey[8];
-  int32_t ViceId;
-  int32_t BeginTimestamp;
-  int32_t EndTimestamp;
-};
-
-/* Use k_hasafs() to probe if the machine supports AFS syscalls.
-   The other functions will generate a SIGSYS if AFS is not supported */
-
-int k_hasafs (void);
-int k_hasafs_recheck (void);
-
-int krb_afslog (const char *cell, const char *realm);
-int krb_afslog_uid (const char *cell, const char *realm, uid_t uid);
-int krb_afslog_home (const char *cell, const char *realm,
-			 const char *homedir);
-int krb_afslog_uid_home (const char *cell, const char *realm, uid_t uid,
-			     const char *homedir);
-
-int krb_realm_of_cell (const char *cell, char **realm);
-
-/* compat */
-#define k_afsklog krb_afslog
-#define k_afsklog_uid krb_afslog_uid
-
-int k_pioctl (char *a_path,
-		  int o_opcode,
-		  struct ViceIoctl *a_paramsP,
-		  int a_followSymlinks);
-int k_unlog (void);
-int k_setpag (void);
-int k_afs_cell_of_file (const char *path, char *cell, int len);
-
-
-
-/* XXX */
-#ifdef KFAILURE
-#define KRB_H_INCLUDED
-#endif
-
-#ifdef KRB5_RECVAUTH_IGNORE_VERSION
-#define KRB5_H_INCLUDED
-#endif
-
-void kafs_set_verbose (void (*kafs_verbose)(void *, const char *), void *);
-int kafs_settoken_rxkad (const char *, struct ClearToken *,
-			     void *ticket, size_t ticket_len);
-#ifdef KRB_H_INCLUDED
-int kafs_settoken (const char*, uid_t, CREDENTIALS*);
-#endif
-#ifdef KRB5_H_INCLUDED
-int kafs_settoken5 (krb5_context, const char*, uid_t, krb5_creds*);
-#endif
-
-
-#ifdef KRB5_H_INCLUDED
-krb5_error_code krb5_afslog_uid (krb5_context context,
-				     krb5_ccache id,
-				     const char *cell,
-				     krb5_const_realm realm,
-				     uid_t uid);
-krb5_error_code krb5_afslog (krb5_context context,
-				 krb5_ccache id, 
-				 const char *cell,
-				 krb5_const_realm realm);
-krb5_error_code krb5_afslog_uid_home (krb5_context context,
-					  krb5_ccache id,
-					  const char *cell,
-					  krb5_const_realm realm,
-					  uid_t uid,
-					  const char *homedir);
-
-krb5_error_code krb5_afslog_home (krb5_context context,
-				      krb5_ccache id,
-				      const char *cell,
-				      krb5_const_realm realm,
-				      const char *homedir);
-
-krb5_error_code krb5_realm_of_cell (const char *cell, char **realm);
-
-#endif
-
-
-#define _PATH_VICE		"/usr/vice/etc/"
-#define _PATH_THISCELL 		_PATH_VICE "ThisCell"
-#define _PATH_CELLSERVDB 	_PATH_VICE "CellServDB"
-#define _PATH_THESECELLS	_PATH_VICE "TheseCells"
-
-#define _PATH_ARLA_VICE		"/usr/arla/etc/"
-#define _PATH_ARLA_THISCELL	_PATH_ARLA_VICE "ThisCell"
-#define _PATH_ARLA_CELLSERVDB 	_PATH_ARLA_VICE "CellServDB"
-#define _PATH_ARLA_THESECELLS	_PATH_ARLA_VICE "TheseCells"
-
-#define _PATH_OPENAFS_DEBIAN_VICE		"/etc/openafs/"
-#define _PATH_OPENAFS_DEBIAN_THISCELL		_PATH_OPENAFS_DEBIAN_VICE "ThisCell"
-#define _PATH_OPENAFS_DEBIAN_CELLSERVDB 	_PATH_OPENAFS_DEBIAN_VICE "CellServDB"
-#define _PATH_OPENAFS_DEBIAN_THESECELLS		_PATH_OPENAFS_DEBIAN_VICE "TheseCells"
-
-#define _PATH_OPENAFS_MACOSX_VICE		"/var/db/openafs/etc/"
-#define _PATH_OPENAFS_MACOSX_THISCELL		_PATH_OPENAFS_MACOSX_VICE "ThisCell"
-#define _PATH_OPENAFS_MACOSX_CELLSERVDB		_PATH_OPENAFS_MACOSX_VICE "CellServDB"
-#define _PATH_OPENAFS_MACOSX_THESECELLS		_PATH_OPENAFS_MACOSX_VICE "TheseCells"
-
-#define _PATH_ARLA_DEBIAN_VICE			"/etc/arla/"
-#define _PATH_ARLA_DEBIAN_THISCELL		_PATH_ARLA_DEBIAN_VICE "ThisCell"
-#define _PATH_ARLA_DEBIAN_CELLSERVDB		_PATH_ARLA_DEBIAN_VICE "CellServDB"
-#define _PATH_ARLA_DEBIAN_THESECELLS		_PATH_ARLA_DEBIAN_VICE "TheseCells"
-
-#define _PATH_ARLA_OPENBSD_VICE			"/etc/afs/"
-#define _PATH_ARLA_OPENBSD_THISCELL		_PATH_ARLA_OPENBSD_VICE "ThisCell"
-#define _PATH_ARLA_OPENBSD_CELLSERVDB		_PATH_ARLA_OPENBSD_VICE "CellServDB"
-#define _PATH_ARLA_OPENBSD_THESECELLS		_PATH_ARLA_OPENBSD_VICE "TheseCells"
-
-extern int _kafs_debug;
-
-#endif /* __KAFS_H */
diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h
deleted file mode 100644
index a564104..0000000
--- a/crypto/heimdal/lib/kafs/kafs_locl.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs_locl.h 16116 2005-10-02 03:14:47Z lha $ */
-
-#ifndef __KAFS_LOCL_H__
-#define __KAFS_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCALL_H
-#include <sys/syscall.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#else
-#ifdef KRB5
-#include "crypto-headers.h"
-#include <krb5-v4compat.h>
-typedef struct credentials CREDENTIALS;
-#endif /* KRB5 */
-#endif /* KRB4 */
-#include <kafs.h>
-
-#include <resolve.h>
-
-#include "afssysdefs.h"
-
-struct kafs_data;
-struct kafs_token;
-typedef int (*afslog_uid_func_t)(struct kafs_data *,
-				 const char *,
-				 const char *,
-				 uid_t,
-				 const char *);
-
-typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
-			       const char*, uid_t, struct kafs_token *);
-
-typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
-
-struct kafs_data {
-    const char *name;
-    afslog_uid_func_t afslog_uid;
-    get_cred_func_t get_cred;
-    get_realm_func_t get_realm;
-    void *data;
-};
-
-struct kafs_token {
-    struct ClearToken ct;
-    void *ticket;
-    size_t ticket_len;
-};
-
-void _kafs_foldup(char *, const char *);
-
-int _kafs_afslog_all_local_cells(struct kafs_data*, uid_t, const char*);
-
-int _kafs_get_cred(struct kafs_data*, const char*, const char*, const char *, 
-		   uid_t, struct kafs_token *);
-
-int
-_kafs_realm_of_cell(struct kafs_data *, const char *, char **);
-
-int
-_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *);
-
-void
-_kafs_fixup_viceid(struct ClearToken *, uid_t);
-
-#ifdef _AIX
-int aix_pioctl(char*, int, struct ViceIoctl*, int);
-int aix_setpag(void);
-#endif
-
-#endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kafs/roken_rename.h b/crypto/heimdal/lib/kafs/roken_rename.h
deleted file mode 100644
index 6eb61fa..0000000
--- a/crypto/heimdal/lib/kafs/roken_rename.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 15341 2005-06-02 07:35:45Z lha $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-/*
- * Libroken routines that are added libkafs
- */
-
-#define _resolve_debug _kafs_resolve_debug
-
-#define rk_dns_free_data _kafs_dns_free_data
-#define rk_dns_lookup _kafs_dns_lookup
-#define rk_dns_string_to_type _kafs_dns_string_to_type
-#define rk_dns_type_to_string _kafs_dns_type_to_string
-#define rk_dns_srv_order _kafs_dns_srv_order
-#define rk_dns_make_query _kafs_dns_make_query
-#define rk_dns_free_query _kafs_dns_free_query
-#define rk_dns_parse_reply _kafs_dns_parse_reply
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _kafs_strtok_r
-#endif
-#ifndef HAVE_STRLCPY
-#define strlcpy _kafs_strlcpy
-#endif
-#ifndef HAVE_STRSEP
-#define strsep _kafs_strsep
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
deleted file mode 100644
index ced9616..0000000
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ /dev/null
@@ -1,298 +0,0 @@
-# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err
-
-bin_PROGRAMS = verify_krb5_conf
-
-noinst_PROGRAMS =				\
-	krbhst-test				\
-	test_alname				\
-	test_crypto				\
-	test_get_addrs				\
-	test_kuserok				\
-	test_renew				\
-	test_forward
-
-TESTS =						\
-	aes-test				\
-	derived-key-test			\
-	n-fold-test				\
-	name-45-test				\
-	parse-name-test				\
-	store-test				\
-	string-to-key-test			\
-	test_acl				\
-	test_addr				\
-	test_cc					\
-	test_config				\
-	test_prf				\
-	test_store				\
-	test_crypto_wrapping			\
-	test_keytab				\
-	test_mem				\
-	test_pac				\
-	test_plugin				\
-	test_princ				\
-	test_pkinit_dh2key			\
-	test_time
-
-check_PROGRAMS = $(TESTS) test_hostname
-
-LDADD = libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-if PKINIT
-LIB_pkinit = ../hx509/libhx509.la
-endif
-
-libkrb5_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_door_create) \
-	$(LIB_dlopen)
-
-lib_LTLIBRARIES = libkrb5.la
-
-ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
-
-libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
-
-dist_libkrb5_la_SOURCES =			\
-	acache.c				\
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	doxygen.c				\
-	data.c					\
-	digest.c				\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	heim_threads.h				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	kcm.c					\
-	kcm.h					\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	keytab_memory.c				\
-	krb5_locl.h				\
-	krb5-v4compat.h				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	mit_glue.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	pac.c					\
-	padata.c				\
-	pkinit.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	plugin.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	v4_glue.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c
-
-nodist_libkrb5_la_SOURCES =			\
-	$(ERR_FILES)
-
-libkrb5_la_LDFLAGS = -version-info 24:0:0
-
-if versionscript
-libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-man_MANS =					\
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb524_convert_creds_kdc.3		\
-	krb5_425_conv_principal.3		\
-	krb5_acl_match_file.3			\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_c_make_checksum.3			\
-	krb5_ccache.3				\
-	krb5_check_transited.3			\
-	krb5_compare_creds.3			\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_creds.3				\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_digest.3				\
-	krb5_eai_to_heim_errno.3		\
-	krb5_encrypt.3				\
-	krb5_expand_hostname.3			\
-	krb5_find_padata.3			\
-	krb5_generate_random_block.3		\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_credentials.3			\
-	krb5_get_creds.3			\
-	krb5_get_forwarded_creds.3		\
-	krb5_get_in_cred.3			\
-	krb5_get_init_creds.3			\
-	krb5_get_krbhst.3			\
-	krb5_getportbyname.3			\
-	krb5_init_context.3			\
-	krb5_is_thread_safe.3			\
-	krb5_keyblock.3				\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_mk_req.3				\
-	krb5_mk_safe.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal.3			\
-	krb5_rcache.3				\
-	krb5_rd_error.3				\
-	krb5_rd_safe.3				\
-	krb5_set_default_realm.3		\
-	krb5_set_password.3			\
-	krb5_storage.3				\
-	krb5_string_to_key.3			\
-	krb5_ticket.3				\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_init_creds.3		\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-dist_include_HEADERS = \
-	krb5.h \
-	krb5-protos.h \
-	krb5-private.h \
-	krb5_ccapi.h
-
-nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h 
-
-# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = locate_plugin.h
-
-build_HEADERZ = \
-	heim_threads.h \
-	$(krb5_HEADERS) \
-	krb_err.h
-
-CLEANFILES = \
-	krb5_err.c krb5_err.h \
-	krb_err.c krb_err.h \
-	heim_err.c heim_err.h \
-	k524_err.c k524_err.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
-
-EXTRA_DIST = \
-	krb5_err.et \
-	krb_err.et \
-	heim_err.et \
-	k524_err.et \
-	$(man_MANS) \
-	version-script.map \
-	krb5.moduli
-
-#sysconf_DATA = krb5.moduli
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-krb_err.h: krb_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
deleted file mode 100644
index 60e0925..0000000
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ /dev/null
@@ -1,2021 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(krb5_HEADERS) \
-	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
-noinst_PROGRAMS = krbhst-test$(EXEEXT) test_alname$(EXEEXT) \
-	test_crypto$(EXEEXT) test_get_addrs$(EXEEXT) \
-	test_kuserok$(EXEEXT) test_renew$(EXEEXT) \
-	test_forward$(EXEEXT)
-TESTS = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
-	n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
-	parse-name-test$(EXEEXT) store-test$(EXEEXT) \
-	string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
-	test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
-	test_prf$(EXEEXT) test_store$(EXEEXT) \
-	test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
-	test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
-	test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
-	test_time$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1) test_hostname$(EXEEXT)
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-subdir = lib/krb5
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libkrb5_la_DEPENDENCIES = $(LIB_pkinit) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-dist_libkrb5_la_OBJECTS = libkrb5_la-acache.lo libkrb5_la-acl.lo \
-	libkrb5_la-add_et_list.lo libkrb5_la-addr_families.lo \
-	libkrb5_la-aname_to_localname.lo libkrb5_la-appdefault.lo \
-	libkrb5_la-asn1_glue.lo libkrb5_la-auth_context.lo \
-	libkrb5_la-build_ap_req.lo libkrb5_la-build_auth.lo \
-	libkrb5_la-cache.lo libkrb5_la-changepw.lo libkrb5_la-codec.lo \
-	libkrb5_la-config_file.lo libkrb5_la-config_file_netinfo.lo \
-	libkrb5_la-convert_creds.lo libkrb5_la-constants.lo \
-	libkrb5_la-context.lo libkrb5_la-copy_host_realm.lo \
-	libkrb5_la-crc.lo libkrb5_la-creds.lo libkrb5_la-crypto.lo \
-	libkrb5_la-doxygen.lo libkrb5_la-data.lo libkrb5_la-digest.lo \
-	libkrb5_la-eai_to_heim_errno.lo libkrb5_la-error_string.lo \
-	libkrb5_la-expand_hostname.lo libkrb5_la-fcache.lo \
-	libkrb5_la-free.lo libkrb5_la-free_host_realm.lo \
-	libkrb5_la-generate_seq_number.lo \
-	libkrb5_la-generate_subkey.lo libkrb5_la-get_addrs.lo \
-	libkrb5_la-get_cred.lo libkrb5_la-get_default_principal.lo \
-	libkrb5_la-get_default_realm.lo libkrb5_la-get_for_creds.lo \
-	libkrb5_la-get_host_realm.lo libkrb5_la-get_in_tkt.lo \
-	libkrb5_la-get_in_tkt_pw.lo \
-	libkrb5_la-get_in_tkt_with_keytab.lo \
-	libkrb5_la-get_in_tkt_with_skey.lo libkrb5_la-get_port.lo \
-	libkrb5_la-init_creds.lo libkrb5_la-init_creds_pw.lo \
-	libkrb5_la-kcm.lo libkrb5_la-keyblock.lo libkrb5_la-keytab.lo \
-	libkrb5_la-keytab_any.lo libkrb5_la-keytab_file.lo \
-	libkrb5_la-keytab_keyfile.lo libkrb5_la-keytab_krb4.lo \
-	libkrb5_la-keytab_memory.lo libkrb5_la-krbhst.lo \
-	libkrb5_la-kuserok.lo libkrb5_la-log.lo libkrb5_la-mcache.lo \
-	libkrb5_la-misc.lo libkrb5_la-mk_error.lo \
-	libkrb5_la-mk_priv.lo libkrb5_la-mk_rep.lo \
-	libkrb5_la-mk_req.lo libkrb5_la-mk_req_ext.lo \
-	libkrb5_la-mk_safe.lo libkrb5_la-mit_glue.lo \
-	libkrb5_la-net_read.lo libkrb5_la-net_write.lo \
-	libkrb5_la-n-fold.lo libkrb5_la-pac.lo libkrb5_la-padata.lo \
-	libkrb5_la-pkinit.lo libkrb5_la-principal.lo \
-	libkrb5_la-prog_setup.lo libkrb5_la-prompter_posix.lo \
-	libkrb5_la-rd_cred.lo libkrb5_la-rd_error.lo \
-	libkrb5_la-rd_priv.lo libkrb5_la-rd_rep.lo \
-	libkrb5_la-rd_req.lo libkrb5_la-rd_safe.lo \
-	libkrb5_la-read_message.lo libkrb5_la-recvauth.lo \
-	libkrb5_la-replay.lo libkrb5_la-send_to_kdc.lo \
-	libkrb5_la-sendauth.lo libkrb5_la-set_default_realm.lo \
-	libkrb5_la-sock_principal.lo libkrb5_la-store.lo \
-	libkrb5_la-store_emem.lo libkrb5_la-store_fd.lo \
-	libkrb5_la-store_mem.lo libkrb5_la-plugin.lo \
-	libkrb5_la-ticket.lo libkrb5_la-time.lo \
-	libkrb5_la-transited.lo libkrb5_la-v4_glue.lo \
-	libkrb5_la-verify_init.lo libkrb5_la-verify_user.lo \
-	libkrb5_la-version.lo libkrb5_la-warn.lo \
-	libkrb5_la-write_message.lo
-am__objects_1 = libkrb5_la-krb5_err.lo libkrb5_la-krb_err.lo \
-	libkrb5_la-heim_err.lo libkrb5_la-k524_err.lo
-nodist_libkrb5_la_OBJECTS = $(am__objects_1)
-libkrb5_la_OBJECTS = $(dist_libkrb5_la_OBJECTS) \
-	$(nodist_libkrb5_la_OBJECTS)
-libkrb5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkrb5_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
-	n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
-	parse-name-test$(EXEEXT) store-test$(EXEEXT) \
-	string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
-	test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
-	test_prf$(EXEEXT) test_store$(EXEEXT) \
-	test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
-	test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
-	test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
-	test_time$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-aes_test_SOURCES = aes-test.c
-aes_test_OBJECTS = aes-test.$(OBJEXT)
-aes_test_LDADD = $(LDADD)
-aes_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-derived_key_test_SOURCES = derived-key-test.c
-derived_key_test_OBJECTS = derived-key-test.$(OBJEXT)
-derived_key_test_LDADD = $(LDADD)
-derived_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-krbhst_test_SOURCES = krbhst-test.c
-krbhst_test_OBJECTS = krbhst-test.$(OBJEXT)
-krbhst_test_LDADD = $(LDADD)
-krbhst_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-n_fold_test_SOURCES = n-fold-test.c
-n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
-n_fold_test_LDADD = $(LDADD)
-n_fold_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-name_45_test_SOURCES = name-45-test.c
-name_45_test_OBJECTS = name-45-test.$(OBJEXT)
-name_45_test_LDADD = $(LDADD)
-name_45_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-parse_name_test_SOURCES = parse-name-test.c
-parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
-parse_name_test_LDADD = $(LDADD)
-parse_name_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-store_test_SOURCES = store-test.c
-store_test_OBJECTS = store-test.$(OBJEXT)
-store_test_LDADD = $(LDADD)
-store_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-string_to_key_test_SOURCES = string-to-key-test.c
-string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
-string_to_key_test_LDADD = $(LDADD)
-string_to_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_acl_SOURCES = test_acl.c
-test_acl_OBJECTS = test_acl.$(OBJEXT)
-test_acl_LDADD = $(LDADD)
-test_acl_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_addr_SOURCES = test_addr.c
-test_addr_OBJECTS = test_addr.$(OBJEXT)
-test_addr_LDADD = $(LDADD)
-test_addr_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_alname_SOURCES = test_alname.c
-test_alname_OBJECTS = test_alname.$(OBJEXT)
-test_alname_LDADD = $(LDADD)
-test_alname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_cc_SOURCES = test_cc.c
-test_cc_OBJECTS = test_cc.$(OBJEXT)
-test_cc_LDADD = $(LDADD)
-test_cc_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_config_SOURCES = test_config.c
-test_config_OBJECTS = test_config.$(OBJEXT)
-test_config_LDADD = $(LDADD)
-test_config_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_crypto_SOURCES = test_crypto.c
-test_crypto_OBJECTS = test_crypto.$(OBJEXT)
-test_crypto_LDADD = $(LDADD)
-test_crypto_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_crypto_wrapping_SOURCES = test_crypto_wrapping.c
-test_crypto_wrapping_OBJECTS = test_crypto_wrapping.$(OBJEXT)
-test_crypto_wrapping_LDADD = $(LDADD)
-test_crypto_wrapping_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_forward_SOURCES = test_forward.c
-test_forward_OBJECTS = test_forward.$(OBJEXT)
-test_forward_LDADD = $(LDADD)
-test_forward_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_get_addrs_SOURCES = test_get_addrs.c
-test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
-test_get_addrs_LDADD = $(LDADD)
-test_get_addrs_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_hostname_SOURCES = test_hostname.c
-test_hostname_OBJECTS = test_hostname.$(OBJEXT)
-test_hostname_LDADD = $(LDADD)
-test_hostname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_keytab_SOURCES = test_keytab.c
-test_keytab_OBJECTS = test_keytab.$(OBJEXT)
-test_keytab_LDADD = $(LDADD)
-test_keytab_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_kuserok_SOURCES = test_kuserok.c
-test_kuserok_OBJECTS = test_kuserok.$(OBJEXT)
-test_kuserok_LDADD = $(LDADD)
-test_kuserok_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_mem_SOURCES = test_mem.c
-test_mem_OBJECTS = test_mem.$(OBJEXT)
-test_mem_LDADD = $(LDADD)
-test_mem_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_pac_SOURCES = test_pac.c
-test_pac_OBJECTS = test_pac.$(OBJEXT)
-test_pac_LDADD = $(LDADD)
-test_pac_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_pkinit_dh2key_SOURCES = test_pkinit_dh2key.c
-test_pkinit_dh2key_OBJECTS = test_pkinit_dh2key.$(OBJEXT)
-test_pkinit_dh2key_LDADD = $(LDADD)
-test_pkinit_dh2key_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_plugin_SOURCES = test_plugin.c
-test_plugin_OBJECTS = test_plugin.$(OBJEXT)
-test_plugin_LDADD = $(LDADD)
-test_plugin_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_prf_SOURCES = test_prf.c
-test_prf_OBJECTS = test_prf.$(OBJEXT)
-test_prf_LDADD = $(LDADD)
-test_prf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_princ_SOURCES = test_princ.c
-test_princ_OBJECTS = test_princ.$(OBJEXT)
-test_princ_LDADD = $(LDADD)
-test_princ_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_renew_SOURCES = test_renew.c
-test_renew_OBJECTS = test_renew.$(OBJEXT)
-test_renew_LDADD = $(LDADD)
-test_renew_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_store_SOURCES = test_store.c
-test_store_OBJECTS = test_store.$(OBJEXT)
-test_store_LDADD = $(LDADD)
-test_store_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_time_SOURCES = test_time.c
-test_time_OBJECTS = test_time.$(OBJEXT)
-test_time_LDADD = $(LDADD)
-test_time_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-verify_krb5_conf_SOURCES = verify_krb5_conf.c
-verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
-verify_krb5_conf_LDADD = $(LDADD)
-verify_krb5_conf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libkrb5_la_SOURCES) $(nodist_libkrb5_la_SOURCES) \
-	aes-test.c derived-key-test.c krbhst-test.c n-fold-test.c \
-	name-45-test.c parse-name-test.c store-test.c \
-	string-to-key-test.c test_acl.c test_addr.c test_alname.c \
-	test_cc.c test_config.c test_crypto.c test_crypto_wrapping.c \
-	test_forward.c test_get_addrs.c test_hostname.c test_keytab.c \
-	test_kuserok.c test_mem.c test_pac.c test_pkinit_dh2key.c \
-	test_plugin.c test_prf.c test_princ.c test_renew.c \
-	test_store.c test_time.c verify_krb5_conf.c
-DIST_SOURCES = $(dist_libkrb5_la_SOURCES) aes-test.c \
-	derived-key-test.c krbhst-test.c n-fold-test.c name-45-test.c \
-	parse-name-test.c store-test.c string-to-key-test.c test_acl.c \
-	test_addr.c test_alname.c test_cc.c test_config.c \
-	test_crypto.c test_crypto_wrapping.c test_forward.c \
-	test_get_addrs.c test_hostname.c test_keytab.c test_kuserok.c \
-	test_mem.c test_pac.c test_pkinit_dh2key.c test_plugin.c \
-	test_prf.c test_princ.c test_renew.c test_store.c test_time.c \
-	verify_krb5_conf.c
-man3dir = $(mandir)/man3
-man5dir = $(mandir)/man5
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-krb5HEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(krb5_HEADERS) \
-	$(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err \
-	-I$(srcdir)/../com_err
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-LDADD = libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-@PKINIT_TRUE@LIB_pkinit = ../hx509/libhx509.la
-libkrb5_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_door_create) \
-	$(LIB_dlopen)
-
-lib_LTLIBRARIES = libkrb5.la
-ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
-libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
-dist_libkrb5_la_SOURCES = \
-	acache.c				\
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	doxygen.c				\
-	data.c					\
-	digest.c				\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	heim_threads.h				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	kcm.c					\
-	kcm.h					\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	keytab_memory.c				\
-	krb5_locl.h				\
-	krb5-v4compat.h				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	mit_glue.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	pac.c					\
-	padata.c				\
-	pkinit.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	plugin.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	v4_glue.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c
-
-nodist_libkrb5_la_SOURCES = \
-	$(ERR_FILES)
-
-libkrb5_la_LDFLAGS = -version-info 24:0:0 $(am__append_1)
-man_MANS = \
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb524_convert_creds_kdc.3		\
-	krb5_425_conv_principal.3		\
-	krb5_acl_match_file.3			\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_c_make_checksum.3			\
-	krb5_ccache.3				\
-	krb5_check_transited.3			\
-	krb5_compare_creds.3			\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_creds.3				\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_digest.3				\
-	krb5_eai_to_heim_errno.3		\
-	krb5_encrypt.3				\
-	krb5_expand_hostname.3			\
-	krb5_find_padata.3			\
-	krb5_generate_random_block.3		\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_credentials.3			\
-	krb5_get_creds.3			\
-	krb5_get_forwarded_creds.3		\
-	krb5_get_in_cred.3			\
-	krb5_get_init_creds.3			\
-	krb5_get_krbhst.3			\
-	krb5_getportbyname.3			\
-	krb5_init_context.3			\
-	krb5_is_thread_safe.3			\
-	krb5_keyblock.3				\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_mk_req.3				\
-	krb5_mk_safe.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal.3			\
-	krb5_rcache.3				\
-	krb5_rd_error.3				\
-	krb5_rd_safe.3				\
-	krb5_set_default_realm.3		\
-	krb5_set_password.3			\
-	krb5_storage.3				\
-	krb5_string_to_key.3			\
-	krb5_ticket.3				\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_init_creds.3		\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-dist_include_HEADERS = \
-	krb5.h \
-	krb5-protos.h \
-	krb5-private.h \
-	krb5_ccapi.h
-
-nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h 
-
-# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = locate_plugin.h
-build_HEADERZ = \
-	heim_threads.h \
-	$(krb5_HEADERS) \
-	krb_err.h
-
-CLEANFILES = \
-	krb5_err.c krb5_err.h \
-	krb_err.c krb_err.h \
-	heim_err.c heim_err.h \
-	k524_err.c k524_err.h
-
-EXTRA_DIST = \
-	krb5_err.et \
-	krb_err.et \
-	heim_err.et \
-	k524_err.et \
-	$(man_MANS) \
-	version-script.map \
-	krb5.moduli
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/krb5/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/krb5/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) 
-	$(libkrb5_la_LINK) -rpath $(libdir) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) 
-	@rm -f aes-test$(EXEEXT)
-	$(LINK) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS)
-derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) 
-	@rm -f derived-key-test$(EXEEXT)
-	$(LINK) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
-krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) 
-	@rm -f krbhst-test$(EXEEXT)
-	$(LINK) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS)
-n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) 
-	@rm -f n-fold-test$(EXEEXT)
-	$(LINK) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
-name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) 
-	@rm -f name-45-test$(EXEEXT)
-	$(LINK) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
-parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) 
-	@rm -f parse-name-test$(EXEEXT)
-	$(LINK) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
-store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) 
-	@rm -f store-test$(EXEEXT)
-	$(LINK) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
-string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) 
-	@rm -f string-to-key-test$(EXEEXT)
-	$(LINK) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
-test_acl$(EXEEXT): $(test_acl_OBJECTS) $(test_acl_DEPENDENCIES) 
-	@rm -f test_acl$(EXEEXT)
-	$(LINK) $(test_acl_OBJECTS) $(test_acl_LDADD) $(LIBS)
-test_addr$(EXEEXT): $(test_addr_OBJECTS) $(test_addr_DEPENDENCIES) 
-	@rm -f test_addr$(EXEEXT)
-	$(LINK) $(test_addr_OBJECTS) $(test_addr_LDADD) $(LIBS)
-test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) 
-	@rm -f test_alname$(EXEEXT)
-	$(LINK) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS)
-test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) 
-	@rm -f test_cc$(EXEEXT)
-	$(LINK) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS)
-test_config$(EXEEXT): $(test_config_OBJECTS) $(test_config_DEPENDENCIES) 
-	@rm -f test_config$(EXEEXT)
-	$(LINK) $(test_config_OBJECTS) $(test_config_LDADD) $(LIBS)
-test_crypto$(EXEEXT): $(test_crypto_OBJECTS) $(test_crypto_DEPENDENCIES) 
-	@rm -f test_crypto$(EXEEXT)
-	$(LINK) $(test_crypto_OBJECTS) $(test_crypto_LDADD) $(LIBS)
-test_crypto_wrapping$(EXEEXT): $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_DEPENDENCIES) 
-	@rm -f test_crypto_wrapping$(EXEEXT)
-	$(LINK) $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_LDADD) $(LIBS)
-test_forward$(EXEEXT): $(test_forward_OBJECTS) $(test_forward_DEPENDENCIES) 
-	@rm -f test_forward$(EXEEXT)
-	$(LINK) $(test_forward_OBJECTS) $(test_forward_LDADD) $(LIBS)
-test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) 
-	@rm -f test_get_addrs$(EXEEXT)
-	$(LINK) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
-test_hostname$(EXEEXT): $(test_hostname_OBJECTS) $(test_hostname_DEPENDENCIES) 
-	@rm -f test_hostname$(EXEEXT)
-	$(LINK) $(test_hostname_OBJECTS) $(test_hostname_LDADD) $(LIBS)
-test_keytab$(EXEEXT): $(test_keytab_OBJECTS) $(test_keytab_DEPENDENCIES) 
-	@rm -f test_keytab$(EXEEXT)
-	$(LINK) $(test_keytab_OBJECTS) $(test_keytab_LDADD) $(LIBS)
-test_kuserok$(EXEEXT): $(test_kuserok_OBJECTS) $(test_kuserok_DEPENDENCIES) 
-	@rm -f test_kuserok$(EXEEXT)
-	$(LINK) $(test_kuserok_OBJECTS) $(test_kuserok_LDADD) $(LIBS)
-test_mem$(EXEEXT): $(test_mem_OBJECTS) $(test_mem_DEPENDENCIES) 
-	@rm -f test_mem$(EXEEXT)
-	$(LINK) $(test_mem_OBJECTS) $(test_mem_LDADD) $(LIBS)
-test_pac$(EXEEXT): $(test_pac_OBJECTS) $(test_pac_DEPENDENCIES) 
-	@rm -f test_pac$(EXEEXT)
-	$(LINK) $(test_pac_OBJECTS) $(test_pac_LDADD) $(LIBS)
-test_pkinit_dh2key$(EXEEXT): $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_DEPENDENCIES) 
-	@rm -f test_pkinit_dh2key$(EXEEXT)
-	$(LINK) $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_LDADD) $(LIBS)
-test_plugin$(EXEEXT): $(test_plugin_OBJECTS) $(test_plugin_DEPENDENCIES) 
-	@rm -f test_plugin$(EXEEXT)
-	$(LINK) $(test_plugin_OBJECTS) $(test_plugin_LDADD) $(LIBS)
-test_prf$(EXEEXT): $(test_prf_OBJECTS) $(test_prf_DEPENDENCIES) 
-	@rm -f test_prf$(EXEEXT)
-	$(LINK) $(test_prf_OBJECTS) $(test_prf_LDADD) $(LIBS)
-test_princ$(EXEEXT): $(test_princ_OBJECTS) $(test_princ_DEPENDENCIES) 
-	@rm -f test_princ$(EXEEXT)
-	$(LINK) $(test_princ_OBJECTS) $(test_princ_LDADD) $(LIBS)
-test_renew$(EXEEXT): $(test_renew_OBJECTS) $(test_renew_DEPENDENCIES) 
-	@rm -f test_renew$(EXEEXT)
-	$(LINK) $(test_renew_OBJECTS) $(test_renew_LDADD) $(LIBS)
-test_store$(EXEEXT): $(test_store_OBJECTS) $(test_store_DEPENDENCIES) 
-	@rm -f test_store$(EXEEXT)
-	$(LINK) $(test_store_OBJECTS) $(test_store_LDADD) $(LIBS)
-test_time$(EXEEXT): $(test_time_OBJECTS) $(test_time_DEPENDENCIES) 
-	@rm -f test_time$(EXEEXT)
-	$(LINK) $(test_time_OBJECTS) $(test_time_LDADD) $(LIBS)
-verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) 
-	@rm -f verify_krb5_conf$(EXEEXT)
-	$(LINK) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libkrb5_la-acache.lo: acache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c
-
-libkrb5_la-acl.lo: acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c
-
-libkrb5_la-add_et_list.lo: add_et_list.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c
-
-libkrb5_la-addr_families.lo: addr_families.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c
-
-libkrb5_la-aname_to_localname.lo: aname_to_localname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c
-
-libkrb5_la-appdefault.lo: appdefault.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c
-
-libkrb5_la-asn1_glue.lo: asn1_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c
-
-libkrb5_la-auth_context.lo: auth_context.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c
-
-libkrb5_la-build_ap_req.lo: build_ap_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c
-
-libkrb5_la-build_auth.lo: build_auth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c
-
-libkrb5_la-cache.lo: cache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
-
-libkrb5_la-changepw.lo: changepw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c
-
-libkrb5_la-codec.lo: codec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c
-
-libkrb5_la-config_file.lo: config_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c
-
-libkrb5_la-config_file_netinfo.lo: config_file_netinfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file_netinfo.lo `test -f 'config_file_netinfo.c' || echo '$(srcdir)/'`config_file_netinfo.c
-
-libkrb5_la-convert_creds.lo: convert_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c
-
-libkrb5_la-constants.lo: constants.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c
-
-libkrb5_la-context.lo: context.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
-
-libkrb5_la-copy_host_realm.lo: copy_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c
-
-libkrb5_la-crc.lo: crc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c
-
-libkrb5_la-creds.lo: creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c
-
-libkrb5_la-crypto.lo: crypto.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-
-libkrb5_la-doxygen.lo: doxygen.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
-
-libkrb5_la-data.lo: data.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c
-
-libkrb5_la-digest.lo: digest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c
-
-libkrb5_la-eai_to_heim_errno.lo: eai_to_heim_errno.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c
-
-libkrb5_la-error_string.lo: error_string.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c
-
-libkrb5_la-expand_hostname.lo: expand_hostname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c
-
-libkrb5_la-fcache.lo: fcache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c
-
-libkrb5_la-free.lo: free.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c
-
-libkrb5_la-free_host_realm.lo: free_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c
-
-libkrb5_la-generate_seq_number.lo: generate_seq_number.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c
-
-libkrb5_la-generate_subkey.lo: generate_subkey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c
-
-libkrb5_la-get_addrs.lo: get_addrs.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c
-
-libkrb5_la-get_cred.lo: get_cred.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c
-
-libkrb5_la-get_default_principal.lo: get_default_principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c
-
-libkrb5_la-get_default_realm.lo: get_default_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c
-
-libkrb5_la-get_for_creds.lo: get_for_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c
-
-libkrb5_la-get_host_realm.lo: get_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c
-
-libkrb5_la-get_in_tkt.lo: get_in_tkt.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c
-
-libkrb5_la-get_in_tkt_pw.lo: get_in_tkt_pw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_pw.lo `test -f 'get_in_tkt_pw.c' || echo '$(srcdir)/'`get_in_tkt_pw.c
-
-libkrb5_la-get_in_tkt_with_keytab.lo: get_in_tkt_with_keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_keytab.lo `test -f 'get_in_tkt_with_keytab.c' || echo '$(srcdir)/'`get_in_tkt_with_keytab.c
-
-libkrb5_la-get_in_tkt_with_skey.lo: get_in_tkt_with_skey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_skey.lo `test -f 'get_in_tkt_with_skey.c' || echo '$(srcdir)/'`get_in_tkt_with_skey.c
-
-libkrb5_la-get_port.lo: get_port.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c
-
-libkrb5_la-init_creds.lo: init_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c
-
-libkrb5_la-init_creds_pw.lo: init_creds_pw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c
-
-libkrb5_la-kcm.lo: kcm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c
-
-libkrb5_la-keyblock.lo: keyblock.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c
-
-libkrb5_la-keytab.lo: keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
-
-libkrb5_la-keytab_any.lo: keytab_any.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c
-
-libkrb5_la-keytab_file.lo: keytab_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c
-
-libkrb5_la-keytab_keyfile.lo: keytab_keyfile.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c
-
-libkrb5_la-keytab_krb4.lo: keytab_krb4.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_krb4.lo `test -f 'keytab_krb4.c' || echo '$(srcdir)/'`keytab_krb4.c
-
-libkrb5_la-keytab_memory.lo: keytab_memory.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c
-
-libkrb5_la-krbhst.lo: krbhst.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c
-
-libkrb5_la-kuserok.lo: kuserok.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c
-
-libkrb5_la-log.lo: log.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
-
-libkrb5_la-mcache.lo: mcache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c
-
-libkrb5_la-misc.lo: misc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
-
-libkrb5_la-mk_error.lo: mk_error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c
-
-libkrb5_la-mk_priv.lo: mk_priv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c
-
-libkrb5_la-mk_rep.lo: mk_rep.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c
-
-libkrb5_la-mk_req.lo: mk_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c
-
-libkrb5_la-mk_req_ext.lo: mk_req_ext.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c
-
-libkrb5_la-mk_safe.lo: mk_safe.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c
-
-libkrb5_la-mit_glue.lo: mit_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c
-
-libkrb5_la-net_read.lo: net_read.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
-
-libkrb5_la-net_write.lo: net_write.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
-
-libkrb5_la-n-fold.lo: n-fold.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c
-
-libkrb5_la-pac.lo: pac.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c
-
-libkrb5_la-padata.lo: padata.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c
-
-libkrb5_la-pkinit.lo: pkinit.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c
-
-libkrb5_la-principal.lo: principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c
-
-libkrb5_la-prog_setup.lo: prog_setup.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c
-
-libkrb5_la-prompter_posix.lo: prompter_posix.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c
-
-libkrb5_la-rd_cred.lo: rd_cred.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c
-
-libkrb5_la-rd_error.lo: rd_error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c
-
-libkrb5_la-rd_priv.lo: rd_priv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c
-
-libkrb5_la-rd_rep.lo: rd_rep.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c
-
-libkrb5_la-rd_req.lo: rd_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c
-
-libkrb5_la-rd_safe.lo: rd_safe.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c
-
-libkrb5_la-read_message.lo: read_message.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c
-
-libkrb5_la-recvauth.lo: recvauth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c
-
-libkrb5_la-replay.lo: replay.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c
-
-libkrb5_la-send_to_kdc.lo: send_to_kdc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c
-
-libkrb5_la-sendauth.lo: sendauth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c
-
-libkrb5_la-set_default_realm.lo: set_default_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c
-
-libkrb5_la-sock_principal.lo: sock_principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c
-
-libkrb5_la-store.lo: store.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c
-
-libkrb5_la-store_emem.lo: store_emem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c
-
-libkrb5_la-store_fd.lo: store_fd.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c
-
-libkrb5_la-store_mem.lo: store_mem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c
-
-libkrb5_la-plugin.lo: plugin.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c
-
-libkrb5_la-ticket.lo: ticket.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c
-
-libkrb5_la-time.lo: time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c
-
-libkrb5_la-transited.lo: transited.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c
-
-libkrb5_la-v4_glue.lo: v4_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-v4_glue.lo `test -f 'v4_glue.c' || echo '$(srcdir)/'`v4_glue.c
-
-libkrb5_la-verify_init.lo: verify_init.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c
-
-libkrb5_la-verify_user.lo: verify_user.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c
-
-libkrb5_la-version.lo: version.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
-
-libkrb5_la-warn.lo: warn.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c
-
-libkrb5_la-write_message.lo: write_message.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c
-
-libkrb5_la-krb5_err.lo: krb5_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c
-
-libkrb5_la-krb_err.lo: krb_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c
-
-libkrb5_la-heim_err.lo: heim_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c
-
-libkrb5_la-k524_err.lo: k524_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-krb5HEADERS: $(krb5_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)"
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-
-uninstall-krb5HEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS install-krb5HEADERS \
-	install-man install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dist_includeHEADERS \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-krb5HEADERS install-libLTLIBRARIES \
-	install-man install-man3 install-man5 install-man8 \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-dist_includeHEADERS uninstall-hook \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-man5 uninstall-man8 \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
-
-#sysconf_DATA = krb5.moduli
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-krb_err.h: krb_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/krb5/acache.c b/crypto/heimdal/lib/krb5/acache.c
deleted file mode 100644
index 30a6d90..0000000
--- a/crypto/heimdal/lib/krb5/acache.c
+++ /dev/null
@@ -1,961 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <krb5_ccapi.h>
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-RCSID("$Id: acache.c 22099 2007-12-03 17:14:34Z lha $");
-
-/* XXX should we fetch these for each open ? */
-static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static cc_initialize_func init_func;
-
-#ifdef HAVE_DLOPEN
-static void *cc_handle; 
-#endif
-
-typedef struct krb5_acc {
-    char *cache_name;
-    cc_context_t context;
-    cc_ccache_t ccache;
-} krb5_acc;
-
-static krb5_error_code acc_close(krb5_context, krb5_ccache);
-
-#define ACACHE(X) ((krb5_acc *)(X)->data.data)
-
-static const struct {
-    cc_int32 error;
-    krb5_error_code ret;
-} cc_errors[] = {
-    { ccErrBadName,		KRB5_CC_BADNAME },
-    { ccErrCredentialsNotFound,	KRB5_CC_NOTFOUND },
-    { ccErrCCacheNotFound,	KRB5_FCC_NOFILE },
-    { ccErrContextNotFound,	KRB5_CC_NOTFOUND },
-    { ccIteratorEnd,		KRB5_CC_END },
-    { ccErrNoMem,		KRB5_CC_NOMEM },
-    { ccErrServerUnavailable,	KRB5_CC_NOSUPP },
-    { ccNoError,		0 }
-};
-
-static krb5_error_code
-translate_cc_error(krb5_context context, cc_int32 error)
-{
-    int i;
-    krb5_clear_error_string(context);
-    for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
-	if (cc_errors[i].error == error)
-	    return cc_errors[i].ret;
-    return KRB5_FCC_INTERNAL;
-}
-
-static krb5_error_code
-init_ccapi(krb5_context context)
-{
-    const char *lib;
-
-    HEIMDAL_MUTEX_lock(&acc_mutex);
-    if (init_func) {
-	HEIMDAL_MUTEX_unlock(&acc_mutex);
-	krb5_clear_error_string(context);
-	return 0;
-    }
-
-    lib = krb5_config_get_string(context, NULL,
-				 "libdefaults", "ccapi_library", 
-				 NULL);
-    if (lib == NULL) {
-#ifdef __APPLE__
-	lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
-#else
-	lib = "/usr/lib/libkrb5_cc.so";
-#endif
-    }
-
-#ifdef HAVE_DLOPEN
-
-#ifndef RTLD_LAZY
-#define RTLD_LAZY 0
-#endif
-
-    cc_handle = dlopen(lib, RTLD_LAZY);
-    if (cc_handle == NULL) {
-	HEIMDAL_MUTEX_unlock(&acc_mutex);
-	krb5_set_error_string(context, "Failed to load %s", lib);
-	return KRB5_CC_NOSUPP;
-    }
-
-    init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
-    HEIMDAL_MUTEX_unlock(&acc_mutex);
-    if (init_func == NULL) {
-	krb5_set_error_string(context, "Failed to find cc_initialize"
-			      "in %s: %s", lib, dlerror());
-	dlclose(cc_handle);
-	return KRB5_CC_NOSUPP;
-    }
-
-    return 0;
-#else
-    HEIMDAL_MUTEX_unlock(&acc_mutex);
-    krb5_set_error_string(context, "no support for shared object");
-    return KRB5_CC_NOSUPP;
-#endif
-}    
-
-static krb5_error_code
-make_cred_from_ccred(krb5_context context,
-		     const cc_credentials_v5_t *incred,
-		     krb5_creds *cred)
-{
-    krb5_error_code ret;
-    int i;
-
-    memset(cred, 0, sizeof(*cred));
-
-    ret = krb5_parse_name(context, incred->client, &cred->client);
-    if (ret)
-	goto fail;
-
-    ret = krb5_parse_name(context, incred->server, &cred->server);
-    if (ret)
-	goto fail;
-
-    cred->session.keytype = incred->keyblock.type;
-    cred->session.keyvalue.length = incred->keyblock.length;
-    cred->session.keyvalue.data = malloc(incred->keyblock.length);
-    if (cred->session.keyvalue.data == NULL)
-	goto nomem;
-    memcpy(cred->session.keyvalue.data, incred->keyblock.data,
-	   incred->keyblock.length);
-
-    cred->times.authtime = incred->authtime;
-    cred->times.starttime = incred->starttime;
-    cred->times.endtime = incred->endtime;
-    cred->times.renew_till = incred->renew_till;
-
-    ret = krb5_data_copy(&cred->ticket,
-			 incred->ticket.data,
-			 incred->ticket.length);
-    if (ret)
-	goto nomem;
-
-    ret = krb5_data_copy(&cred->second_ticket,
-			 incred->second_ticket.data,
-			 incred->second_ticket.length);
-    if (ret)
-	goto nomem;
-
-    cred->authdata.val = NULL;
-    cred->authdata.len = 0;
-    
-    cred->addresses.val = NULL;
-    cred->addresses.len = 0;
-    
-    for (i = 0; incred->authdata && incred->authdata[i]; i++)
-	;
-    
-    if (i) {
-	cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0]));
-	if (cred->authdata.val == NULL)
-	    goto nomem;
-	cred->authdata.len = i;
-	for (i = 0; i < cred->authdata.len; i++) {
-	    cred->authdata.val[i].ad_type = incred->authdata[i]->type;
-	    ret = krb5_data_copy(&cred->authdata.val[i].ad_data,
-				 incred->authdata[i]->data,
-				 incred->authdata[i]->length);
-	    if (ret)
-		goto nomem;
-	}
-    }
-    
-    for (i = 0; incred->addresses && incred->addresses[i]; i++)
-	;
-    
-    if (i) {
-	cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0]));
-	if (cred->addresses.val == NULL)
-	    goto nomem;
-	cred->addresses.len = i;
-	
-	for (i = 0; i < cred->addresses.len; i++) {
-	    cred->addresses.val[i].addr_type = incred->addresses[i]->type;
-	    ret = krb5_data_copy(&cred->addresses.val[i].address,
-				 incred->addresses[i]->data,
-				 incred->addresses[i]->length);
-	    if (ret)
-		goto nomem;
-	}
-    }
-    
-    cred->flags.i = 0;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
-	cred->flags.b.forwardable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
-	cred->flags.b.forwarded = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
-	cred->flags.b.proxiable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
-	cred->flags.b.proxy = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
-	cred->flags.b.may_postdate = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
-	cred->flags.b.postdated = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
-	cred->flags.b.invalid = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
-	cred->flags.b.renewable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
-	cred->flags.b.initial = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
-	cred->flags.b.pre_authent = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
-	cred->flags.b.hw_authent = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
-	cred->flags.b.transited_policy_checked = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
-	cred->flags.b.ok_as_delegate = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
-	cred->flags.b.anonymous = 1;
-
-    return 0;
-    
-nomem:
-    ret = ENOMEM;
-    krb5_set_error_string(context, "malloc - out of memory");
-    
-fail:
-    krb5_free_cred_contents(context, cred);
-    return ret;
-}
-
-static void
-free_ccred(cc_credentials_v5_t *cred)
-{
-    int i;
-
-    if (cred->addresses) {
-	for (i = 0; cred->addresses[i] != 0; i++) {
-	    if (cred->addresses[i]->data)
-		free(cred->addresses[i]->data);
-	    free(cred->addresses[i]);
-	}
-	free(cred->addresses);
-    }
-    if (cred->server)
-	free(cred->server);
-    if (cred->client)
-	free(cred->client);
-    memset(cred, 0, sizeof(*cred));
-}
-
-static krb5_error_code
-make_ccred_from_cred(krb5_context context,
-		     const krb5_creds *incred,
-		     cc_credentials_v5_t *cred)
-{
-    krb5_error_code ret;
-    int i;
-
-    memset(cred, 0, sizeof(*cred));
-
-    ret = krb5_unparse_name(context, incred->client, &cred->client);
-    if (ret)
-	goto fail;
-
-    ret = krb5_unparse_name(context, incred->server, &cred->server);
-    if (ret)
-	goto fail;
-
-    cred->keyblock.type = incred->session.keytype;
-    cred->keyblock.length = incred->session.keyvalue.length;
-    cred->keyblock.data = incred->session.keyvalue.data;
-
-    cred->authtime = incred->times.authtime;
-    cred->starttime = incred->times.starttime;
-    cred->endtime = incred->times.endtime;
-    cred->renew_till = incred->times.renew_till;
-
-    cred->ticket.length = incred->ticket.length;
-    cred->ticket.data = incred->ticket.data;
-
-    cred->second_ticket.length = incred->second_ticket.length;
-    cred->second_ticket.data = incred->second_ticket.data;
-
-    /* XXX this one should also be filled in */
-    cred->authdata = NULL;
-    
-    cred->addresses = calloc(incred->addresses.len + 1, 
-			     sizeof(cred->addresses[0]));
-    if (cred->addresses == NULL) {
-
-	ret = ENOMEM;
-	goto fail;
-    }
-
-    for (i = 0; i < incred->addresses.len; i++) {
-	cc_data *addr;
-	addr = malloc(sizeof(*addr));
-	if (addr == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	addr->type = incred->addresses.val[i].addr_type;
-	addr->length = incred->addresses.val[i].address.length;
-	addr->data = malloc(addr->length);
-	if (addr->data == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	memcpy(addr->data, incred->addresses.val[i].address.data, 
-	       addr->length);
-	cred->addresses[i] = addr;
-    }
-    cred->addresses[i] = NULL;
-
-    cred->ticket_flags = 0;
-    if (incred->flags.b.forwardable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
-    if (incred->flags.b.forwarded)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
-    if (incred->flags.b.proxiable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
-    if (incred->flags.b.proxy)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
-    if (incred->flags.b.may_postdate)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
-    if (incred->flags.b.postdated)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
-    if (incred->flags.b.invalid)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
-    if (incred->flags.b.renewable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
-    if (incred->flags.b.initial)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
-    if (incred->flags.b.pre_authent)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
-    if (incred->flags.b.hw_authent)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
-    if (incred->flags.b.transited_policy_checked)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
-    if (incred->flags.b.ok_as_delegate)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
-    if (incred->flags.b.anonymous)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
-
-    return 0;
-
-fail:    
-    free_ccred(cred);
-
-    krb5_clear_error_string(context);
-    return ret;
-}
-
-static char *
-get_cc_name(cc_ccache_t cache)
-{
-    cc_string_t name;
-    cc_int32 error;
-    char *str;
-
-    error = (*cache->func->get_name)(cache, &name);
-    if (error)
-	return NULL;
-
-    str = strdup(name->data);
-    (*name->func->release)(name);
-    return str;
-}
-
-
-static const char*
-acc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-    static char n[255];
-    char *name;
-
-    name = get_cc_name(a->ccache);
-    if (name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return NULL;
-    }
-    strlcpy(n, name, sizeof(n));
-    free(name);
-    return n;
-}
-
-static krb5_error_code
-acc_alloc(krb5_context context, krb5_ccache *id)
-{
-    krb5_error_code ret;
-    cc_int32 error;
-    krb5_acc *a;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    ret = krb5_data_alloc(&(*id)->data, sizeof(*a));
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    
-    a = ACACHE(*id);
-
-    error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
-    if (error) {
-	krb5_data_free(&(*id)->data);
-	return translate_cc_error(context, error);
-    }
-
-    a->cache_name = NULL;
-
-    return 0;
-}
-
-static krb5_error_code
-acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_error_code ret;
-    cc_int32 error;
-    krb5_acc *a;
-
-    ret = acc_alloc(context, id);
-    if (ret)
-	return ret;
-
-    a = ACACHE(*id);
-
-    error = (*a->context->func->open_ccache)(a->context, res,
-					     &a->ccache);
-    if (error == 0) {
-	a->cache_name = get_cc_name(a->ccache);
-	if (a->cache_name == NULL) {
-	    acc_close(context, *id);
-	    *id = NULL;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    } else if (error == ccErrCCacheNotFound) {
-	a->ccache = NULL;
-	a->cache_name = NULL;
-	error = 0;
-    } else {
-	*id = NULL;
-	return translate_cc_error(context, error);
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-acc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_error_code ret;
-    krb5_acc *a;
-
-    ret = acc_alloc(context, id);
-    if (ret)
-	return ret;
-
-    a = ACACHE(*id);
-
-    a->ccache = NULL;
-    a->cache_name = NULL;
-
-    return 0;
-}
-
-static krb5_error_code
-acc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_acc *a = ACACHE(id);
-    krb5_error_code ret;
-    int32_t error;
-    char *name;
-
-    ret = krb5_unparse_name(context, primary_principal, &name);
-    if (ret)
-	return ret;
-
-    error = (*a->context->func->create_new_ccache)(a->context,
-						   cc_credentials_v5,
-						   name,
-						   &a->ccache);
-    free(name);
-
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-
-    if (a->ccache) {
-	(*a->ccache->func->release)(a->ccache);
-	a->ccache = NULL;
-    }
-    if (a->cache_name) {
-	free(a->cache_name);
-	a->cache_name = NULL;
-    }
-    (*a->context->func->release)(a->context);
-    a->context = NULL;
-    krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-acc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-    cc_int32 error = 0;
-
-    if (a->ccache) {
-	error = (*a->ccache->func->destroy)(a->ccache);
-	a->ccache = NULL;
-    }
-    if (a->context) {
-	error = (a->context->func->release)(a->context);
-	a->context = NULL;
-    }
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_acc *a = ACACHE(id);
-    cc_credentials_union cred;
-    cc_credentials_v5_t v5cred;
-    krb5_error_code ret;
-    cc_int32 error;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    cred.version = cc_credentials_v5;
-    cred.credentials.credentials_v5 = &v5cred;
-
-    ret = make_ccred_from_cred(context, 
-			       creds,
-			       &v5cred);
-    if (ret)
-	return ret;
-
-    error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
-    if (error)
-	ret = translate_cc_error(context, error);
-
-    free_ccred(&v5cred);
-
-    return ret;
-}
-
-static krb5_error_code
-acc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_acc *a = ACACHE(id);
-    krb5_error_code ret;
-    int32_t error;
-    cc_string_t name;
-
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    error = (*a->ccache->func->get_principal)(a->ccache,
-					      cc_credentials_v5,
-					      &name);
-    if (error)
-	return translate_cc_error(context, error);
-    
-    ret = krb5_parse_name(context, name->data, principal);
-    
-    (*name->func->release)(name);
-    return ret;
-}
-
-static krb5_error_code
-acc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    cc_credentials_iterator_t iter;
-    krb5_acc *a = ACACHE(id);
-    int32_t error;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
-    if (error) {
-	krb5_clear_error_string(context);
-	return ENOENT;
-    }
-    *cursor = iter;
-    return 0;
-}
-
-
-static krb5_error_code
-acc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    cc_credentials_iterator_t iter = *cursor;
-    cc_credentials_t cred;
-    krb5_error_code ret;
-    int32_t error;
-
-    while (1) {
-	error = (*iter->func->next)(iter, &cred);
-	if (error)
-	    return translate_cc_error(context, error);
-	if (cred->data->version == cc_credentials_v5)
-	    break;
-	(*cred->func->release)(cred);
-    }
-
-    ret = make_cred_from_ccred(context, 
-			       cred->data->credentials.credentials_v5,
-			       creds);
-    (*cred->func->release)(cred);
-    return ret;
-}
-
-static krb5_error_code
-acc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    cc_credentials_iterator_t iter = *cursor;
-    (*iter->func->release)(iter);
-    return 0;
-}
-
-static krb5_error_code
-acc_remove_cred(krb5_context context,
-		krb5_ccache id,
-		krb5_flags which,
-		krb5_creds *cred)
-{
-    cc_credentials_iterator_t iter;
-    krb5_acc *a = ACACHE(id);
-    cc_credentials_t ccred;
-    krb5_error_code ret;
-    cc_int32 error;
-    char *client, *server;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    if (cred->client) {
-	ret = krb5_unparse_name(context, cred->client, &client);
-	if (ret)
-	    return ret;
-    } else
-	client = NULL;
-
-    ret = krb5_unparse_name(context, cred->server, &server);
-    if (ret) {
-	free(client);
-	return ret;
-    }
-
-    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
-    if (error) {
-	free(server);
-	free(client);
-	return translate_cc_error(context, error);
-    }
-
-    ret = KRB5_CC_NOTFOUND;
-    while (1) {
-	cc_credentials_v5_t *v5cred;
-
-	error = (*iter->func->next)(iter, &ccred);
-	if (error)
-	    break;
-
-	if (ccred->data->version != cc_credentials_v5)
-	    goto next;
-
-	v5cred = ccred->data->credentials.credentials_v5;
-
-	if (client && strcmp(v5cred->client, client) != 0)
-	    goto next;
-
-	if (strcmp(v5cred->server, server) != 0)
-	    goto next;
-
-	(*a->ccache->func->remove_credentials)(a->ccache, ccred);
-	ret = 0;
-    next:
-	(*ccred->func->release)(ccred);
-    }
-
-    (*iter->func->release)(iter);
-
-    if (ret)
-	krb5_set_error_string(context, "Can't find credential %s in cache", 
-			      server);
-    free(server);
-    free(client);
-
-    return ret;
-}
-
-static krb5_error_code
-acc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0;
-}
-
-static krb5_error_code
-acc_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return 0;
-}
-		    
-struct cache_iter {
-    cc_context_t context;
-    cc_ccache_iterator_t iter;
-};
-
-static krb5_error_code
-acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct cache_iter *iter;
-    krb5_error_code ret;
-    cc_int32 error;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL);
-    if (error) {
-	free(iter);
-	return translate_cc_error(context, error);
-    }
-
-    error = (*iter->context->func->new_ccache_iterator)(iter->context,
-							&iter->iter);
-    if (error) {
-	free(iter);
-	krb5_clear_error_string(context);
-	return ENOENT;
-    }
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct cache_iter *iter = cursor;
-    cc_ccache_t cache;
-    krb5_acc *a;
-    krb5_error_code ret;
-    int32_t error;
-
-    error = (*iter->iter->func->next)(iter->iter, &cache);
-    if (error)
-	return translate_cc_error(context, error);
-
-    ret = _krb5_cc_allocate(context, &krb5_acc_ops, id);
-    if (ret) {
-	(*cache->func->release)(cache);
-	return ret;
-    }
-
-    ret = acc_alloc(context, id);
-    if (ret) {
-	(*cache->func->release)(cache);
-	free(*id);
-	return ret;
-    }
-
-    a = ACACHE(*id);
-    a->ccache = cache;
-
-    a->cache_name = get_cc_name(a->ccache);
-    if (a->cache_name == NULL) {
-	acc_close(context, *id);
-	*id = NULL;
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }	
-    return 0;
-}
-
-static krb5_error_code
-acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct cache_iter *iter = cursor;
-
-    (*iter->iter->func->release)(iter->iter);
-    iter->iter = NULL;
-    (*iter->context->func->release)(iter->context);
-    iter->context = NULL;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-acc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_acc *afrom = ACACHE(from);
-    krb5_acc *ato = ACACHE(to);
-    int32_t error;
-
-    if (ato->ccache == NULL) {
-	cc_string_t name;
-
-	error = (*afrom->ccache->func->get_principal)(afrom->ccache,
-						      cc_credentials_v5,
-						      &name);
-	if (error)
-	    return translate_cc_error(context, error);
-    
-	error = (*ato->context->func->create_new_ccache)(ato->context,
-							 cc_credentials_v5,
-							 name->data,
-							 &ato->ccache);
-	(*name->func->release)(name);
-	if (error)
-	    return translate_cc_error(context, error);
-    }
-
-
-    error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache);
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_default_name(krb5_context context, char **str)
-{
-    krb5_error_code ret;
-    cc_context_t cc;
-    cc_string_t name;
-    int32_t error;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    error = (*init_func)(&cc, ccapi_version_3, NULL, NULL);
-    if (error)
-	return translate_cc_error(context, error);
-
-    error = (*cc->func->get_default_ccache_name)(cc, &name);
-    if (error) {
-	(*cc->func->release)(cc);
-	return translate_cc_error(context, error);
-    }
-	
-    asprintf(str, "API:%s", name->data);
-    (*name->func->release)(name);
-    (*cc->func->release)(cc);
-
-    if (*str == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-/**
- * Variable containing the API based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_acc_ops = {
-    "API",
-    acc_get_name,
-    acc_resolve,
-    acc_gen_new,
-    acc_initialize,
-    acc_destroy,
-    acc_close,
-    acc_store_cred,
-    NULL, /* acc_retrieve */
-    acc_get_principal,
-    acc_get_first,
-    acc_get_next,
-    acc_end_get,
-    acc_remove_cred,
-    acc_set_flags,
-    acc_get_version,
-    acc_get_cache_first,
-    acc_get_cache_next,
-    acc_end_cache_get,
-    acc_move,
-    acc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c
deleted file mode 100644
index cab6836..0000000
--- a/crypto/heimdal/lib/krb5/acl.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <fnmatch.h>
-
-RCSID("$Id: acl.c 22119 2007-12-03 22:02:48Z lha $");
-
-struct acl_field {
-    enum { acl_string, acl_fnmatch, acl_retval } type;
-    union {
-	const char *cstr;
-	char **retv;
-    } u;
-    struct acl_field *next, **last;
-};
-
-static void
-free_retv(struct acl_field *acl)
-{
-    while(acl != NULL) {
-	if (acl->type == acl_retval) {
-	    if (*acl->u.retv)
-		free(*acl->u.retv);
-	    *acl->u.retv = NULL;
-	}
-	acl = acl->next;
-    }
-}
-
-static void
-acl_free_list(struct acl_field *acl, int retv)
-{
-    struct acl_field *next;
-    if (retv)
-	free_retv(acl);
-    while(acl != NULL) {
-	next = acl->next;
-	free(acl);
-	acl = next;
-    }
-}
-
-static krb5_error_code
-acl_parse_format(krb5_context context,
-		 struct acl_field **acl_ret,
-		 const char *format,
-		 va_list ap)
-{
-    const char *p;
-    struct acl_field *acl = NULL, *tmp;
-
-    for(p = format; *p != '\0'; p++) {
-	tmp = malloc(sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    acl_free_list(acl, 0);
-	    return ENOMEM;
-	}
-	if(*p == 's') {
-	    tmp->type = acl_string;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'f') {
-	    tmp->type = acl_fnmatch;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'r') {
-	    tmp->type = acl_retval;
-	    tmp->u.retv = va_arg(ap, char **);
-	    *tmp->u.retv = NULL;
-	} else {
-	    krb5_set_error_string(context, "acl_parse_format: "
-				  "unknown format specifier %c", *p);
-	    acl_free_list(acl, 0);
-	    free(tmp);
-	    return EINVAL;
-	}
-	tmp->next = NULL;
-	if(acl == NULL)
-	    acl = tmp;
-	else
-	    *acl->last = tmp;
-	acl->last = &tmp->next;
-    }
-    *acl_ret = acl;
-    return 0;
-}
-
-static krb5_boolean
-acl_match_field(krb5_context context,
-		const char *string,
-		struct acl_field *field)
-{
-    if(field->type == acl_string) {
-	return !strcmp(field->u.cstr, string);
-    } else if(field->type == acl_fnmatch) {
-	return !fnmatch(field->u.cstr, string, 0);
-    } else if(field->type == acl_retval) {
-	*field->u.retv = strdup(string);
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static krb5_boolean
-acl_match_acl(krb5_context context,
-	      struct acl_field *acl,
-	      const char *string)
-{
-    char buf[256];
-    while(strsep_copy(&string, " \t", buf, sizeof(buf)) != -1) {
-	if(buf[0] == '\0')
-	    continue; /* skip ws */
-	if (acl == NULL)
-	    return FALSE;
-	if(!acl_match_field(context, buf, acl)) {
-	    return FALSE;
-	}
-	acl = acl->next;
-    }
-    if (acl)
-	return FALSE;
-    return TRUE;
-}
-
-/**
- * krb5_acl_match_string matches ACL format against a string.
- *
- * The ACL format has three format specifiers: s, f, and r.  Each
- * specifier will retrieve one argument from the variable arguments
- * for either matching or storing data.  The input string is split up
- * using " " (space) and "\t" (tab) as a delimiter; multiple and "\t"
- * in a row are considered to be the same.
- *
- * List of format specifiers:
- * - s Matches a string using strcmp(3) (case sensitive).
- * - f Matches the string with fnmatch(3). Theflags
- *     argument (the last argument) passed to the fnmatch function is 0.
- * - r Returns a copy of the string in the char ** passed in; the copy
- *     must be freed with free(3). There is no need to free(3) the
- *     string on error: the function will clean up and set the pointer
- *     to NULL.
- *
- * @param context Kerberos 5 context
- * @param string string to match with
- * @param format format to match
- * @param ... parameter to format string
- *
- * @return Return an error code or 0.
- *
- *
- * @code
- * char *s;
- * 
- * ret = krb5_acl_match_string(context, "foo", "s", "foo");
- * if (ret)
- *     krb5_errx(context, 1, "acl didn't match");
- * ret = krb5_acl_match_string(context, "foo foo baz/kaka",
- *     "ss", "foo", &s, "foo/\\*");
- * if (ret) {
- *     // no need to free(s) on error
- *     assert(s == NULL);
- *     krb5_errx(context, 1, "acl didn't match");
- * }
- * free(s);
- * @endcode
- *
- * @sa krb5_acl_match_file
- * @ingroup krb5_support
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_string(krb5_context context,
-		      const char *string,
-		      const char *format,
-		      ...)
-{
-    krb5_error_code ret;
-    krb5_boolean found;
-    struct acl_field *acl;
-
-    va_list ap;
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret)
-	return ret;
-
-    found = acl_match_acl(context, acl, string);
-    acl_free_list(acl, !found);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
-	       
-/**
- * krb5_acl_match_file matches ACL format against each line in a file
- * using krb5_acl_match_string(). Lines starting with # are treated
- * like comments and ignored.
- *
- * @param context Kerberos 5 context.
- * @param file file with acl listed in the file.
- * @param format format to match.
- * @param ... parameter to format string.
- *
- * @return Return an error code or 0.
- *
- * @sa krb5_acl_match_string
- * @ingroup krb5_support
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_file(krb5_context context,
-		    const char *file,
-		    const char *format,
-		    ...)
-{
-    krb5_error_code ret;
-    struct acl_field *acl;
-    char buf[256];
-    va_list ap;
-    FILE *f;
-    krb5_boolean found;
-
-    f = fopen(file, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-
-	krb5_set_error_string(context, "open(%s): %s", file,
-			      strerror(save_errno));
-	return save_errno;
-    }
-
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret) {
-	fclose(f);
-	return ret;
-    }
-
-    found = FALSE;
-    while(fgets(buf, sizeof(buf), f)) {
-	if(buf[0] == '#')
-	    continue;
-	if(acl_match_acl(context, acl, buf)) {
-	    found = TRUE;
-	    break;
-	}
-	free_retv(acl);
-    }
-
-    fclose(f);
-    acl_free_list(acl, !found);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/add_et_list.c b/crypto/heimdal/lib/krb5/add_et_list.c
deleted file mode 100644
index a6005c6..0000000
--- a/crypto/heimdal/lib/krb5/add_et_list.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: add_et_list.c 13713 2004-04-13 14:33:45Z lha $");
-
-/*
- * Add a specified list of error messages to the et list in context.
- * Call func (probably a comerr-generated function) with a pointer to
- * the current et_list.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_et_list (krb5_context context,
-		  void (*func)(struct et_list **))
-{
-    (*func)(&context->et_list);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
deleted file mode 100644
index f364f59..0000000
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ /dev/null
@@ -1,1463 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: addr_families.c 22039 2007-11-10 11:47:35Z lha $");
-
-struct addr_operations {
-    int af;
-    krb5_address_type atype;
-    size_t max_sockaddr_size;
-    krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
-    krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
-    void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
-			  krb5_socklen_t *sa_size, int port);
-    void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
-    krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
-    krb5_boolean (*uninteresting)(const struct sockaddr *);
-    void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
-    int (*print_addr)(const krb5_address *, char *, size_t);
-    int (*parse_addr)(krb5_context, const char*, krb5_address *);
-    int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
-    int (*free_addr)(krb5_context, krb5_address*);
-    int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
-    int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, 
-				     krb5_address*, krb5_address*);
-};
-
-/*
- * AF_INET - aka IPv4 implementation
- */
-
-static krb5_error_code
-ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy (buf, &sin4->sin_addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-static krb5_error_code
-ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-    *port = sin4->sin_port;
-    return 0;
-}
-
-static void
-ipv4_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    memcpy (&tmp.sin_addr, a->address.data, 4);
-    tmp.sin_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv4_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr   = *((const struct in_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv4_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy(buf, addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-/*
- * Are there any addresses that should be considered `uninteresting'?
- */
-
-static krb5_boolean
-ipv4_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-    if (sin4->sin_addr.s_addr == INADDR_ANY)
-	return TRUE;
-
-    return FALSE;
-}
-
-static void
-ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr.s_addr = INADDR_ANY;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct in_addr ia;
-
-    memcpy (&ia, addr->address.data, 4);
-
-    return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
-}
-
-static int
-ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    const char *p;
-    struct in_addr a;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip:", p - address) != 0 &&
-	   strncasecmp(address, "ip4:", p - address) != 0 &&
-	   strncasecmp(address, "ipv4:", p - address) != 0 &&
-	   strncasecmp(address, "inet:", p - address) != 0)
-	    return -1;
-    } else
-	p = address;
-#ifdef HAVE_INET_ATON
-    if(inet_aton(p, &a) == 0)
-	return -1;
-#elif defined(HAVE_INET_ADDR)
-    a.s_addr = inet_addr(p);
-    if(a.s_addr == INADDR_NONE)
-	return -1;
-#else
-    return -1;
-#endif
-    addr->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&addr->address, 4) != 0)
-	return -1;
-    _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
-    return 0;
-}
-
-static int
-ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
-		   unsigned long len, krb5_address *low, krb5_address *high)
-{
-    unsigned long ia;
-    uint32_t l, h, m = 0xffffffff;
-
-    if (len > 32) {
-	krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    m = m << (32 - len);
-
-    _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
-
-    l = ia & m;
-    h = l | ~m;
-
-    low->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&low->address, 4) != 0)
-	return -1;
-    _krb5_put_int(low->address.data, l, low->address.length);
-
-    high->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&high->address, 4) != 0) {
-	krb5_free_address(context, low);
-	return -1;
-    }
-    _krb5_put_int(high->address.data, h, high->address.length);
-
-    return 0;
-}
-
-
-/*
- * AF_INET6 - aka IPv6 implementation
- */
-
-#ifdef HAVE_IPV6
-
-static krb5_error_code
-ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
-	unsigned char buf[4];
-
-	a->addr_type      = KRB5_ADDRESS_INET;
-#ifndef IN6_ADDR_V6_TO_V4
-#ifdef IN6_EXTRACT_V4ADDR
-#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
-#else
-#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
-#endif
-#endif
-	memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
-	return krb5_data_copy(&a->address, buf, 4);
-    } else {
-	a->addr_type = KRB5_ADDRESS_INET6;
-	return krb5_data_copy(&a->address,
-			      &sin6->sin6_addr,
-			      sizeof(sin6->sin6_addr));
-    }
-}
-
-static krb5_error_code
-ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    *port = sin6->sin6_port;
-    return 0;
-}
-
-static void
-ipv6_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
-    tmp.sin6_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv6_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = *((const struct in6_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv6_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    a->addr_type = KRB5_ADDRESS_INET6;
-    return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
-}
-
-/*
- * 
- */
-
-static krb5_boolean
-ipv6_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-    const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
-    
-    return
-	IN6_IS_ADDR_LINKLOCAL(in6)
-	|| IN6_IS_ADDR_V4COMPAT(in6);
-}
-
-static void
-ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = in6addr_any;
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    char buf[128], buf2[3];
-#ifdef HAVE_INET_NTOP
-    if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
-#endif
-	{
-	    /* XXX this is pretty ugly, but better than abort() */
-	    int i;
-	    unsigned char *p = addr->address.data;
-	    buf[0] = '\0';
-	    for(i = 0; i < addr->address.length; i++) {
-		snprintf(buf2, sizeof(buf2), "%02x", p[i]);
-		if(i > 0 && (i & 1) == 0)
-		    strlcat(buf, ":", sizeof(buf));
-		strlcat(buf, buf2, sizeof(buf));
-	    }
-	}
-    return snprintf(str, len, "IPv6:%s", buf);
-}
-
-static int
-ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    int ret;
-    struct in6_addr in6;
-    const char *p;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip6:", p - address) == 0 ||
-	   strncasecmp(address, "ipv6:", p - address) == 0 ||
-	   strncasecmp(address, "inet6:", p - address) == 0)
-	    address = p;
-    }
-
-    ret = inet_pton(AF_INET6, address, &in6.s6_addr);
-    if(ret == 1) {
-	addr->addr_type = KRB5_ADDRESS_INET6;
-	ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
-	if (ret)
-	    return -1;
-	memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
-	return 0;
-    }
-    return -1;
-}
-
-static int
-ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
-		   unsigned long len, krb5_address *low, krb5_address *high)
-{
-    struct in6_addr addr, laddr, haddr;
-    uint32_t m;
-    int i, sub_len;
-
-    if (len > 128) {
-	krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    if (inaddr->address.length != sizeof(addr)) {
-	krb5_set_error_string(context, "IPv6 addr bad length");
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    memcpy(&addr, inaddr->address.data, inaddr->address.length);
-
-    for (i = 0; i < 16; i++) {
-	sub_len = min(8, len);
-
-	m = 0xff << (8 - sub_len);
-	
-	laddr.s6_addr[i] = addr.s6_addr[i] & m;
-	haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
-
-	if (len > 8)
-	    len -= 8;
-	else
-	    len = 0;
-    }
-
-    low->addr_type = KRB5_ADDRESS_INET6;
-    if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
-	return -1;
-    memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
-
-    high->addr_type = KRB5_ADDRESS_INET6;
-    if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
-	krb5_free_address(context, low);
-	return -1;
-    }
-    memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
-
-    return 0;
-}
-
-#endif /* IPv6 */
-
-/*
- * table
- */
-
-#define KRB5_ADDRESS_ARANGE	(-100)
-
-struct arange {
-    krb5_address low;
-    krb5_address high;
-};
-
-static int
-arange_parse_addr (krb5_context context, 
-		   const char *address, krb5_address *addr)
-{
-    char buf[1024], *p;
-    krb5_address low0, high0;
-    struct arange *a;
-    krb5_error_code ret;
-    
-    if(strncasecmp(address, "RANGE:", 6) != 0)
-	return -1;
-    
-    address += 6;
-
-    p = strrchr(address, '/');
-    if (p) {
-	krb5_addresses addrmask;
-	char *q;
-	long num;
-
-	if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf))
-	    return -1;
-	buf[p - address] = '\0';
-	ret = krb5_parse_address(context, buf, &addrmask);
-	if (ret)
-	    return ret;
-	if(addrmask.len != 1) {
-	    krb5_free_addresses(context, &addrmask);
-	    return -1;
-	}
-	
-	address += p - address + 1;
-
-	num = strtol(address, &q, 10);
-	if (q == address || *q != '\0' || num < 0) {
-	    krb5_free_addresses(context, &addrmask);
-	    return -1;
-	}
-
-	ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num,
-					      &low0, &high0);
-	krb5_free_addresses(context, &addrmask);
-	if (ret)
-	    return ret;
-
-    } else {
-	krb5_addresses low, high;
-	
-	strsep_copy(&address, "-", buf, sizeof(buf));
-	ret = krb5_parse_address(context, buf, &low);
-	if(ret)
-	    return ret;
-	if(low.len != 1) {
-	    krb5_free_addresses(context, &low);
-	    return -1;
-	}
-	
-	strsep_copy(&address, "-", buf, sizeof(buf));
-	ret = krb5_parse_address(context, buf, &high);
-	if(ret) {
-	    krb5_free_addresses(context, &low);
-	    return ret;
-	}
-	
-	if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
-	    krb5_free_addresses(context, &low);
-	    krb5_free_addresses(context, &high);
-	    return -1;
-	}
-
-	ret = krb5_copy_address(context, &high.val[0], &high0);
-	if (ret == 0) {
-	    ret = krb5_copy_address(context, &low.val[0], &low0);
-	    if (ret)
-		krb5_free_address(context, &high0);
-	}
-	krb5_free_addresses(context, &low);
-	krb5_free_addresses(context, &high);
-	if (ret)
-	    return ret;
-    }
-
-    krb5_data_alloc(&addr->address, sizeof(*a));
-    addr->addr_type = KRB5_ADDRESS_ARANGE;
-    a = addr->address.data;
-
-    if(krb5_address_order(context, &low0, &high0) < 0) {
-	a->low = low0;
-	a->high = high0;
-    } else {
-	a->low = high0;
-	a->high = low0;
-    }
-    return 0;
-}
-
-static int
-arange_free (krb5_context context, krb5_address *addr)
-{
-    struct arange *a;
-    a = addr->address.data;
-    krb5_free_address(context, &a->low);
-    krb5_free_address(context, &a->high);
-    krb5_data_free(&addr->address);
-    return 0;
-}
-
-
-static int
-arange_copy (krb5_context context, const krb5_address *inaddr, 
-	     krb5_address *outaddr)
-{
-    krb5_error_code ret;
-    struct arange *i, *o;
-
-    outaddr->addr_type = KRB5_ADDRESS_ARANGE;
-    ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
-    if(ret)
-	return ret;
-    i = inaddr->address.data;
-    o = outaddr->address.data;
-    ret = krb5_copy_address(context, &i->low, &o->low);
-    if(ret) {
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    ret = krb5_copy_address(context, &i->high, &o->high);
-    if(ret) {
-	krb5_free_address(context, &o->low);
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    return 0;
-}
-
-static int
-arange_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct arange *a;
-    krb5_error_code ret;
-    size_t l, size, ret_len;
-
-    a = addr->address.data;
-
-    l = strlcpy(str, "RANGE:", len);
-    ret_len = l;
-    if (l > len)
-	l = len;
-    size = l;
-	
-    ret = krb5_print_address (&a->low, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    l = strlcat(str + size, "-", len - size);
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    ret = krb5_print_address (&a->high, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-
-    return ret_len;
-}
-
-static int
-arange_order_addr(krb5_context context, 
-		  const krb5_address *addr1, 
-		  const krb5_address *addr2)
-{
-    int tmp1, tmp2, sign;
-    struct arange *a;
-    const krb5_address *a2;
-
-    if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr1->address.data;
-	a2 = addr2;
-	sign = 1;
-    } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr2->address.data;
-	a2 = addr1;
-	sign = -1;
-    } else
-	abort();
-	
-    if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
-	struct arange *b = a2->address.data;
-	tmp1 = krb5_address_order(context, &a->low, &b->low);
-	if(tmp1 != 0)
-	    return sign * tmp1;
-	return sign * krb5_address_order(context, &a->high, &b->high);
-    } else if(a2->addr_type == a->low.addr_type) {
-	tmp1 = krb5_address_order(context, &a->low, a2);
-	if(tmp1 > 0)
-	    return sign;
-	tmp2 = krb5_address_order(context, &a->high, a2);
-	if(tmp2 < 0)
-	    return -sign;
-	return 0;
-    } else {
-	return sign * (addr1->addr_type - addr2->addr_type);
-    }
-}
-
-static int
-addrport_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    krb5_error_code ret;
-    krb5_address addr1, addr2;
-    uint16_t port = 0;
-    size_t ret_len = 0, l, size = 0;
-    krb5_storage *sp;
-
-    sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address));
-    /* for totally obscure reasons, these are not in network byteorder */
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
-    krb5_ret_address(sp, &addr1);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
-    krb5_ret_address(sp, &addr2);
-    krb5_storage_free(sp);
-    if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
-	unsigned long value;
-	_krb5_get_int(addr2.address.data, &value, 2);
-	port = value;
-    }
-    l = strlcpy(str, "ADDRPORT:", len);
-    ret_len += l;
-    if (len > l)
-	size += l;
-    else
-	size = len;
-
-    ret = krb5_print_address(&addr1, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    ret = snprintf(str + size, len - size, ",PORT=%u", port);
-    if (ret < 0)
-	return EINVAL;
-    ret_len += ret;
-    return ret_len;
-}
-
-static struct addr_operations at[] = {
-    {AF_INET,	KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
-     ipv4_sockaddr2addr, 
-     ipv4_sockaddr2port,
-     ipv4_addr2sockaddr,
-     ipv4_h_addr2sockaddr,
-     ipv4_h_addr2addr,
-     ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
-     NULL, NULL, NULL, ipv4_mask_boundary },
-#ifdef HAVE_IPV6
-    {AF_INET6,	KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
-     ipv6_sockaddr2addr, 
-     ipv6_sockaddr2port,
-     ipv6_addr2sockaddr,
-     ipv6_h_addr2sockaddr,
-     ipv6_h_addr2addr,
-     ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
-     NULL, NULL, NULL, ipv6_mask_boundary } ,
-#endif
-    {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
-     NULL, NULL, NULL, NULL, NULL, 
-     NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL },
-    /* fake address type */
-    {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
-     NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-     arange_print_addr, arange_parse_addr, 
-     arange_order_addr, arange_free, arange_copy }
-};
-
-static int num_addrs = sizeof(at) / sizeof(at[0]);
-
-static size_t max_sockaddr_size = 0;
-
-/*
- * generic functions
- */
-
-static struct addr_operations *
-find_af(int af)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (af == a->af)
-	    return a;
-    return NULL;
-}
-
-static struct addr_operations *
-find_atype(int atype)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (atype == a->atype)
-	    return a;
-    return NULL;
-}
-
-/**
- * krb5_sockaddr2address stores a address a "struct sockaddr" sa in
- * the krb5_address addr. 
- *
- * @param context a Keberos context
- * @param sa a struct sockaddr to extract the address from
- * @param addr an Kerberos 5 address to store the address in.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2address (krb5_context context,
-		       const struct sockaddr *sa, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2addr)(sa, addr);
-}
-
-/**
- * krb5_sockaddr2port extracts a port (if possible) from a "struct
- * sockaddr.
- *
- * @param context a Keberos context
- * @param sa a struct sockaddr to extract the port from
- * @param port a pointer to an int16_t store the port in.
- *
- * @return Return an error code or 0. Will return
- * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2port (krb5_context context,
-		    const struct sockaddr *sa, int16_t *port)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2port)(sa, port);
-}
-
-/**
- * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr
- * and port. The argument sa_size should initially contain the size of
- * the sa and after the call, it will contain the actual length of the
- * address. In case of the sa is too small to fit the whole address,
- * the up to *sa_size will be stored, and then *sa_size will be set to
- * the required length.
- *
- * @param context a Keberos context
- * @param addr the address to copy the from
- * @param sa the struct sockaddr that will be filled in
- * @param sa_size pointer to length of sa, and after the call, it will
- * contain the actual length of the address.
- * @param port set port in sa.
- *
- * @return Return an error code or 0. Will return
- * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addr2sockaddr (krb5_context context,
-		    const krb5_address *addr,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct addr_operations *a = find_atype(addr->addr_type);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address type %d not supported",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if (a->addr2sockaddr == NULL) {
-	krb5_set_error_string (context,
-			       "Can't convert address type %d to sockaddr",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_max_sockaddr_size returns the max size of the .Li struct
- * sockaddr that the Kerberos library will return.
- *
- * @return Return an size_t of the maximum struct sockaddr.
- *
- * @ingroup krb5_address
- */
-
-size_t KRB5_LIB_FUNCTION
-krb5_max_sockaddr_size (void)
-{
-    if (max_sockaddr_size == 0) {
-	struct addr_operations *a;
-
-	for(a = at; a < at + num_addrs; ++a)
-	    max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
-    }
-    return max_sockaddr_size;
-}
-
-/**
- * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the
- * kerberos library thinks are uninteresting.  One example are link
- * local addresses.
- *
- * @param sa pointer to struct sockaddr that might be interesting.
- *
- * @return Return a non zero for uninteresting addresses.
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_sockaddr_uninteresting(const struct sockaddr *sa)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL || a->uninteresting == NULL)
-	return TRUE;
-    return (*a->uninteresting)(sa);
-}
-
-/**
- * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
- * the "struct hostent" (see gethostbyname(3) ) h_addr_list
- * component. The argument sa_size should initially contain the size
- * of the sa, and after the call, it will contain the actual length of
- * the address.
- *
- * @param context a Keberos context
- * @param af addresses
- * @param addr address
- * @param sa returned struct sockaddr
- * @param sa_size size of sa
- * @param port port to set in sa.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2sockaddr (krb5_context context,
-		      int af,
-		      const char *addr, struct sockaddr *sa,
-		      krb5_socklen_t *sa_size,
-		      int port)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception
- * that it operates on a krb5_address instead of a struct sockaddr.
- *
- * @param context a Keberos context
- * @param af address family
- * @param haddr host address from struct hostent.
- * @param addr returned krb5_address.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2addr (krb5_context context,
-		  int af,
-		  const char *haddr, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->h_addr2addr)(haddr, addr);
-}
-
-/**
- * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to
- * bind(2) to.  The argument sa_size should initially contain the size
- * of the sa, and after the call, it will contain the actual length
- * of the address.
- *
- * @param context a Keberos context
- * @param af address family
- * @param sa sockaddr
- * @param sa_size lenght of sa.
- * @param port for to fill into sa.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_anyaddr (krb5_context context,
-	      int af,
-	      struct sockaddr *sa,
-	      krb5_socklen_t *sa_size,
-	      int port)
-{
-    struct addr_operations *a = find_af (af);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    (*a->anyaddr)(sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_print_address prints the address in addr to the string string
- * that have the length len. If ret_len is not NULL, it will be filled
- * with the length of the string if size were unlimited (not including
- * the final NUL) .
- *
- * @param addr address to be printed
- * @param str pointer string to print the address into
- * @param len length that will fit into area pointed to by "str".
- * @param ret_len return length the str.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_print_address (const krb5_address *addr, 
-		    char *str, size_t len, size_t *ret_len)
-{
-    struct addr_operations *a = find_atype(addr->addr_type);
-    int ret;
-
-    if (a == NULL || a->print_addr == NULL) {
-	char *s;
-	int l;
-	int i;
-
-	s = str;
-	l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
-	if (l < 0 || l >= len)
-	    return EINVAL;
-	s += l;
-	len -= l;
-	for(i = 0; i < addr->address.length; i++) {
-	    l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
-	    if (l < 0 || l >= len)
-		return EINVAL;
-	    len -= l;
-	    s += l;
-	}
-	if(ret_len != NULL)
-	    *ret_len = s - str;
-	return 0;
-    }
-    ret = (*a->print_addr)(addr, str, len);
-    if (ret < 0)
-	return EINVAL;
-    if(ret_len != NULL)
-	*ret_len = ret;
-    return 0;
-}
-
-/**
- * krb5_parse_address returns the resolved hostname in string to the
- * krb5_addresses addresses .
- *
- * @param context a Keberos context
- * @param string
- * @param addresses
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_address(krb5_context context,
-		   const char *string,
-		   krb5_addresses *addresses)
-{
-    int i, n;
-    struct addrinfo *ai, *a;
-    int error;
-    int save_errno;
-
-    addresses->len = 0;
-    addresses->val = NULL;
-
-    for(i = 0; i < num_addrs; i++) {
-	if(at[i].parse_addr) {
-	    krb5_address addr;
-	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
-		ALLOC_SEQ(addresses, 1);
-		if (addresses->val == NULL) {
-		    krb5_set_error_string(context, "malloc: out of memory");
-		    return ENOMEM;
-		}
-		addresses->val[0] = addr;
-		return 0;
-	    }
-	}
-    }
-
-    error = getaddrinfo (string, NULL, NULL, &ai);
-    if (error) {
-	save_errno = errno;
-	krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
-	return krb5_eai_to_heim_errno(error, save_errno);
-    }
-    
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    ALLOC_SEQ(addresses, n);
-    if (addresses->val == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	freeaddrinfo(ai);
-	return ENOMEM;
-    }
-
-    addresses->len = 0;
-    for (a = ai, i = 0; a != NULL; a = a->ai_next) {
-	if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]))
-	    continue;
-	if(krb5_address_search(context, &addresses->val[i], addresses))
-	    continue;
-	addresses->len = i;
-	i++;
-    }
-    freeaddrinfo (ai);
-    return 0;
-}
-
-/**
- * krb5_address_order compares the addresses addr1 and addr2 so that
- * it can be used for sorting addresses. If the addresses are the same
- * address krb5_address_order will return 0. Behavies like memcmp(2). 
- *
- * @param context a Keberos context
- * @param addr1 krb5_address to compare
- * @param addr2 krb5_address to compare
- *
- * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and
- * addr2 is the same address, > 0 if addr2 is "less" then addr1.
- *
- * @ingroup krb5_address
- */
-
-int KRB5_LIB_FUNCTION
-krb5_address_order(krb5_context context,
-		   const krb5_address *addr1,
-		   const krb5_address *addr2)
-{
-    /* this sucks; what if both addresses have order functions, which
-       should we call? this works for now, though */
-    struct addr_operations *a;
-    a = find_atype(addr1->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr1->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2); 
-    a = find_atype(addr2->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr2->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2);
-
-    if(addr1->addr_type != addr2->addr_type)
-	return addr1->addr_type - addr2->addr_type;
-    if(addr1->address.length != addr2->address.length)
-	return addr1->address.length - addr2->address.length;
-    return memcmp (addr1->address.data,
-		   addr2->address.data,
-		   addr1->address.length);
-}
-
-/**
- * krb5_address_compare compares the addresses  addr1 and addr2.
- * Returns TRUE if the two addresses are the same.
- *
- * @param context a Keberos context
- * @param addr1 address to compare
- * @param addr2 address to compare
- *
- * @return Return an TRUE is the address are the same FALSE if not
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_compare(krb5_context context,
-		     const krb5_address *addr1,
-		     const krb5_address *addr2)
-{
-    return krb5_address_order (context, addr1, addr2) == 0;
-}
-
-/**
- * krb5_address_search checks if the address addr is a member of the
- * address set list addrlist .
- *
- * @param context a Keberos context.
- * @param addr address to search for.
- * @param addrlist list of addresses to look in for addr.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_search(krb5_context context,
-		    const krb5_address *addr,
-		    const krb5_addresses *addrlist)
-{
-    int i;
-
-    for (i = 0; i < addrlist->len; ++i)
-	if (krb5_address_compare (context, addr, &addrlist->val[i]))
-	    return TRUE;
-    return FALSE;
-}
-
-/**
- * krb5_free_address frees the data stored in the address that is
- * alloced with any of the krb5_address functions.
- *
- * @param context a Keberos context
- * @param address addresss to be freed.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_address(krb5_context context,
-		  krb5_address *address)
-{
-    struct addr_operations *a = find_atype (address->addr_type);
-    if(a != NULL && a->free_addr != NULL)
-	return (*a->free_addr)(context, address);
-    krb5_data_free (&address->address);
-    memset(address, 0, sizeof(*address));
-    return 0;
-}
-
-/**
- * krb5_free_addresses frees the data stored in the address that is
- * alloced with any of the krb5_address functions.
- *
- * @param context a Keberos context
- * @param addresses addressses to be freed.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_addresses(krb5_context context,
-		    krb5_addresses *addresses)
-{
-    int i;
-    for(i = 0; i < addresses->len; i++)
-	krb5_free_address(context, &addresses->val[i]);
-    free(addresses->val);
-    addresses->len = 0;
-    addresses->val = NULL;
-    return 0;
-}
-
-/**
- * krb5_copy_address copies the content of address
- * inaddr to outaddr.
- *
- * @param context a Keberos context
- * @param inaddr pointer to source address
- * @param outaddr pointer to destination address
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_address(krb5_context context,
-		  const krb5_address *inaddr,
-		  krb5_address *outaddr)
-{
-    struct addr_operations *a = find_af (inaddr->addr_type);
-    if(a != NULL && a->copy_addr != NULL)
-	return (*a->copy_addr)(context, inaddr, outaddr);
-    return copy_HostAddress(inaddr, outaddr);
-}
-
-/**
- * krb5_copy_addresses copies the content of addresses
- * inaddr to outaddr.
- *
- * @param context a Keberos context
- * @param inaddr pointer to source addresses
- * @param outaddr pointer to destination addresses
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_addresses(krb5_context context,
-		    const krb5_addresses *inaddr,
-		    krb5_addresses *outaddr)
-{
-    int i;
-    ALLOC_SEQ(outaddr, inaddr->len);
-    if(inaddr->len > 0 && outaddr->val == NULL)
-	return ENOMEM;
-    for(i = 0; i < inaddr->len; i++)
-	krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
-    return 0;
-}
-
-/**
- * krb5_append_addresses adds the set of addresses in source to
- * dest. While copying the addresses, duplicates are also sorted out.
- *
- * @param context a Keberos context
- * @param dest destination of copy operation
- * @param source adresses that are going to be added to dest
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_append_addresses(krb5_context context,
-		      krb5_addresses *dest,
-		      const krb5_addresses *source)
-{
-    krb5_address *tmp;
-    krb5_error_code ret;
-    int i;
-    if(source->len > 0) {
-	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "realloc: out of memory");
-	    return ENOMEM;
-	}
-	dest->val = tmp;
-	for(i = 0; i < source->len; i++) {
-	    /* skip duplicates */
-	    if(krb5_address_search(context, &source->val[i], dest))
-		continue;
-	    ret = krb5_copy_address(context, 
-				    &source->val[i], 
-				    &dest->val[dest->len]);
-	    if(ret)
-		return ret;
-	    dest->len++;
-	}
-    }
-    return 0;
-}
-
-/**
- * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
- *
- * @param context a Keberos context
- * @param res built address from addr/port
- * @param addr address to use
- * @param port port to use
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_addrport (krb5_context context,
-		    krb5_address **res, const krb5_address *addr, int16_t port)
-{
-    krb5_error_code ret;
-    size_t len = addr->address.length + 2 + 4 * 4;
-    u_char *p;
-
-    *res = malloc (sizeof(**res));
-    if (*res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
-    ret = krb5_data_alloc (&(*res)->address, len);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free (*res);
-	*res = NULL;
-	return ret;
-    }
-    p = (*res)->address.data;
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (addr->addr_type     ) & 0xFF;
-    *p++ = (addr->addr_type >> 8) & 0xFF;
-
-    *p++ = (addr->address.length      ) & 0xFF;
-    *p++ = (addr->address.length >>  8) & 0xFF;
-    *p++ = (addr->address.length >> 16) & 0xFF;
-    *p++ = (addr->address.length >> 24) & 0xFF;
-
-    memcpy (p, addr->address.data, addr->address.length);
-    p += addr->address.length;
-
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
-    *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
-
-    *p++ = (2      ) & 0xFF;
-    *p++ = (2 >>  8) & 0xFF;
-    *p++ = (2 >> 16) & 0xFF;
-    *p++ = (2 >> 24) & 0xFF;
-
-    memcpy (p, &port, 2);
-    p += 2;
-
-    return 0;
-}
-
-/**
- * Calculate the boundary addresses of `inaddr'/`prefixlen' and store
- * them in `low' and `high'.
- *
- * @param context a Keberos context
- * @param inaddr address in prefixlen that the bondery searched
- * @param prefixlen width of boundery
- * @param low lowest address
- * @param high highest address
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_address_prefixlen_boundary(krb5_context context,
-				const krb5_address *inaddr,
-				unsigned long prefixlen,
-				krb5_address *low,
-				krb5_address *high)
-{
-    struct addr_operations *a = find_atype (inaddr->addr_type);
-    if(a != NULL && a->mask_boundary != NULL)
-	return (*a->mask_boundary)(context, inaddr, prefixlen, low, high);
-    krb5_set_error_string(context, "Address family %d doesn't support "
-			  "address mask operation", inaddr->addr_type);
-    return KRB5_PROG_ATYPE_NOSUPP;
-}
diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c
deleted file mode 100644
index 82b3431..0000000
--- a/crypto/heimdal/lib/krb5/aes-test.c
+++ /dev/null
@@ -1,778 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <hex.h>
-#include <err.h>
-
-#ifdef HAVE_OPENSSL
-#include <openssl/evp.h>
-#endif
-
-RCSID("$Id: aes-test.c 18301 2006-10-07 13:50:34Z lha $");
-
-static int verbose = 0;
-
-static void
-hex_dump_data(const void *data, size_t length)
-{
-    char *p;
-
-    hex_encode(data, length, &p);
-    printf("%s\n", p);
-    free(p);
-}
-
-struct {
-    char *password;
-    char *salt;
-    int saltlen;
-    int iterations;
-    krb5_enctype enctype;
-    size_t keylen;
-    char *pbkdf2;
-    char *key;
-} keys[] = {
-    { 
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
-	"\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
-	"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
-	"\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
-	"\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
-	"\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
-	"\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
-	"\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
-	"\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
-	"\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
-	"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
-	"\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
-	"\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
-	"\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
-	"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
-	"\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
-	"\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
-	"\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
-	"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
-	"\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
-	"\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
-	"\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
-	"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
-	"\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
-	"\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
-
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
-	"\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
-	"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
-	"\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
-	"\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
-    },
-    {
-	"foo", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
-    },
-    {
-	"test", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
-    }
-};
-
-static int
-string_to_key_test(krb5_context context)
-{
-    krb5_data password, opaque;
-    krb5_error_code ret;
-    krb5_salt salt;
-    int i, val = 0;
-    char iter[4];
-
-    for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
-
-	password.data = keys[i].password;
-	password.length = strlen(password.data);
-
-	salt.salttype = KRB5_PW_SALT;
-	salt.saltvalue.data = keys[i].salt;
-	if (keys[i].saltlen == -1)
-	    salt.saltvalue.length = strlen(salt.saltvalue.data);
-	else
-	    salt.saltvalue.length = keys[i].saltlen;
-    
-	opaque.data = iter;
-	opaque.length = sizeof(iter);
-	_krb5_put_int(iter, keys[i].iterations, 4);
-	
-	if (keys[i].pbkdf2) {
-	    unsigned char keyout[32];
-
-	    if (keys[i].keylen > sizeof(keyout))
-		abort();
-
-	    PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
-				   salt.saltvalue.data, salt.saltvalue.length,
-				   keys[i].iterations, 
-				   keys[i].keylen, keyout);
-	    
-	    if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: pbkdf2", i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (verbose) {
-		printf("PBKDF2:\n");
-		hex_dump_data(keyout, keys[i].keylen);
-	    }
-	}
-
-	{
-	    krb5_keyblock key;
-
-	    ret = krb5_string_to_key_data_salt_opaque (context,
-						       keys[i].enctype,
-						       password, 
-						       salt, 
-						       opaque, 
-						       &key);
-	    if (ret) {
-		krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", 
-			  i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (key.keyvalue.length != keys[i].keylen) {
-		krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
-			   i, (unsigned long)key.keyvalue.length, 
-			   (unsigned long)keys[i].keylen);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: key wrong", i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (verbose) {
-		printf("key:\n");
-		hex_dump_data(key.keyvalue.data, key.keyvalue.length);
-	    }
-	    krb5_free_keyblock_contents(context, &key);
-	}
-    }
-    return val;
-}
-
-struct enc_test {
-    size_t len;
-    char *input;
-    char *output;
-    char *nextiv;
-};
-
-struct enc_test encs1[] = {
-    {
-	17,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20",
-	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-	"\x97",
-	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-    },
-    {
-	31,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
-	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-    },
-    {
-	32,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-    },
-    {
-	47,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
-	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-    },
-    {
-	48,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-    },
-    {
-	64,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
-	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-    }
-};
-	
-
-struct enc_test encs2[] = {
-    {
-	17,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20",
-	"\x5c\x13\x26\x27\xc4\xcb\xca\x04\x14\x43\x8a\xb5\x97\x97\x7c\x10"
-	"\x16"
-    },
-    {
-	31,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-	"\x16\xb3\xd8\xe5\xcd\x93\xe6\x2c\x28\x70\xa0\x36\x6e\x9a\xb9\x74"
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53"
-    },
-    {
-	32,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-    },
-    {
-	47,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\xe5\x56\xb4\x88\x41\xb9\xde\x27\xf0\x07\xa1\x6e\x89\x94\x47\xf1"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff"
-    },
-    {
-	48,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-    },
-    {
-	64,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-    },
-    {
-	78,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x73\xfb\x2c\x36\x76\xaf\xcf\x31\xff\xe3\x8a\x89\x0c\x7e\x99\x3f"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62"
-    },
-    {
-	83,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x65\x39\x3a\xdb\x92\x05\x4d\x4f\x08\xa1\xfa\x59\xda\x56\x58\x0e"
-	"\x3b\xac\x12"
-    },
-    {
-	92,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x0c\xff\xd7\x63\x50\xf8\x4e\xf9\xec\x56\x1c\x79\xc5\xc8\xfe\x50"
-	"\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f"
-    },
-    {
-	96,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x08\x28\x49\xad\xfc\x2d\x8e\x86\xae\x69\xa5\xa8\xd9\x29\x9e\xe4"
-	"\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f\x4c\x41\xd1\xb8"
-    }
-};
-
-
-
-char *aes_key1 = 
-	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69";
-
-char *aes_key2 =
-	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"
-	"\x2c\x20\x79\x75\x6d\x6d\x79\x20\x79\x75\x6d\x6d\x79\x21\x21\x21";
-
-
-static int
-samep(int testn, char *type, const void *pp1, const void *pp2, size_t len)
-{
-    const unsigned char *p1 = pp1, *p2 = pp2;
-    size_t i;
-    int val = 1;
-
-    for (i = 0; i < len; i++) {
-	if (p1[i] != p2[i]) {
-	    if (verbose)
-		printf("M");
-	    val = 0;
-	} else {
-	    if (verbose)
-		printf(".");
-	}
-    }
-    if (verbose)
-	printf("\n");
-    return val;
-}
-
-static int
-encryption_test(krb5_context context, const void *key, size_t keylen,
-		struct enc_test *enc, int numenc)
-{
-    unsigned char iv[AES_BLOCK_SIZE];
-    int i, val, failed = 0;
-    AES_KEY ekey, dkey;
-    unsigned char *p;
-
-    AES_set_encrypt_key(key, keylen, &ekey);
-    AES_set_decrypt_key(key, keylen, &dkey);
-
-    for (i = 0; i < numenc; i++) {
-	val = 0;
-
-	if (verbose)
-	    printf("test: %d\n", i);
-	memset(iv, 0, sizeof(iv));
-
-	p = malloc(enc[i].len + 1);
-	if (p == NULL)
-	    krb5_errx(context, 1, "malloc");
-
-	p[enc[i].len] = '\0';
-
-	memcpy(p, enc[i].input, enc[i].len);
-
-	_krb5_aes_cts_encrypt(p, p, enc[i].len,
-			      &ekey, iv, AES_ENCRYPT);
-
-	if (p[enc[i].len] != '\0') {
-	    krb5_warnx(context, "%d: encrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "cipher", p, enc[i].output, enc[i].len)) {
-	    krb5_warnx(context, "%d: cipher", i);
-	    val = 1;
-	}
-
-	if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ 
-	    krb5_warnx(context, "%d: iv", i);
-	    val = 1;
-	}
-
-	memset(iv, 0, sizeof(iv));
-
-	_krb5_aes_cts_encrypt(p, p, enc[i].len,
-			      &dkey, iv, AES_DECRYPT);
-
-	if (p[enc[i].len] != '\0') {
-	    krb5_warnx(context, "%d: decrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "clear", p, enc[i].input, enc[i].len))
-	    val = 1;
-
-	if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ 
-	    krb5_warnx(context, "%d: iv", i);
-	    val = 1;
-	}
-
-	free(p);
-
-	if (val) {
-	    printf("test %d failed\n", i);
-	    failed = 1;
-	}
-	val = 0;
-    }
-    return failed;
-}
-
-static int
-krb_enc(krb5_context context,
-	krb5_crypto crypto, 
-	unsigned usage,
-	krb5_data *cipher, 
-	krb5_data *clear)
-{
-    krb5_data decrypt;
-    krb5_error_code ret;
-
-    krb5_data_zero(&decrypt);
-
-    ret = krb5_decrypt(context,
-		       crypto,
-		       usage,
-		       cipher->data,
-		       cipher->length,
-		       &decrypt);
-
-    if (ret) {
-	krb5_warn(context, ret, "krb5_decrypt");
-	return ret;
-    }
-
-    if (decrypt.length != clear->length ||
-	memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
-	krb5_warnx(context, "clear text not same");
-	return EINVAL;
-    }
-
-    krb5_data_free(&decrypt);
-
-    return 0;
-}
-
-static int
-krb_enc_mit(krb5_context context,
-	    krb5_enctype enctype,
-	    krb5_keyblock *key,
-	    unsigned usage,
-	    krb5_data *cipher, 
-	    krb5_data *clear)
-{
-    krb5_error_code ret;
-    krb5_enc_data e;
-    krb5_data decrypt;
-    size_t len;
-
-    e.kvno = 0;
-    e.enctype = enctype;
-    e.ciphertext = *cipher;
-
-    ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
-    if (ret)
-	return ret;
-
-    if (decrypt.length != clear->length ||
-	memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
-	krb5_warnx(context, "clear text not same");
-	return EINVAL;
-    }
-
-    krb5_data_free(&decrypt);
-
-    ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
-    if (ret)
-	return ret;
-
-    if (len != cipher->length) {
-	krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
-		   (unsigned long)len, (unsigned long)cipher->length);
-	return EINVAL;
-    }
-
-    return 0;
-}
-
-
-struct {
-    krb5_enctype enctype;
-    unsigned usage;
-    size_t keylen;
-    void *key;
-    size_t elen;
-    void* edata;
-    size_t plen;
-    void *pdata;
-} krbencs[] =  {
-    { 
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	7,
-	32,   
-	"\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
-	"\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
-	44,
-	"\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
-	"\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
-	"\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
-	16,
-	"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a"
-    }
-};
-
-
-static int
-krb_enc_test(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock kb;
-    krb5_data cipher, plain;
-    int i, failed = 0;
-
-    for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
-
-	kb.keytype = krbencs[i].enctype;
-	kb.keyvalue.length = krbencs[i].keylen;
-	kb.keyvalue.data = krbencs[i].key;
-
-	ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
-
-	cipher.length = krbencs[i].elen;
-	cipher.data = krbencs[i].edata;
-	plain.length = krbencs[i].plen;
-	plain.data = krbencs[i].pdata;
-	
-	ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
-		       
-	if (ret) {
-	    failed = 1;
-	    printf("krb_enc failed with %d\n", ret);
-	}
-	krb5_crypto_destroy(context, crypto);
-
-	ret = krb_enc_mit(context, krbencs[i].enctype, &kb, 
-			  krbencs[i].usage, &cipher, &plain);
-	if (ret) {
-	    failed = 1;
-	    printf("krb_enc_mit failed with %d\n", ret);
-	}
-
-    }
-
-    return failed;
-}
-
-
-static int
-random_to_key(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-
-    ret = krb5_random_to_key(context,
-			     ETYPE_DES3_CBC_SHA1,
-			     "\x21\x39\x04\x58\x6A\xBD\x7F"
-			     "\x21\x39\x04\x58\x6A\xBD\x7F"
-			     "\x21\x39\x04\x58\x6A\xBD\x7F",
-			     21,
-			     &key);
-    if (ret){
-	krb5_warn(context, ret, "random_to_key");
-	return 1;
-    }
-    if (key.keyvalue.length != 24)
-	return 1;
-
-    if (memcmp(key.keyvalue.data,
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
-	       24) != 0)
-	return 1;
-
-    krb5_free_keyblock_contents(context, &key);
-
-    return 0;
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    int val = 0;
-    
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    val |= string_to_key_test(context);
-
-    val |= encryption_test(context, aes_key1, 128,
-			   encs1, sizeof(encs1)/sizeof(encs1[0]));
-    val |= encryption_test(context, aes_key2, 256, 
-			   encs2, sizeof(encs2)/sizeof(encs2[0]));
-    val |= krb_enc_test(context);
-    val |= random_to_key(context);
-
-    if (verbose && val == 0)
-	printf("all ok\n");
-    if (val)
-	printf("tests failed\n");
-
-    krb5_free_context(context);
-
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c
deleted file mode 100644
index 5800404..0000000
--- a/crypto/heimdal/lib/krb5/aname_to_localname.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: aname_to_localname.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_aname_to_localname (krb5_context context,
-			 krb5_const_principal aname,
-			 size_t lnsize,
-			 char *lname)
-{
-    krb5_error_code ret;
-    krb5_realm *lrealms, *r;
-    int valid;
-    size_t len;
-    const char *res;
-
-    ret = krb5_get_default_realms (context, &lrealms);
-    if (ret)
-	return ret;
-
-    valid = 0;
-    for (r = lrealms; *r != NULL; ++r) {
-	if (strcmp (*r, aname->realm) == 0) {
-	    valid = 1;
-	    break;
-	}
-    }
-    krb5_free_host_realm (context, lrealms);
-    if (valid == 0)
-	return KRB5_NO_LOCALNAME;
-
-    if (aname->name.name_string.len == 1)
-	res = aname->name.name_string.val[0];
-    else if (aname->name.name_string.len == 2
-	     && strcmp (aname->name.name_string.val[1], "root") == 0) {
-	krb5_principal rootprinc;
-	krb5_boolean userok;
-
-	res = "root";
-
-	ret = krb5_copy_principal(context, aname, &rootprinc);
-	if (ret)
-	    return ret;
-	
-	userok = krb5_kuserok(context, rootprinc, res);
-	krb5_free_principal(context, rootprinc);
-	if (!userok)
-	    return KRB5_NO_LOCALNAME;
-
-    } else
-	return KRB5_NO_LOCALNAME;
-
-    len = strlen (res);
-    if (len >= lnsize)
-	return ERANGE;
-    strlcpy (lname, res, lnsize);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c
deleted file mode 100644
index b0bb171..0000000
--- a/crypto/heimdal/lib/krb5/appdefault.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $");
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_boolean(krb5_context context, const char *appname, 
-			krb5_const_realm realm, const char *option,
-			krb5_boolean def_val, krb5_boolean *ret_val)
-{
-    
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "realms", realm, option, NULL);
-	
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "appdefaults", 
-					   option, 
-					   NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val,
-					       "appdefaults", 
-					       realm, 
-					       option, 
-					       NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "appdefaults", 
-					       appname, 
-					       option, 
-					       NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_bool_default(context, NULL, def_val,
-						   "appdefaults", 
-						   appname, 
-						   realm, 
-						   option, 
-						   NULL);
-    }
-    *ret_val = def_val;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_string(krb5_context context, const char *appname, 
-		       krb5_const_realm realm, const char *option,
-		       const char *def_val, char **ret_val)
-{
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "realms", realm, option, NULL);
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "appdefaults", 
-					     option, 
-					     NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val,
-						 "appdefaults", 
-						 realm, 
-						 option, 
-						 NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "appdefaults", 
-						 appname, 
-						 option, 
-						 NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_string_default(context, NULL, def_val,
-						     "appdefaults", 
-						     appname, 
-						     realm, 
-						     option, 
-						     NULL);
-    }
-    if(def_val != NULL)
-	*ret_val = strdup(def_val);
-    else
-	*ret_val = NULL;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_time(krb5_context context, const char *appname,
-		     krb5_const_realm realm, const char *option,
-		     time_t def_val, time_t *ret_val)
-{
-    krb5_deltat t;
-    char *val;
-
-    krb5_appdefault_string(context, appname, realm, option, NULL, &val);
-    if (val == NULL) {
-	*ret_val = def_val;
-	return;
-    }
-    if (krb5_string_to_deltat(val, &t))
-	*ret_val = def_val;
-    else
-	*ret_val = t;
-    free(val);
-}
diff --git a/crypto/heimdal/lib/krb5/asn1_glue.c b/crypto/heimdal/lib/krb5/asn1_glue.c
deleted file mode 100644
index b3f775b..0000000
--- a/crypto/heimdal/lib/krb5/asn1_glue.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- *
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principal2principalname (PrincipalName *p,
-			       const krb5_principal from)
-{
-    return copy_PrincipalName(&from->name, p);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (krb5_context context,
-				    krb5_principal *principal,
-				    const PrincipalName from,
-				    const Realm realm)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL)
-	return ENOMEM;
-    copy_PrincipalName(&from, &p->name);
-    p->realm = strdup(realm);
-    if (p->realm == NULL)
-	return ENOMEM;
-    *principal = p;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c
deleted file mode 100644
index 323f17a..0000000
--- a/crypto/heimdal/lib/krb5/auth_context.c
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: auth_context.c 21745 2007-07-31 16:11:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_init(krb5_context context,
-		   krb5_auth_context *auth_context)
-{
-    krb5_auth_context p;
-
-    ALLOC(p, 1);
-    if(!p) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(p, 0, sizeof(*p));
-    ALLOC(p->authenticator, 1);
-    if (!p->authenticator) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(p);
-	return ENOMEM;
-    }
-    memset (p->authenticator, 0, sizeof(*p->authenticator));
-    p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
-
-    p->local_address  = NULL;
-    p->remote_address = NULL;
-    p->local_port     = 0;
-    p->remote_port    = 0;
-    p->keytype        = KEYTYPE_NULL;
-    p->cksumtype      = CKSUMTYPE_NONE;
-    *auth_context     = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_free(krb5_context context,
-		   krb5_auth_context auth_context)
-{
-    if (auth_context != NULL) {
-	krb5_free_authenticator(context, &auth_context->authenticator);
-	if(auth_context->local_address){
-	    free_HostAddress(auth_context->local_address);
-	    free(auth_context->local_address);
-	}
-	if(auth_context->remote_address){
-	    free_HostAddress(auth_context->remote_address);
-	    free(auth_context->remote_address);
-	}
-	krb5_free_keyblock(context, auth_context->keyblock);
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-	krb5_free_keyblock(context, auth_context->local_subkey);
-	free (auth_context);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t flags)
-{
-    auth_context->flags = flags;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t *flags)
-{
-    *flags = auth_context->flags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_addflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t addflags,
-		       int32_t *flags)
-{
-    if (flags)
-	*flags = auth_context->flags;
-    auth_context->flags |= addflags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_removeflags(krb5_context context,
-			  krb5_auth_context auth_context,
-			  int32_t removeflags,
-			  int32_t *flags)
-{
-    if (flags)
-	*flags = auth_context->flags;
-    auth_context->flags &= ~removeflags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address *local_addr,
-		       krb5_address *remote_addr)
-{
-    if (local_addr) {
-	if (auth_context->local_address)
-	    krb5_free_address (context, auth_context->local_address);
-	else
-	    if ((auth_context->local_address = malloc(sizeof(krb5_address))) == NULL)
-		return ENOMEM;
-	krb5_copy_address(context, local_addr, auth_context->local_address);
-    }
-    if (remote_addr) {
-	if (auth_context->remote_address)
-	    krb5_free_address (context, auth_context->remote_address);
-	else
-	    if ((auth_context->remote_address = malloc(sizeof(krb5_address))) == NULL)
-		return ENOMEM;
-	krb5_copy_address(context, remote_addr, auth_context->remote_address);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_genaddrs(krb5_context context, 
-		       krb5_auth_context auth_context, 
-		       int fd, int flags)
-{
-    krb5_error_code ret;
-    krb5_address local_k_address, remote_k_address;
-    krb5_address *lptr = NULL, *rptr = NULL;
-    struct sockaddr_storage ss_local, ss_remote;
-    struct sockaddr *local  = (struct sockaddr *)&ss_local;
-    struct sockaddr *remote = (struct sockaddr *)&ss_remote;
-    socklen_t len;
-
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
-	if (auth_context->local_address == NULL) {
-	    len = sizeof(ss_local);
-	    if(getsockname(fd, local, &len) < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "getsockname: %s",
-				       strerror(ret));
-		goto out;
-	    }
-	    ret = krb5_sockaddr2address (context, local, &local_k_address);
-	    if(ret) goto out;
-	    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
-		krb5_sockaddr2port (context, local, &auth_context->local_port);
-	    } else
-		auth_context->local_port = 0;
-	    lptr = &local_k_address;
-	}
-    }
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
-	len = sizeof(ss_remote);
-	if(getpeername(fd, remote, &len) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "getpeername: %s", strerror(ret));
-	    goto out;
-	}
-	ret = krb5_sockaddr2address (context, remote, &remote_k_address);
-	if(ret) goto out;
-	if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
-	    krb5_sockaddr2port (context, remote, &auth_context->remote_port);
-	} else
-	    auth_context->remote_port = 0;
-	rptr = &remote_k_address;
-    }
-    ret = krb5_auth_con_setaddrs (context,
-				  auth_context,
-				  lptr,
-				  rptr);
-  out:
-    if (lptr)
-	krb5_free_address (context, lptr);
-    if (rptr)
-	krb5_free_address (context, rptr);
-    return ret;
-
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs_from_fd (krb5_context context,
-				krb5_auth_context auth_context,
-				void *p_fd)
-{
-    int fd = *(int*)p_fd;
-    int flags = 0;
-    if(auth_context->local_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
-    if(auth_context->remote_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
-    return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address **local_addr,
-		       krb5_address **remote_addr)
-{
-    if(*local_addr)
-	krb5_free_address (context, *local_addr);
-    *local_addr = malloc (sizeof(**local_addr));
-    if (*local_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->local_address,
-		      *local_addr);
-
-    if(*remote_addr)
-	krb5_free_address (context, *remote_addr);
-    *remote_addr = malloc (sizeof(**remote_addr));
-    if (*remote_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	krb5_free_address (context, *local_addr);
-	*local_addr = NULL;
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->remote_address,
-		      *remote_addr);
-    return 0;
-}
-
-static krb5_error_code
-copy_key(krb5_context context,
-	 krb5_keyblock *in,
-	 krb5_keyblock **out)
-{
-    if(in)
-	return krb5_copy_keyblock(context, in, out);
-    *out = NULL; /* is this right? */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->keyblock, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->local_subkey, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->remote_subkey, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return copy_key(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock *keyblock)
-{
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    return copy_key(context, keyblock, &auth_context->local_subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_generatelocalsubkey(krb5_context context,
-				  krb5_auth_context auth_context,
-				  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-
-    ret = krb5_generate_subkey_extended (context, key,
-					 auth_context->keytype,
-					 &subkey);
-    if(ret)
-	return ret;
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    auth_context->local_subkey = subkey;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock *keyblock)
-{
-    if(auth_context->remote_subkey)
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-    return copy_key(context, keyblock, &auth_context->remote_subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype cksumtype)
-{
-    auth_context->cksumtype = cksumtype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype *cksumtype)
-{
-    *cksumtype = auth_context->cksumtype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype keytype)
-{
-    auth_context->keytype = keytype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype *keytype)
-{
-    *keytype = auth_context->keytype;
-    return 0;
-}
-
-#if 0
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype etype)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    ALLOC(auth_context->keyblock, 1);
-    if(auth_context->keyblock == NULL)
-	return ENOMEM;
-    auth_context->keyblock->keytype = etype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype *etype)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
-}
-#endif
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalseqnumber(krb5_context context,
-			    krb5_auth_context auth_context,
-			    int32_t *seqnumber)
-{
-  *seqnumber = auth_context->local_seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalseqnumber (krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t seqnumber)
-{
-  auth_context->local_seqnumber = seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber(krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t *seqnumber)
-{
-  *seqnumber = auth_context->remote_seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremoteseqnumber (krb5_context context,
-			      krb5_auth_context auth_context,
-			      int32_t seqnumber)
-{
-  auth_context->remote_seqnumber = seqnumber;
-  return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getauthenticator(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_authenticator *authenticator)
-{
-    *authenticator = malloc(sizeof(**authenticator));
-    if (*authenticator == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    copy_Authenticator(auth_context->authenticator,
-		       *authenticator);
-    return 0;
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_free_authenticator(krb5_context context,
-			krb5_authenticator *authenticator)
-{
-    free_Authenticator (*authenticator);
-    free (*authenticator);
-    *authenticator = NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setuserkey(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache *rcache)
-{
-    *rcache = auth_context->rcache;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache rcache)
-{
-    auth_context->rcache = rcache;
-    return 0;
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_initivector(krb5_context context,
-			  krb5_auth_context auth_context)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setivector(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_pointer ivector)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
-}
-
-#endif /* not implemented */
diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c
deleted file mode 100644
index b1968fe..0000000
--- a/crypto/heimdal/lib/krb5/build_ap_req.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_ap_req (krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_creds *cred,
-		   krb5_flags ap_options,
-		   krb5_data authenticator,
-		   krb5_data *retdata)
-{
-  krb5_error_code ret = 0;
-  AP_REQ ap;
-  Ticket t;
-  size_t len;
-  
-  ap.pvno = 5;
-  ap.msg_type = krb_ap_req;
-  memset(&ap.ap_options, 0, sizeof(ap.ap_options));
-  ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
-  ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
-  
-  ap.ticket.tkt_vno = 5;
-  copy_Realm(&cred->server->realm, &ap.ticket.realm);
-  copy_PrincipalName(&cred->server->name, &ap.ticket.sname);
-
-  decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-  copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
-  free_Ticket(&t);
-
-  ap.authenticator.etype = enctype;
-  ap.authenticator.kvno  = NULL;
-  ap.authenticator.cipher = authenticator;
-
-  ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
-		     &ap, &len, ret);
-  if(ret == 0 && retdata->length != len)
-      krb5_abortx(context, "internal error in ASN.1 encoder");
-  free_AP_REQ(&ap);
-  return ret;
-
-}
diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c
deleted file mode 100644
index f8739c0..0000000
--- a/crypto/heimdal/lib/krb5/build_auth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_auth.c 17033 2006-04-10 08:53:21Z lha $");
-
-static krb5_error_code
-make_etypelist(krb5_context context,
-	       krb5_authdata **auth_data)
-{
-    EtypeList etypes;
-    krb5_error_code ret;
-    krb5_authdata ad;
-    u_char *buf;
-    size_t len;
-    size_t buf_size;
-     
-    ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(EtypeList, buf, buf_size, &etypes, &len, ret);
-    if (ret) {
-	free_EtypeList(&etypes);
-	return ret;
-    }
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_EtypeList(&etypes);
-
-    ALLOC_SEQ(&ad, 1);
-    if (ad.val == NULL) {
-	free(buf);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ad.val[0].ad_type = KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION;
-    ad.val[0].ad_data.length = len;
-    ad.val[0].ad_data.data = buf;
-
-    ASN1_MALLOC_ENCODE(AD_IF_RELEVANT, buf, buf_size, &ad, &len, ret);
-    if (ret) {
-	free_AuthorizationData(&ad);
-	return ret;
-    } 
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_AuthorizationData(&ad);
-
-    ALLOC(*auth_data, 1);
-    if (*auth_data == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ALLOC_SEQ(*auth_data, 1);
-    if ((*auth_data)->val == NULL) {
-	free(buf);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*auth_data)->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
-    (*auth_data)->val[0].ad_data.length = len;
-    (*auth_data)->val[0].ad_data.data = buf;
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_authenticator (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_enctype enctype,
-			  krb5_creds *cred,
-			  Checksum *cksum,
-			  Authenticator **auth_result,
-			  krb5_data *result,
-			  krb5_key_usage usage)
-{
-    Authenticator *auth;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    auth = calloc(1, sizeof(*auth));
-    if (auth == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    auth->authenticator_vno = 5;
-    copy_Realm(&cred->client->realm, &auth->crealm);
-    copy_PrincipalName(&cred->client->name, &auth->cname);
-
-    krb5_us_timeofday (context, &auth->ctime, &auth->cusec);
-    
-    ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey);
-    if(ret)
-	goto fail;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if(auth_context->local_seqnumber == 0)
-	    krb5_generate_seq_number (context,
-				      &cred->session, 
-				      &auth_context->local_seqnumber);
-	ALLOC(auth->seq_number, 1);
-	if(auth->seq_number == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	*auth->seq_number = auth_context->local_seqnumber;
-    } else
-	auth->seq_number = NULL;
-    auth->authorization_data = NULL;
-    auth->cksum = cksum;
-
-    if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) {
-	/*
-	 * This is not GSS-API specific, we only enable it for
-	 * GSS for now
-	 */
-	ret = make_etypelist(context, &auth->authorization_data);
-	if (ret)
-	    goto fail;
-    }
-
-    /* XXX - Copy more to auth_context? */
-
-    auth_context->authenticator->ctime = auth->ctime;
-    auth_context->authenticator->cusec = auth->cusec;
-
-    ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
-    if (ret)
-	goto fail;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
-    if (ret)
-	goto fail;
-    ret = krb5_encrypt (context,
-			crypto,
-			usage /* KRB5_KU_AP_REQ_AUTH */,
-			buf + buf_size - len, 
-			len,
-			result);
-    krb5_crypto_destroy(context, crypto);
-
-    if (ret)
-	goto fail;
-
-    free (buf);
-
-    if (auth_result)
-	*auth_result = auth;
-    else {
-	/* Don't free the `cksum', it's allocated by the caller */
-	auth->cksum = NULL;
-	free_Authenticator (auth);
-	free (auth);
-    }
-    return ret;
-  fail:
-    free_Authenticator (auth);
-    free (auth);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c
deleted file mode 100644
index 5db6d2b..0000000
--- a/crypto/heimdal/lib/krb5/cache.c
+++ /dev/null
@@ -1,1073 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $");
-
-/**
- * Add a new ccache type with operations `ops', overwriting any
- * existing one if `override'.
- *
- * @param context a Keberos context
- * @param ops type of plugin symbol
- * @param override flag to select if the registration is to overide
- * an existing ops with the same name.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_register(krb5_context context, 
-		 const krb5_cc_ops *ops, 
-		 krb5_boolean override)
-{
-    int i;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
-	    if(!override) {
-		krb5_set_error_string(context,
-				      "ccache type %s already exists",
-				      ops->prefix);
-		return KRB5_CC_TYPE_EXISTS;
-	    }
-	    break;
-	}
-    }
-    if(i == context->num_cc_ops) {
-	krb5_cc_ops *o = realloc(context->cc_ops,
-				 (context->num_cc_ops + 1) *
-				 sizeof(*context->cc_ops));
-	if(o == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return KRB5_CC_NOMEM;
-	}
-	context->num_cc_ops++;
-	context->cc_ops = o;
-	memset(context->cc_ops + i, 0, 
-	       (context->num_cc_ops - i) * sizeof(*context->cc_ops));
-    }
-    memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
-    return 0;
-}
-
-/*
- * Allocate the memory for a `id' and the that function table to
- * `ops'. Returns 0 or and error code.
- */
-
-krb5_error_code
-_krb5_cc_allocate(krb5_context context, 
-		  const krb5_cc_ops *ops,
-		  krb5_ccache *id)
-{
-    krb5_ccache p;
-
-    p = malloc (sizeof(*p));
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    p->ops = ops;
-    *id = p;
-
-    return 0;
-}
-
-/*
- * Allocate memory for a new ccache in `id' with operations `ops'
- * and name `residual'. Return 0 or an error code.
- */
-
-static krb5_error_code
-allocate_ccache (krb5_context context,
-		 const krb5_cc_ops *ops,
-		 const char *residual,
-		 krb5_ccache *id)
-{
-    krb5_error_code ret;
-
-    ret = _krb5_cc_allocate(context, ops, id);
-    if (ret)
-	return ret;
-    ret = (*id)->ops->resolve(context, id, residual);
-    if(ret)
-	free(*id);
-    return ret;
-}
-
-/**
- * Find and allocate a ccache in `id' from the specification in `residual'.
- * If the ccache name doesn't contain any colon, interpret it as a file name.
- *
- * @param context a Keberos context.
- * @param name string name of a credential cache.
- * @param id return pointer to a found credential cache.
- *
- * @return Return 0 or an error code. In case of an error, id is set
- * to NULL.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_resolve(krb5_context context,
-		const char *name,
-		krb5_ccache *id)
-{
-    int i;
-
-    *id = NULL;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	size_t prefix_len = strlen(context->cc_ops[i].prefix);
-
-	if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
-	   && name[prefix_len] == ':') {
-	    return allocate_ccache (context, &context->cc_ops[i],
-				    name + prefix_len + 1,
-				    id);
-	}
-    }
-    if (strchr (name, ':') == NULL)
-	return allocate_ccache (context, &krb5_fcc_ops, name, id);
-    else {
-	krb5_set_error_string(context, "unknown ccache type %s", name);
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-}
-
-/**
- * Generate a new ccache of type `ops' in `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_gen_new(krb5_context context,
-		const krb5_cc_ops *ops,
-		krb5_ccache *id)
-{
-    return krb5_cc_new_unique(context, ops->prefix, NULL, id);
-}
-
-/**
- * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
- * the library chooses the default credential cache type. The supplied
- * `hint' (that can be NULL) is a string that the credential cache
- * type can use to base the name of the credential on, this is to make
- * it easier for the user to differentiate the credentials.
- *
- * @return Returns 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_new_unique(krb5_context context, const char *type, 
-		   const char *hint, krb5_ccache *id)
-{
-    const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
-    krb5_error_code ret;
-
-    if (type) {
-	ops = krb5_cc_get_prefix_ops(context, type);
-	if (ops == NULL) {
-	    krb5_set_error_string(context,
-				  "Credential cache type %s is unknown", type);
-	    return KRB5_CC_UNKNOWN_TYPE;
-	}
-    }
-
-    ret = _krb5_cc_allocate(context, ops, id);
-    if (ret)
-	return ret;
-    return (*id)->ops->gen_new(context, id);
-}
-
-/**
- * Return the name of the ccache `id'
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_name(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->get_name(context, id);
-}
-
-/**
- * Return the type of the ccache `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_type(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->prefix;
-}
-
-/**
- * Return the complete resolvable name the ccache `id' in `str�.
- * `str` should be freed with free(3).
- * Returns 0 or an error (and then *str is set to NULL).
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_full_name(krb5_context context,
-		      krb5_ccache id,
-		      char **str)
-{
-    const char *type, *name;
-
-    *str = NULL;
-
-    type = krb5_cc_get_type(context, id);
-    if (type == NULL) {
-	krb5_set_error_string(context, "cache have no name of type");
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-
-    name = krb5_cc_get_name(context, id);
-    if (name == NULL) {
-	krb5_set_error_string(context, "cache of type %s have no name", type);
-	return KRB5_CC_BADNAME;
-    }
-    
-    if (asprintf(str, "%s:%s", type, name) == -1) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	*str = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Return krb5_cc_ops of a the ccache `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-const krb5_cc_ops *
-krb5_cc_get_ops(krb5_context context, krb5_ccache id)
-{
-    return id->ops;
-}
-
-/*
- * Expand variables in `str' into `res'
- */
-
-krb5_error_code
-_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
-{
-    size_t tlen, len = 0;
-    char *tmp, *tmp2, *append;
-
-    *res = NULL;
-
-    while (str && *str) {
-	tmp = strstr(str, "%{");
-	if (tmp && tmp != str) {
-	    append = malloc((tmp - str) + 1);
-	    if (append) {
-		memcpy(append, str, tmp - str);
-		append[tmp - str] = '\0';
-	    }
-	    str = tmp;
-	} else if (tmp) {
-	    tmp2 = strchr(tmp, '}');
-	    if (tmp2 == NULL) {
-		free(*res);
-		*res = NULL;
-		krb5_set_error_string(context, "variable missing }");
-		return KRB5_CONFIG_BADFORMAT;
-	    }
-	    if (strncasecmp(tmp, "%{uid}", 6) == 0)
-		asprintf(&append, "%u", (unsigned)getuid());
-	    else if (strncasecmp(tmp, "%{null}", 7) == 0)
-		append = strdup("");
-	    else {
-		free(*res);
-		*res = NULL;
-		krb5_set_error_string(context, 
-				      "expand default cache unknown "
-				      "variable \"%.*s\"",
-				      (int)(tmp2 - tmp) - 2, tmp + 2);
-		return KRB5_CONFIG_BADFORMAT;
-	    }
-	    str = tmp2 + 1;
-	} else {
-	    append = strdup(str);
-	    str = NULL;
-	}
-	if (append == NULL) {
-	    free(*res);
-	    *res = NULL;
-	    krb5_set_error_string(context, "malloc - out of memory");
-	    return ENOMEM;
-	}
-	
-	tlen = strlen(append);
-	tmp = realloc(*res, len + tlen + 1);
-	if (tmp == NULL) {
-	    free(append);
-	    free(*res);
-	    *res = NULL;
-	    krb5_set_error_string(context, "malloc - out of memory");
-	    return ENOMEM;
-	}
-	*res = tmp;
-	memcpy(*res + len, append, tlen + 1);
-	len = len + tlen;
-	free(append);
-    }    
-    return 0;
-}
-
-/*
- * Return non-zero if envirnoment that will determine default krb5cc
- * name has changed.
- */
-
-static int
-environment_changed(krb5_context context)
-{
-    const char *e;
-
-    /* if the cc name was set, don't change it */
-    if (context->default_cc_name_set)
-	return 0;
-
-    if(issuid())
-	return 0;
-
-    e = getenv("KRB5CCNAME");
-    if (e == NULL) {
-	if (context->default_cc_name_env) {
-	    free(context->default_cc_name_env);
-	    context->default_cc_name_env = NULL;
-	    return 1;
-	}
-    } else {
-	if (context->default_cc_name_env == NULL)
-	    return 1;
-	if (strcmp(e, context->default_cc_name_env) != 0)
-	    return 1;
-    }
-    return 0;
-}
-
-/**
- * Set the default cc name for `context' to `name'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_default_name(krb5_context context, const char *name)
-{
-    krb5_error_code ret = 0;
-    char *p;
-
-    if (name == NULL) {
-	const char *e = NULL;
-
-	if(!issuid()) {
-	    e = getenv("KRB5CCNAME");
-	    if (e) {
-		p = strdup(e);
-		if (context->default_cc_name_env)
-		    free(context->default_cc_name_env);
-		context->default_cc_name_env = strdup(e);
-	    }
-	}
-	if (e == NULL) {
-	    e = krb5_config_get_string(context, NULL, "libdefaults",
-				       "default_cc_name", NULL);
-	    if (e) {
-		ret = _krb5_expand_default_cc_name(context, e, &p);
-		if (ret)
-		    return ret;
-	    }
-	    if (e == NULL) {
-		const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
-		ret = (*ops->default_name)(context, &p);
-		if (ret)
-		    return ret;
-	    }
-	}
-	context->default_cc_name_set = 0;
-    } else {
-	p = strdup(name);
-	context->default_cc_name_set = 1;
-    }
-
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-
-    context->default_cc_name = p;
-
-    return ret;
-}
-
-/**
- * Return a pointer to a context static string containing the default
- * ccache name.
- *
- * @return String to the default credential cache name.
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_default_name(krb5_context context)
-{
-    if (context->default_cc_name == NULL || environment_changed(context))
-	krb5_cc_set_default_name(context, NULL);
-
-    return context->default_cc_name;
-}
-
-/**
- * Open the default ccache in `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_default(krb5_context context,
-		krb5_ccache *id)
-{
-    const char *p = krb5_cc_default_name(context);
-
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-    return krb5_cc_resolve(context, p, id);
-}
-
-/**
- * Create a new ccache in `id' for `primary_principal'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_initialize(krb5_context context,
-		   krb5_ccache id,
-		   krb5_principal primary_principal)
-{
-    return (*id->ops->init)(context, id, primary_principal);
-}
-
-
-/**
- * Remove the ccache `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_destroy(krb5_context context,
-		krb5_ccache id)
-{
-    krb5_error_code ret;
-
-    ret = (*id->ops->destroy)(context, id);
-    krb5_cc_close (context, id);
-    return ret;
-}
-
-/**
- * Stop using the ccache `id' and free the related resources.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_close(krb5_context context,
-	      krb5_ccache id)
-{
-    krb5_error_code ret;
-    ret = (*id->ops->close)(context, id);
-    free(id);
-    return ret;
-}
-
-/**
- * Store `creds' in the ccache `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_store_cred(krb5_context context,
-		   krb5_ccache id,
-		   krb5_creds *creds)
-{
-    return (*id->ops->store)(context, id, creds);
-}
-
-/**
- * Retrieve the credential identified by `mcreds' (and `whichfields')
- * from `id' in `creds'. 'creds' must be free by the caller using
- * krb5_free_cred_contents.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_retrieve_cred(krb5_context context,
-		      krb5_ccache id,
-		      krb5_flags whichfields,
-		      const krb5_creds *mcreds,
-		      krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-
-    if (id->ops->retrieve != NULL) {
-	return (*id->ops->retrieve)(context, id, whichfields,
-				    mcreds, creds);
-    }
-
-    ret = krb5_cc_start_seq_get(context, id, &cursor);
-    if (ret)
-	return ret;
-    while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
-	if(krb5_compare_creds(context, whichfields, mcreds, creds)){
-	    ret = 0;
-	    break;
-	}
-	krb5_free_cred_contents (context, creds);
-    }
-    krb5_cc_end_seq_get(context, id, &cursor);
-    return ret;
-}
-
-/**
- * Return the principal of `id' in `principal'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_principal(krb5_context context,
-		      krb5_ccache id,
-		      krb5_principal *principal)
-{
-    return (*id->ops->get_princ)(context, id, principal);
-}
-
-/**
- * Start iterating over `id', `cursor' is initialized to the
- * beginning.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_start_seq_get (krb5_context context,
-		       const krb5_ccache id,
-		       krb5_cc_cursor *cursor)
-{
-    return (*id->ops->get_first)(context, id, cursor);
-}
-
-/**
- * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
- * and advance `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred (krb5_context context,
-		   const krb5_ccache id,
-		   krb5_cc_cursor *cursor,
-		   krb5_creds *creds)
-{
-    return (*id->ops->get_next)(context, id, cursor, creds);
-}
-
-/**
- * Like krb5_cc_next_cred, but allow for selective retrieval
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred_match(krb5_context context,
-			const krb5_ccache id,
-			krb5_cc_cursor * cursor,
-			krb5_creds * creds,
-			krb5_flags whichfields,
-			const krb5_creds * mcreds)
-{
-    krb5_error_code ret;
-    while (1) {
-	ret = krb5_cc_next_cred(context, id, cursor, creds);
-	if (ret)
-	    return ret;
-	if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
-	    return 0;
-	krb5_free_cred_contents(context, creds);
-    }
-}
-
-/**
- * Destroy the cursor `cursor'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_end_seq_get (krb5_context context,
-		     const krb5_ccache id,
-		     krb5_cc_cursor *cursor)
-{
-    return (*id->ops->end_get)(context, id, cursor);
-}
-
-/**
- * Remove the credential identified by `cred', `which' from `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_remove_cred(krb5_context context,
-		    krb5_ccache id,
-		    krb5_flags which,
-		    krb5_creds *cred)
-{
-    if(id->ops->remove_cred == NULL) {
-	krb5_set_error_string(context,
-			      "ccache %s does not support remove_cred",
-			      id->ops->prefix);
-	return EACCES; /* XXX */
-    }
-    return (*id->ops->remove_cred)(context, id, which, cred);
-}
-
-/**
- * Set the flags of `id' to `flags'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_flags(krb5_context context,
-		  krb5_ccache id,
-		  krb5_flags flags)
-{
-    return (*id->ops->set_flags)(context, id, flags);
-}
-		    
-/**
- * Copy the contents of `from' to `to'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache_match(krb5_context context,
-			 const krb5_ccache from,
-			 krb5_ccache to,
-			 krb5_flags whichfields,
-			 const krb5_creds * mcreds,
-			 unsigned int *matched)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-    krb5_creds cred;
-    krb5_principal princ;
-
-    ret = krb5_cc_get_principal(context, from, &princ);
-    if (ret)
-	return ret;
-    ret = krb5_cc_initialize(context, to, princ);
-    if (ret) {
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    ret = krb5_cc_start_seq_get(context, from, &cursor);
-    if (ret) {
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    if (matched)
-	*matched = 0;
-    while (ret == 0 &&
-	   krb5_cc_next_cred_match(context, from, &cursor, &cred,
-				   whichfields, mcreds) == 0) {
-	if (matched)
-	    (*matched)++;
-	ret = krb5_cc_store_cred(context, to, &cred);
-	krb5_free_cred_contents(context, &cred);
-    }
-    krb5_cc_end_seq_get(context, from, &cursor);
-    krb5_free_principal(context, princ);
-    return ret;
-}
-
-/**
- * Just like krb5_cc_copy_cache_match, but copy everything.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache(krb5_context context,
-		   const krb5_ccache from,
-		   krb5_ccache to)
-{
-    return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
-}
-
-/**
- * Return the version of `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_version(krb5_context context,
-		    const krb5_ccache id)
-{
-    if(id->ops->get_version)
-	return (*id->ops->get_version)(context, id);
-    else
-	return 0;
-}
-
-/**
- * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
- *
- * @ingroup krb5_ccache
- */
-
-
-void KRB5_LIB_FUNCTION
-krb5_cc_clear_mcred(krb5_creds *mcred)
-{
-    memset(mcred, 0, sizeof(*mcred));
-}
-
-/**
- * Get the cc ops that is registered in `context' to handle the
- * `prefix'. `prefix' can be a complete credential cache name or a
- * prefix, the function will only use part up to the first colon (:)
- * if there is one.
- * Returns NULL if ops not found.
- *
- * @ingroup krb5_ccache
- */
-
-
-const krb5_cc_ops *
-krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
-{
-    char *p, *p1;
-    int i;
-    
-    if (prefix[0] == '/')
-	return &krb5_fcc_ops;
-
-    p = strdup(prefix);
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return NULL;
-    }
-    p1 = strchr(p, ':');
-    if (p1)
-	*p1 = '\0';
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	if(strcmp(context->cc_ops[i].prefix, p) == 0) {
-	    free(p);
-	    return &context->cc_ops[i];
-	}
-    }
-    free(p);
-    return NULL;
-}
-
-struct krb5_cc_cache_cursor_data {
-    const krb5_cc_ops *ops;
-    krb5_cc_cursor cursor;
-};
-
-/**
- * Start iterating over all caches of `type'. If `type' is NULL, the
- * default type is * used. `cursor' is initialized to the beginning.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_get_first (krb5_context context,
-			 const char *type,
-			 krb5_cc_cache_cursor *cursor)
-{
-    const krb5_cc_ops *ops;
-    krb5_error_code ret;
-
-    if (type == NULL)
-	type = krb5_cc_default_name(context);
-
-    ops = krb5_cc_get_prefix_ops(context, type);
-    if (ops == NULL) {
-	krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
-			      "trying to iterate the credential caches", type);
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-
-    if (ops->get_cache_first == NULL) {
-	krb5_set_error_string(context, "Credential cache type %s doesn't support "
-			      "iterations over caches", ops->prefix);
-	return KRB5_CC_NOSUPP;
-    }
-
-    *cursor = calloc(1, sizeof(**cursor));
-    if (*cursor == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    (*cursor)->ops = ops;
-
-    ret = ops->get_cache_first(context, &(*cursor)->cursor);
-    if (ret) {
-	free(*cursor);
-	*cursor = NULL;
-    }
-    return ret;
-}
-
-/**
- * Retrieve the next cache pointed to by (`cursor') in `id'
- * and advance `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_next (krb5_context context,
-		   krb5_cc_cache_cursor cursor,
-		   krb5_ccache *id)
-{
-    return cursor->ops->get_cache_next(context, cursor->cursor, id);
-}
-
-/**
- * Destroy the cursor `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_end_seq_get (krb5_context context,
-			   krb5_cc_cache_cursor cursor)
-{
-    krb5_error_code ret;
-    ret = cursor->ops->end_cache_get(context, cursor->cursor);
-    cursor->ops = NULL;
-    free(cursor);
-    return ret;
-}
-
-/**
- * Search for a matching credential cache of type `type' that have the
- * `principal' as the default principal. If NULL is used for `type',
- * the default type is used. On success, `id' needs to be freed with
- * krb5_cc_close or krb5_cc_destroy.
- *
- * @return On failure, error code is returned and `id' is set to NULL.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_match (krb5_context context,
-		     krb5_principal client,
-		     const char *type,
-		     krb5_ccache *id)
-{
-    krb5_cc_cache_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache cache = NULL;
-
-    *id = NULL;
-
-    ret = krb5_cc_cache_get_first (context, type, &cursor);
-    if (ret)
-	return ret;
-
-    while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
-	krb5_principal principal;
-
-	ret = krb5_cc_get_principal(context, cache, &principal);
-	if (ret == 0) {
-	    krb5_boolean match;
-	    
-	    match = krb5_principal_compare(context, principal, client);
-	    krb5_free_principal(context, principal);
-	    if (match)
-		break;
-	}
-
-	krb5_cc_close(context, cache);
-	cache = NULL;
-    }
-
-    krb5_cc_cache_end_seq_get(context, cursor);
-
-    if (cache == NULL) {
-	char *str;
-
-	krb5_unparse_name(context, client, &str);
-
-	krb5_set_error_string(context, "Principal %s not found in a "
-			  "credential cache", str ? str : "<out of memory>");
-	if (str)
-	    free(str);
-	return KRB5_CC_NOTFOUND;
-    }
-    *id = cache;
-
-    return 0;
-}
-
-/**
- * Move the content from one credential cache to another. The
- * operation is an atomic switch. 
- *
- * @param context a Keberos context
- * @param from the credential cache to move the content from
- * @param to the credential cache to move the content to
-
- * @return On sucess, from is freed. On failure, error code is
- * returned and from and to are both still allocated.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code
-krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_error_code ret;
-
-    if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
-	krb5_set_error_string(context, "Moving credentials between diffrent "
-			      "types not yet supported");
-	return KRB5_CC_NOSUPP;
-    }
-
-    ret = (*to->ops->move)(context, from, to);
-    if (ret == 0) {
-	memset(from, 0, sizeof(*from));
-	free(from);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
deleted file mode 100644
index 703cf43..0000000
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $");
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...) __attribute__ ((format (printf, 2, 3)));
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...)
-{
-    va_list args;
-    char *str;
-
-    va_start(args, fmt);
-    d->length = vasprintf (&str, fmt, args);
-    va_end(args);
-    d->data = str;
-}
-
-/*
- * Change password protocol defined by
- * draft-ietf-cat-kerb-chg-password-02.txt
- * 
- * Share the response part of the protocol with MS set password
- * (RFC3244)
- */
-
-static krb5_error_code
-chgpw_send_request (krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_creds *creds,
-		    krb5_principal targprinc,
-		    int is_stream,
-		    int sock,
-		    const char *passwd,
-		    const char *host)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data passwd_data;
-    size_t len;
-    u_char header[6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    if (is_stream)
-	return KRB5_KPASSWD_MALFORMED;
-
-    if (targprinc &&
-	krb5_principal_compare(context, creds->client, targprinc) != TRUE)
-	return KRB5_KPASSWD_MALFORMED;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	return ret;
-
-    passwd_data.data   = rk_UNCONST(passwd);
-    passwd_data.length = strlen(passwd);
-
-    krb5_data_zero (&krb_priv_data);
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&passwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	goto out2;
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = NULL;
-    msghdr.msg_namelen    = 0;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = (void*)header;
-    iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
-    }
-
-    krb5_data_free (&krb_priv_data);
-out2:
-    krb5_data_free (&ap_req_data);
-    return ret;
-}
-
-/*
- * Set password protocol as defined by RFC3244 --
- * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
- */
-
-static krb5_error_code
-setpw_send_request (krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_creds *creds,
-		    krb5_principal targprinc,
-		    int is_stream,
-		    int sock,
-		    const char *passwd,
-		    const char *host)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data pwd_data;
-    ChangePasswdDataMS chpw;
-    size_t len;
-    u_char header[4 + 6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	return ret;
-
-    chpw.newpasswd.length = strlen(passwd);
-    chpw.newpasswd.data = rk_UNCONST(passwd);
-    if (targprinc) {
-	chpw.targname = &targprinc->name;
-	chpw.targrealm = &targprinc->realm;
-    } else {
-	chpw.targname = NULL;
-	chpw.targrealm = NULL;
-    }
-	
-    ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
-		       &chpw, &len, ret);
-    if (ret) {
-	krb5_data_free (&ap_req_data);
-	return ret;
-    }
-
-    if(pwd_data.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&pwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	goto out2;
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    if (is_stream) {
-	_krb5_put_int(p, len, 4);
-	p += 4;
-    }
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0xff;
-    *p++ = 0x80;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = NULL;
-    msghdr.msg_namelen    = 0;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = (void*)header;
-    if (is_stream)
-	iov[0].iov_len     = 10;
-    else
-	iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
-    }
-
-    krb5_data_free (&krb_priv_data);
-out2:
-    krb5_data_free (&ap_req_data);
-    krb5_data_free (&pwd_data);
-    return ret;
-}
-
-static krb5_error_code
-process_reply (krb5_context context,
-	       krb5_auth_context auth_context,
-	       int is_stream,
-	       int sock,
-	       int *result_code,
-	       krb5_data *result_code_string,
-	       krb5_data *result_string,
-	       const char *host)
-{
-    krb5_error_code ret;
-    u_char reply[1024 * 3];
-    ssize_t len;
-    uint16_t pkt_len, pkt_ver;
-    krb5_data ap_rep_data;
-    int save_errno;
-
-    len = 0;
-    if (is_stream) {
-	while (len < sizeof(reply)) {
-	    unsigned long size;
-
-	    ret = recvfrom (sock, reply + len, sizeof(reply) - len, 
-			    0, NULL, NULL);
-	    if (ret < 0) {
-		save_errno = errno;
-		krb5_set_error_string(context, "recvfrom %s: %s",
-				      host, strerror(save_errno));
-		return save_errno;
-	    } else if (ret == 0) {
-		krb5_set_error_string(context, "recvfrom timeout %s", host);
-		return 1;
-	    }
-	    len += ret;
-	    if (len < 4)
-		continue;
-	    _krb5_get_int(reply, &size, 4);
-	    if (size + 4 < len)
-		continue;
-	    memmove(reply, reply + 4, size);		
-	    len = size;
-	    break;
-	}
-	if (len == sizeof(reply)) {
-	    krb5_set_error_string(context, "message too large from %s",
-				  host);
-	    return ENOMEM;
-	}
-    } else {
-	ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
-	if (ret < 0) {
-	    save_errno = errno;
-	    krb5_set_error_string(context, "recvfrom %s: %s",
-				  host, strerror(save_errno));
-	    return save_errno;
-	}
-	len = ret;
-    }
-
-    if (len < 6) {
-	str2data (result_string, "server %s sent to too short message "
-		  "(%ld bytes)", host, (long)len);
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    pkt_len = (reply[0] << 8) | (reply[1]);
-    pkt_ver = (reply[2] << 8) | (reply[3]);
-
-    if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-
-	memset(&error, 0, sizeof(error));
-
-	ret = decode_KRB_ERROR(reply, len, &error, &size);
-	if (ret)
-	    return ret;
-
-	if (error.e_data->length < 2) {
-	    str2data(result_string, "server %s sent too short "
-		     "e_data to print anything usable", host);
-	    free_KRB_ERROR(&error);
-	    *result_code = KRB5_KPASSWD_MALFORMED;
-	    return 0;
-	}
-
-	p = error.e_data->data;
-	*result_code = (p[0] << 8) | p[1];
-	if (error.e_data->length == 2)
-	    str2data(result_string, "server only sent error code");
-	else 
-	    krb5_data_copy (result_string,
-			    p + 2,
-			    error.e_data->length - 2);
-	free_KRB_ERROR(&error);
-	return 0;
-    }
-
-    if (pkt_len != len) {
-	str2data (result_string, "client: wrong len in reply");
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-    if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
-	str2data (result_string,
-		  "client: wrong version number (%d)", pkt_ver);
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    ap_rep_data.data = reply + 6;
-    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
-  
-    if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
-	str2data (result_string, "client: wrong AP len in reply");
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    if (ap_rep_data.length) {
-	krb5_ap_rep_enc_part *ap_rep;
-	krb5_data priv_data;
-	u_char *p;
-
-	priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
-	priv_data.length = len - ap_rep_data.length - 6;
-
-	ret = krb5_rd_rep (context,
-			   auth_context,
-			   &ap_rep_data,
-			   &ap_rep);
-	if (ret)
-	    return ret;
-
-	krb5_free_ap_rep_enc_part (context, ap_rep);
-
-	ret = krb5_rd_priv (context,
-			    auth_context,
-			    &priv_data,
-			    result_code_string,
-			    NULL);
-	if (ret) {
-	    krb5_data_free (result_code_string);
-	    return ret;
-	}
-
-	if (result_code_string->length < 2) {
-	    *result_code = KRB5_KPASSWD_MALFORMED;
-	    str2data (result_string,
-		      "client: bad length in result");
-	    return 0;
-	}
-
-        p = result_code_string->data;
-      
-        *result_code = (p[0] << 8) | p[1];
-        krb5_data_copy (result_string,
-                        (unsigned char*)result_code_string->data + 2,
-                        result_code_string->length - 2);
-        return 0;
-    } else {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-      
-	ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
-	if (ret) {
-	    return ret;
-	}
-	if (error.e_data->length < 2) {
-	    krb5_warnx (context, "too short e_data to print anything usable");
-	    return 1;		/* XXX */
-	}
-
-	p = error.e_data->data;
-	*result_code = (p[0] << 8) | p[1];
-	krb5_data_copy (result_string,
-			p + 2,
-			error.e_data->length - 2);
-	return 0;
-    }
-}
-
-
-/*
- * change the password using the credentials in `creds' (for the
- * principal indicated in them) to `newpw', storing the result of
- * the operation in `result_*' and an error code or 0.
- */
-
-typedef krb5_error_code (*kpwd_send_request) (krb5_context,
-					      krb5_auth_context *,
-					      krb5_creds *,
-					      krb5_principal,
-					      int,
-					      int,
-					      const char *,
-					      const char *);
-typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
-					       krb5_auth_context,
-					       int,
-					       int,
-					       int *,
-					       krb5_data *,
-					       krb5_data *,
-					       const char *);
-
-static struct kpwd_proc {
-    const char *name;
-    int flags;
-#define SUPPORT_TCP	1
-#define SUPPORT_UDP	2
-    kpwd_send_request send_req;
-    kpwd_process_reply process_rep;
-} procs[] = {
-    {
-	"MS set password", 
-	SUPPORT_TCP|SUPPORT_UDP,
-	setpw_send_request, 
-	process_reply
-    },
-    {
-	"change password",
-	SUPPORT_UDP,
-	chgpw_send_request,
-	process_reply
-    },
-    { NULL }
-};
-
-static struct kpwd_proc *
-find_chpw_proto(const char *name)
-{
-    struct kpwd_proc *p;
-    for (p = procs; p->name != NULL; p++) {
-	if (strcmp(p->name, name) == 0)
-	    return p;
-    }
-    return NULL;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-change_password_loop (krb5_context	context,
-		      krb5_creds	*creds,
-		      krb5_principal	targprinc,
-		      const char	*newpw,
-		      int		*result_code,
-		      krb5_data		*result_code_string,
-		      krb5_data		*result_string,
-		      struct kpwd_proc	*proc)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_krbhst_handle handle = NULL;
-    krb5_krbhst_info *hi;
-    int sock;
-    int i;
-    int done = 0;
-    krb5_realm realm;
-
-    if (targprinc)
-	realm = targprinc->realm;
-    else
-	realm = creds->client->realm;
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret)
-	return ret;
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
-    if (ret)
-	goto out;
-
-    while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
-	struct addrinfo *ai, *a;
-	int is_stream;
-
-	switch (hi->proto) {
-	case KRB5_KRBHST_UDP:
-	    if ((proc->flags & SUPPORT_UDP) == 0)
-		continue;
-	    is_stream = 0;
-	    break;
-	case KRB5_KRBHST_TCP:
-	    if ((proc->flags & SUPPORT_TCP) == 0)
-		continue;
-	    is_stream = 1;
-	    break;
-	default:
-	    continue;
-	}
-
-	ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	if (ret)
-	    continue;
-
-	for (a = ai; !done && a != NULL; a = a->ai_next) {
-	    int replied = 0;
-
-	    sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	    if (sock < 0)
-		continue;
-
-	    ret = connect(sock, a->ai_addr, a->ai_addrlen);
-	    if (ret < 0) {
-		close (sock);
-		goto out;
-	    }
-
-	    ret = krb5_auth_con_genaddrs (context, auth_context, sock,
-					  KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
-	    if (ret) {
-		close (sock);
-		goto out;
-	    }
-
-	    for (i = 0; !done && i < 5; ++i) {
-		fd_set fdset;
-		struct timeval tv;
-
-		if (!replied) {
-		    replied = 0;
-		    
-		    ret = (*proc->send_req) (context,
-					     &auth_context,
-					     creds,
-					     targprinc,
-					     is_stream,
-					     sock,
-					     newpw,
-					     hi->hostname);
-		    if (ret) {
-			close(sock);
-			goto out;
-		    }
-		}
-	    
-		if (sock >= FD_SETSIZE) {
-		    krb5_set_error_string(context, "fd %d too large", sock);
-		    ret = ERANGE;
-		    close (sock);
-		    goto out;
-		}
-
-		FD_ZERO(&fdset);
-		FD_SET(sock, &fdset);
-		tv.tv_usec = 0;
-		tv.tv_sec  = 1 + (1 << i);
-
-		ret = select (sock + 1, &fdset, NULL, NULL, &tv);
-		if (ret < 0 && errno != EINTR) {
-		    close(sock);
-		    goto out;
-		}
-		if (ret == 1) {
-		    ret = (*proc->process_rep) (context,
-						auth_context,
-						is_stream,
-						sock,
-						result_code,
-						result_code_string,
-						result_string,
-						hi->hostname);
-		    if (ret == 0)
-			done = 1;
-		    else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
-			replied = 1;
-		} else {
-		    ret = KRB5_KDC_UNREACH;
-		}
-	    }
-	    close (sock);
-	}
-    }
-
- out:
-    krb5_krbhst_free (context, handle);
-    krb5_auth_con_free (context, auth_context);
-    if (done)
-	return 0;
-    else {
-	if (ret == KRB5_KDC_UNREACH) {
-	    krb5_set_error_string(context,
-				  "unable to reach any changepw server "
-				  " in realm %s", realm);
-	    *result_code = KRB5_KPASSWD_HARDERROR;
-	}
-	return ret;
-    }
-}
-
-
-/*
- * change the password using the credentials in `creds' (for the
- * principal indicated in them) to `newpw', storing the result of
- * the operation in `result_*' and an error code or 0.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_change_password (krb5_context	context,
-		      krb5_creds	*creds,
-		      const char	*newpw,
-		      int		*result_code,
-		      krb5_data		*result_code_string,
-		      krb5_data		*result_string)
-{
-    struct kpwd_proc *p = find_chpw_proto("change password");
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    if (p == NULL)
-	return KRB5_KPASSWD_MALFORMED;
-
-    return change_password_loop(context, creds, NULL, newpw, 
-				result_code, result_code_string, 
-				result_string, p);
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password(krb5_context context,
-		  krb5_creds *creds,
-		  const char *newpw,
-		  krb5_principal targprinc,
-		  int *result_code,
-		  krb5_data *result_code_string,
-		  krb5_data *result_string)
-{
-    krb5_principal principal = NULL;
-    krb5_error_code ret = 0;
-    int i;
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    if (targprinc == NULL) {
-	ret = krb5_get_default_principal(context, &principal);
-	if (ret)
-	    return ret;
-    } else
-	principal = targprinc;
-
-    for (i = 0; procs[i].name != NULL; i++) {
-	*result_code = 0;
-	ret = change_password_loop(context, creds, principal, newpw, 
-				   result_code, result_code_string, 
-				   result_string, 
-				   &procs[i]);
-	if (ret == 0 && *result_code == 0)
-	    break;
-    }
-
-    if (targprinc == NULL)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password_using_ccache(krb5_context context,
-			       krb5_ccache ccache,
-			       const char *newpw,
-			       krb5_principal targprinc,
-			       int *result_code,
-			       krb5_data *result_code_string,
-			       krb5_data *result_string)
-{
-    krb5_creds creds, *credsp;
-    krb5_error_code ret;
-    krb5_principal principal = NULL;
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    memset(&creds, 0, sizeof(creds));
-
-    if (targprinc == NULL) {
-	ret = krb5_cc_get_principal(context, ccache, &principal);
-	if (ret)
-	    return ret;
-    } else
-	principal = targprinc;
-
-    ret = krb5_make_principal(context, &creds.server, 
-			      krb5_principal_get_realm(context, principal),
-			      "kadmin", "changepw", NULL);
-    if (ret)
-	goto out;
-
-    ret = krb5_cc_get_principal(context, ccache, &creds.client);
-    if (ret) {
-        krb5_free_principal(context, creds.server);
-	goto out;
-    }
-
-    ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
-    krb5_free_principal(context, creds.server);
-    krb5_free_principal(context, creds.client);
-    if (ret)
-	goto out;
-
-    ret = krb5_set_password(context,
-			    credsp,
-			    newpw,
-			    principal,
-			    result_code,
-			    result_code_string,
-			    result_string);
-
-    krb5_free_creds(context, credsp); 
-
-    return ret;
- out:
-    if (targprinc == NULL)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-const char* KRB5_LIB_FUNCTION
-krb5_passwd_result_to_string (krb5_context context,
-			      int result)
-{
-    static const char *strings[] = {
-	"Success",
-	"Malformed",
-	"Hard error",
-	"Auth error",
-	"Soft error" ,
-	"Access denied",
-	"Bad version",
-	"Initial flag needed"
-    };
-
-    if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
-	return "unknown result code";
-    else
-	return strings[result];
-}
diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c
deleted file mode 100644
index 0d36b4b..0000000
--- a/crypto/heimdal/lib/krb5/codec.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTicketPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return decode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTicketPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return encode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncASRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return decode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncASRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return encode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTGSRepPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return decode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTGSRepPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return encode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncAPRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return decode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncAPRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return encode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_Authenticator (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return decode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_Authenticator (krb5_context context,
-			   void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return encode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncKrbCredPart (krb5_context context,
-			    const void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return decode_EncKrbCredPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncKrbCredPart (krb5_context context,
-			    void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return encode_EncKrbCredPart (data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO (krb5_context context,
-			const void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return decode_ETYPE_INFO(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO (krb5_context context,
-			void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return encode_ETYPE_INFO (data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO2 (krb5_context context,
-			const void *data,
-			size_t length,
-			ETYPE_INFO2 *t,
-			size_t *len)
-{
-    return decode_ETYPE_INFO2(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO2 (krb5_context context,
-			 void *data,
-			 size_t length,
-			 ETYPE_INFO2 *t,
-			 size_t *len)
-{
-    return encode_ETYPE_INFO2 (data, length, t, len);
-}
diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c
deleted file mode 100644
index ac5eba3..0000000
--- a/crypto/heimdal/lib/krb5/config_file.c
+++ /dev/null
@@ -1,771 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file.c 19213 2006-12-04 23:36:36Z lha $");
-
-#ifndef HAVE_NETINFO
-
-/* Gaah! I want a portable funopen */
-struct fileptr {
-    const char *s;
-    FILE *f;
-};
-
-static char *
-config_fgets(char *str, size_t len, struct fileptr *ptr)
-{
-    /* XXX this is not correct, in that they don't do the same if the
-       line is longer than len */
-    if(ptr->f != NULL)
-	return fgets(str, len, ptr->f);
-    else {
-	/* this is almost strsep_copy */
-	const char *p;
-	ssize_t l;
-	if(*ptr->s == '\0')
-	    return NULL;
-	p = ptr->s + strcspn(ptr->s, "\n");
-	if(*p == '\n')
-	    p++;
-	l = min(len, p - ptr->s);
-	if(len > 0) {
-	    memcpy(str, ptr->s, l);
-	    str[l] = '\0';
-	}
-	ptr->s = p;
-	return str;
-    }
-}
-
-static krb5_error_code parse_section(char *p, krb5_config_section **s,
-				     krb5_config_section **res,
-				     const char **error_message);
-static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p,
-				     krb5_config_binding **b,
-				     krb5_config_binding **parent,
-				     const char **error_message);
-static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno,
-				  krb5_config_binding **parent,
-				  const char **error_message);
-
-static krb5_config_section *
-get_entry(krb5_config_section **parent, const char *name, int type)
-{
-    krb5_config_section **q;
-
-    for(q = parent; *q != NULL; q = &(*q)->next)
-	if(type == krb5_config_list && 
-	   type == (*q)->type &&
-	   strcmp(name, (*q)->name) == 0)
-	    return *q;
-    *q = calloc(1, sizeof(**q));
-    if(*q == NULL)
-	return NULL;
-    (*q)->name = strdup(name);
-    (*q)->type = type;
-    if((*q)->name == NULL) {
-	free(*q);
-	*q = NULL;
-	return NULL;
-    }
-    return *q;
-}
-
-/*
- * Parse a section:
- *
- * [section]
- *	foo = bar
- *	b = {
- *		a
- *	    }
- * ...
- * 
- * starting at the line in `p', storing the resulting structure in
- * `s' and hooking it into `parent'.
- * Store the error message in `error_message'.
- */
-
-static krb5_error_code
-parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
-	      const char **error_message)
-{
-    char *p1;
-    krb5_config_section *tmp;
-
-    p1 = strchr (p + 1, ']');
-    if (p1 == NULL) {
-	*error_message = "missing ]";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *p1 = '\0';
-    tmp = get_entry(parent, p + 1, krb5_config_list);
-    if(tmp == NULL) {
-	*error_message = "out of memory";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *s = tmp;
-    return 0;
-}
-
-/*
- * Parse a brace-enclosed list from `f', hooking in the structure at
- * `parent'.
- * Store the error message in `error_message'.
- */
-
-static krb5_error_code
-parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent,
-	   const char **error_message)
-{
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-    krb5_config_binding *b = NULL;
-    unsigned beg_lineno = *lineno;
-
-    while(config_fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';' || *p == '\0')
-	    continue;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '}')
-	    return 0;
-	if (*p == '\0')
-	    continue;
-	ret = parse_binding (f, lineno, p, &b, parent, error_message);
-	if (ret)
-	    return ret;
-    }
-    *lineno = beg_lineno;
-    *error_message = "unclosed {";
-    return KRB5_CONFIG_BADFORMAT;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-parse_binding(struct fileptr *f, unsigned *lineno, char *p,
-	      krb5_config_binding **b, krb5_config_binding **parent,
-	      const char **error_message)
-{
-    krb5_config_binding *tmp;
-    char *p1, *p2;
-    krb5_error_code ret = 0;
-
-    p1 = p;
-    while (*p && *p != '=' && !isspace((unsigned char)*p))
-	++p;
-    if (*p == '\0') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    p2 = p;
-    while (isspace((unsigned char)*p))
-	++p;
-    if (*p != '=') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    ++p;
-    while(isspace((unsigned char)*p))
-	++p;
-    *p2 = '\0';
-    if (*p == '{') {
-	tmp = get_entry(parent, p1, krb5_config_list);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	ret = parse_list (f, lineno, &tmp->u.list, error_message);
-    } else {
-	tmp = get_entry(parent, p1, krb5_config_string);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	p1 = p;
-	p = p1 + strlen(p1);
-	while(p > p1 && isspace((unsigned char)*(p-1)))
-	    --p;
-	*p = '\0';
-	tmp->u.string = strdup(p1);
-    }
-    *b = tmp;
-    return ret;
-}
-
-/*
- * Parse the config file `fname', generating the structures into `res'
- * returning error messages in `error_message'
- */
-
-static krb5_error_code
-krb5_config_parse_debug (struct fileptr *f,
-			 krb5_config_section **res,
-			 unsigned *lineno,
-			 const char **error_message)
-{
-    krb5_config_section *s = NULL;
-    krb5_config_binding *b = NULL;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-
-    while (config_fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';')
-	    continue;
-	if (*p == '[') {
-	    ret = parse_section(p, &s, res, error_message);
-	    if (ret) 
-		return ret;
-	    b = NULL;
-	} else if (*p == '}') {
-	    *error_message = "unmatched }";
-	    return EINVAL;	/* XXX */
-	} else if(*p != '\0') {
-	    if (s == NULL) {
-		*error_message = "binding before section";
-		return EINVAL;
-	    }
-	    ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
-	    if (ret)
-		return ret;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_string_multi(krb5_context context,
-			       const char *string,
-			       krb5_config_section **res)
-{
-    const char *str;
-    unsigned lineno = 0;
-    krb5_error_code ret;
-    struct fileptr f;
-    f.f = NULL;
-    f.s = string;
-
-    ret = krb5_config_parse_debug (&f, res, &lineno, &str);
-    if (ret) {
-	krb5_set_error_string (context, "%s:%u: %s", "<constant>", lineno, str);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file_multi (krb5_context context,
-			      const char *fname,
-			      krb5_config_section **res)
-{
-    const char *str;
-    unsigned lineno = 0;
-    krb5_error_code ret;
-    struct fileptr f;
-    f.f = fopen(fname, "r");
-    f.s = NULL;
-    if(f.f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open %s: %s", fname, strerror(ret));
-	return ret;
-    }
-
-    ret = krb5_config_parse_debug (&f, res, &lineno, &str);
-    fclose(f.f);
-    if (ret) {
-	krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    *res = NULL;
-    return krb5_config_parse_file_multi(context, fname, res);
-}
-
-#endif /* !HAVE_NETINFO */
-
-static void
-free_binding (krb5_context context, krb5_config_binding *b)
-{
-    krb5_config_binding *next_b;
-
-    while (b) {
-	free (b->name);
-	if (b->type == krb5_config_string)
-	    free (b->u.string);
-	else if (b->type == krb5_config_list)
-	    free_binding (context, b->u.list);
-	else
-	    krb5_abortx(context, "unknown binding type (%d) in free_binding", 
-			b->type);
-	next_b = b->next;
-	free (b);
-	b = next_b;
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_file_free (krb5_context context, krb5_config_section *s)
-{
-    free_binding (context, s);
-    return 0;
-}
-
-const void *
-krb5_config_get_next (krb5_context context,
-		      const krb5_config_section *c,
-		      const krb5_config_binding **pointer,
-		      int type,
-		      ...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget_next (context, c, pointer, type, args);
-    va_end(args);
-    return ret;
-}
-
-static const void *
-vget_next(krb5_context context,
-	  const krb5_config_binding *b,
-	  const krb5_config_binding **pointer,
-	  int type,
-	  const char *name,
-	  va_list args)
-{
-    const char *p = va_arg(args, const char *);
-    while(b != NULL) {
-	if(strcmp(b->name, name) == 0) {
-	    if(b->type == type && p == NULL) {
-		*pointer = b;
-		return b->u.generic;
-	    } else if(b->type == krb5_config_list && p != NULL) {
-		return vget_next(context, b->u.list, pointer, type, p, args);
-	    }
-	}
-	b = b->next;
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_vget_next (krb5_context context,
-		       const krb5_config_section *c,
-		       const krb5_config_binding **pointer,
-		       int type,
-		       va_list args)
-{
-    const krb5_config_binding *b;
-    const char *p;
-
-    if(c == NULL)
-	c = context->cf;
-
-    if (c == NULL)
-	return NULL;
-
-    if (*pointer == NULL) {
-	/* first time here, walk down the tree looking for the right
-           section */
-	p = va_arg(args, const char *);
-	if (p == NULL)
-	    return NULL;
-	return vget_next(context, c, pointer, type, p, args);
-    }
-
-    /* we were called again, so just look for more entries with the
-       same name and type */
-    for (b = (*pointer)->next; b != NULL; b = b->next) {
-	if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
-	    *pointer = b;
-	    return b->u.generic;
-	}
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_get (krb5_context context,
-		 const krb5_config_section *c,
-		 int type,
-		 ...)
-{
-    const void *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget (context, c, type, args);
-    va_end(args);
-    return ret;
-}
-
-const void *
-krb5_config_vget (krb5_context context,
-		  const krb5_config_section *c,
-		  int type,
-		  va_list args)
-{
-    const krb5_config_binding *foo = NULL;
-
-    return krb5_config_vget_next (context, c, &foo, type, args);
-}
-
-const krb5_config_binding *
-krb5_config_get_list (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    const krb5_config_binding *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_list (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const krb5_config_binding *
-krb5_config_vget_list (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_list, args);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string (krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_string (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string (krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_string, args);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string_default (krb5_context context,
-				 const krb5_config_section *c,
-				 const char *def_value,
-				 va_list args)
-{
-    const char *ret;
-
-    ret = krb5_config_vget_string (context, c, args);
-    if (ret == NULL)
-	ret = def_value;
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string_default (krb5_context context,
-				const krb5_config_section *c,
-				const char *def_value,
-				...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, def_value);
-    ret = krb5_config_vget_string_default (context, c, def_value, args);
-    va_end(args);
-    return ret;
-}
-
-char ** KRB5_LIB_FUNCTION
-krb5_config_vget_strings(krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    char **strings = NULL;
-    int nstr = 0;
-    const krb5_config_binding *b = NULL;
-    const char *p;
-
-    while((p = krb5_config_vget_next(context, c, &b, 
-				     krb5_config_string, args))) {
-	char *tmp = strdup(p);
-	char *pos = NULL;
-	char *s;
-	if(tmp == NULL)
-	    goto cleanup;
-	s = strtok_r(tmp, " \t", &pos);
-	while(s){
-	    char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings));
-	    if(tmp2 == NULL)
-		goto cleanup;
-	    strings = tmp2;
-	    strings[nstr] = strdup(s);
-	    nstr++;
-	    if(strings[nstr-1] == NULL)
-		goto cleanup;
-	    s = strtok_r(NULL, " \t", &pos);
-	}
-	free(tmp);
-    }
-    if(nstr){
-	char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
-	if(tmp == NULL)
-	    goto cleanup;
-	strings = tmp;
-	strings[nstr] = NULL;
-    }
-    return strings;
-cleanup:
-    while(nstr--)
-	free(strings[nstr]);
-    free(strings);
-    return NULL;
-
-}
-
-char**
-krb5_config_get_strings(krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    va_list ap;
-    char **ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_strings(context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_config_free_strings(char **strings)
-{
-    char **s = strings;
-    while(s && *s){
-	free(*s);
-	s++;
-    }
-    free(strings);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool_default (krb5_context context,
-			       const krb5_config_section *c,
-			       krb5_boolean def_value,
-			       va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    if(strcasecmp(str, "yes") == 0 ||
-       strcasecmp(str, "true") == 0 ||
-       atoi(str)) return TRUE;
-    return FALSE;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_bool_default (context, c, FALSE, args);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool_default (krb5_context context,
-			      const krb5_config_section *c,
-			      krb5_boolean def_value,
-			      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_bool_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_bool (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time_default (krb5_context context,
-			       const krb5_config_section *c,
-			       int def_value,
-			       va_list args)
-{
-    const char *str;
-    krb5_deltat t;
-
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    if (krb5_string_to_deltat(str, &t))
-	return def_value;
-    return t;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_time_default (context, c, -1, args);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_time_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_time (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    else { 
-	char *endptr; 
-	long l; 
-	l = strtol(str, &endptr, 0); 
-	if (endptr == str) 
-	    return def_value; 
-	else 
-	    return l;
-    }
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int  (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget_int_default (context, c, -1, args);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int_default (krb5_context context,
-			     const krb5_config_section *c,
-			     int def_value,
-			     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_int_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int (krb5_context context,
-		     const krb5_config_section *c,
-		     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_int (context, c, ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c
deleted file mode 100644
index 1e01e7c..0000000
--- a/crypto/heimdal/lib/krb5/config_file_netinfo.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au>
- */
-
-#ifdef HAVE_NETINFO
-#include <netinfo/ni.h>
-static ni_status
-ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret)
-{
-    int i, j;
-    krb5_config_section **next = NULL;
-
-    for (i = 0; i < pl->ni_proplist_len; i++) {
-	if (!strcmp(pl->nipl_val[i].nip_name, "name"))
-	    continue;
-
-	for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) {
-	    krb5_config_binding *b;
-
-	    b = malloc(sizeof(*b));
-	    if (b == NULL)
-		return NI_FAILED;
-	
-	    b->next = NULL;
-	    b->type = krb5_config_string;
-	    b->name = ni_name_dup(pl->nipl_val[i].nip_name);
-	    b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]);
-
-	    if (next == NULL) {
-		*ret = b;
-	    } else {
-		*next = b;
-	    }
-	    next = &b->next;
-	}
-    }
-    return NI_OK;
-}
-
-static ni_status
-ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
-{
-    int i;
-    ni_status nis;
-    krb5_config_section **next;
-
-    for (i = 0; i < idlist->ni_idlist_len; i++) {
-	ni_proplist pl;
-        ni_id nid;
-	ni_idlist children;
-	krb5_config_binding *b;
-	ni_index index;
-
-	nid.nii_instance = 0;
-	nid.nii_object = idlist->ni_idlist_val[i];
-
-	nis = ni_read(ni, &nid, &pl);
-
-	if (nis != NI_OK) {
-	     return nis;
-	}
-	index = ni_proplist_match(pl, "name", NULL);
-	b = malloc(sizeof(*b));
-	if (b == NULL) return NI_FAILED;
-
-	if (i == 0) {
-	    *ret = b;
-	} else {
-	    *next = b;
-	}
-
-	b->type = krb5_config_list;
-	b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]);
-	b->next = NULL;
-	b->u.list = NULL;
-
-	/* get the child directories */
-	nis = ni_children(ni, &nid, &children);
-	if (nis == NI_OK) {
-	    nis = ni_idlist2binding(ni, &children, &b->u.list);
-	    if (nis != NI_OK) {
-		return nis;
-	    }
-	}
-
-	nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next);
-	ni_proplist_free(&pl);
-	if (nis != NI_OK) {
-	    return nis;
-	}
-	next = &b->next;
-    }
-    ni_idlist_free(idlist);
-    return NI_OK;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    void *ni = NULL, *lastni = NULL;
-    int i;
-    ni_status nis;
-    ni_id nid;
-    ni_idlist children;
-
-    krb5_config_section *s;
-    int ret;
-
-    s = NULL;
-
-    for (i = 0; i < 256; i++) {
-	if (i == 0) {
-	    nis = ni_open(NULL, ".", &ni);
-	} else {
-	    if (lastni != NULL) ni_free(lastni);
-	    lastni = ni;
-	    nis = ni_open(lastni, "..", &ni);
-	}
-	if (nis != NI_OK)
-	    break;
-	nis = ni_pathsearch(ni, &nid, "/locations/kerberos");
-	if (nis == NI_OK) {
-	    nis = ni_children(ni, &nid, &children);
-	    if (nis != NI_OK)
-		break;
-	    nis = ni_idlist2binding(ni, &children, &s);
-	    break;
-	}
-    }
-
-    if (ni != NULL) ni_free(ni);
-    if (ni != lastni && lastni != NULL) ni_free(lastni);
-
-    ret = (nis == NI_OK) ? 0 : -1;
-    if (ret == 0) {
-	*res = s;
-    } else {
-	*res = NULL;
-    }
-    return ret;
-}
-#endif /* HAVE_NETINFO */
diff --git a/crypto/heimdal/lib/krb5/constants.c b/crypto/heimdal/lib/krb5/constants.c
deleted file mode 100644
index 5188a1d..0000000
--- a/crypto/heimdal/lib/krb5/constants.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: constants.c 14253 2004-09-23 07:57:37Z joda $");
-
-const char *krb5_config_file = 
-#ifdef __APPLE__
-"/Library/Preferences/edu.mit.Kerberos:"
-#endif
-SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
-const char *krb5_defkeyname = KEYTAB_DEFAULT;
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
deleted file mode 100644
index 2567833..0000000
--- a/crypto/heimdal/lib/krb5/context.c
+++ /dev/null
@@ -1,1033 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <com_err.h>
-
-RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $");
-
-#define INIT_FIELD(C, T, E, D, F)					\
-    (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), 	\
-						"libdefaults", F, NULL)
-
-#define INIT_FLAG(C, O, V, D, F)					\
-    do {								\
-	if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
-	    (C)->O |= V;						\
-        }								\
-    } while(0)
-
-/*
- * Set the list of etypes `ret_etypes' from the configuration variable
- * `name'
- */
-
-static krb5_error_code
-set_etypes (krb5_context context,
-	    const char *name,
-	    krb5_enctype **ret_enctypes)
-{
-    char **etypes_str;
-    krb5_enctype *etypes = NULL;
-
-    etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", 
-					 name, NULL);
-    if(etypes_str){
-	int i, j, k;
-	for(i = 0; etypes_str[i]; i++);
-	etypes = malloc((i+1) * sizeof(*etypes));
-	if (etypes == NULL) {
-	    krb5_config_free_strings (etypes_str);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	for(j = 0, k = 0; j < i; j++) {
-	    krb5_enctype e;
-	    if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
-		continue;
-	    if (krb5_enctype_valid(context, e) != 0)
-		continue;
-	    etypes[k++] = e;
-	}
-	etypes[k] = ETYPE_NULL;
-	krb5_config_free_strings(etypes_str);
-    } 
-    *ret_enctypes = etypes;
-    return 0;
-}
-
-/*
- * read variables from the configuration file and set in `context'
- */
-
-static krb5_error_code
-init_context_from_config_file(krb5_context context)
-{
-    krb5_error_code ret;
-    const char * tmp;
-    krb5_enctype *tmptypes;
-
-    INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
-    INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
-    INIT_FIELD(context, int, max_retries, 3, "max_retries");
-
-    INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
-    
-    ret = set_etypes (context, "default_etypes", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes);
-    context->etypes = tmptypes;
-    
-    ret = set_etypes (context, "default_etypes_des", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes_des);
-    context->etypes_des = tmptypes;
-
-    /* default keytab name */
-    tmp = NULL;
-    if(!issuid())
-	tmp = getenv("KRB5_KTNAME");
-    if(tmp != NULL)
-	context->default_keytab = tmp;
-    else
-	INIT_FIELD(context, string, default_keytab, 
-		   KEYTAB_DEFAULT, "default_keytab_name");
-
-    INIT_FIELD(context, string, default_keytab_modify, 
-	       NULL, "default_keytab_modify_name");
-
-    INIT_FIELD(context, string, time_fmt, 
-	       "%Y-%m-%dT%H:%M:%S", "time_format");
-
-    INIT_FIELD(context, string, date_fmt, 
-	       "%Y-%m-%d", "date_format");
-
-    INIT_FIELD(context, bool, log_utc, 
-	       FALSE, "log_utc");
-
-
-    
-    /* init dns-proxy slime */
-    tmp = krb5_config_get_string(context, NULL, "libdefaults", 
-				 "dns_proxy", NULL);
-    if(tmp) 
-	roken_gethostby_setup(context->http_proxy, tmp);
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = NULL;
-
-    {
-	krb5_addresses addresses;
-	char **adr, **a;
-
-	krb5_set_extra_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "extra_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_extra_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-
-	krb5_set_ignore_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "ignore_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_ignore_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-    }
-    
-    INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
-    INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
-    /* prefer dns_lookup_kdc over srv_lookup. */
-    INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
-    INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
-    INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
-    INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
-    INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
-    context->default_cc_name = NULL;
-    context->default_cc_name_set = 0;
-    return 0;
-}
-
-/**
- * Initializes the context structure and reads the configuration file
- * /etc/krb5.conf. The structure should be freed by calling
- * krb5_free_context() when it is no longer being used.
- *
- * @param context pointer to returned context
- *
- * @return Returns 0 to indicate success.  Otherwise an errno code is
- * returned.  Failure means either that something bad happened during
- * initialization (typically ENOMEM) or that Kerberos should not be
- * used ENXIO.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_context(krb5_context *context)
-{
-    krb5_context p;
-    krb5_error_code ret;
-    char **files;
-
-    *context = NULL;
-
-    p = calloc(1, sizeof(*p));
-    if(!p)
-	return ENOMEM;
-
-    p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
-    if (p->mutex == NULL) {
-	free(p);
-	return ENOMEM;
-    }
-    HEIMDAL_MUTEX_init(p->mutex);
-
-    ret = krb5_get_default_config_files(&files);
-    if(ret) 
-	goto out;
-    ret = krb5_set_config_files(p, files);
-    krb5_free_config_files(files);
-    if(ret) 
-	goto out;
-
-    /* init error tables */
-    krb5_init_ets(p);
-
-    p->cc_ops = NULL;
-    p->num_cc_ops = 0;
-    krb5_cc_register(p, &krb5_acc_ops, TRUE);
-    krb5_cc_register(p, &krb5_fcc_ops, TRUE);
-    krb5_cc_register(p, &krb5_mcc_ops, TRUE);
-#ifdef HAVE_KCM
-    krb5_cc_register(p, &krb5_kcm_ops, TRUE);
-#endif
-
-    p->num_kt_types = 0;
-    p->kt_types     = NULL;
-    krb5_kt_register (p, &krb5_fkt_ops);
-    krb5_kt_register (p, &krb5_wrfkt_ops);
-    krb5_kt_register (p, &krb5_javakt_ops);
-    krb5_kt_register (p, &krb5_mkt_ops);
-    krb5_kt_register (p, &krb5_akf_ops);
-    krb5_kt_register (p, &krb4_fkt_ops);
-    krb5_kt_register (p, &krb5_srvtab_fkt_ops);
-    krb5_kt_register (p, &krb5_any_ops);
-
-out:
-    if(ret) {
-	krb5_free_context(p);
-	p = NULL;
-    }
-    *context = p;
-    return ret;
-}
-
-/**
- * Frees the krb5_context allocated by krb5_init_context().
- *
- * @param context context to be freed.
- *
- *  @ingroup krb5
-*/
-
-void KRB5_LIB_FUNCTION
-krb5_free_context(krb5_context context)
-{
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-    if (context->default_cc_name_env)
-	free(context->default_cc_name_env);
-    free(context->etypes);
-    free(context->etypes_des);
-    krb5_free_host_realm (context, context->default_realms);
-    krb5_config_file_free (context, context->cf);
-    free_error_table (context->et_list);
-    free(context->cc_ops);
-    free(context->kt_types);
-    krb5_clear_error_string(context);
-    if(context->warn_dest != NULL)
-	krb5_closelog(context, context->warn_dest);
-    krb5_set_extra_addresses(context, NULL);
-    krb5_set_ignore_addresses(context, NULL);
-    krb5_set_send_to_kdc_func(context, NULL, NULL);
-    if (context->mutex != NULL) {
-	HEIMDAL_MUTEX_destroy(context->mutex);
-	free(context->mutex);
-    }
-    memset(context, 0, sizeof(*context));
-    free(context);
-}
-
-/**
- * Reinit the context from a new set of filenames.
- *
- * @param context context to add configuration too.
- * @param filenames array of filenames, end of list is indicated with a NULL filename.
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_config_files(krb5_context context, char **filenames)
-{
-    krb5_error_code ret;
-    krb5_config_binding *tmp = NULL;
-    while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
-	ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
-	if(ret != 0 && ret != ENOENT && ret != EACCES) {
-	    krb5_config_file_free(context, tmp);
-	    return ret;
-	}
-	filenames++;
-    }
-#if 0
-    /* with this enabled and if there are no config files, Kerberos is
-       considererd disabled */
-    if(tmp == NULL)
-	return ENXIO;
-#endif
-    krb5_config_file_free(context, context->cf);
-    context->cf = tmp;
-    ret = init_context_from_config_file(context);
-    return ret;
-}
-
-static krb5_error_code
-add_file(char ***pfilenames, int *len, char *file)
-{
-    char **pp = *pfilenames;
-    int i;
-
-    for(i = 0; i < *len; i++) {
-	if(strcmp(pp[i], file) == 0) {
-	    free(file);
-	    return 0;
-	}
-    }
-
-    pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
-    if (pp == NULL) {
-	free(file);
-	return ENOMEM;
-    }
-
-    pp[*len] = file;
-    pp[*len + 1] = NULL;
-    *pfilenames = pp;
-    *len += 1;
-    return 0;
-}
-
-/*
- *  `pq' isn't free, it's up the the caller
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
-{
-    krb5_error_code ret;
-    const char *p, *q;
-    char **pp;
-    int len;
-    char *fn;
-
-    pp = NULL;
-
-    len = 0;
-    p = filelist;
-    while(1) {
-	ssize_t l;
-	q = p;
-	l = strsep_copy(&q, ":", NULL, 0);
-	if(l == -1)
-	    break;
-	fn = malloc(l + 1);
-	if(fn == NULL) {
-	    krb5_free_config_files(pp);
-	    return ENOMEM;
-	}
-	l = strsep_copy(&p, ":", fn, l + 1);
-	ret = add_file(&pp, &len, fn);
-	if (ret) {
-	    krb5_free_config_files(pp);
-	    return ret;
-	}
-    }
-
-    if (pq != NULL) {
-	int i;
-
-	for (i = 0; pq[i] != NULL; i++) {
-	    fn = strdup(pq[i]);
-	    if (fn == NULL) {
-		krb5_free_config_files(pp);
-		return ENOMEM;
-	    }
-	    ret = add_file(&pp, &len, fn);
-	    if (ret) {
-		krb5_free_config_files(pp);
-		return ret;
-	    }
-	}
-    }
-
-    *ret_pp = pp;
-    return 0;
-}
-
-/**
- * Prepend the filename to the global configuration list.
- *
- * @param filelist a filename to add to the default list of filename
- * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
-{
-    krb5_error_code ret;
-    char **defpp, **pp = NULL;
-    
-    ret = krb5_get_default_config_files(&defpp);
-    if (ret)
-	return ret;
-
-    ret = krb5_prepend_config_files(filelist, defpp, &pp);
-    krb5_free_config_files(defpp);
-    if (ret) {
-	return ret;
-    }	
-    *pfilenames = pp;
-    return 0;
-}
-
-/**
- * Get the global configuration list.
- *
- * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION 
-krb5_get_default_config_files(char ***pfilenames)
-{
-    const char *files = NULL;
-
-    if (pfilenames == NULL)
-        return EINVAL;
-    if(!issuid())
-	files = getenv("KRB5_CONFIG");
-    if (files == NULL)
-	files = krb5_config_file;
-
-    return krb5_prepend_config_files(files, NULL, pfilenames);
-}
-
-/**
- * Free a list of configuration files.
- *
- * @param filenames list to be freed.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_free_config_files(char **filenames)
-{
-    char **p;
-    for(p = filenames; *p != NULL; p++)
-	free(*p);
-    free(filenames);
-}
-
-/**
- * Returns the list of Kerberos encryption types sorted in order of
- * most preferred to least preferred encryption type.  Note that some
- * encryption types might be disabled, so you need to check with
- * krb5_enctype_valid() before using the encryption type.
- *
- * @return list of enctypes, terminated with ETYPE_NULL. Its a static
- * array completed into the Kerberos library so the content doesn't
- * need to be freed.
- *
- * @ingroup krb5
- */
-
-const krb5_enctype * KRB5_LIB_FUNCTION
-krb5_kerberos_enctypes(krb5_context context)
-{
-    static const krb5_enctype p[] = {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_DES3_CBC_MD5,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_CRC,
-	ETYPE_NULL
-    };
-    return p;
-}
-
-/*
- * set `etype' to a malloced list of the default enctypes
- */
-
-static krb5_error_code
-default_etypes(krb5_context context, krb5_enctype **etype)
-{
-    const krb5_enctype *p;
-    krb5_enctype *e = NULL, *ep;
-    int i, n = 0;
-
-    p = krb5_kerberos_enctypes(context);
-
-    for (i = 0; p[i] != ETYPE_NULL; i++) {
-	if (krb5_enctype_valid(context, p[i]) != 0)
-	    continue;
-	ep = realloc(e, (n + 2) * sizeof(*e));
-	if (ep == NULL) {
-	    free(e);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	e = ep;
-	e[n] = p[i];
-	e[n + 1] = ETYPE_NULL;
-	n++;
-    }
-    *etype = e;
-    return 0;
-}
-
-/**
- * Set the default encryption types that will be use in communcation
- * with the KDC, clients and servers.
- *
- * @param context Kerberos 5 context.
- * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_in_tkt_etypes(krb5_context context, 
-			       const krb5_enctype *etypes)
-{
-    krb5_enctype *p = NULL;
-    int i;
-
-    if(etypes) {
-	for (i = 0; etypes[i]; ++i) {
-	    krb5_error_code ret;
-	    ret = krb5_enctype_valid(context, etypes[i]);
-	    if (ret)
-		return ret;
-	}
-	++i;
-	ALLOC(p, i);
-	if(!p) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memmove(p, etypes, i * sizeof(krb5_enctype));
-    }
-    if(context->etypes)
-	free(context->etypes);
-    context->etypes = p;
-    return 0;
-}
-
-/**
- * Get the default encryption types that will be use in communcation
- * with the KDC, clients and servers.
- *
- * @param context Kerberos 5 context.
- * @param etypes Encryption types, array terminated with
- * ETYPE_NULL(0), caller should free array with krb5_xfree():
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_in_tkt_etypes(krb5_context context,
-			       krb5_enctype **etypes)
-{
-  krb5_enctype *p;
-  int i;
-  krb5_error_code ret;
-
-  if(context->etypes) {
-    for(i = 0; context->etypes[i]; i++);
-    ++i;
-    ALLOC(p, i);
-    if(!p) {
-      krb5_set_error_string (context, "malloc: out of memory");
-      return ENOMEM;
-    }
-    memmove(p, context->etypes, i * sizeof(krb5_enctype));
-  } else {
-    ret = default_etypes(context, &p);
-    if (ret)
-      return ret;
-  }
-  *etypes = p;
-  return 0;
-}
-
-/**
- * Return the error string for the error code. The caller must not
- * free the string.
- *
- * @param context Kerberos 5 context.
- * @param code Kerberos error code.
- *
- * @return the error message matching code
- *
- * @ingroup krb5
- */
-
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text(krb5_context context, krb5_error_code code)
-{
-    const char *p = NULL;
-    if(context != NULL)
-	p = com_right(context->et_list, code);
-    if(p == NULL)
-	p = strerror(code);
-    if (p == NULL)
-	p = "Unknown error";
-    return p;
-}
-
-/**
- * Init the built-in ets in the Kerberos library. 
- *
- * @param context kerberos context to add the ets too
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_init_ets(krb5_context context)
-{
-    if(context->et_list == NULL){
-	krb5_add_et_list(context, initialize_krb5_error_table_r);
-	krb5_add_et_list(context, initialize_asn1_error_table_r);
-	krb5_add_et_list(context, initialize_heim_error_table_r);
-	krb5_add_et_list(context, initialize_k524_error_table_r);
-#ifdef PKINIT
-	krb5_add_et_list(context, initialize_hx_error_table_r);
-#endif
-    }
-}
-
-/**
- * Make the kerberos library default to the admin KDC.
- *
- * @param context Kerberos 5 context.
- * @param flag boolean flag to select if the use the admin KDC or not.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
-{
-    context->use_admin_kdc = flag;
-}
-
-/**
- * Make the kerberos library default to the admin KDC.
- *
- * @param context Kerberos 5 context.
- *
- * @return boolean flag to telling the context will use admin KDC as the default KDC.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_use_admin_kdc (krb5_context context)
-{
-    return context->use_admin_kdc;
-}
-
-/**
- * Add extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to add
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->extra_addresses)
-	return krb5_append_addresses(context, 
-				     context->extra_addresses, addresses);
-    else
-	return krb5_set_extra_addresses(context, addresses);
-}
-
-/**
- * Set extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to set
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->extra_addresses)
-	krb5_free_addresses(context, context->extra_addresses);
-
-    if(addresses == NULL) {
-	if(context->extra_addresses != NULL) {
-	    free(context->extra_addresses);
-	    context->extra_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->extra_addresses == NULL) {
-	context->extra_addresses = malloc(sizeof(*context->extra_addresses));
-	if(context->extra_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->extra_addresses);
-}
-
-/**
- * Get extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to set
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->extra_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context,context->extra_addresses, addresses);
-}
-
-/**
- * Add extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to ignore
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->ignore_addresses)
-	return krb5_append_addresses(context, 
-				     context->ignore_addresses, addresses);
-    else
-	return krb5_set_ignore_addresses(context, addresses);
-}
-
-/**
- * Set extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to ignore
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->ignore_addresses)
-	krb5_free_addresses(context, context->ignore_addresses);
-    if(addresses == NULL) {
-	if(context->ignore_addresses != NULL) {
-	    free(context->ignore_addresses);
-	    context->ignore_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->ignore_addresses == NULL) {
-	context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
-	if(context->ignore_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->ignore_addresses);
-}
-
-/**
- * Get extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses list addreses ignored
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->ignore_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context, context->ignore_addresses, addresses);
-}
-
-/**
- * Set version of fcache that the library should use.
- *
- * @param context Kerberos 5 context.
- * @param version version number.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_fcache_version(krb5_context context, int version)
-{
-    context->fcache_vno = version;
-    return 0;
-}
-
-/**
- * Get version of fcache that the library should use.
- *
- * @param context Kerberos 5 context.
- * @param version version number.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_fcache_version(krb5_context context, int *version)
-{
-    *version = context->fcache_vno;
-    return 0;
-}
-
-/**
- * Runtime check if the Kerberos library was complied with thread support.
- *
- * @return TRUE if the library was compiled with thread support, FALSE if not.
- *
- * @ingroup krb5
- */
-
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_is_thread_safe(void)
-{
-#ifdef ENABLE_PTHREAD_SUPPORT
-    return TRUE;
-#else
-    return FALSE;
-#endif
-}
-
-/**
- * Set if the library should use DNS to canonicalize hostnames.
- *
- * @param context Kerberos 5 context.
- * @param flag if its dns canonicalizion is used or not.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
-{
-    if (flag)
-	context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
-    else
-	context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
-}
-
-/**
- * Get if the library uses DNS to canonicalize hostnames.
- *
- * @param context Kerberos 5 context.
- *
- * @return return non zero if the library uses DNS to canonicalize hostnames.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_dns_canonicalize_hostname (krb5_context context)
-{
-    return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
-}
-
-/**
- * Get current offset in time to the KDC.
- *
- * @param context Kerberos 5 context.
- * @param sec seconds part of offset.
- * @param usec micro seconds part of offset.
- *
- * @return return non zero if the library uses DNS to canonicalize hostnames.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
-{
-    if (sec)
-	*sec = context->kdc_sec_offset;
-    if (usec)
-	*usec = context->kdc_usec_offset;
-    return 0;
-}
-
-/**
- * Get max time skew allowed.
- *
- * @param context Kerberos 5 context.
- *
- * @return timeskew in seconds.
- *
- * @ingroup krb5
- */
-
-time_t KRB5_LIB_FUNCTION
-krb5_get_max_time_skew (krb5_context context)
-{
-    return context->max_skew;
-}
-
-/**
- * Set max time skew allowed.
- *
- * @param context Kerberos 5 context.
- * @param t timeskew in seconds.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_max_time_skew (krb5_context context, time_t t)
-{
-    context->max_skew = t;
-}
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
deleted file mode 100644
index b2af018..0000000
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c 22050 2007-11-11 11:20:46Z lha $");
-
-#include "krb5-v4compat.h"
-
-static krb5_error_code
-check_ticket_flags(TicketFlags f)
-{
-    return 0; /* maybe add some more tests here? */
-}
-
-/**
- * Convert the v5 credentials in in_cred to v4-dito in v4creds.  This
- * is done by sending them to the 524 function in the KDC.  If
- * `in_cred' doesn't contain a DES session key, then a new one is
- * gotten from the KDC and stored in the cred cache `ccache'.
- *
- * @param context Kerberos 5 context.
- * @param in_cred the credential to convert
- * @param v4creds the converted credential
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5_v4compat
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc(krb5_context context, 
-			 krb5_creds *in_cred,
-			 struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-    krb5_storage *sp;
-    int32_t tmp;
-    krb5_data ticket;
-    char realm[REALM_SZ];
-    krb5_creds *v5_creds = in_cred;
-
-    ret = check_ticket_flags(v5_creds->flags.b);
-    if(ret)
-	goto out2;
-
-    {
-	krb5_krbhst_handle handle;
-
-	ret = krb5_krbhst_init(context,
-			       krb5_principal_get_realm(context, 
-							v5_creds->server),
-			       KRB5_KRBHST_KRB524,
-			       &handle);
-	if (ret)
-	    goto out2;
-
-	ret = krb5_sendto (context,
-			   &v5_creds->ticket,
-			   handle,
-			   &reply);
-	krb5_krbhst_free(context, handle);
-	if (ret)
-	    goto out2;
-    }
-    sp = krb5_storage_from_mem(reply.data, reply.length);
-    if(sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out2;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	memset(v4creds, 0, sizeof(*v4creds));
-	ret = krb5_ret_int32(sp, &tmp);
-	if(ret)
-	    goto out;
-	v4creds->kvno = tmp;
-	ret = krb5_ret_data(sp, &ticket);
-	if(ret)
-	    goto out;
-	v4creds->ticket_st.length = ticket.length;
-	memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
-	krb5_data_free(&ticket);
-	ret = krb5_524_conv_principal(context, 
-				      v5_creds->server, 
-				      v4creds->service, 
-				      v4creds->instance, 
-				      v4creds->realm);
-	if(ret)
-	    goto out;
-	v4creds->issue_date = v5_creds->times.starttime;
-	v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
-						   v5_creds->times.endtime);
-	ret = krb5_524_conv_principal(context, v5_creds->client, 
-				      v4creds->pname, 
-				      v4creds->pinst, 
-				      realm);
-	if(ret)
-	    goto out;
-	memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
-    } else {
-	krb5_set_error_string(context, "converting credentials: %s", 
-			      krb5_get_err_text(context, ret));
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free(&reply);
-out2:
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
-
-/**
- * Convert the v5 credentials in in_cred to v4-dito in v4creds,
- * check the credential cache ccache before checking with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param ccache credential cache used to check for des-ticket.
- * @param in_cred the credential to convert
- * @param v4creds the converted credential
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5_v4compat
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc_ccache(krb5_context context, 
-				krb5_ccache ccache,
-				krb5_creds *in_cred,
-				struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_creds *v5_creds = in_cred;
-    krb5_keytype keytype;
-
-    keytype = v5_creds->session.keytype;
-
-    if (keytype != ENCTYPE_DES_CBC_CRC) {
-	/* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
-           so go get one */
-	krb5_creds template;
-
-	memset (&template, 0, sizeof(template));
-	template.session.keytype = ENCTYPE_DES_CBC_CRC;
-	ret = krb5_copy_principal (context, in_cred->client, &template.client);
-	if (ret) {
-	    krb5_free_cred_contents (context, &template);
-	    return ret;
-	}
-	ret = krb5_copy_principal (context, in_cred->server, &template.server);
-	if (ret) {
-	    krb5_free_cred_contents (context, &template);
-	    return ret;
-	}
-
-	ret = krb5_get_credentials (context, 0, ccache,
-				    &template, &v5_creds);
-	krb5_free_cred_contents (context, &template);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
-
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c
deleted file mode 100644
index 8c4f39b..0000000
--- a/crypto/heimdal/lib/krb5/copy_host_realm.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $");
-
-/**
- * Copy the list of realms from `from' to `to'.
- *
- * @param context Kerberos 5 context.
- * @param from list of realms to copy from.
- * @param to list of realms to copy to, free list of krb5_free_host_realm().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_host_realm(krb5_context context,
-		     const krb5_realm *from,
-		     krb5_realm **to)
-{
-    int n, i;
-    const krb5_realm *p;
-
-    for (n = 0, p = from; *p != NULL; ++p)
-	++n;
-    ++n;
-    *to = malloc (n * sizeof(**to));
-    if (*to == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	(*to)[i] = NULL;
-    for (i = 0, p = from; *p != NULL; ++p, ++i) {
-	(*to)[i] = strdup(*p);
-	if ((*to)[i] == NULL) {
-	    krb5_free_host_realm (context, *to);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/crc.c b/crypto/heimdal/lib/krb5/crc.c
deleted file mode 100644
index 072c29d..0000000
--- a/crypto/heimdal/lib/krb5/crc.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: crc.c 17442 2006-05-05 09:31:15Z lha $");
-
-static u_long table[256];
-
-#define CRC_GEN 0xEDB88320L
-
-void
-_krb5_crc_init_table(void)
-{
-    static int flag = 0;
-    unsigned long crc, poly;
-    int     i, j;
-    
-    if(flag) return;
-    poly = CRC_GEN;
-    for (i = 0; i < 256; i++) {
-	crc = i;
-	for (j = 8; j > 0; j--) {
-	    if (crc & 1) {
-		crc = (crc >> 1) ^ poly;
-	    } else {
-		crc >>= 1;
-	    }
-	}
-	table[i] = crc;
-    }
-    flag = 1;
-}
-
-uint32_t
-_krb5_crc_update (const char *p, size_t len, uint32_t res)
-{
-    while (len--)
-	res = table[(res ^ *p++) & 0xFF] ^ (res >> 8);
-    return res & 0xFFFFFFFF;
-}
diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c
deleted file mode 100644
index 17ef46d..0000000
--- a/crypto/heimdal/lib/krb5/creds.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: creds.c 22062 2007-11-11 15:41:50Z lha $");
-
-#undef __attribute__
-#define __attribute__(X)
-
-/* keep this for compatibility with older code */
-krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated))
-krb5_free_creds_contents (krb5_context context, krb5_creds *c)
-{
-    return krb5_free_cred_contents (context, c);
-}    
-
-/**
- * Free content of krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param c krb5_creds to free.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_cred_contents (krb5_context context, krb5_creds *c)
-{
-    krb5_free_principal (context, c->client);
-    c->client = NULL;
-    krb5_free_principal (context, c->server);
-    c->server = NULL;
-    krb5_free_keyblock_contents (context, &c->session);
-    krb5_data_free (&c->ticket);
-    krb5_data_free (&c->second_ticket);
-    free_AuthorizationData (&c->authdata);
-    krb5_free_addresses (context, &c->addresses);
-    memset(c, 0, sizeof(*c));
-    return 0;
-}
-
-/**
- * Copy content of krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param incred source credential
- * @param c destination credential, free with krb5_free_cred_contents().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds_contents (krb5_context context,
-			  const krb5_creds *incred,
-			  krb5_creds *c)
-{
-    krb5_error_code ret;
-
-    memset(c, 0, sizeof(*c));
-    ret = krb5_copy_principal (context, incred->client, &c->client);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_principal (context, incred->server, &c->server);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session);
-    if (ret)
-	goto fail;
-    c->times = incred->times;
-    ret = krb5_data_copy (&c->ticket,
-			  incred->ticket.data,
-			  incred->ticket.length);
-    if (ret)
-	goto fail;
-    ret = krb5_data_copy (&c->second_ticket,
-			  incred->second_ticket.data,
-			  incred->second_ticket.length);
-    if (ret)
-	goto fail;
-    ret = copy_AuthorizationData(&incred->authdata, &c->authdata);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_addresses (context,
-			       &incred->addresses,
-			       &c->addresses);
-    if (ret)
-	goto fail;
-    c->flags = incred->flags;
-    return 0;
-
-fail:
-    krb5_free_cred_contents (context, c);
-    return ret;
-}
-
-/**
- * Copy krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param incred source credential
- * @param outcred destination credential, free with krb5_free_creds().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds (krb5_context context,
-		 const krb5_creds *incred,
-		 krb5_creds **outcred)
-{
-    krb5_creds *c;
-
-    c = malloc (sizeof (*c));
-    if (c == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset (c, 0, sizeof(*c));
-    *outcred = c;
-    return krb5_copy_creds_contents (context, incred, c);
-}
-
-/**
- * Free krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param c krb5_creds to free.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_creds (krb5_context context, krb5_creds *c)
-{
-    krb5_free_cred_contents (context, c);
-    free (c);
-    return 0;
-}
-
-/* XXX this do not belong here */
-static krb5_boolean
-krb5_times_equal(const krb5_times *a, const krb5_times *b)
-{
-    return a->starttime == b->starttime &&
-	a->authtime == b->authtime &&
-	a->endtime == b->endtime &&
-	a->renew_till == b->renew_till;
-}
-
-/**
- * Return TRUE if `mcreds' and `creds' are equal (`whichfields'
- * determines what equal means).
- *
- * @param context Kerberos 5 context.
- * @param whichfields which fields to compare.
- * @param mcreds cred to compare with.
- * @param creds cred to compare with.
- *
- * @return return TRUE if mcred and creds are equal, FALSE if not.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_compare_creds(krb5_context context, krb5_flags whichfields,
-		   const krb5_creds * mcreds, const krb5_creds * creds)
-{
-    krb5_boolean match = TRUE;
-    
-    if (match && mcreds->server) {
-	if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) 
-	    match = krb5_principal_compare_any_realm (context, mcreds->server, 
-						      creds->server);
-	else
-	    match = krb5_principal_compare (context, mcreds->server, 
-					    creds->server);
-    }
-
-    if (match && mcreds->client) {
-	if(whichfields & KRB5_TC_DONT_MATCH_REALM)
-	    match = krb5_principal_compare_any_realm (context, mcreds->client, 
-						      creds->client);
-	else
-	    match = krb5_principal_compare (context, mcreds->client, 
-					    creds->client);
-    }
-	    
-    if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
-	match = krb5_enctypes_compatible_keys(context,
-					      mcreds->session.keytype,
-					      creds->session.keytype);
-
-    if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
-	match = mcreds->flags.i == creds->flags.i;
-
-    if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
-	match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
-
-    if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
-	match = krb5_times_equal(&mcreds->times, &creds->times);
-    
-    if (match && (whichfields & KRB5_TC_MATCH_TIMES))
-	/* compare only expiration times */
-	match = (mcreds->times.renew_till <= creds->times.renew_till) &&
-	    (mcreds->times.endtime <= creds->times.endtime);
-
-    if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
-	unsigned int i;
-	if(mcreds->authdata.len != creds->authdata.len)
-	    match = FALSE;
-	else
-	    for(i = 0; match && i < mcreds->authdata.len; i++)
-		match = (mcreds->authdata.val[i].ad_type == 
-			 creds->authdata.val[i].ad_type) &&
-		    (krb5_data_cmp(&mcreds->authdata.val[i].ad_data,
-				   &creds->authdata.val[i].ad_data) == 0);
-    }
-    if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
-	match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0);
-
-    if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
-	match = ((mcreds->second_ticket.length == 0) == 
-		 (creds->second_ticket.length == 0));
-
-    return match;
-}
diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
deleted file mode 100644
index 2e63490..0000000
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ /dev/null
@@ -1,4192 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $");
-
-#undef CRYPTO_DEBUG
-#ifdef CRYPTO_DEBUG
-static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
-#endif
-
-
-struct key_data {
-    krb5_keyblock *key;
-    krb5_data *schedule;
-};
-
-struct key_usage {
-    unsigned usage;
-    struct key_data key;
-};
-
-struct krb5_crypto_data {
-    struct encryption_type *et;
-    struct key_data key;
-    int num_key_usage;
-    struct key_usage *key_usage;
-};
-
-#define CRYPTO_ETYPE(C) ((C)->et->type)
-
-/* bits for `flags' below */
-#define F_KEYED		 1	/* checksum is keyed */
-#define F_CPROOF	 2	/* checksum is collision proof */
-#define F_DERIVED	 4	/* uses derived keys */
-#define F_VARIANT	 8	/* uses `variant' keys (6.4.3) */
-#define F_PSEUDO	16	/* not a real protocol type */
-#define F_SPECIAL	32	/* backwards */
-#define F_DISABLED	64	/* enctype/checksum disabled */
-
-struct salt_type {
-    krb5_salttype type;
-    const char *name;
-    krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 
-				     krb5_salt, krb5_data, krb5_keyblock*);
-};
-
-struct key_type {
-    krb5_keytype type; /* XXX */
-    const char *name;
-    size_t bits;
-    size_t size;
-    size_t schedule_size;
-#if 0
-    krb5_enctype best_etype;
-#endif
-    void (*random_key)(krb5_context, krb5_keyblock*);
-    void (*schedule)(krb5_context, struct key_data *);
-    struct salt_type *string_to_key;
-    void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
-};
-
-struct checksum_type {
-    krb5_cksumtype type;
-    const char *name;
-    size_t blocksize;
-    size_t checksumsize;
-    unsigned flags;
-    void (*checksum)(krb5_context context,
-		     struct key_data *key,
-		     const void *buf, size_t len,
-		     unsigned usage,
-		     Checksum *csum);
-    krb5_error_code (*verify)(krb5_context context,
-			      struct key_data *key,
-			      const void *buf, size_t len,
-			      unsigned usage,
-			      Checksum *csum);
-};
-
-struct encryption_type {
-    krb5_enctype type;
-    const char *name;
-    heim_oid *oid;
-    size_t blocksize;
-    size_t padsize;
-    size_t confoundersize;
-    struct key_type *keytype;
-    struct checksum_type *checksum;
-    struct checksum_type *keyed_checksum;
-    unsigned flags;
-    krb5_error_code (*encrypt)(krb5_context context,
-			       struct key_data *key,
-			       void *data, size_t len,
-			       krb5_boolean encryptp,
-			       int usage,
-			       void *ivec);
-    size_t prf_length;
-    krb5_error_code (*prf)(krb5_context,
-			   krb5_crypto, const krb5_data *, krb5_data *);
-};
-
-#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
-#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
-#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
-
-static struct checksum_type *_find_checksum(krb5_cksumtype type);
-static struct encryption_type *_find_enctype(krb5_enctype type);
-static struct key_type *_find_keytype(krb5_keytype type);
-static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, 
-					unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
-static krb5_error_code derive_key(krb5_context context,
-				  struct encryption_type *et,
-				  struct key_data *key,
-				  const void *constant,
-				  size_t len);
-static krb5_error_code hmac(krb5_context context,
-			    struct checksum_type *cm, 
-			    const void *data, 
-			    size_t len, 
-			    unsigned usage,
-			    struct key_data *keyblock,
-			    Checksum *result);
-static void free_key_data(krb5_context context, struct key_data *key);
-static krb5_error_code usage2arcfour (krb5_context, unsigned *);
-static void xor (DES_cblock *, const unsigned char *);
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
-
-static void
-krb5_DES_random_key(krb5_context context,
-	       krb5_keyblock *key)
-{
-    DES_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, sizeof(DES_cblock));
-	DES_set_odd_parity(k);
-    } while(DES_is_weak_key(k));
-}
-
-static void
-krb5_DES_schedule(krb5_context context,
-		  struct key_data *key)
-{
-    DES_set_key(key->key->keyvalue.data, key->schedule->data);
-}
-
-#ifdef ENABLE_AFS_STRING_TO_KEY
-
-/* This defines the Andrew string_to_key function.  It accepts a password
- * string as input and converts it via a one-way encryption algorithm to a DES
- * encryption key.  It is compatible with the original Andrew authentication
- * service password database.
- */
-
-/*
- * Short passwords, i.e 8 characters or less.
- */
-static void
-krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
-			    krb5_data cell,
-			    DES_cblock *key)
-{
-    char  password[8+1];	/* crypt is limited to 8 chars anyway */
-    int   i;
-    
-    for(i = 0; i < 8; i++) {
-	char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
-		 ((i < cell.length) ?
-		  tolower(((unsigned char*)cell.data)[i]) : 0);
-	password[i] = c ? c : 'X';
-    }
-    password[8] = '\0';
-
-    memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock));
-
-    /* parity is inserted into the LSB so left shift each byte up one
-       bit. This allows ascii characters with a zero MSB to retain as
-       much significance as possible. */
-    for (i = 0; i < sizeof(DES_cblock); i++)
-	((unsigned char*)key)[i] <<= 1;
-    DES_set_odd_parity (key);
-}
-
-/*
- * Long passwords, i.e 9 characters or more.
- */
-static void
-krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
-				 krb5_data cell,
-				 DES_cblock *key)
-{
-    DES_key_schedule schedule;
-    DES_cblock temp_key;
-    DES_cblock ivec;
-    char password[512];
-    size_t passlen;
-
-    memcpy(password, pw.data, min(pw.length, sizeof(password)));
-    if(pw.length < sizeof(password)) {
-	int len = min(cell.length, sizeof(password) - pw.length);
-	int i;
-
-	memcpy(password + pw.length, cell.data, len);
-	for (i = pw.length; i < pw.length + len; ++i)
-	    password[i] = tolower((unsigned char)password[i]);
-    }
-    passlen = min(sizeof(password), pw.length + cell.length);
-    memcpy(&ivec, "kerberos", 8);
-    memcpy(&temp_key, "kerberos", 8);
-    DES_set_odd_parity (&temp_key);
-    DES_set_key (&temp_key, &schedule);
-    DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec);
-
-    memcpy(&temp_key, &ivec, 8);
-    DES_set_odd_parity (&temp_key);
-    DES_set_key (&temp_key, &schedule);
-    DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec);
-    memset(&schedule, 0, sizeof(schedule));
-    memset(&temp_key, 0, sizeof(temp_key));
-    memset(&ivec, 0, sizeof(ivec));
-    memset(password, 0, sizeof(password));
-
-    DES_set_odd_parity (key);
-}
-
-static krb5_error_code
-DES_AFS3_string_to_key(krb5_context context,
-		       krb5_enctype enctype,
-		       krb5_data password,
-		       krb5_salt salt,
-		       krb5_data opaque,
-		       krb5_keyblock *key)
-{
-    DES_cblock tmp;
-    if(password.length > 8)
-	krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
-    else
-	krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&key, 0, sizeof(key));
-    return 0;
-}
-#endif /* ENABLE_AFS_STRING_TO_KEY */
-
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
-{
-    DES_key_schedule schedule;
-    int i;
-    int reverse = 0;
-    unsigned char *p;
-
-    unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 
-			     0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
-    memset(key, 0, 8);
-    
-    p = (unsigned char*)key;
-    for (i = 0; i < length; i++) {
-	unsigned char tmp = data[i];
-	if (!reverse)
-	    *p++ ^= (tmp << 1);
-	else
-	    *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
-	if((i % 8) == 7)
-	    reverse = !reverse;
-    }
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-    DES_set_key(key, &schedule);
-    DES_cbc_cksum((void*)data, key, length, &schedule, key);
-    memset(&schedule, 0, sizeof(schedule));
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    unsigned char *s;
-    size_t len;
-    DES_cblock tmp;
-
-#ifdef ENABLE_AFS_STRING_TO_KEY
-    if (opaque.length == 1) {
-	unsigned long v;
-	_krb5_get_int(opaque.data, &v, 1);
-	if (v == 1)
-	    return DES_AFS3_string_to_key(context, enctype, password,
-					  salt, opaque, key);
-    }
-#endif
-
-    len = password.length + salt.saltvalue.length;
-    s = malloc(len);
-    if(len > 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    DES_string_to_key_int(s, len, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&tmp, 0, sizeof(tmp));
-    memset(s, 0, len);
-    free(s);
-    return 0;
-}
-
-static void
-krb5_DES_random_to_key(krb5_context context,
-		       krb5_keyblock *key,
-		       const void *data,
-		       size_t size)
-{
-    DES_cblock *k = key->keyvalue.data;
-    memcpy(k, data, key->keyvalue.length);
-    DES_set_odd_parity(k);
-    if(DES_is_weak_key(k))
-	xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-}
-
-/*
- *
- */
-
-static void
-DES3_random_key(krb5_context context,
-		krb5_keyblock *key)
-{
-    DES_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
-	DES_set_odd_parity(&k[0]);
-	DES_set_odd_parity(&k[1]);
-	DES_set_odd_parity(&k[2]);
-    } while(DES_is_weak_key(&k[0]) ||
-	    DES_is_weak_key(&k[1]) ||
-	    DES_is_weak_key(&k[2]));
-}
-
-static void
-DES3_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    DES_cblock *k = key->key->keyvalue.data;
-    DES_key_schedule *s = key->schedule->data;
-    DES_set_key(&k[0], &s[0]);
-    DES_set_key(&k[1], &s[1]);
-    DES_set_key(&k[2], &s[2]);
-}
-
-/*
- * A = A xor B. A & B are 8 bytes.
- */
-
-static void
-xor (DES_cblock *key, const unsigned char *b)
-{
-    unsigned char *a = (unsigned char*)key;
-    a[0] ^= b[0];
-    a[1] ^= b[1];
-    a[2] ^= b[2];
-    a[3] ^= b[3];
-    a[4] ^= b[4];
-    a[5] ^= b[5];
-    a[6] ^= b[6];
-    a[7] ^= b[7];
-}
-
-static krb5_error_code
-DES3_string_to_key(krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_data password,
-		   krb5_salt salt,
-		   krb5_data opaque,
-		   krb5_keyblock *key)
-{
-    char *str;
-    size_t len;
-    unsigned char tmp[24];
-    DES_cblock keys[3];
-    krb5_error_code ret;
-    
-    len = password.length + salt.saltvalue.length;
-    str = malloc(len);
-    if(len != 0 && str == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(str, password.data, password.length);
-    memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    {
-	DES_cblock ivec;
-	DES_key_schedule s[3];
-	int i;
-	
-	ret = _krb5_n_fold(str, len, tmp, 24);
-	if (ret) {
-	    memset(str, 0, len);
-	    free(str);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    DES_set_odd_parity(keys + i);
-	    if(DES_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	    DES_set_key(keys + i, &s[i]);
-	}
-	memset(&ivec, 0, sizeof(ivec));
-	DES_ede3_cbc_encrypt(tmp,
-			     tmp, sizeof(tmp), 
-			     &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
-	memset(s, 0, sizeof(s));
-	memset(&ivec, 0, sizeof(ivec));
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    DES_set_odd_parity(keys + i);
-	    if(DES_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	}
-	memset(tmp, 0, sizeof(tmp));
-    }
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
-    memset(keys, 0, sizeof(keys));
-    memset(str, 0, len);
-    free(str);
-    return 0;
-}
-
-static krb5_error_code
-DES3_string_to_key_derived(krb5_context context,
-			   krb5_enctype enctype,
-			   krb5_data password,
-			   krb5_salt salt,
-			   krb5_data opaque,
-			   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    size_t len = password.length + salt.saltvalue.length;
-    char *s;
-
-    s = malloc(len);
-    if(len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    ret = krb5_string_to_key_derived(context,
-				     s,
-				     len,
-				     enctype,
-				     key);
-    memset(s, 0, len);
-    free(s);
-    return ret;
-}
-
-static void
-DES3_random_to_key(krb5_context context,
-		   krb5_keyblock *key,
-		   const void *data,
-		   size_t size)
-{
-    unsigned char *x = key->keyvalue.data;
-    const u_char *q = data;
-    DES_cblock *k;
-    int i, j;
-
-    memset(x, 0, sizeof(x));
-    for (i = 0; i < 3; ++i) {
-	unsigned char foo;
-	for (j = 0; j < 7; ++j) {
-	    unsigned char b = q[7 * i + j];
-
-	    x[8 * i + j] = b;
-	}
-	foo = 0;
-	for (j = 6; j >= 0; --j) {
-	    foo |= q[7 * i + j] & 1;
-	    foo <<= 1;
-	}
-	x[8 * i + 7] = foo;
-    }
-    k = key->keyvalue.data;
-    for (i = 0; i < 3; i++) {
-	DES_set_odd_parity(&k[i]);
-	if(DES_is_weak_key(&k[i]))
-	    xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-    }    
-}
-
-/*
- * ARCFOUR
- */
-
-static void
-ARCFOUR_schedule(krb5_context context, 
-		 struct key_data *kd)
-{
-    RC4_set_key (kd->schedule->data,
-		 kd->key->keyvalue.length, kd->key->keyvalue.data);
-}
-
-static krb5_error_code
-ARCFOUR_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    char *s, *p;
-    size_t len;
-    int i;
-    MD4_CTX m;
-    krb5_error_code ret;
-
-    len = 2 * password.length;
-    s = malloc (len);
-    if (len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    for (p = s, i = 0; i < password.length; ++i) {
-	*p++ = ((char *)password.data)[i];
-	*p++ = 0;
-    }
-    MD4_Init (&m);
-    MD4_Update (&m, s, len);
-    key->keytype = enctype;
-    ret = krb5_data_alloc (&key->keyvalue, 16);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out;
-    }
-    MD4_Final (key->keyvalue.data, &m);
-    memset (s, 0, len);
-    ret = 0;
-out:
-    free (s);
-    return ret;
-}
-
-/*
- * AES
- */
-
-int _krb5_AES_string_to_default_iterator = 4096;
-
-static krb5_error_code
-AES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    uint32_t iter;
-    struct encryption_type *et;
-    struct key_data kd;
-
-    if (opaque.length == 0)
-	iter = _krb5_AES_string_to_default_iterator;
-    else if (opaque.length == 4) {
-	unsigned long v;
-	_krb5_get_int(opaque.data, &v, 4);
-	iter = ((uint32_t)v);
-    } else
-	return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
-	
-    et = _find_enctype(enctype);
-    if (et == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-
-    kd.schedule = NULL;
-    ALLOC(kd.key, 1);
-    if(kd.key == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    kd.key->keytype = enctype;
-    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to allocate pkcs5 key");
-	return ret;
-    }
-
-    ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
-				 salt.saltvalue.data, salt.saltvalue.length,
-				 iter, 
-				 et->keytype->size, kd.key->keyvalue.data);
-    if (ret != 1) {
-	free_key_data(context, &kd);
-	krb5_set_error_string(context, "Error calculating s2k");
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-
-    ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
-    if (ret == 0)
-	ret = krb5_copy_keyblock_contents(context, kd.key, key);
-    free_key_data(context, &kd);
-
-    return ret;
-}
-
-struct krb5_aes_schedule {
-    AES_KEY ekey;
-    AES_KEY dkey;
-};
-
-static void
-AES_schedule(krb5_context context,
-	     struct key_data *kd)
-{
-    struct krb5_aes_schedule *key = kd->schedule->data;
-    int bits = kd->key->keyvalue.length * 8;
-
-    memset(key, 0, sizeof(*key));
-    AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey);
-    AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey);
-}
-
-/*
- *
- */
-
-static struct salt_type des_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	krb5_DES_string_to_key
-    },
-#ifdef ENABLE_AFS_STRING_TO_KEY
-    {
-	KRB5_AFS3_SALT,
-	"afs3-salt",
-	DES_AFS3_string_to_key
-    },
-#endif
-    { 0 }
-};
-
-static struct salt_type des3_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key
-    },
-    { 0 }
-};
-
-static struct salt_type des3_salt_derived[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key_derived
-    },
-    { 0 }
-};
-
-static struct salt_type AES_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	AES_string_to_key
-    },
-    { 0 }
-};
-
-static struct salt_type arcfour_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	ARCFOUR_string_to_key
-    },
-    { 0 }
-};
-
-/*
- *
- */
-
-static struct key_type keytype_null = {
-    KEYTYPE_NULL,
-    "null",
-    0,
-    0,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-static struct key_type keytype_des = {
-    KEYTYPE_DES,
-    "des",
-    56,
-    sizeof(DES_cblock),
-    sizeof(DES_key_schedule),
-    krb5_DES_random_key,
-    krb5_DES_schedule,
-    des_salt,
-    krb5_DES_random_to_key
-};
-
-static struct key_type keytype_des3 = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(DES_cblock), 
-    3 * sizeof(DES_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt,
-    DES3_random_to_key
-};
-
-static struct key_type keytype_des3_derived = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(DES_cblock),
-    3 * sizeof(DES_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt_derived,
-    DES3_random_to_key
-};
-
-static struct key_type keytype_aes128 = {
-    KEYTYPE_AES128,
-    "aes-128",
-    128,
-    16,
-    sizeof(struct krb5_aes_schedule),
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-
-static struct key_type keytype_aes256 = {
-    KEYTYPE_AES256,
-    "aes-256",
-    256,
-    32,
-    sizeof(struct krb5_aes_schedule),
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-
-static struct key_type keytype_arcfour = {
-    KEYTYPE_ARCFOUR,
-    "arcfour",
-    128,
-    16,
-    sizeof(RC4_KEY),
-    NULL,
-    ARCFOUR_schedule,
-    arcfour_salt
-};
-
-static struct key_type *keytypes[] = {
-    &keytype_null,
-    &keytype_des,
-    &keytype_des3_derived,
-    &keytype_des3,
-    &keytype_aes128,
-    &keytype_aes256,
-    &keytype_arcfour
-};
-
-static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]);
-
-static struct key_type *
-_find_keytype(krb5_keytype type)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(keytypes[i]->type == type)
-	    return keytypes[i];
-    return NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_salttype_to_string (krb5_context context,
-			 krb5_enctype etype,
-			 krb5_salttype stype,
-			 char **string)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (st->type == stype) {
-	    *string = strdup (st->name);
-	    if (*string == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %d not supported", stype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_salttype (krb5_context context,
-			 krb5_enctype etype,
-			 const char *string,
-			 krb5_salttype *salttype)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (strcasecmp (st->name, string) == 0) {
-	    *salttype = st->type;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %s not supported", string);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_pw_salt(krb5_context context,
-		 krb5_const_principal principal,
-		 krb5_salt *salt)
-{
-    size_t len;
-    int i;
-    krb5_error_code ret;
-    char *p;
-     
-    salt->salttype = KRB5_PW_SALT;
-    len = strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i)
-	len += strlen(principal->name.name_string.val[i]);
-    ret = krb5_data_alloc (&salt->saltvalue, len);
-    if (ret)
-	return ret;
-    p = salt->saltvalue.data;
-    memcpy (p, principal->realm, strlen(principal->realm));
-    p += strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i) {
-	memcpy (p,
-		principal->name.name_string.val[i],
-		strlen(principal->name.name_string.val[i]));
-	p += strlen(principal->name.name_string.val[i]);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_salt(krb5_context context, 
-	       krb5_salt salt)
-{
-    krb5_data_free(&salt.saltvalue);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data (krb5_context context,
-			 krb5_enctype enctype,
-			 krb5_data password,
-			 krb5_principal principal,
-			 krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    ret = krb5_get_pw_salt(context, principal, &salt);
-    if(ret)
-	return ret;
-    ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
-    krb5_free_salt(context, salt);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key (krb5_context context,
-		    krb5_enctype enctype,
-		    const char *password,
-		    krb5_principal principal,
-		    krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data(context, enctype, pw, principal, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt (krb5_context context,
-			      krb5_enctype enctype,
-			      krb5_data password,
-			      krb5_salt salt,
-			      krb5_keyblock *key)
-{
-    krb5_data opaque;
-    krb5_data_zero(&opaque);
-    return krb5_string_to_key_data_salt_opaque(context, enctype, password, 
-					       salt, opaque, key);
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on
- * `password' (with salt `salt' and the enctype specific data string
- * `opaque'), returning the resulting key in `key'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt_opaque (krb5_context context,
-				     krb5_enctype enctype,
-				     krb5_data password,
-				     krb5_salt salt,
-				     krb5_data opaque,
-				     krb5_keyblock *key)
-{
-    struct encryption_type *et =_find_enctype(enctype);
-    struct salt_type *st;
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      enctype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for(st = et->keytype->string_to_key; st && st->type; st++) 
-	if(st->type == salt.salttype)
-	    return (*st->string_to_key)(context, enctype, password, 
-					salt, opaque, key);
-    krb5_set_error_string(context, "salt type %d not supported",
-			  salt.salttype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on the
- * string `password' (with salt `salt'), returning the resulting key
- * in `key'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt (krb5_context context,
-			 krb5_enctype enctype,
-			 const char *password,
-			 krb5_salt salt,
-			 krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt_opaque (krb5_context context,
-				krb5_enctype enctype,
-				const char *password,
-				krb5_salt salt,
-				krb5_data opaque,
-				krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data_salt_opaque(context, enctype, 
-					       pw, salt, opaque, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_string(krb5_context context,
-		       krb5_keytype keytype,
-		       char **string)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    if(kt == NULL) {
-	krb5_set_error_string(context, "key type %d not supported", keytype);
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-    *string = strdup(kt->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_keytype(krb5_context context,
-		       const char *string,
-		       krb5_keytype *keytype)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(strcasecmp(keytypes[i]->name, string) == 0){
-	    *keytype = keytypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string(context, "key type %s not supported", string);
-    return KRB5_PROG_KEYTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keysize(krb5_context context,
-		     krb5_enctype type,
-		     size_t *keysize)
-{
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keysize = et->keytype->size;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keybits(krb5_context context,
-		     krb5_enctype type,
-		     size_t *keybits)
-{
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keybits = et->keytype->bits;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_random_keyblock(krb5_context context,
-			      krb5_enctype type,
-			      krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
-    if(ret) 
-	return ret;
-    key->keytype = type;
-    if(et->keytype->random_key)
-	(*et->keytype->random_key)(context, key);
-    else
-	krb5_generate_random_block(key->keyvalue.data, 
-				   key->keyvalue.length);
-    return 0;
-}
-
-static krb5_error_code
-_key_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(key->key->keytype);
-    struct key_type *kt = et->keytype;
-
-    if(kt->schedule == NULL)
-	return 0;
-    if (key->schedule != NULL)
-	return 0;
-    ALLOC(key->schedule, 1);
-    if(key->schedule == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(key->schedule, kt->schedule_size);
-    if(ret) {
-	free(key->schedule);
-	key->schedule = NULL;
-	return ret;
-    }
-    (*kt->schedule)(context, key);
-    return 0;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static void
-NONE_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-}
-
-static void
-CRC32_checksum(krb5_context context,
-	       struct key_data *key,
-	       const void *data,
-	       size_t len,
-	       unsigned usage,
-	       Checksum *C)
-{
-    uint32_t crc;
-    unsigned char *r = C->checksum.data;
-    _krb5_crc_init_table ();
-    crc = _krb5_crc_update (data, len, 0);
-    r[0] = crc & 0xff;
-    r[1] = (crc >> 8)  & 0xff;
-    r[2] = (crc >> 16) & 0xff;
-    r[3] = (crc >> 24) & 0xff;
-}
-
-static void
-RSA_MD4_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD4_CTX m;
-
-    MD4_Init (&m);
-    MD4_Update (&m, data, len);
-    MD4_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD4_DES_checksum(krb5_context context, 
-		     struct key_data *key,
-		     const void *data, 
-		     size_t len, 
-		     unsigned usage,
-		     Checksum *cksum)
-{
-    MD4_CTX md4;
-    DES_cblock ivec;
-    unsigned char *p = cksum->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD4_Init (&md4);
-    MD4_Update (&md4, p, 8);
-    MD4_Update (&md4, data, len);
-    MD4_Final (p + 8, &md4);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD4_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD4_CTX md4;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(C->checksum.data,
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    key->schedule->data,
-		    &ivec,
-		    DES_DECRYPT);
-    MD4_Init (&md4);
-    MD4_Update (&md4, tmp, 8); /* confounder */
-    MD4_Update (&md4, data, len);
-    MD4_Final (res, &md4);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD5_CTX m;
-
-    MD5_Init  (&m);
-    MD5_Update(&m, data, len);
-    MD5_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD5_DES_checksum(krb5_context context,
-		     struct key_data *key,
-		     const void *data,
-		     size_t len,
-		     unsigned usage,
-		     Checksum *C)
-{
-    MD5_CTX md5;
-    DES_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    DES_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(C->checksum.data, 
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    &sched[0],
-		    &ivec,
-		    DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_DES3_checksum(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *C)
-{
-    MD5_CTX md5;
-    DES_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    DES_key_schedule *sched = key->schedule->data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_ede3_cbc_encrypt(p, 
-			 p, 
-			 24, 
-			 &sched[0], &sched[1], &sched[2],
-			 &ivec, 
-			 DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES3_verify(krb5_context context,
-		    struct key_data *key,
-		    const void *data,
-		    size_t len,
-		    unsigned usage,
-		    Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    DES_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_ede3_cbc_encrypt(C->checksum.data, 
-			 (void*)tmp, 
-			 C->checksum.length, 
-			 &sched[0], &sched[1], &sched[2],
-			 &ivec,
-			 DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-SHA1_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-    SHA_CTX m;
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data, len);
-    SHA1_Final(C->checksum.data, &m);
-}
-
-/* HMAC according to RFC2104 */
-static krb5_error_code
-hmac(krb5_context context,
-     struct checksum_type *cm, 
-     const void *data, 
-     size_t len, 
-     unsigned usage,
-     struct key_data *keyblock,
-     Checksum *result)
-{
-    unsigned char *ipad, *opad;
-    unsigned char *key;
-    size_t key_len;
-    int i;
-    
-    ipad = malloc(cm->blocksize + len);
-    if (ipad == NULL)
-	return ENOMEM;
-    opad = malloc(cm->blocksize + cm->checksumsize);
-    if (opad == NULL) {
-	free(ipad);
-	return ENOMEM;
-    }
-    memset(ipad, 0x36, cm->blocksize);
-    memset(opad, 0x5c, cm->blocksize);
-
-    if(keyblock->key->keyvalue.length > cm->blocksize){
-	(*cm->checksum)(context, 
-			keyblock, 
-			keyblock->key->keyvalue.data, 
-			keyblock->key->keyvalue.length, 
-			usage,
-			result);
-	key = result->checksum.data;
-	key_len = result->checksum.length;
-    } else {
-	key = keyblock->key->keyvalue.data;
-	key_len = keyblock->key->keyvalue.length;
-    }
-    for(i = 0; i < key_len; i++){
-	ipad[i] ^= key[i];
-	opad[i] ^= key[i];
-    }
-    memcpy(ipad + cm->blocksize, data, len);
-    (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
-		    usage, result);
-    memcpy(opad + cm->blocksize, result->checksum.data, 
-	   result->checksum.length);
-    (*cm->checksum)(context, keyblock, opad, 
-		    cm->blocksize + cm->checksumsize, usage, result);
-    memset(ipad, 0, cm->blocksize + len);
-    free(ipad);
-    memset(opad, 0, cm->blocksize + cm->checksumsize);
-    free(opad);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_hmac(krb5_context context,
-	  krb5_cksumtype cktype,
-	  const void *data,
-	  size_t len,
-	  unsigned usage, 
-	  krb5_keyblock *key,
-	  Checksum *result)
-{
-    struct checksum_type *c = _find_checksum(cktype);
-    struct key_data kd;
-    krb5_error_code ret;
-
-    if (c == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cktype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    kd.key = key;
-    kd.schedule = NULL;
-
-    ret = hmac(context, c, data, len, usage, &kd, result);
-
-    if (kd.schedule)
-	krb5_free_data(context, kd.schedule);
-
-    return ret;
- }
-
-static void
-SP_HMAC_SHA1_checksum(krb5_context context,
-		      struct key_data *key, 
-		      const void *data, 
-		      size_t len, 
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
-    Checksum res;
-    char sha1_data[20];
-    krb5_error_code ret;
-
-    res.checksum.data = sha1_data;
-    res.checksum.length = sizeof(sha1_data);
-
-    ret = hmac(context, c, data, len, usage, key, &res);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
-}
-
-/*
- * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
- */
-
-static void
-HMAC_MD5_checksum(krb5_context context,
-		  struct key_data *key,
-		  const void *data,
-		  size_t len,
-		  unsigned usage,
-		  Checksum *result)
-{
-    MD5_CTX md5;
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    const char signature[] = "signaturekey";
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char tmp[16];
-    unsigned char ksign_c_data[16];
-    krb5_error_code ret;
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    MD5_Init (&md5);
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-    MD5_Update (&md5, t, 4);
-    MD5_Update (&md5, data, len);
-    MD5_Final (tmp, &md5);
-    ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-}
-
-/*
- * same as previous but being used while encrypting.
- */
-
-static void
-HMAC_MD5_checksum_enc(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char ksign_c_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    ret = hmac(context, c, data, len, 0, &ksign, result);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-}
-
-static struct checksum_type checksum_none = {
-    CKSUMTYPE_NONE, 
-    "none", 
-    1, 
-    0, 
-    0,
-    NONE_checksum, 
-    NULL
-};
-static struct checksum_type checksum_crc32 = {
-    CKSUMTYPE_CRC32,
-    "crc32",
-    1,
-    4,
-    0,
-    CRC32_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md4 = {
-    CKSUMTYPE_RSA_MD4,
-    "rsa-md4",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD4_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md4_des = {
-    CKSUMTYPE_RSA_MD4_DES,
-    "rsa-md4-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD4_DES_checksum,
-    RSA_MD4_DES_verify
-};
-#if 0
-static struct checksum_type checksum_des_mac = { 
-    CKSUMTYPE_DES_MAC,
-    "des-mac",
-    0,
-    0,
-    0,
-    DES_MAC_checksum
-};
-static struct checksum_type checksum_des_mac_k = {
-    CKSUMTYPE_DES_MAC_K,
-    "des-mac-k",
-    0,
-    0,
-    0,
-    DES_MAC_K_checksum
-};
-static struct checksum_type checksum_rsa_md4_des_k = {
-    CKSUMTYPE_RSA_MD4_DES_K, 
-    "rsa-md4-des-k", 
-    0, 
-    0, 
-    0, 
-    RSA_MD4_DES_K_checksum,
-    RSA_MD4_DES_K_verify
-};
-#endif
-static struct checksum_type checksum_rsa_md5 = {
-    CKSUMTYPE_RSA_MD5,
-    "rsa-md5",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD5_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md5_des = {
-    CKSUMTYPE_RSA_MD5_DES,
-    "rsa-md5-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES_checksum,
-    RSA_MD5_DES_verify
-};
-static struct checksum_type checksum_rsa_md5_des3 = {
-    CKSUMTYPE_RSA_MD5_DES3,
-    "rsa-md5-des3",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES3_checksum,
-    RSA_MD5_DES3_verify
-};
-static struct checksum_type checksum_sha1 = {
-    CKSUMTYPE_SHA1,
-    "sha1",
-    64,
-    20,
-    F_CPROOF,
-    SHA1_checksum,
-    NULL
-};
-static struct checksum_type checksum_hmac_sha1_des3 = {
-    CKSUMTYPE_HMAC_SHA1_DES3,
-    "hmac-sha1-des3",
-    64,
-    20,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_sha1_aes128 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_128,
-    "hmac-sha1-96-aes128",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_sha1_aes256 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_256,
-    "hmac-sha1-96-aes256",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_md5 = {
-    CKSUMTYPE_HMAC_MD5,
-    "hmac-md5",
-    64,
-    16,
-    F_KEYED | F_CPROOF,
-    HMAC_MD5_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_md5_enc = {
-    CKSUMTYPE_HMAC_MD5_ENC,
-    "hmac-md5-enc",
-    64,
-    16,
-    F_KEYED | F_CPROOF | F_PSEUDO,
-    HMAC_MD5_checksum_enc,
-    NULL
-};
-
-static struct checksum_type *checksum_types[] = {
-    &checksum_none,
-    &checksum_crc32,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-#if 0
-    &checksum_des_mac, 
-    &checksum_des_mac_k,
-    &checksum_rsa_md4_des_k,
-#endif
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    &checksum_rsa_md5_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    &checksum_hmac_sha1_aes128,
-    &checksum_hmac_sha1_aes256,
-    &checksum_hmac_md5,
-    &checksum_hmac_md5_enc
-};
-
-static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
-
-static struct checksum_type *
-_find_checksum(krb5_cksumtype type)
-{
-    int i;
-    for(i = 0; i < num_checksums; i++)
-	if(checksum_types[i]->type == type)
-	    return checksum_types[i];
-    return NULL;
-}
-
-static krb5_error_code
-get_checksum_key(krb5_context context, 
-		 krb5_crypto crypto,
-		 unsigned usage,  /* not krb5_key_usage */
-		 struct checksum_type *ct, 
-		 struct key_data **key)
-{
-    krb5_error_code ret = 0;
-
-    if(ct->flags & F_DERIVED)
-	ret = _get_derived_key(context, crypto, usage, key);
-    else if(ct->flags & F_VARIANT) {
-	int i;
-
-	*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
-	if(*key == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
-	if(ret) 
-	    return ret;
-	for(i = 0; i < (*key)->key->keyvalue.length; i++)
-	    ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0;
-    } else {
-	*key = &crypto->key; 
-    }
-    if(ret == 0)
-	ret = _key_schedule(context, *key);
-    return ret;
-}
-
-static krb5_error_code
-create_checksum (krb5_context context,
-		 struct checksum_type *ct,
-		 krb5_crypto crypto,
-		 unsigned usage,
-		 void *data,
-		 size_t len,
-		 Checksum *result)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-    
-    if (ct->flags & F_DISABLED) {
-	krb5_clear_error_string (context);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_set_error_string (context, "Checksum type %s is keyed "
-			       "but no crypto context (key) was passed in",
-			       ct->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum) {
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-	if (ret)
-	    return ret;
-    } else
-	dkey = NULL;
-    result->cksumtype = ct->type;
-    ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
-    if (ret)
-	return (ret);
-    (*ct->checksum)(context, dkey, data, len, usage, result);
-    return 0;
-}
-
-static int
-arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
-{
-    return (ct->type == CKSUMTYPE_HMAC_MD5) &&
-	(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_create_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage,
-		     int type,
-		     void *data,
-		     size_t len,
-		     Checksum *result)
-{
-    struct checksum_type *ct = NULL;
-    unsigned keyusage;
-
-    /* type 0 -> pick from crypto */
-    if (type) {
-	ct = _find_checksum(type);
-    } else if (crypto) {
-	ct = crypto->et->keyed_checksum;
-	if (ct == NULL)
-	    ct = crypto->et->checksum;
-    }
-
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    if (arcfour_checksum_p(ct, crypto)) {
-	keyusage = usage;
-	usage2arcfour(context, &keyusage);
-    } else
-	keyusage = CHECKSUM_USAGE(usage);
-
-    return create_checksum(context, ct, crypto, keyusage,
-			   data, len, result);
-}
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_crypto crypto,
-		unsigned usage, /* not krb5_key_usage */
-		void *data,
-		size_t len,
-		Checksum *cksum)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-    Checksum c;
-    struct checksum_type *ct;
-
-    ct = _find_checksum(cksum->cksumtype);
-    if (ct == NULL || (ct->flags & F_DISABLED)) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cksum->cksumtype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    if(ct->checksumsize != cksum->checksum.length) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
-    }
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_set_error_string (context, "Checksum type %s is keyed "
-			       "but no crypto context (key) was passed in",
-			       ct->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum)
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-    else
-	dkey = NULL;
-    if(ct->verify)
-	return (*ct->verify)(context, dkey, data, len, usage, cksum);
-
-    ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
-    if (ret)
-	return ret;
-
-    (*ct->checksum)(context, dkey, data, len, usage, &c);
-
-    if(c.checksum.length != cksum->checksum.length || 
-       memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	ret = 0;
-    }
-    krb5_data_free (&c.checksum);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage, 
-		     void *data,
-		     size_t len,
-		     Checksum *cksum)
-{
-    struct checksum_type *ct;
-    unsigned keyusage;
-
-    ct = _find_checksum(cksum->cksumtype);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cksum->cksumtype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    if (arcfour_checksum_p(ct, crypto)) {
-	keyusage = usage;
-	usage2arcfour(context, &keyusage);
-    } else
-	keyusage = CHECKSUM_USAGE(usage);
-
-    return verify_checksum(context, crypto, keyusage,
-			   data, len, cksum);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_get_checksum_type(krb5_context context,
-                              krb5_crypto crypto,
-			      krb5_cksumtype *type)
-{
-    struct checksum_type *ct = NULL;
-    
-    if (crypto != NULL) {
-        ct = crypto->et->keyed_checksum;
-        if (ct == NULL)
-            ct = crypto->et->checksum;
-    }
-    
-    if (ct == NULL) {
-	krb5_set_error_string (context, "checksum type not found");
-        return KRB5_PROG_SUMTYPE_NOSUPP;
-    }    
-
-    *type = ct->type;
-    
-    return 0;      
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksumsize(krb5_context context,
-		  krb5_cksumtype type,
-		  size_t *size)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    *size = ct->checksumsize;
-    return 0;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_keyed(krb5_context context,
-		       krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_KEYED;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_collision_proof(krb5_context context,
-				 krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_CPROOF;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksum_disable(krb5_context context,
-		      krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    ct->flags |= F_DISABLED;
-    return 0;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static krb5_error_code
-NULL_encrypt(krb5_context context,
-	     struct key_data *key, 
-	     void *data, 
-	     size_t len, 
-	     krb5_boolean encryptp,
-	     int usage,
-	     void *ivec)
-{
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_null_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encryptp,
-			  int usage,
-			  void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_key_ivec(krb5_context context,
-			 struct key_data *key, 
-			 void *data, 
-			 size_t len, 
-			 krb5_boolean encryptp,
-			 int usage,
-			 void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-    DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES3_CBC_encrypt(krb5_context context,
-		 struct key_data *key, 
-		 void *data, 
-		 size_t len, 
-		 krb5_boolean encryptp,
-		 int usage,
-		 void *ivec)
-{
-    DES_cblock local_ivec;
-    DES_key_schedule *s = key->schedule->data;
-    if(ivec == NULL) {
-	ivec = &local_ivec;
-	memset(local_ivec, 0, sizeof(local_ivec));
-    }
-    DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_CFB64_encrypt_null_ivec(krb5_context context,
-			    struct key_data *key, 
-			    void *data, 
-			    size_t len, 
-			    krb5_boolean encryptp,
-			    int usage,
-			    void *ignore_ivec)
-{
-    DES_cblock ivec;
-    int num = 0;
-    DES_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-
-    DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_PCBC_encrypt_key_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encryptp,
-			  int usage,
-			  void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-
-    DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-/*
- * AES draft-raeburn-krb-rijndael-krb-02
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
-		      size_t len, const AES_KEY *key,
-		      unsigned char *ivec, const int encryptp)
-{
-    unsigned char tmp[AES_BLOCK_SIZE];
-    int i;
-
-    /*
-     * In the framework of kerberos, the length can never be shorter
-     * then at least one blocksize.
-     */
-
-    if (encryptp) {
-
-	while(len > AES_BLOCK_SIZE) {
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		tmp[i] = in[i] ^ ivec[i];
-	    AES_encrypt(tmp, out, key);
-	    memcpy(ivec, out, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	for (i = 0; i < len; i++)
-	    tmp[i] = in[i] ^ ivec[i];
-	for (; i < AES_BLOCK_SIZE; i++)
-	    tmp[i] = 0 ^ ivec[i];
-
-	AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
-
-	memcpy(out, ivec, len);
-	memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
-    } else {
-	unsigned char tmp2[AES_BLOCK_SIZE];
-	unsigned char tmp3[AES_BLOCK_SIZE];
-
-	while(len > AES_BLOCK_SIZE * 2) {
-	    memcpy(tmp, in, AES_BLOCK_SIZE);
-	    AES_decrypt(in, out, key);
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		out[i] ^= ivec[i];
-	    memcpy(ivec, tmp, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	len -= AES_BLOCK_SIZE;
-
-	memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */
-	AES_decrypt(in, tmp2, key);
-
-	memcpy(tmp3, in + AES_BLOCK_SIZE, len);
-	memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */
-
-	for (i = 0; i < len; i++)
-	    out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i];
-
-	AES_decrypt(tmp3, out, key);
-	for (i = 0; i < AES_BLOCK_SIZE; i++)
-	    out[i] ^= ivec[i];
-	memcpy(ivec, tmp, AES_BLOCK_SIZE);
-    }
-}
-
-static krb5_error_code
-AES_CTS_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encryptp,
-		int usage,
-		void *ivec)
-{
-    struct krb5_aes_schedule *aeskey = key->schedule->data;
-    char local_ivec[AES_BLOCK_SIZE];
-    AES_KEY *k;
-
-    if (encryptp)
-	k = &aeskey->ekey;
-    else
-	k = &aeskey->dkey;
-    
-    if (len < AES_BLOCK_SIZE)
-	krb5_abortx(context, "invalid use of AES_CTS_encrypt");
-    if (len == AES_BLOCK_SIZE) {
-	if (encryptp)
-	    AES_encrypt(data, data, k);
-	else
-	    AES_decrypt(data, data, k);
-    } else {
-	if(ivec == NULL) {
-	    memset(local_ivec, 0, sizeof(local_ivec));
-	    ivec = local_ivec;
-	}
-	_krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
-    }
-
-    return 0;
-}
-
-/*
- * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
- *
- * warning: not for small children
- */
-
-static krb5_error_code
-ARCFOUR_subencrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   unsigned usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = data;
-
-    ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-    return 0;
-}
-
-static krb5_error_code
-ARCFOUR_subdecrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   unsigned usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-    unsigned char cksum_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = cksum_data;
-
-    ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-
-    if (memcmp (cksum.checksum.data, data, 16) != 0) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * convert the usage numbers used in
- * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
- * draft-brezak-win2k-krb-rc4-hmac-04.txt
- */
-
-static krb5_error_code
-usage2arcfour (krb5_context context, unsigned *usage)
-{
-    switch (*usage) {
-    case KRB5_KU_AS_REP_ENC_PART : /* 3 */
-    case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
-	*usage = 8;
-	return 0;
-    case KRB5_KU_USAGE_SEAL :  /* 22 */
-	*usage = 13;
-	return 0;
-    case KRB5_KU_USAGE_SIGN : /* 23 */
-        *usage = 15;
-        return 0;
-    case KRB5_KU_USAGE_SEQ: /* 24 */
-	*usage = 0;
-	return 0;
-    default :
-	return 0;
-    }
-}
-
-static krb5_error_code
-ARCFOUR_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encryptp,
-		int usage,
-		void *ivec)
-{
-    krb5_error_code ret;
-    unsigned keyusage = usage;
-
-    if((ret = usage2arcfour (context, &keyusage)) != 0)
-	return ret;
-
-    if (encryptp)
-	return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec);
-    else
-	return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
-}
-
-
-/*
- *
- */
-
-static krb5_error_code
-AES_PRF(krb5_context context,
-	krb5_crypto crypto,
-	const krb5_data *in,
-	krb5_data *out)
-{
-    struct checksum_type *ct = crypto->et->checksum;
-    krb5_error_code ret;
-    Checksum result;
-    krb5_keyblock *derived;
-
-    result.cksumtype = ct->type;
-    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
-    if (ret) {
-	krb5_set_error_string(context, "out memory");
-	return ret;
-    }
-
-    (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
-
-    if (result.checksum.length < crypto->et->blocksize)
-	krb5_abortx(context, "internal prf error");
-
-    derived = NULL;
-    ret = krb5_derive_key(context, crypto->key.key, 
-			  crypto->et->type, "prf", 3, &derived);
-    if (ret)
-	krb5_abortx(context, "krb5_derive_key");
-
-    ret = krb5_data_alloc(out, crypto->et->blocksize);
-    if (ret)
-	krb5_abortx(context, "malloc failed");
-    
-    { 
-	AES_KEY key;
-
-	AES_set_encrypt_key(derived->keyvalue.data, 
-			    crypto->et->keytype->bits, &key);
-	AES_encrypt(result.checksum.data, out->data, &key);
-	memset(&key, 0, sizeof(key));
-    }
-
-    krb5_data_free(&result.checksum);
-    krb5_free_keyblock(context, derived);
-
-    return ret;
-}
-
-/*
- * these should currently be in reverse preference order.
- * (only relevant for !F_PSEUDO) */
-
-static struct encryption_type enctype_null = {
-    ETYPE_NULL,
-    "null",
-    NULL,
-    1,
-    1,
-    0,
-    &keytype_null,
-    &checksum_none,
-    NULL,
-    F_DISABLED,
-    NULL_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_crc = {
-    ETYPE_DES_CBC_CRC,
-    "des-cbc-crc",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_crc32,
-    NULL,
-    0,
-    DES_CBC_encrypt_key_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_md4 = {
-    ETYPE_DES_CBC_MD4,
-    "des-cbc-md4",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_md5 = {
-    ETYPE_DES_CBC_MD5,
-    "des-cbc-md5",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_arcfour_hmac_md5 = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    "arcfour-hmac-md5",
-    NULL,
-    1,
-    1,
-    8,
-    &keytype_arcfour,
-    &checksum_hmac_md5,
-    NULL,
-    F_SPECIAL,
-    ARCFOUR_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_md5 = { 
-    ETYPE_DES3_CBC_MD5,
-    "des3-cbc-md5",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des3,
-    0,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_sha1 = {
-    ETYPE_DES3_CBC_SHA1,
-    "des3-cbc-sha1",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3_derived,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    F_DERIVED,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_old_des3_cbc_sha1 = {
-    ETYPE_OLD_DES3_CBC_SHA1,
-    "old-des3-cbc-sha1",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    0,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
-    ETYPE_AES128_CTS_HMAC_SHA1_96,
-    "aes128-cts-hmac-sha1-96",
-    NULL,
-    16,
-    1,
-    16,
-    &keytype_aes128,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes128,
-    F_DERIVED,
-    AES_CTS_encrypt,
-    16,
-    AES_PRF
-};
-static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
-    ETYPE_AES256_CTS_HMAC_SHA1_96,
-    "aes256-cts-hmac-sha1-96",
-    NULL,
-    16,
-    1,
-    16,
-    &keytype_aes256,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes256,
-    F_DERIVED,
-    AES_CTS_encrypt,
-    16,
-    AES_PRF
-};
-static struct encryption_type enctype_des_cbc_none = {
-    ETYPE_DES_CBC_NONE,
-    "des-cbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cfb64_none = {
-    ETYPE_DES_CFB64_NONE,
-    "des-cfb64-none",
-    NULL,
-    1,
-    1,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CFB64_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_pcbc_none = {
-    ETYPE_DES_PCBC_NONE,
-    "des-pcbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_PCBC_encrypt_key_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_none = {
-    ETYPE_DES3_CBC_NONE,
-    "des3-cbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des3_derived,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-
-static struct encryption_type *etypes[] = {
-    &enctype_null,
-    &enctype_des_cbc_crc,
-    &enctype_des_cbc_md4,
-    &enctype_des_cbc_md5,
-    &enctype_arcfour_hmac_md5,
-    &enctype_des3_cbc_md5, 
-    &enctype_des3_cbc_sha1,
-    &enctype_old_des3_cbc_sha1,
-    &enctype_aes128_cts_hmac_sha1,
-    &enctype_aes256_cts_hmac_sha1,
-    &enctype_des_cbc_none,
-    &enctype_des_cfb64_none,
-    &enctype_des_pcbc_none,
-    &enctype_des3_cbc_none
-};
-
-static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
-
-
-static struct encryption_type *
-_find_enctype(krb5_enctype type)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(etypes[i]->type == type)
-	    return etypes[i];
-    return NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_string(krb5_context context,
-		       krb5_enctype etype,
-		       char **string)
-{
-    struct encryption_type *e;
-    e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	*string = NULL;
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *string = strdup(e->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_enctype(krb5_context context,
-		       const char *string,
-		       krb5_enctype *etype)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(strcasecmp(etypes[i]->name, string) == 0){
-	    *etype = etypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string (context, "encryption type %s not supported",
-			   string);
-    return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_enctype_to_oid(krb5_context context,
-		    krb5_enctype etype,
-		    heim_oid *oid)
-{
-    struct encryption_type *et = _find_enctype(etype);
-    if(et == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if(et->oid == NULL) {
-	krb5_set_error_string (context, "%s have not oid", et->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    krb5_clear_error_string(context);
-    return der_copy_oid(et->oid, oid);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_oid_to_enctype(krb5_context context,
-		     const heim_oid *oid,
-		     krb5_enctype *etype)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++) {
-	if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) {
-	    *etype = etypes[i]->type;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "enctype for oid not supported");
-    return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_keytype(krb5_context context,
-			krb5_enctype etype,
-			krb5_keytype *keytype)
-{
-    struct encryption_type *e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keytype = e->keytype->type; /* XXX */
-    return 0;
-}
-
-#if 0
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctype(krb5_context context,
-			krb5_keytype keytype,
-			krb5_enctype *etype)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype);
-    if(kt == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    *etype = kt->best_etype;
-    return 0;
-}
-#endif
-    
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes (krb5_context context,
-			  krb5_keytype keytype,
-			  unsigned *len,
-			  krb5_enctype **val)
-{
-    int i;
-    unsigned n = 0;
-    krb5_enctype *ret;
-
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ++n;
-    }
-    ret = malloc(n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    n = 0;
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ret[n++] = etypes[i]->type;
-    }
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-/*
- * First take the configured list of etypes for `keytype' if available,
- * else, do `krb5_keytype_to_enctypes'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes_default (krb5_context context,
-				  krb5_keytype keytype,
-				  unsigned *len,
-				  krb5_enctype **val)
-{
-    int i, n;
-    krb5_enctype *ret;
-
-    if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
-	return krb5_keytype_to_enctypes (context, keytype, len, val);
-
-    for (n = 0; context->etypes_des[n]; ++n)
-	;
-    ret = malloc (n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	ret[i] = context->etypes_des[i];
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_valid(krb5_context context, 
-		 krb5_enctype etype)
-{
-    struct encryption_type *e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if (e->flags & F_DISABLED) {
-	krb5_set_error_string (context, "encryption type %s is disabled",
-			       e->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cksumtype_valid(krb5_context context, 
-		     krb5_cksumtype ctype)
-{
-    struct checksum_type *c = _find_checksum(ctype);
-    if (c == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       ctype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    if (c->flags & F_DISABLED) {
-	krb5_set_error_string (context, "checksum type %s is disabled",
-			       c->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return 0;
-}
-
-
-/* if two enctypes have compatible keys */
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_enctypes_compatible_keys(krb5_context context,
-			      krb5_enctype etype1,
-			      krb5_enctype etype2)
-{
-    struct encryption_type *e1 = _find_enctype(etype1);
-    struct encryption_type *e2 = _find_enctype(etype2);
-    return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
-}
-
-static krb5_boolean
-derived_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_DERIVED) != 0;
-}
-
-static krb5_boolean
-special_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_SPECIAL) != 0;
-}
-
-#define CHECKSUMSIZE(C) ((C)->checksumsize)
-#define CHECKSUMTYPE(C) ((C)->type)
-
-static krb5_error_code
-encrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 const void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz, total_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-
-    sz = et->confoundersize + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    total_sz = block_sz + checksum_sz;
-    p = calloc(1, total_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memcpy(q, data, len);
-    
-    ret = create_checksum(context, 
-			  et->keyed_checksum,
-			  crypto, 
-			  INTEGRITY_USAGE(usage),
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	free_Checksum (&cksum);
-	krb5_clear_error_string (context);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum (&cksum);
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret)
-	goto fail;
-    ret = _key_schedule(context, dkey);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
-    if (ret)
-	goto fail;
-    result->data = p;
-    result->length = total_sz;
-    return 0;
- fail:
-    memset(p, 0, total_sz);
-    free(p);
-    return ret;
-}
-
-
-static krb5_error_code
-encrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 const void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    
-    sz = et->confoundersize + checksum_sz + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    p = calloc(1, block_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memset(q, 0, checksum_sz);
-    q += checksum_sz;
-    memcpy(q, data, len);
-
-    ret = create_checksum(context, 
-			  et->checksum,
-			  crypto,
-			  0,
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	krb5_clear_error_string (context);
-	free_Checksum(&cksum);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum(&cksum);
-    ret = _key_schedule(context, &crypto->key);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
-    if (ret) {
-	memset(p, 0, block_sz);
-	free(p);
-	return ret;
-    }
-    result->data = p;
-    result->length = block_sz;
-    return 0;
- fail:
-    memset(p, 0, block_sz);
-    free(p);
-    return ret;
-}
-
-static krb5_error_code
-encrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 const void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len + cksum_sz + et->confoundersize;
-    char *tmp, *p;
-    krb5_error_code ret;
-
-    tmp = malloc (sz);
-    if (tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    p = tmp;
-    memset (p, 0, cksum_sz);
-    p += cksum_sz;
-    krb5_generate_random_block(p, et->confoundersize);
-    p += et->confoundersize;
-    memcpy (p, data, len);
-    ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
-    if (ret) {
-	memset(tmp, 0, sz);
-	free(tmp);
-	return ret;
-    }
-    result->data   = tmp;
-    result->length = sz;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t checksum_sz;
-    Checksum cksum;
-    unsigned char *p;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    struct encryption_type *et = crypto->et;
-    unsigned long l;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-    if (len < checksum_sz + et->confoundersize) {
-	krb5_set_error_string(context, "Encrypted data shorter then "
-			      "checksum + confunder");
-	return KRB5_BAD_MSIZE;
-    }
-
-    if (((len - checksum_sz) % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-
-    len -= checksum_sz;
-
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    ret = _key_schedule(context, dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    cksum.checksum.data   = p + len;
-    cksum.checksum.length = checksum_sz;
-    cksum.cksumtype       = CHECKSUMTYPE(et->keyed_checksum);
-
-    ret = verify_checksum(context,
-			  crypto,
-			  INTEGRITY_USAGE(usage),
-			  p,
-			  len,
-			  &cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize;
-    memmove(p, p + et->confoundersize, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL && l != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    krb5_error_code ret;
-    unsigned char *p;
-    Checksum cksum;
-    size_t checksum_sz, l;
-    struct encryption_type *et = crypto->et;
-    
-    if ((len % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-    
-    ret = _key_schedule(context, &crypto->key);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-    ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
-    if(ret) {
- 	free(p);
- 	return ret;
-    }
-    memset(p + et->confoundersize, 0, checksum_sz);
-    cksum.cksumtype = CHECKSUMTYPE(et->checksum);
-    ret = verify_checksum(context, NULL, 0, p, len, &cksum);
-    free_Checksum(&cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize - checksum_sz;
-    memmove(p, p + et->confoundersize + checksum_sz, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL && l != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len - cksum_sz - et->confoundersize;
-    unsigned char *p;
-    krb5_error_code ret;
-
-    if ((len % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    p = malloc (len);
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-    
-    ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    memmove (p, p + cksum_sz + et->confoundersize, sz);
-    result->data = realloc(p, sz);
-    if(result->data == NULL && sz != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = sz;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  const void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return encrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto(context, crypto))
-	return encrypt_internal_special (context, crypto, usage,
-					 data, len, result, ivec);
-    else
-	return encrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     const void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   void *data,
-			   size_t len,
-			   int kvno,
-			   EncryptedData *result)
-{
-    result->etype = CRYPTO_ETYPE(crypto);
-    if(kvno){
-	ALLOC(result->kvno, 1);
-	*result->kvno = kvno;
-    }else
-	result->kvno = NULL;
-    return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return decrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto (context, crypto))
-	return decrypt_internal_special(context, crypto, usage,
-					data, len, result, ivec);
-    else
-	return decrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
-			      NULL);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   const EncryptedData *e,
-			   krb5_data *result)
-{
-    return krb5_decrypt(context, crypto, usage, 
-			e->cipher.data, e->cipher.length, result);
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-#define ENTROPY_NEEDED 128
-
-static int
-seed_something(void)
-{
-    char buf[1024], seedfile[256];
-
-    /* If there is a seed file, load it. But such a file cannot be trusted,
-       so use 0 for the entropy estimate */
-    if (RAND_file_name(seedfile, sizeof(seedfile))) {
-	int fd;
-	fd = open(seedfile, O_RDONLY);
-	if (fd >= 0) {
-	    ssize_t ret;
-	    ret = read(fd, buf, sizeof(buf));
-	    if (ret > 0)
-		RAND_add(buf, ret, 0.0);
-	    close(fd);
-	} else
-	    seedfile[0] = '\0';
-    } else
-	seedfile[0] = '\0';
-
-    /* Calling RAND_status() will try to use /dev/urandom if it exists so
-       we do not have to deal with it. */
-    if (RAND_status() != 1) {
-	krb5_context context;
-	const char *p;
-
-	/* Try using egd */
-	if (!krb5_init_context(&context)) {
-	    p = krb5_config_get_string(context, NULL, "libdefaults",
-		"egd_socket", NULL);
-	    if (p != NULL)
-		RAND_egd_bytes(p, ENTROPY_NEEDED);
-	    krb5_free_context(context);
-	}
-    }
-    
-    if (RAND_status() == 1)	{
-	/* Update the seed file */
-	if (seedfile[0])
-	    RAND_write_file(seedfile);
-
-	return 0;
-    } else
-	return -1;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_generate_random_block(void *buf, size_t len)
-{
-    static int rng_initialized = 0;
-    
-    HEIMDAL_MUTEX_lock(&crypto_mutex);
-    if (!rng_initialized) {
-	if (seed_something())
-	    krb5_abortx(NULL, "Fatal: could not seed the "
-			"random number generator");
-	
-	rng_initialized = 1;
-    }
-    HEIMDAL_MUTEX_unlock(&crypto_mutex);
-    if (RAND_bytes(buf, len) != 1)
-	krb5_abortx(NULL, "Failed to generate random block");
-}
-
-static void
-DES3_postproc(krb5_context context,
-	      unsigned char *k, size_t len, struct key_data *key)
-{
-    DES3_random_to_key(context, key->key, k, len);
-
-    if (key->schedule) {
-	krb5_free_data(context, key->schedule);
-	key->schedule = NULL;
-    }
-}
-
-static krb5_error_code
-derive_key(krb5_context context,
-	   struct encryption_type *et,
-	   struct key_data *key,
-	   const void *constant,
-	   size_t len)
-{
-    unsigned char *k;
-    unsigned int nblocks = 0, i;
-    krb5_error_code ret = 0;
-    struct key_type *kt = et->keytype;
-
-    ret = _key_schedule(context, key);
-    if(ret)
-	return ret;
-    if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
-	nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
-	k = malloc(nblocks * et->blocksize);
-	if(k == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = _krb5_n_fold(constant, len, k, et->blocksize);
-	if (ret) {
-	    free(k);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	for(i = 0; i < nblocks; i++) {
-	    if(i > 0)
-		memcpy(k + i * et->blocksize, 
-		       k + (i - 1) * et->blocksize,
-		       et->blocksize);
-	    (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
-			   1, 0, NULL);
-	}
-    } else {
-	/* this case is probably broken, but won't be run anyway */
-	void *c = malloc(len);
-	size_t res_len = (kt->bits + 7) / 8;
-
-	if(len != 0 && c == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy(c, constant, len);
-	(*et->encrypt)(context, key, c, len, 1, 0, NULL);
-	k = malloc(res_len);
-	if(res_len != 0 && k == NULL) {
-	    free(c);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = _krb5_n_fold(c, len, k, res_len);
-	if (ret) {
-	    free(k);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	free(c);
-    }
-    
-    /* XXX keytype dependent post-processing */
-    switch(kt->type) {
-    case KEYTYPE_DES3:
-	DES3_postproc(context, k, nblocks * et->blocksize, key);
-	break;
-    case KEYTYPE_AES128:
-    case KEYTYPE_AES256:
-	memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
-	break;
-    default:
-	krb5_set_error_string(context,
-			      "derive_key() called with unknown keytype (%u)", 
-			      kt->type);
-	ret = KRB5_CRYPTO_INTERNAL;
-	break;
-    }
-    if (key->schedule) {
-	krb5_free_data(context, key->schedule);
-	key->schedule = NULL;
-    }
-    memset(k, 0, nblocks * et->blocksize);
-    free(k);
-    return ret;
-}
-
-static struct key_data *
-_new_derived_key(krb5_crypto crypto, unsigned usage)
-{
-    struct key_usage *d = crypto->key_usage;
-    d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
-    if(d == NULL)
-	return NULL;
-    crypto->key_usage = d;
-    d += crypto->num_key_usage++;
-    memset(d, 0, sizeof(*d));
-    d->usage = usage;
-    return &d->key;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_derive_key(krb5_context context,
-		const krb5_keyblock *key,
-		krb5_enctype etype,
-		const void *constant,
-		size_t constant_len,
-		krb5_keyblock **derived_key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et;
-    struct key_data d;
-
-    *derived_key = NULL;
-
-    et = _find_enctype (etype);
-    if (et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    ret = krb5_copy_keyblock(context, key, &d.key);
-    if (ret)
-	return ret;
-
-    d.schedule = NULL;
-    ret = derive_key(context, et, &d, constant, constant_len);
-    if (ret == 0)
-	ret = krb5_copy_keyblock(context, d.key, derived_key);
-    free_key_data(context, &d);    
-    return ret;
-}
-
-static krb5_error_code
-_get_derived_key(krb5_context context, 
-		 krb5_crypto crypto, 
-		 unsigned usage, 
-		 struct key_data **key)
-{
-    int i;
-    struct key_data *d;
-    unsigned char constant[5];
-
-    for(i = 0; i < crypto->num_key_usage; i++)
-	if(crypto->key_usage[i].usage == usage) {
-	    *key = &crypto->key_usage[i].key;
-	    return 0;
-	}
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 5);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    *key = d;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_init(krb5_context context,
-		 const krb5_keyblock *key,
-		 krb5_enctype etype,
-		 krb5_crypto *crypto)
-{
-    krb5_error_code ret;
-    ALLOC(*crypto, 1);
-    if(*crypto == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(etype == ETYPE_NULL)
-	etype = key->keytype;
-    (*crypto)->et = _find_enctype(etype);
-    if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
-	free(*crypto);
-	*crypto = NULL;
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if((*crypto)->et->keytype->size != key->keyvalue.length) {
-	free(*crypto);
-	*crypto = NULL;
-	krb5_set_error_string (context, "encryption key has bad length");
-	return KRB5_BAD_KEYSIZE;
-    }
-    ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
-    if(ret) {
-	free(*crypto);
-	*crypto = NULL;
-	return ret;
-    }
-    (*crypto)->key.schedule = NULL;
-    (*crypto)->num_key_usage = 0;
-    (*crypto)->key_usage = NULL;
-    return 0;
-}
-
-static void
-free_key_data(krb5_context context, struct key_data *key)
-{
-    krb5_free_keyblock(context, key->key);
-    if(key->schedule) {
-	memset(key->schedule->data, 0, key->schedule->length);
-	krb5_free_data(context, key->schedule);
-    }
-}
-
-static void
-free_key_usage(krb5_context context, struct key_usage *ku)
-{
-    free_key_data(context, &ku->key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_destroy(krb5_context context,
-		    krb5_crypto crypto)
-{
-    int i;
-    
-    for(i = 0; i < crypto->num_key_usage; i++)
-	free_key_usage(context, &crypto->key_usage[i]);
-    free(crypto->key_usage);
-    free_key_data(context, &crypto->key);
-    free (crypto);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getblocksize(krb5_context context,
-			 krb5_crypto crypto,
-			 size_t *blocksize)
-{
-    *blocksize = crypto->et->blocksize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getenctype(krb5_context context,
-		       krb5_crypto crypto,
-		       krb5_enctype *enctype)
-{
-    *enctype = crypto->et->type;
-     return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getpadsize(krb5_context context,
-                       krb5_crypto crypto,
-                       size_t *padsize)      
-{
-    *padsize = crypto->et->padsize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getconfoundersize(krb5_context context,
-                              krb5_crypto crypto,
-                              size_t *confoundersize)
-{
-    *confoundersize = crypto->et->confoundersize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_disable(krb5_context context,
-		     krb5_enctype enctype)
-{
-    struct encryption_type *et = _find_enctype(enctype);
-    if(et == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "encryption type %d not supported",
-				   enctype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    et->flags |= F_DISABLED;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_derived(krb5_context context,
-			   const void *str,
-			   size_t len,
-			   krb5_enctype etype,
-			   krb5_keyblock *key)
-{
-    struct encryption_type *et = _find_enctype(etype);
-    krb5_error_code ret;
-    struct key_data kd;
-    size_t keylen;
-    u_char *tmp;
-
-    if(et == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    keylen = et->keytype->bits / 8;
-
-    ALLOC(kd.key, 1);
-    if(kd.key == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
-    if(ret) {
-	free(kd.key);
-	return ret;
-    }
-    kd.key->keytype = etype;
-    tmp = malloc (keylen);
-    if(tmp == NULL) {
-	krb5_free_keyblock(context, kd.key);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = _krb5_n_fold(str, len, tmp, keylen);
-    if (ret) {
-	free(tmp);
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-    kd.schedule = NULL;
-    DES3_postproc (context, tmp, keylen, &kd); /* XXX */
-    memset(tmp, 0, keylen);
-    free(tmp);
-    ret = derive_key(context, 
-		     et,
-		     &kd,
-		     "kerberos", /* XXX well known constant */
-		     strlen("kerberos"));
-    ret = krb5_copy_keyblock_contents(context, kd.key, key);
-    free_key_data(context, &kd);
-    return ret;
-}
-
-static size_t
-wrapped_length (krb5_context context,
-		krb5_crypto  crypto,
-		size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t checksumsize = CHECKSUMSIZE(et->checksum);
-    size_t res;
-
-    res =  et->confoundersize + checksumsize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    return res;
-}
-
-static size_t
-wrapped_length_dervied (krb5_context context,
-			krb5_crypto  crypto,
-			size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t res;
-
-    res =  et->confoundersize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    if (et->keyed_checksum)
-	res += et->keyed_checksum->checksumsize;
-    else
-	res += et->checksum->checksumsize;
-    return res;
-}
-
-/*
- * Return the size of an encrypted packet of length `data_len'
- */
-
-size_t
-krb5_get_wrapped_length (krb5_context context,
-			 krb5_crypto  crypto,
-			 size_t       data_len)
-{
-    if (derived_crypto (context, crypto))
-	return wrapped_length_dervied (context, crypto, data_len);
-    else
-	return wrapped_length (context, crypto, data_len);
-}
-
-/*
- * Return the size of an encrypted packet of length `data_len'
- */
-
-static size_t
-crypto_overhead (krb5_context context,
-		 krb5_crypto  crypto)
-{
-    struct encryption_type *et = crypto->et;
-    size_t res;
-
-    res = CHECKSUMSIZE(et->checksum);
-    res += et->confoundersize;
-    if (et->padsize > 1)
-	res += et->padsize;
-    return res;
-}
-
-static size_t
-crypto_overhead_dervied (krb5_context context,
-			 krb5_crypto  crypto)
-{
-    struct encryption_type *et = crypto->et;
-    size_t res;
-
-    if (et->keyed_checksum)
-	res = CHECKSUMSIZE(et->keyed_checksum);
-    else
-	res = CHECKSUMSIZE(et->checksum);
-    res += et->confoundersize;
-    if (et->padsize > 1)
-	res += et->padsize;
-    return res;
-}
-
-size_t
-krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
-{
-    if (derived_crypto (context, crypto))
-	return crypto_overhead_dervied (context, crypto);
-    else
-	return crypto_overhead (context, crypto);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_random_to_key(krb5_context context,
-		   krb5_enctype type,
-		   const void *data,
-		   size_t size,
-		   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if ((et->keytype->bits + 7) / 8 > size) {
-	krb5_set_error_string(context, "encryption key %s needs %d bytes "
-			      "of random to make an encryption key out of it",
-			      et->name, (int)et->keytype->size);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
-    if(ret) 
-	return ret;
-    key->keytype = type;
-    if (et->keytype->random_to_key)
- 	(*et->keytype->random_to_key)(context, key, data, size);
-    else
-	memcpy(key->keyvalue.data, data, et->keytype->size);
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_pk_octetstring2key(krb5_context context,
-			 krb5_enctype type,
-			 const void *dhdata,
-			 size_t dhsize,
-			 const heim_octet_string *c_n,
-			 const heim_octet_string *k_n,
-			 krb5_keyblock *key)
-{
-    struct encryption_type *et = _find_enctype(type);
-    krb5_error_code ret;
-    size_t keylen, offset;
-    void *keydata;
-    unsigned char counter;
-    unsigned char shaoutput[20];
-
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    keylen = (et->keytype->bits + 7) / 8;
-
-    keydata = malloc(keylen);
-    if (keydata == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    counter = 0;
-    offset = 0;
-    do {
-	SHA_CTX m;
-	
-	SHA1_Init(&m);
-	SHA1_Update(&m, &counter, 1);
-	SHA1_Update(&m, dhdata, dhsize);
-	if (c_n)
-	    SHA1_Update(&m, c_n->data, c_n->length);
-	if (k_n)
-	    SHA1_Update(&m, k_n->data, k_n->length);
-	SHA1_Final(shaoutput, &m);
-
-	memcpy((unsigned char *)keydata + offset,
-	       shaoutput,
-	       min(keylen - offset, sizeof(shaoutput)));
-
-	offset += sizeof(shaoutput);
-	counter++;
-    } while(offset < keylen);
-    memset(shaoutput, 0, sizeof(shaoutput));
-
-    ret = krb5_random_to_key(context, type, keydata, keylen, key);
-    memset(keydata, 0, sizeof(keylen));
-    free(keydata);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf_length(krb5_context context,
-		       krb5_enctype type,
-		       size_t *length)
-{
-    struct encryption_type *et = _find_enctype(type);
-
-    if(et == NULL || et->prf_length == 0) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    *length = et->prf_length;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf(krb5_context context,
-		const krb5_crypto crypto,
-		const krb5_data *input, 
-		krb5_data *output)
-{
-    struct encryption_type *et = crypto->et;
-
-    krb5_data_zero(output);
-
-    if(et->prf == NULL) {
-	krb5_set_error_string(context, "kerberos prf for %s not supported",
-			      et->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    return (*et->prf)(context, crypto, input, output);
-}
-	
-
-
-
-#ifdef CRYPTO_DEBUG
-
-static krb5_error_code
-krb5_get_keyid(krb5_context context,
-	       krb5_keyblock *key,
-	       uint32_t *keyid)
-{
-    MD5_CTX md5;
-    unsigned char tmp[16];
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
-    MD5_Final (tmp, &md5);
-    *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
-    return 0;
-}
-
-static void
-krb5_crypto_debug(krb5_context context,
-		  int encryptp,
-		  size_t len,
-		  krb5_keyblock *key)
-{
-    uint32_t keyid;
-    char *kt;
-    krb5_get_keyid(context, key, &keyid);
-    krb5_enctype_to_string(context, key->keytype, &kt);
-    krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", 
-	       encryptp ? "encrypting" : "decrypting",
-	       (unsigned long)len,
-	       keyid,
-	       kt);
-    free(kt);
-}
-
-#endif /* CRYPTO_DEBUG */
-
-#if 0
-int
-main()
-{
-#if 0
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    char constant[4];
-    unsigned usage = ENCRYPTION_USAGE(3);
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
-	"\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
-	"\xc8\xdf\xab\x26\x86\x64\x15\x25";
-    key.keyvalue.length = 24;
-
-    krb5_crypto_init(context, &key, 0, &crypto);
-
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL)
-	krb5_errx(context, 1, "_new_derived_key failed");
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 4);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    return 0;
-#else
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    Checksum res;
-
-    char *data = "what do ya want for nothing?";
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "Jefe";
-    /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-       "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
-    key.keyvalue.length = 4;
-
-    d = ecalloc(1, sizeof(*d));
-    d->key = &key;
-    res.checksum.length = 20;
-    res.checksum.data = emalloc(res.checksum.length);
-    SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
-
-    return 0;
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c
deleted file mode 100644
index eda1a8b..0000000
--- a/crypto/heimdal/lib/krb5/data.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $");
-
-/**
- * Reset the (potentially uninitalized) krb5_data structure.
- *
- * @param p krb5_data to reset.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_data_zero(krb5_data *p)
-{
-    p->length = 0;
-    p->data   = NULL;
-}
-
-/**
- * Free the content of krb5_data structure, its ok to free a zeroed
- * structure. When done, the structure will be zeroed.
- * 
- * @param p krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_data_free(krb5_data *p)
-{
-    if(p->data != NULL)
-	free(p->data);
-    krb5_data_zero(p);
-}
-
-/**
- * Same as krb5_data_free().
- * 
- * @param context Kerberos 5 context.
- * @param data krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION 
-krb5_free_data_contents(krb5_context context, krb5_data *data)
-{
-    krb5_data_free(data);
-}
-
-/**
- * Free krb5_data (and its content).
- * 
- * @param context Kerberos 5 context.
- * @param p krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_free_data(krb5_context context,
-	       krb5_data *p)
-{
-    krb5_data_free(p);
-    free(p);
-}
-
-/**
- * Allocate data of and krb5_data.
- * 
- * @param p krb5_data to free.
- * @param len size to allocate.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_alloc(krb5_data *p, int len)
-{
-    p->data = malloc(len);
-    if(len && p->data == NULL)
-	return ENOMEM;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Grow (or shrink) the content of krb5_data to a new size.
- * 
- * @param p krb5_data to free.
- * @param len new size.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_realloc(krb5_data *p, int len)
-{
-    void *tmp;
-    tmp = realloc(p->data, len);
-    if(len && !tmp)
-	return ENOMEM;
-    p->data = tmp;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Copy the data of len into the krb5_data.
- * 
- * @param p krb5_data to copy into.
- * @param data data to copy..
- * @param len new size.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_copy(krb5_data *p, const void *data, size_t len)
-{
-    if (len) {
-	if(krb5_data_alloc(p, len))
-	    return ENOMEM;
-	memmove(p->data, data, len);
-    } else
-	p->data = NULL;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Copy the data into a newly allocated krb5_data.
- * 
- * @param context Kerberos 5 context.
- * @param indata the krb5_data data to copy
- * @param outdata new krb5_date to copy too. Free with krb5_free_data().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_data(krb5_context context, 
-	       const krb5_data *indata, 
-	       krb5_data **outdata)
-{
-    krb5_error_code ret;
-    ALLOC(*outdata, 1);
-    if(*outdata == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = der_copy_octet_string(indata, *outdata);
-    if(ret) {
-	krb5_clear_error_string (context);
-	free(*outdata);
-	*outdata = NULL;
-    }
-    return ret;
-}
-
-/**
- * Compare to data.
- * 
- * @param data1 krb5_data to compare
- * @param data2 krb5_data to compare
- *
- * @return return the same way as memcmp(), useful when sorting.
- *
- * @ingroup krb5
- */
-
-int KRB5_LIB_FUNCTION
-krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
-{
-    if (data1->length != data2->length)
-	return data1->length - data2->length;
-    return memcmp(data1->data, data2->data, data1->length);
-}
diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c
deleted file mode 100644
index debadb8..0000000
--- a/crypto/heimdal/lib/krb5/derived-key-test.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: derived-key-test.c 16342 2005-12-02 14:14:43Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    krb5_enctype enctype;
-    unsigned char constant[MAXSIZE];
-    size_t constant_len;
-    unsigned char key[MAXSIZE];
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-    {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
-    {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
-     {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
-     {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
-     {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
-     {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
-     {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
-    {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
-     {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
-     {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
-     {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
-     {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
-     {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
-     {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
-    {0}
-};
-
-int KRB5_LIB_FUNCTION
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (t = tests; t->enctype != 0; ++t) {
-	krb5_keyblock key;
-	krb5_keyblock *dkey;
-
-	key.keytype = KEYTYPE_DES3;
-	key.keyvalue.length = MAXSIZE;
-	key.keyvalue.data   = t->key;
-
-	ret = krb5_derive_key(context, &key, t->enctype, t->constant,
-			      t->constant_len, &dkey);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_derive_key");
-	if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
-	    const unsigned char *p = dkey->keyvalue.data;
-	    int i;
-
-	    printf ("derive_key failed\n");
-	    printf ("should be: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-	krb5_free_keyblock(context, dkey);
-    }
-    krb5_free_context(context);
-
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/digest.c b/crypto/heimdal/lib/krb5/digest.c
deleted file mode 100644
index 6e612ed..0000000
--- a/crypto/heimdal/lib/krb5/digest.c
+++ /dev/null
@@ -1,1199 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: digest.c 22156 2007-12-04 20:02:49Z lha $");
-#include "digest_asn1.h"
-
-struct krb5_digest_data {
-    char *cbtype;
-    char *cbbinding;
-
-    DigestInit init;
-    DigestInitReply initReply;
-    DigestRequest request;
-    DigestResponse response;
-};
-
-krb5_error_code
-krb5_digest_alloc(krb5_context context, krb5_digest *digest)
-{
-    krb5_digest d;
-
-    d = calloc(1, sizeof(*d));
-    if (d == NULL) {
-	*digest = NULL;
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest = d;
-
-    return 0;
-}
-
-void
-krb5_digest_free(krb5_digest digest)
-{
-    if (digest == NULL)
-	return;
-    free_DigestInit(&digest->init);
-    free_DigestInitReply(&digest->initReply);
-    free_DigestRequest(&digest->request);
-    free_DigestResponse(&digest->response);
-    memset(digest, 0, sizeof(*digest));
-    free(digest);
-    return;
-}
-
-krb5_error_code
-krb5_digest_set_server_cb(krb5_context context,
-			  krb5_digest digest,
-			  const char *type,
-			  const char *binding)
-{
-    if (digest->init.channel) {
-	krb5_set_error_string(context, "server channel binding already set");
-	return EINVAL;
-    }
-    digest->init.channel = calloc(1, sizeof(*digest->init.channel));
-    if (digest->init.channel == NULL)
-	goto error;
-
-    digest->init.channel->cb_type = strdup(type);
-    if (digest->init.channel->cb_type == NULL)
-	goto error;
-
-    digest->init.channel->cb_binding = strdup(binding);
-    if (digest->init.channel->cb_binding == NULL) 
-	goto error;
-    return 0;
-error:
-    if (digest->init.channel) {
-	free(digest->init.channel->cb_type);
-	free(digest->init.channel->cb_binding);
-	free(digest->init.channel);
-	digest->init.channel = NULL;
-    }
-    krb5_set_error_string(context, "out of memory");
-    return ENOMEM;
-}
-
-krb5_error_code
-krb5_digest_set_type(krb5_context context,
-		     krb5_digest digest,
-		     const char *type)
-{
-    if (digest->init.type) {
-	krb5_set_error_string(context, "client type already set");
-	return EINVAL;
-    }
-    digest->init.type = strdup(type);
-    if (digest->init.type == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_hostname(krb5_context context,
-			 krb5_digest digest,
-			 const char *hostname)
-{
-    if (digest->init.hostname) {
-	krb5_set_error_string(context, "server hostname already set");
-	return EINVAL;
-    }
-    digest->init.hostname = malloc(sizeof(*digest->init.hostname));
-    if (digest->init.hostname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->init.hostname = strdup(hostname);
-    if (*digest->init.hostname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->init.hostname);
-	digest->init.hostname = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_server_nonce(krb5_context context,
-			     krb5_digest digest)
-{
-    return digest->initReply.nonce;
-}
-
-krb5_error_code
-krb5_digest_set_server_nonce(krb5_context context,
-			     krb5_digest digest,
-			     const char *nonce)
-{
-    if (digest->request.serverNonce) {
-	krb5_set_error_string(context, "nonce already set");
-	return EINVAL;
-    }
-    digest->request.serverNonce = strdup(nonce);
-    if (digest->request.serverNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_opaque(krb5_context context,
-		       krb5_digest digest)
-{
-    return digest->initReply.opaque;
-}
-
-krb5_error_code
-krb5_digest_set_opaque(krb5_context context,
-		       krb5_digest digest,
-		       const char *opaque)
-{
-    if (digest->request.opaque) {
-	krb5_set_error_string(context, "opaque already set");
-	return EINVAL;
-    }
-    digest->request.opaque = strdup(opaque);
-    if (digest->request.opaque == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_identifier(krb5_context context,
-			   krb5_digest digest)
-{
-    if (digest->initReply.identifier == NULL)
-	return NULL;
-    return *digest->initReply.identifier;
-}
-
-krb5_error_code
-krb5_digest_set_identifier(krb5_context context,
-			   krb5_digest digest,
-			   const char *id)
-{
-    if (digest->request.identifier) {
-	krb5_set_error_string(context, "identifier already set");
-	return EINVAL;
-    }
-    digest->request.identifier = calloc(1, sizeof(*digest->request.identifier));
-    if (digest->request.identifier == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.identifier = strdup(id);
-    if (*digest->request.identifier == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.identifier);
-	digest->request.identifier = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-static krb5_error_code
-digest_request(krb5_context context,
-	       krb5_realm realm,
-	       krb5_ccache ccache,
-	       krb5_key_usage usage,
-	       const DigestReqInner *ireq,
-	       DigestRepInner *irep)
-{
-    DigestREQ req;
-    DigestREP rep;
-    krb5_error_code ret;
-    krb5_data data, data2;
-    size_t size;
-    krb5_crypto crypto = NULL;
-    krb5_auth_context ac = NULL;
-    krb5_principal principal = NULL;
-    krb5_ccache id = NULL;
-    krb5_realm r = NULL;
-
-    krb5_data_zero(&data);
-    krb5_data_zero(&data2);
-    memset(&req, 0, sizeof(req));
-    memset(&rep, 0, sizeof(rep));
-
-    if (ccache == NULL) {
-	ret = krb5_cc_default(context, &id);
-	if (ret)
-	    goto out;
-    } else
-	id = ccache;
-
-    if (realm == NULL) {
-	ret = krb5_get_default_realm(context, &r);
-	if (ret)
-	    goto out;
-    } else
-	r = realm;
-
-    /*
-     *
-     */
-
-    ret = krb5_make_principal(context, &principal, 
-			      r, KRB5_DIGEST_NAME, r, NULL);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(DigestReqInner, data.data, data.length,
-		       ireq, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "Failed to encode digest inner request");
-	goto out;
-    }
-    if (size != data.length)
-	krb5_abortx(context, "ASN.1 internal encoder error");
-
-    ret = krb5_mk_req_exact(context, &ac, 
-			    AP_OPTS_USE_SUBKEY|AP_OPTS_MUTUAL_REQUIRED,
-			    principal, NULL, id, &req.apReq);
-    if (ret)
-	goto out;
-
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-	if (key == NULL) {
-	    krb5_set_error_string(context, "Digest failed to get local subkey");
-	    ret = EINVAL;
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, crypto, usage,
-				     data.data, data.length, 0, 
-				     &req.innerReq);
-    if (ret)
-	goto out;
-
-    krb5_data_free(&data);
-
-    ASN1_MALLOC_ENCODE(DigestREQ, data.data, data.length,
-		       &req, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode DigestREQest");
-	goto out;
-    }
-    if (size != data.length)
-	krb5_abortx(context, "ASN.1 internal encoder error");
-
-    ret = krb5_sendto_kdc(context, &data, &r, &data2);
-    if (ret)
-	goto out;
-
-    ret = decode_DigestREP(data2.data, data2.length, &rep, NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to parse digest response");
-	goto out;
-    }
-
-    {
-	krb5_ap_rep_enc_part *repl;
-
-	ret = krb5_rd_rep(context, ac, &rep.apRep, &repl);
-	if (ret)
-	    goto out;
-
-	krb5_free_ap_rep_enc_part(context, repl);
-    }
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getremotesubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-	if (key == NULL) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, 
-				  "Digest reply have no remote subkey");
-	    goto out;
-	}
-
-	krb5_crypto_destroy(context, crypto);
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    krb5_data_free(&data);
-    ret = krb5_decrypt_EncryptedData(context, crypto, usage,
-				     &rep.innerRep, &data);
-    if (ret)
-	goto out;
-    
-    ret = decode_DigestRepInner(data.data, data.length, irep, NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to decode digest inner reply");
-	goto out;
-    }
-
-out:
-    if (ccache == NULL && id)
-	krb5_cc_close(context, id);
-    if (realm == NULL && r)
-	free(r);
-    if (crypto)
-	krb5_crypto_destroy(context, crypto);
-    if (ac)
-	krb5_auth_con_free(context, ac);
-    if (principal)
-	krb5_free_principal(context, principal);
-
-    krb5_data_free(&data);
-    krb5_data_free(&data2);
-
-    free_DigestREQ(&req);
-    free_DigestREP(&rep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_digest_init_request(krb5_context context,
-			 krb5_digest digest,
-			 krb5_realm realm,
-			 krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    if (digest->init.type == NULL) {
-	krb5_set_error_string(context, "Type missing from init req");
-	return EINVAL;
-    }
-
-    ireq.element = choice_DigestReqInner_init;
-    ireq.u.init = digest->init;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest init error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_initReply) {
-	krb5_set_error_string(context, "digest reply not an initReply");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_DigestInitReply(&irep.u.initReply, &digest->initReply);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-
-krb5_error_code
-krb5_digest_set_client_nonce(krb5_context context,
-			     krb5_digest digest,
-			     const char *nonce)
-{
-    if (digest->request.clientNonce) {
-	krb5_set_error_string(context, "clientNonce already set");
-	return EINVAL;
-    }
-    digest->request.clientNonce = 
-	calloc(1, sizeof(*digest->request.clientNonce));
-    if (digest->request.clientNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.clientNonce = strdup(nonce);
-    if (*digest->request.clientNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.clientNonce);
-	digest->request.clientNonce = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_digest(krb5_context context,
-		       krb5_digest digest,
-		       const char *dgst)
-{
-    if (digest->request.digest) {
-	krb5_set_error_string(context, "digest already set");
-	return EINVAL;
-    }
-    digest->request.digest = strdup(dgst);
-    if (digest->request.digest == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_username(krb5_context context,
-			 krb5_digest digest,
-			 const char *username)
-{
-    if (digest->request.username) {
-	krb5_set_error_string(context, "username already set");
-	return EINVAL;
-    }
-    digest->request.username = strdup(username);
-    if (digest->request.username == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_authid(krb5_context context,
-		       krb5_digest digest,
-		       const char *authid)
-{
-    if (digest->request.authid) {
-	krb5_set_error_string(context, "authid already set");
-	return EINVAL;
-    }
-    digest->request.authid = malloc(sizeof(*digest->request.authid));
-    if (digest->request.authid == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.authid = strdup(authid);
-    if (*digest->request.authid == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.authid);
-	digest->request.authid = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_authentication_user(krb5_context context,
-				    krb5_digest digest,
-				    krb5_principal authentication_user)
-{
-    krb5_error_code ret;
-
-    if (digest->request.authentication_user) {
-	krb5_set_error_string(context, "authentication_user already set");
-	return EINVAL;
-    }
-    ret = krb5_copy_principal(context,
-			      authentication_user,
-			      &digest->request.authentication_user);
-    if (digest->request.authentication_user == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_realm(krb5_context context,
-		      krb5_digest digest,
-		      const char *realm)
-{
-    if (digest->request.realm) {
-	krb5_set_error_string(context, "realm already set");
-	return EINVAL;
-    }
-    digest->request.realm = malloc(sizeof(*digest->request.realm));
-    if (digest->request.realm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.realm = strdup(realm);
-    if (*digest->request.realm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.realm);
-	digest->request.realm = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_method(krb5_context context,
-		       krb5_digest digest,
-		       const char *method)
-{
-    if (digest->request.method) {
-	krb5_set_error_string(context, "method already set");
-	return EINVAL;
-    }
-    digest->request.method = malloc(sizeof(*digest->request.method));
-    if (digest->request.method == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.method = strdup(method);
-    if (*digest->request.method == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.method);
-	digest->request.method = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_uri(krb5_context context,
-		    krb5_digest digest,
-		    const char *uri)
-{
-    if (digest->request.uri) {
-	krb5_set_error_string(context, "uri already set");
-	return EINVAL;
-    }
-    digest->request.uri = malloc(sizeof(*digest->request.uri));
-    if (digest->request.uri == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.uri = strdup(uri);
-    if (*digest->request.uri == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.uri);
-	digest->request.uri = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_nonceCount(krb5_context context,
-			   krb5_digest digest,
-			   const char *nonce_count)
-{
-    if (digest->request.nonceCount) {
-	krb5_set_error_string(context, "nonceCount already set");
-	return EINVAL;
-    }
-    digest->request.nonceCount = 
-	malloc(sizeof(*digest->request.nonceCount));
-    if (digest->request.nonceCount == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.nonceCount = strdup(nonce_count);
-    if (*digest->request.nonceCount == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.nonceCount);
-	digest->request.nonceCount = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_qop(krb5_context context,
-		    krb5_digest digest,
-		    const char *qop)
-{
-    if (digest->request.qop) {
-	krb5_set_error_string(context, "qop already set");
-	return EINVAL;
-    }
-    digest->request.qop = malloc(sizeof(*digest->request.qop));
-    if (digest->request.qop == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.qop = strdup(qop);
-    if (*digest->request.qop == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.qop);
-	digest->request.qop = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-int
-krb5_digest_set_responseData(krb5_context context,
-			     krb5_digest digest,
-			     const char *response)
-{
-    digest->request.responseData = strdup(response);
-    if (digest->request.responseData == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_request(krb5_context context,
-		    krb5_digest digest,
-		    krb5_realm realm,
-		    krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_digestRequest;
-    ireq.u.digestRequest = digest->request;
-
-    if (digest->request.type == NULL) {
-	if (digest->init.type == NULL) {
-	    krb5_set_error_string(context, "Type missing from req");
-	    return EINVAL;
-	}
-	ireq.u.digestRequest.type = digest->init.type;
-    }
-
-    if (ireq.u.digestRequest.digest == NULL)
-	ireq.u.digestRequest.digest = "md5";
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	return ret;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest response error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_response) {
-	krb5_set_error_string(context, "digest reply not an DigestResponse");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_DigestResponse(&irep.u.response, &digest->response);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_boolean
-krb5_digest_rep_get_status(krb5_context context, 
-			   krb5_digest digest)
-{
-    return digest->response.success ? TRUE : FALSE;
-}
-
-const char *
-krb5_digest_get_rsp(krb5_context context,
-		    krb5_digest digest)
-{
-    if (digest->response.rsp == NULL)
-	return NULL;
-    return *digest->response.rsp;
-}
-
-krb5_error_code
-krb5_digest_get_tickets(krb5_context context,
-			krb5_digest digest,
-			Ticket **tickets)
-{
-    *tickets = NULL;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_digest_get_client_binding(krb5_context context,
-			       krb5_digest digest,
-			       char **type,
-			       char **binding)
-{
-    if (digest->response.channel) {
-	*type = strdup(digest->response.channel->cb_type);
-	*binding = strdup(digest->response.channel->cb_binding);
-	if (*type == NULL || *binding == NULL) {
-	    free(*type);
-	    free(*binding);
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-    } else {
-	*type = NULL;
-	*binding = NULL;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_get_session_key(krb5_context context,
-			    krb5_digest digest,
-			    krb5_data *data)
-{
-    krb5_error_code ret;
-
-    krb5_data_zero(data);
-    if (digest->response.session_key == NULL)
-	return 0;
-    ret = der_copy_octet_string(digest->response.session_key, data);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-struct krb5_ntlm_data {
-    NTLMInit init;
-    NTLMInitReply initReply;
-    NTLMRequest request;
-    NTLMResponse response;
-};
-
-krb5_error_code
-krb5_ntlm_alloc(krb5_context context, 
-		krb5_ntlm *ntlm)
-{
-    *ntlm = calloc(1, sizeof(**ntlm));
-    if (*ntlm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm)
-{
-    free_NTLMInit(&ntlm->init);
-    free_NTLMInitReply(&ntlm->initReply);
-    free_NTLMRequest(&ntlm->request);
-    free_NTLMResponse(&ntlm->response);
-    memset(ntlm, 0, sizeof(*ntlm));
-    free(ntlm);
-    return 0;
-}
-
-
-krb5_error_code
-krb5_ntlm_init_request(krb5_context context, 
-		       krb5_ntlm ntlm,
-		       krb5_realm realm,
-		       krb5_ccache ccache,
-		       uint32_t flags,
-		       const char *hostname,
-		       const char *domainname)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ntlm->init.flags = flags;
-    if (hostname) {
-	ALLOC(ntlm->init.hostname, 1);
-	*ntlm->init.hostname = strdup(hostname);
-    }
-    if (domainname) {
-	ALLOC(ntlm->init.domain, 1);
-	*ntlm->init.domain = strdup(domainname);
-    }
-
-    ireq.element = choice_DigestReqInner_ntlmInit;
-    ireq.u.ntlmInit = ntlm->init;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest init error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_ntlmInitReply) {
-	krb5_set_error_string(context, "ntlm reply not an initReply");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_NTLMInitReply(&irep.u.ntlmInitReply, &ntlm->initReply);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_flags(krb5_context context,
-			 krb5_ntlm ntlm,
-			 uint32_t *flags)
-{
-    *flags = ntlm->initReply.flags;
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_challange(krb5_context context,
-			     krb5_ntlm ntlm,
-			     krb5_data *challange)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_octet_string(&ntlm->initReply.challange, challange);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_opaque(krb5_context context,
-			  krb5_ntlm ntlm,
-			  krb5_data *opaque)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_octet_string(&ntlm->initReply.opaque, opaque);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_targetname(krb5_context context,
-			      krb5_ntlm ntlm,
-			      char **name)
-{
-    *name = strdup(ntlm->initReply.targetname);
-    if (*name == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_targetinfo(krb5_context context,
-			      krb5_ntlm ntlm,
-			      krb5_data *data)
-{
-    krb5_error_code ret;
-
-    if (ntlm->initReply.targetinfo == NULL) {
-	krb5_data_zero(data);
-	return 0;
-    }
-
-    ret = krb5_data_copy(data,
-			 ntlm->initReply.targetinfo->data,
-			 ntlm->initReply.targetinfo->length);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    return 0;
-}
-
-
-krb5_error_code
-krb5_ntlm_request(krb5_context context,
-		  krb5_ntlm ntlm,
-		  krb5_realm realm,
-		  krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_ntlmRequest;
-    ireq.u.ntlmRequest = ntlm->request;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	return ret;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "NTLM response error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_ntlmResponse) {
-	krb5_set_error_string(context, "NTLM reply not an NTLMResponse");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_NTLMResponse(&irep.u.ntlmResponse, &ntlm->response);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy NTLMResponse");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_flags(krb5_context context, 
-			krb5_ntlm ntlm,
-			uint32_t flags)
-{
-    ntlm->request.flags = flags;
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_username(krb5_context context, 
-			   krb5_ntlm ntlm,
-			   const char *username)
-{
-    ntlm->request.username = strdup(username);
-    if (ntlm->request.username == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_targetname(krb5_context context, 
-			     krb5_ntlm ntlm,
-			     const char *targetname)
-{
-    ntlm->request.targetname = strdup(targetname);
-    if (ntlm->request.targetname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_lm(krb5_context context, 
-		     krb5_ntlm ntlm,
-		     void *hash, size_t len)
-{
-    ntlm->request.lm.data = malloc(len);
-    if (ntlm->request.lm.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.lm.length = len;
-    memcpy(ntlm->request.lm.data, hash, len);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_ntlm(krb5_context context, 
-		       krb5_ntlm ntlm,
-		       void *hash, size_t len)
-{
-    ntlm->request.ntlm.data = malloc(len);
-    if (ntlm->request.ntlm.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.ntlm.length = len;
-    memcpy(ntlm->request.ntlm.data, hash, len);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_opaque(krb5_context context, 
-			 krb5_ntlm ntlm,
-			 krb5_data *opaque)
-{
-    ntlm->request.opaque.data = malloc(opaque->length);
-    if (ntlm->request.opaque.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.opaque.length = opaque->length;
-    memcpy(ntlm->request.opaque.data, opaque->data, opaque->length);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_session(krb5_context context, 
-			  krb5_ntlm ntlm,
-			  void *sessionkey, size_t length)
-{
-    ntlm->request.sessionkey = calloc(1, sizeof(*ntlm->request.sessionkey));
-    if (ntlm->request.sessionkey == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.sessionkey->data = malloc(length);
-    if (ntlm->request.sessionkey->data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    memcpy(ntlm->request.sessionkey->data, sessionkey, length);
-    ntlm->request.sessionkey->length = length;
-    return 0;
-}
-
-krb5_boolean
-krb5_ntlm_rep_get_status(krb5_context context, 
-			 krb5_ntlm ntlm)
-{
-    return ntlm->response.success ? TRUE : FALSE;
-}
-
-krb5_error_code
-krb5_ntlm_rep_get_sessionkey(krb5_context context, 
-			     krb5_ntlm ntlm,
-			     krb5_data *data)
-{
-    if (ntlm->response.sessionkey == NULL) {
-	krb5_set_error_string(context, "no ntlm session key");
-	return EINVAL;
-    }
-    krb5_clear_error_string(context);
-    return krb5_data_copy(data,
-			  ntlm->response.sessionkey->data,
-			  ntlm->response.sessionkey->length);
-}
-
-/**
- * Get the supported/allowed mechanism for this principal.
- *
- * @param context A Keberos context.
- * @param realm The realm of the KDC.
- * @param ccache The credential cache to use when talking to the KDC.
- * @param flags The supported mechanism.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_digest
- */
-
-krb5_error_code
-krb5_digest_probe(krb5_context context,
-		  krb5_realm realm,
-		  krb5_ccache ccache,
-		  unsigned *flags)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_supportedMechs;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest probe error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_supportedMechs) {
-	krb5_set_error_string(context, "Digest reply not an probe");
-	ret = EINVAL;
-	goto out;
-    }
-
-    *flags = DigestTypes2int(irep.u.supportedMechs);
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/doxygen.c b/crypto/heimdal/lib/krb5/doxygen.c
deleted file mode 100644
index b7c6f8f..0000000
--- a/crypto/heimdal/lib/krb5/doxygen.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id$");
-
-/**
- * 
- */
-
-/*! \mainpage Heimdal Kerberos 5 library
- *
- * \section intro Introduction
- *
- * Heimdal libkrb5 library is a implementation of the Kerberos
- * protocol.
- * 
- * Kerberos is a system for authenticating users and services on a
- * network.  It is built upon the assumption that the network is
- * ``unsafe''.  For example, data sent over the network can be
- * eavesdropped and altered, and addresses can also be faked.
- * Therefore they cannot be used for authentication purposes.
- *
- * The project web page:\n
- * http://www.h5l.org/
- *
- */
-
-/** @defgroup krb5 Heimdal Kerberos 5 library */
-/** @defgroup krb5_address Heimdal Kerberos 5 address functions */
-/** @defgroup krb5_ccache Heimdal Kerberos 5 credential cache functions */
-/** @defgroup krb5_credential Heimdal Kerberos 5 credential handing functions */
-/** @defgroup krb5_deprecated Heimdal Kerberos 5 deprecated functions */
-/** @defgroup krb5_digest Heimdal Kerberos 5 digest service */
-/** @defgroup krb5_error Heimdal Kerberos 5 error reporting functions */
-/** @defgroup krb5_v4compat Heimdal Kerberos 4 compatiblity functions */
-/** @defgroup krb5_support Heimdal Kerberos 5 support functions */
diff --git a/crypto/heimdal/lib/krb5/dump_config.c b/crypto/heimdal/lib/krb5/dump_config.c
deleted file mode 100644
index 074595e..0000000
--- a/crypto/heimdal/lib/krb5/dump_config.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
-
-/* print contents of krb5.conf */
-
-static void
-print_tree(struct krb5_config_binding *b, int level)
-{
-    if (b == NULL)
-	return;
-
-    printf("%*s%s%s%s", level * 4, "", 
-	   (level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
-    if(b->type == krb5_config_list) {
-	if(level > 0)
-	    printf(" = {");
-	printf("\n");
-	print_tree(b->u.list, level + 1);
-	if(level > 0)
-	    printf("%*s}\n", level * 4, "");
-    } else if(b->type == krb5_config_string) {
-	printf(" = %s\n", b->u.string);
-    }
-    if(b->next)
-	print_tree(b->next, level);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret = krb5_init_context(&context);
-    if(ret == 0) {
-	print_tree(context->cf, 0);
-	return 0;
-    }
-    return 1;
-}
diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
deleted file mode 100644
index 19315ce..0000000
--- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $");
-
-/**
- * Convert the getaddrinfo() error code to a Kerberos et error code.
- *
- * @param eai_errno contains the error code from getaddrinfo().
- * @param system_error should have the value of errno after the failed getaddrinfo().
- *
- * @return Kerberos error code representing the EAI errors.
- *
- * @ingroup krb5_error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_eai_to_heim_errno(int eai_errno, int system_error)
-{
-    switch(eai_errno) {
-    case EAI_NOERROR:
-	return 0;
-#ifdef EAI_ADDRFAMILY
-    case EAI_ADDRFAMILY:
-	return HEIM_EAI_ADDRFAMILY;
-#endif
-    case EAI_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case EAI_BADFLAGS:
-	return HEIM_EAI_BADFLAGS;
-    case EAI_FAIL:
-	return HEIM_EAI_FAIL;
-    case EAI_FAMILY:
-	return HEIM_EAI_FAMILY;
-    case EAI_MEMORY:
-	return HEIM_EAI_MEMORY;
-#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
-    case EAI_NODATA:
-	return HEIM_EAI_NODATA;
-#endif
-    case EAI_NONAME:
-	return HEIM_EAI_NONAME;
-    case EAI_SERVICE:
-	return HEIM_EAI_SERVICE;
-    case EAI_SOCKTYPE:
-	return HEIM_EAI_SOCKTYPE;
-    case EAI_SYSTEM:
-	return system_error;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
-
-/**
- * Convert the gethostname() error code (h_error) to a Kerberos et
- * error code.
- *
- * @param eai_errno contains the error code from gethostname().
- *
- * @return Kerberos error code representing the gethostname errors.
- *
- * @ingroup krb5_error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_errno_to_heim_errno(int eai_errno)
-{
-    switch(eai_errno) {
-    case 0:
-	return 0;
-    case HOST_NOT_FOUND:
-	return HEIM_EAI_NONAME;
-    case TRY_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case NO_RECOVERY:
-	return HEIM_EAI_FAIL;
-    case NO_DATA:
-	return HEIM_EAI_NONAME;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c
deleted file mode 100644
index ff6e98a..0000000
--- a/crypto/heimdal/lib/krb5/error_string.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: error_string.c 22142 2007-12-04 16:56:02Z lha $");
-
-#undef __attribute__
-#define __attribute__(X)
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_string(krb5_context context, char *str)
-{
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (str != context->error_buf)
-	free(str);
-    HEIMDAL_MUTEX_unlock(context->mutex);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_clear_error_string(krb5_context context)
-{
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (context->error_string != NULL
-	&& context->error_string != context->error_buf)
-	free(context->error_string);
-    context->error_string = NULL;
-    HEIMDAL_MUTEX_unlock(context->mutex);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_error_string(krb5_context context, const char *fmt, ...)
-    __attribute__((format (printf, 2, 3)))
-{
-    krb5_error_code ret;
-    va_list ap;
-
-    va_start(ap, fmt);
-    ret = krb5_vset_error_string (context, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
-    __attribute__ ((format (printf, 2, 0)))
-{
-    krb5_clear_error_string(context);
-    HEIMDAL_MUTEX_lock(context->mutex);
-    vasprintf(&context->error_string, fmt, args);
-    if(context->error_string == NULL) {
-	vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
-	context->error_string = context->error_buf;
-    }
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return 0;
-}
-
-/**
- * Return the error message in context. On error or no error string,
- * the function returns NULL.
- *
- * @param context Kerberos 5 context
- *
- * @return an error string, needs to be freed with
- * krb5_free_error_string(). The functions return NULL on error.
- *
- * @ingroup krb5_error
- */
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_string(krb5_context context)
-{
-    char *ret = NULL;
-
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (context->error_string)
-	ret = strdup(context->error_string);
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return ret;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_have_error_string(krb5_context context)
-{
-    char *str;
-    HEIMDAL_MUTEX_lock(context->mutex);
-    str = context->error_string;
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return str != NULL;
-}
-
-/**
- * Return the error message for `code' in context. On error the
- * function returns NULL.
- *
- * @param context Kerberos 5 context
- * @param code Error code related to the error
- *
- * @return an error string, needs to be freed with
- * krb5_free_error_string(). The functions return NULL on error.
- *
- * @ingroup krb5_error
- */
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_message(krb5_context context, krb5_error_code code)
-{
-    const char *cstr;
-    char *str;
-
-    str = krb5_get_error_string(context);
-    if (str)
-	return str;
-
-    cstr = krb5_get_err_text(context, code);
-    if (cstr)
-	return strdup(cstr);
-
-    if (asprintf(&str, "<unknown error: %d>", code) == -1)
-	return NULL;
-
-    return str;
-}
-
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
deleted file mode 100644
index 28e39af..0000000
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: expand_hostname.c 22229 2007-12-08 21:40:59Z lha $");
-
-static krb5_error_code
-copy_hostname(krb5_context context,
-	      const char *orig_hostname,
-	      char **new_hostname)
-{
-    *new_hostname = strdup (orig_hostname);
-    if (*new_hostname == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strlwr (*new_hostname);
-    return 0;
-}
-
-/*
- * Try to make `orig_hostname' into a more canonical one in the newly
- * allocated space returned in `new_hostname'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname (krb5_context context,
-		      const char *orig_hostname,
-		      char **new_hostname)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-
-    if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
-	return copy_hostname (context, orig_hostname, new_hostname);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return copy_hostname (context, orig_hostname, new_hostname);
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    *new_hostname = strdup (a->ai_canonname);
-	    freeaddrinfo (ai);
-	    if (*new_hostname == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    } else {
-		return 0;
-	    }
-	}
-    }
-    freeaddrinfo (ai);
-    return copy_hostname (context, orig_hostname, new_hostname);
-}
-
-/*
- * handle the case of the hostname being unresolvable and thus identical
- */
-
-static krb5_error_code
-vanilla_hostname (krb5_context context,
-		  const char *orig_hostname,
-		  char **new_hostname,
-		  char ***realms)
-{
-    krb5_error_code ret;
-
-    ret = copy_hostname (context, orig_hostname, new_hostname);
-    if (ret)
-	return ret;
-    strlwr (*new_hostname);
-
-    ret = krb5_get_host_realm (context, *new_hostname, realms);
-    if (ret) {
-	free (*new_hostname);
-	return ret;
-    }
-    return 0;
-}
-
-/*
- * expand `hostname' to a name we believe to be a hostname in newly
- * allocated space in `host' and return realms in `realms'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname_realms (krb5_context context,
-			     const char *orig_hostname,
-			     char **new_hostname,
-			     char ***realms)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-    krb5_error_code ret = 0;
-
-    if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
-	return vanilla_hostname (context, orig_hostname, new_hostname,
-				 realms);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return vanilla_hostname (context, orig_hostname, new_hostname,
-				 realms);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    ret = copy_hostname (context, a->ai_canonname, new_hostname);
-	    if (ret) {
-		freeaddrinfo (ai);
-		return ret;
-	    }
-	    strlwr (*new_hostname);
-	    ret = krb5_get_host_realm (context, *new_hostname, realms);
-	    if (ret == 0) {
-		freeaddrinfo (ai);
-		return 0;
-	    }
-	    free (*new_hostname);
-	}
-    }
-    freeaddrinfo(ai);
-    return vanilla_hostname (context, orig_hostname, new_hostname, realms);
-}
diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c
deleted file mode 100644
index 3857b58..0000000
--- a/crypto/heimdal/lib/krb5/fcache.c
+++ /dev/null
@@ -1,881 +0,0 @@
-/*
- * Copyright (c) 1997 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: fcache.c 22522 2008-01-24 11:56:25Z lha $");
-
-typedef struct krb5_fcache{
-    char *filename;
-    int version;
-}krb5_fcache;
-
-struct fcc_cursor {
-    int fd;
-    krb5_storage *sp;
-};
-
-#define KRB5_FCC_FVNO_1 1
-#define KRB5_FCC_FVNO_2 2
-#define KRB5_FCC_FVNO_3 3
-#define KRB5_FCC_FVNO_4 4
-
-#define FCC_TAG_DELTATIME 1
-
-#define FCACHE(X) ((krb5_fcache*)(X)->data.data)
-
-#define FILENAME(X) (FCACHE(X)->filename)
-
-#define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
-
-static const char*
-fcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return FILENAME(id);
-}
-
-int
-_krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
-	    const char *filename)
-{
-    int ret;
-#ifdef HAVE_FCNTL
-    struct flock l;
-
-    l.l_start = 0;
-    l.l_len = 0;
-    l.l_type = exclusive ? F_WRLCK : F_RDLCK;
-    l.l_whence = SEEK_SET;
-    ret = fcntl(fd, F_SETLKW, &l);
-#else
-    ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
-#endif
-    if(ret < 0)
-	ret = errno;
-    if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
-	ret = EAGAIN;
-
-    switch (ret) {
-    case 0:
-	break;
-    case EINVAL: /* filesystem doesn't support locking, let the user have it */
-	ret = 0; 
-	break;
-    case EAGAIN:
-	krb5_set_error_string(context, "timed out locking cache file %s", 
-			      filename);
-	break;
-    default:
-	krb5_set_error_string(context, "error locking cache file %s: %s",
-			      filename, strerror(ret));
-	break;
-    }
-    return ret;
-}
-
-int
-_krb5_xunlock(krb5_context context, int fd)
-{
-    int ret;
-#ifdef HAVE_FCNTL
-    struct flock l;
-    l.l_start = 0;
-    l.l_len = 0;
-    l.l_type = F_UNLCK;
-    l.l_whence = SEEK_SET;
-    ret = fcntl(fd, F_SETLKW, &l);
-#else
-    ret = flock(fd, LOCK_UN);
-#endif
-    if (ret < 0)
-	ret = errno;
-    switch (ret) {
-    case 0:
-	break;
-    case EINVAL: /* filesystem doesn't support locking, let the user have it */
-	ret = 0; 
-	break;
-    default:
-	krb5_set_error_string(context, 
-			      "Failed to unlock file: %s", strerror(ret));
-	break;
-    }
-    return ret;
-}
-
-static krb5_error_code
-fcc_lock(krb5_context context, krb5_ccache id,
-	 int fd, krb5_boolean exclusive)
-{
-    return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
-}
-
-static krb5_error_code
-fcc_unlock(krb5_context context, int fd)
-{
-    return _krb5_xunlock(context, fd);
-}
-
-static krb5_error_code
-fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_fcache *f;
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->filename = strdup(res);
-    if(f->filename == NULL){
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-/*
- * Try to scrub the contents of `filename' safely.
- */
-
-static int
-scrub_file (int fd)
-{
-    off_t pos;
-    char buf[128];
-
-    pos = lseek(fd, 0, SEEK_END);
-    if (pos < 0)
-        return errno;
-    if (lseek(fd, 0, SEEK_SET) < 0)
-        return errno;
-    memset(buf, 0, sizeof(buf));
-    while(pos > 0) {
-        ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
-
-	if (tmp < 0)
-	    return errno;
-	pos -= tmp;
-    }
-    fsync (fd);
-    return 0;
-}
-
-/*
- * Erase `filename' if it exists, trying to remove the contents if
- * it's `safe'.  We always try to remove the file, it it exists.  It's
- * only overwritten if it's a regular file (not a symlink and not a
- * hardlink)
- */
-
-static krb5_error_code
-erase_file(const char *filename)
-{
-    int fd;
-    struct stat sb1, sb2;
-    int ret;
-
-    ret = lstat (filename, &sb1);
-    if (ret < 0)
-	return errno;
-
-    fd = open(filename, O_RDWR | O_BINARY);
-    if(fd < 0) {
-	if(errno == ENOENT)
-	    return 0;
-	else
-	    return errno;
-    }
-    if (unlink(filename) < 0) {
-        close (fd);
-        return errno;
-    }
-    ret = fstat (fd, &sb2);
-    if (ret < 0) {
-	close (fd);
-	return errno;
-    }
-
-    /* check if someone was playing with symlinks */
-
-    if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
-	close (fd);
-	return EPERM;
-    }
-
-    /* there are still hard links to this file */
-
-    if (sb2.st_nlink != 0) {
-        close (fd);
-        return 0;
-    }
-
-    ret = scrub_file (fd);
-    close (fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_fcache *f;
-    int fd;
-    char *file;
-
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
-    if(file == NULL) {
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    fd = mkstemp(file);
-    if(fd < 0) {
-	int ret = errno;
-	krb5_set_error_string(context, "mkstemp %s", file);
-	free(f);
-	free(file);
-	return ret;
-    }
-    close(fd);
-    f->filename = file;
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_FCC_FVNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_2:
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_3:
-	flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
-	break;
-    case KRB5_FCC_FVNO_4:
-	break;
-    default:
-	krb5_abortx(context, 
-		    "storage_set_flags called with bad vno (%x)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fcc_open(krb5_context context,
-	 krb5_ccache id,
-	 int *fd_ret,
-	 int flags,
-	 mode_t mode)
-{
-    krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
-			      (flags | O_RDWR) == flags);
-    krb5_error_code ret;
-    const char *filename = FILENAME(id);
-    int fd;
-    fd = open(filename, flags, mode);
-    if(fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", filename,
-			      strerror(ret));
-	return ret;
-    }
-	
-    if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
-	close(fd);
-	return ret;
-    }
-    *fd_ret = fd;
-    return 0;
-}
-
-static krb5_error_code
-fcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_fcache *f = FCACHE(id);
-    int ret = 0;
-    int fd;
-    char *filename = f->filename;
-
-    unlink (filename);
-  
-    ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-    if(ret)
-	return ret;
-    {
-	krb5_storage *sp;    
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	if(context->fcache_vno != 0)
-	    f->version = context->fcache_vno;
-	else
-	    f->version = KRB5_FCC_FVNO_4;
-	ret |= krb5_store_int8(sp, 5);
-	ret |= krb5_store_int8(sp, f->version);
-	storage_set_flags(context, sp, f->version);
-	if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
-	    /* V4 stuff */
-	    if (context->kdc_sec_offset) {
-		ret |= krb5_store_int16 (sp, 12); /* length */
-		ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
-		ret |= krb5_store_int16 (sp, 8); /* length of data */
-		ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
-		ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
-	    } else {
-		ret |= krb5_store_int16 (sp, 0);
-	    }
-	}
-	ret |= krb5_store_principal(sp, primary_principal);
-	
-	krb5_storage_free(sp);
-    }
-    fcc_unlock(context, fd);
-    if (close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", 
-				   FILENAME(id), strerror(ret));
-	}
-    return ret;
-}
-
-static krb5_error_code
-fcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    free (FILENAME(id));
-    krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-fcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    erase_file(FILENAME(id));
-    return 0;
-}
-
-static krb5_error_code
-fcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    int ret;
-    int fd;
-
-    ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
-    if(ret)
-	return ret;
-    {
-	krb5_storage *sp;
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	storage_set_flags(context, sp, FCACHE(id)->version);
-	if (!krb5_config_get_bool_default(context, NULL, TRUE,
-					  "libdefaults",
-					  "fcc-mit-ticketflags",
-					  NULL))
-	    krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
-	ret = krb5_store_creds(sp, creds);
-	krb5_storage_free(sp);
-    }
-    fcc_unlock(context, fd);
-    if (close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", 
-				   FILENAME(id), strerror(ret));
-	}
-    return ret;
-}
-
-static krb5_error_code
-init_fcc (krb5_context context,
-	  krb5_ccache id,
-	  krb5_storage **ret_sp,
-	  int *ret_fd)
-{
-    int fd;
-    int8_t pvno, tag;
-    krb5_storage *sp;
-    krb5_error_code ret;
-
-    ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
-    if(ret)
-	return ret;
-    
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	krb5_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-    krb5_storage_set_eof_code(sp, KRB5_CC_END);
-    ret = krb5_ret_int8(sp, &pvno);
-    if(ret != 0) {
-	if(ret == KRB5_CC_END) {
-	    krb5_set_error_string(context, "Empty credential cache file: %s",
-				  FILENAME(id));
-	    ret = ENOENT;
-	} else
-	    krb5_set_error_string(context, "Error reading pvno in "
-				  "cache file: %s", FILENAME(id));
-	goto out;
-    }
-    if(pvno != 5) {
-	krb5_set_error_string(context, "Bad version number in credential "
-			      "cache file: %s", FILENAME(id));
-	ret = KRB5_CCACHE_BADVNO;
-	goto out;
-    }
-    ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
-    if(ret != 0) {
-	krb5_set_error_string(context, "Error reading tag in "
-			      "cache file: %s", FILENAME(id));
-	ret = KRB5_CC_FORMAT;
-	goto out;
-    }
-    FCACHE(id)->version = tag;
-    storage_set_flags(context, sp, FCACHE(id)->version);
-    switch (tag) {
-    case KRB5_FCC_FVNO_4: {
-	int16_t length;
-
-	ret = krb5_ret_int16 (sp, &length);
-	if(ret) {
-	    ret = KRB5_CC_FORMAT;
-	    krb5_set_error_string(context, "Error reading tag length in "
-			      "cache file: %s", FILENAME(id));
-	    goto out;
-	}
-	while(length > 0) {
-	    int16_t dtag, data_len;
-	    int i;
-	    int8_t dummy;
-
-	    ret = krb5_ret_int16 (sp, &dtag);
-	    if(ret) {
-		krb5_set_error_string(context, "Error reading dtag in "
-				      "cache file: %s", FILENAME(id));
-		ret = KRB5_CC_FORMAT;
-		goto out;
-	    }
-	    ret = krb5_ret_int16 (sp, &data_len);
-	    if(ret) {
-		krb5_set_error_string(context, "Error reading dlength in "
-				      "cache file: %s", FILENAME(id));
-		ret = KRB5_CC_FORMAT;
-		goto out;
-	    }
-	    switch (dtag) {
-	    case FCC_TAG_DELTATIME :
-		ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
-		if(ret) {
-		    krb5_set_error_string(context, "Error reading kdc_sec in "
-					  "cache file: %s", FILENAME(id));
-		    ret = KRB5_CC_FORMAT;
-		    goto out;
-		}
-		ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
-		if(ret) {
-		    krb5_set_error_string(context, "Error reading kdc_usec in "
-					  "cache file: %s", FILENAME(id));
-		    ret = KRB5_CC_FORMAT;
-		    goto out;
-		}
-		break;
-	    default :
-		for (i = 0; i < data_len; ++i) {
-		    ret = krb5_ret_int8 (sp, &dummy);
-		    if(ret) {
-			krb5_set_error_string(context, "Error reading unknown "
-					      "tag in cache file: %s", 
-					      FILENAME(id));
-			ret = KRB5_CC_FORMAT;
-			goto out;
-		    }
-		}
-		break;
-	    }
-	    length -= 4 + data_len;
-	}
-	break;
-    }
-    case KRB5_FCC_FVNO_3:
-    case KRB5_FCC_FVNO_2:
-    case KRB5_FCC_FVNO_1:
-	break;
-    default :
-	ret = KRB5_CCACHE_BADVNO;
-	krb5_set_error_string(context, "Unknown version number (%d) in "
-			      "credential cache file: %s",
-			      (int)tag, FILENAME(id));
-	goto out;
-    }
-    *ret_sp = sp;
-    *ret_fd = fd;
-    
-    return 0;
-  out:
-    if(sp != NULL)
-	krb5_storage_free(sp);
-    fcc_unlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_error_code ret;
-    int fd;
-    krb5_storage *sp;
-
-    ret = init_fcc (context, id, &sp, &fd);
-    if (ret)
-	return ret;
-    ret = krb5_ret_principal(sp, principal);
-    if (ret)
-	krb5_clear_error_string(context);
-    krb5_storage_free(sp);
-    fcc_unlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor);
-
-static krb5_error_code
-fcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-
-    *cursor = malloc(sizeof(struct fcc_cursor));
-    if (*cursor == NULL) {
-        krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(*cursor, 0, sizeof(struct fcc_cursor));
-
-    ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, 
-		    &FCC_CURSOR(*cursor)->fd);
-    if (ret) {
-	free(*cursor);
-	*cursor = NULL;
-	return ret;
-    }
-    ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
-    if(ret) {
-	krb5_clear_error_string(context);
-	fcc_end_get(context, id, cursor);
-	return ret;
-    }
-    krb5_free_principal (context, principal);
-    fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    krb5_error_code ret;
-    if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
-	return ret;
-
-    ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    krb5_storage_free(FCC_CURSOR(*cursor)->sp);
-    close (FCC_CURSOR(*cursor)->fd);
-    free(*cursor);
-    *cursor = NULL;
-    return 0;
-}
-
-static krb5_error_code
-fcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *cred)
-{
-    krb5_error_code ret;
-    krb5_ccache copy;
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &copy);
-    if (ret)
-	return ret;
-
-    ret = krb5_cc_copy_cache(context, id, copy);
-    if (ret) {
-	krb5_cc_destroy(context, copy);
-	return ret;
-    }
-
-    ret = krb5_cc_remove_cred(context, copy, which, cred);
-    if (ret) {
-	krb5_cc_destroy(context, copy);
-	return ret;
-    }
-
-    fcc_destroy(context, id);
-
-    ret = krb5_cc_copy_cache(context, copy, id);
-    krb5_cc_destroy(context, copy);
-
-    return ret;
-}
-
-static krb5_error_code
-fcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-
-static krb5_error_code
-fcc_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return FCACHE(id)->version;
-}
-		    
-struct fcache_iter {
-    int first;
-};
-
-static krb5_error_code
-fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct fcache_iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }    
-    iter->first = 1;
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct fcache_iter *iter = cursor;
-    krb5_error_code ret;
-    const char *fn;
-    char *expandedfn = NULL;
-
-    if (!iter->first) {
-	krb5_clear_error_string(context);
-	return KRB5_CC_END;
-    }
-    iter->first = 0;
-
-    fn = krb5_cc_default_name(context);
-    if (strncasecmp(fn, "FILE:", 5) != 0) {
-	ret = _krb5_expand_default_cc_name(context, 
-					   KRB5_DEFAULT_CCNAME_FILE,
-					   &expandedfn);
-	if (ret)
-	    return ret;
-    }
-    ret = krb5_cc_resolve(context, fn, id);
-    if (expandedfn)
-	free(expandedfn);
-    
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct fcache_iter *iter = cursor;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_error_code ret = 0;
-
-    ret = rename(FILENAME(from), FILENAME(to));
-    if (ret && errno != EXDEV) {
-	ret = errno;
-	krb5_set_error_string(context,
-			      "Rename of file from %s to %s failed: %s", 
-			      FILENAME(from), FILENAME(to),
-			      strerror(ret));
-	return ret;
-    } else if (ret && errno == EXDEV) {
-	/* make a copy and delete the orignal */
-	krb5_ssize_t sz1, sz2;
-	int fd1, fd2;
-	char buf[BUFSIZ];
-
-	ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
-	if(ret)
-	    return ret;
-
-	unlink(FILENAME(to));
-
-	ret = fcc_open(context, to, &fd2, 
-		       O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
-	if(ret)
-	    goto out1;
-
-	while((sz1 = read(fd1, buf, sizeof(buf))) > 0) {
-	    sz2 = write(fd2, buf, sz1);
-	    if (sz1 != sz2) {
-		ret = EIO;
-		krb5_set_error_string(context,
-				      "Failed to write data from one file "
-				      "credential cache to the other");
-		goto out2;
-	    }
-	}
-	if (sz1 < 0) {
-	    ret = EIO;
-	    krb5_set_error_string(context,
-				  "Failed to read data from one file "
-				  "credential cache to the other");
-	    goto out2;
-	}
-	erase_file(FILENAME(from));
-	    
-    out2:
-	fcc_unlock(context, fd2);
-	close(fd2);
-
-    out1:
-	fcc_unlock(context, fd1);
-	close(fd1);
-
-	if (ret) {
-	    erase_file(FILENAME(to));
-	    return ret;
-	}
-    }
-
-    /* make sure ->version is uptodate */
-    {
-	krb5_storage *sp;
-	int fd;
-	ret = init_fcc (context, to, &sp, &fd);
-	krb5_storage_free(sp);
-	fcc_unlock(context, fd);
-	close(fd);
-    }    
-    return ret;
-}
-
-static krb5_error_code
-fcc_default_name(krb5_context context, char **str)
-{
-    return _krb5_expand_default_cc_name(context, 
-					KRB5_DEFAULT_CCNAME_FILE,
-					str);
-}
-
-/**
- * Variable containing the FILE based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_fcc_ops = {
-    "FILE",
-    fcc_get_name,
-    fcc_resolve,
-    fcc_gen_new,
-    fcc_initialize,
-    fcc_destroy,
-    fcc_close,
-    fcc_store_cred,
-    NULL, /* fcc_retrieve */
-    fcc_get_principal,
-    fcc_get_first,
-    fcc_get_next,
-    fcc_end_get,
-    fcc_remove_cred,
-    fcc_set_flags,
-    fcc_get_version,
-    fcc_get_cache_first,
-    fcc_get_cache_next,
-    fcc_end_cache_get,
-    fcc_move,
-    fcc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/free.c b/crypto/heimdal/lib/krb5/free.c
deleted file mode 100644
index 1b0bd05..0000000
--- a/crypto/heimdal/lib/krb5/free.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
-{
-    free_KDC_REP(&rep->kdc_rep);
-    free_EncTGSRepPart(&rep->enc_part);
-    free_KRB_ERROR(&rep->error);
-    memset(rep, 0, sizeof(*rep));
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_xfree (void *ptr)
-{
-    free (ptr);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/free_host_realm.c b/crypto/heimdal/lib/krb5/free_host_realm.c
deleted file mode 100644
index 6b13ce7..0000000
--- a/crypto/heimdal/lib/krb5/free_host_realm.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Free all memory allocated by `realmlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_host_realm(krb5_context context,
-		     krb5_realm *realmlist)
-{
-    krb5_realm *p;
-
-    if(realmlist == NULL)
-	return 0;
-    for (p = realmlist; *p; ++p)
-	free (*p);
-    free (realmlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c
deleted file mode 100644
index 8a04f04..0000000
--- a/crypto/heimdal/lib/krb5/generate_seq_number.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_seq_number(krb5_context context,
-			 const krb5_keyblock *key,
-			 uint32_t *seqno)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-    uint32_t q;
-    u_char *p;
-    int i;
-
-    ret = krb5_generate_subkey (context, key, &subkey);
-    if (ret)
-	return ret;
-
-    q = 0;
-    for (p = (u_char *)subkey->keyvalue.data, i = 0;
-	 i < subkey->keyvalue.length;
-	 ++i, ++p)
-	q = (q << 8) | *p;
-    q &= 0xffffffff;
-    *seqno = q;
-    krb5_free_keyblock (context, subkey);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c
deleted file mode 100644
index fb99cbb..0000000
--- a/crypto/heimdal/lib/krb5/generate_subkey.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_subkey.c 14455 2005-01-05 02:39:21Z lukeh $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey(krb5_context context,
-		     const krb5_keyblock *key,
-		     krb5_keyblock **subkey)
-{
-    return krb5_generate_subkey_extended(context, key, key->keytype, subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey_extended(krb5_context context,
-			      const krb5_keyblock *key,
-			      krb5_enctype etype,
-			      krb5_keyblock **subkey)
-{
-    krb5_error_code ret;
-
-    ALLOC(*subkey, 1);
-    if (*subkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (etype == ETYPE_NULL)
-	etype = key->keytype; /* use session key etype */
-
-    /* XXX should we use the session key as input to the RF? */
-    ret = krb5_generate_random_keyblock(context, etype, *subkey);
-    if (ret != 0) {
-	free(*subkey);
-	*subkey = NULL;
-    }
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c
deleted file mode 100644
index a7fd2ea..0000000
--- a/crypto/heimdal/lib/krb5/get_addrs.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_addrs.c 13863 2004-05-25 21:46:46Z lha $");
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <ifaddrs.h>
-
-static krb5_error_code
-gethostname_fallback (krb5_context context, krb5_addresses *res)
-{
-    krb5_error_code ret;
-    char hostname[MAXHOSTNAMELEN];
-    struct hostent *hostent;
-
-    if (gethostname (hostname, sizeof(hostname))) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostname: %s", strerror(ret));
-	return ret;
-    }
-    hostent = roken_gethostbyname (hostname);
-    if (hostent == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostbyname %s: %s",
-			       hostname, strerror(ret));
-	return ret;
-    }
-    res->len = 1;
-    res->val = malloc (sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    res->val[0].addr_type = hostent->h_addrtype;
-    res->val[0].address.data = NULL;
-    res->val[0].address.length = 0;
-    ret = krb5_data_copy (&res->val[0].address,
-			  hostent->h_addr,
-			  hostent->h_length);
-    if (ret) {
-	free (res->val);
-	return ret;
-    }
-    return 0;
-}
-
-enum {
-    LOOP            = 1,	/* do include loopback interfaces */
-    LOOP_IF_NONE    = 2,	/* include loopback if no other if's */
-    EXTRA_ADDRESSES = 4,	/* include extra addresses */
-    SCAN_INTERFACES = 8		/* scan interfaces for addresses */
-};
-
-/*
- * Try to figure out the addresses of all configured interfaces with a
- * lot of magic ioctls.
- */
-
-static krb5_error_code
-find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
-{
-    struct sockaddr sa_zero;
-    struct ifaddrs *ifa0, *ifa;
-    krb5_error_code ret = ENXIO; 
-    int num, idx;
-    krb5_addresses ignore_addresses;
-
-    res->val = NULL;
-
-    if (getifaddrs(&ifa0) == -1) {
-	ret = errno;
-	krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
-	return (ret);
-    }
-
-    memset(&sa_zero, 0, sizeof(sa_zero));
-
-    /* First, count all the ifaddrs. */
-    for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
-	/* nothing */;
-
-    if (num == 0) {
-	freeifaddrs(ifa0);
-	krb5_set_error_string(context, "no addresses found");
-	return (ENXIO);
-    }
-
-    if (flags & EXTRA_ADDRESSES) {
-	/* we'll remove the addresses we don't care about */
-	ret = krb5_get_ignore_addresses(context, &ignore_addresses);
-	if(ret)
-	    return ret;
-    }
-
-    /* Allocate storage for them. */
-    res->val = calloc(num, sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_free_addresses(context, &ignore_addresses);
-	freeifaddrs(ifa0);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return (ENOMEM);
-    }
-
-    /* Now traverse the list. */
-    for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
-	if ((ifa->ifa_flags & IFF_UP) == 0)
-	    continue;
-	if (ifa->ifa_addr == NULL)
-	    continue;
-	if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-	    continue;
-	if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-	    continue;
-	if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-	    /* We'll deal with the LOOP_IF_NONE case later. */
-	    if ((flags & LOOP) == 0)
-		continue;
-	}
-
-	ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
-	if (ret) {
-	    /*
-	     * The most likely error here is going to be "Program
-	     * lacks support for address type".  This is no big
-	     * deal -- just continue, and we'll listen on the
-	     * addresses who's type we *do* support.
-	     */
-	    continue;
-	}
-	/* possibly skip this address? */
-	if((flags & EXTRA_ADDRESSES) && 
-	   krb5_address_search(context, &res->val[idx], &ignore_addresses)) {
-	    krb5_free_address(context, &res->val[idx]);
-	    flags &= ~LOOP_IF_NONE; /* we actually found an address,
-                                       so don't add any loop-back
-                                       addresses */
-	    continue;
-	}
-
-	idx++;
-    }
-
-    /*
-     * If no addresses were found, and LOOP_IF_NONE is set, then find
-     * the loopback addresses and add them to our list.
-     */
-    if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
-	for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
-	    if ((ifa->ifa_flags & IFF_UP) == 0)
-		continue;
-	    if (ifa->ifa_addr == NULL)
-		continue;
-	    if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-		continue;
-	    if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-		continue;
-
-	    if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-		ret = krb5_sockaddr2address(context,
-					    ifa->ifa_addr, &res->val[idx]);
-		if (ret) {
-		    /*
-		     * See comment above.
-		     */
-		    continue;
-		}
-		if((flags & EXTRA_ADDRESSES) && 
-		   krb5_address_search(context, &res->val[idx], 
-				       &ignore_addresses)) {
-		    krb5_free_address(context, &res->val[idx]);
-		    continue;
-		}
-		idx++;
-	    }
-	}
-    }
-
-    if (flags & EXTRA_ADDRESSES)
-	krb5_free_addresses(context, &ignore_addresses);
-    freeifaddrs(ifa0);
-    if (ret)
-	free(res->val);
-    else
-	res->len = idx;        /* Now a count. */
-    return (ret);
-}
-
-static krb5_error_code
-get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
-{
-    krb5_error_code ret = -1;
-
-    if (flags & SCAN_INTERFACES) {
-	ret = find_all_addresses (context, res, flags);
-	if(ret || res->len == 0)
-	    ret = gethostname_fallback (context, res);
-    } else {
-	res->len = 0;
-	res->val = NULL;
-	ret = 0;
-    }
-
-    if(ret == 0 && (flags & EXTRA_ADDRESSES)) {
-	krb5_addresses a;
-	/* append user specified addresses */
-	ret = krb5_get_extra_addresses(context, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	ret = krb5_append_addresses(context, res, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	krb5_free_addresses(context, &a);
-    }
-    if(res->len == 0) {
-	free(res->val);
-	res->val = NULL;
-    }
-    return ret;
-}
-
-/*
- * Try to get all addresses, but return the one corresponding to
- * `hostname' if we fail.
- *
- * Only include loopback address if there are no other.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
-{
-    int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
-
-    if (context->scan_interfaces)
-	flags |= SCAN_INTERFACES;
-
-    return get_addrs_int (context, res, flags);
-}
-
-/*
- * Try to get all local addresses that a server should listen to.
- * If that fails, we return the address corresponding to `hostname'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
-{
-    return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
-}
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
deleted file mode 100644
index ce0ec6d..0000000
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ /dev/null
@@ -1,1277 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_cred.c 21668 2007-07-22 11:28:05Z lha $");
-
-/*
- * Take the `body' and encode it into `padata' using the credentials
- * in `creds'.
- */
-
-static krb5_error_code
-make_pa_tgs_req(krb5_context context, 
-		krb5_auth_context ac,
-		KDC_REQ_BODY *body,
-		PA_DATA *padata,
-		krb5_creds *creds,
-		krb5_key_usage usage)
-{
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    krb5_data in_data;
-    krb5_error_code ret;
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
-    if (ret)
-	goto out;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    in_data.length = len;
-    in_data.data   = buf;
-    ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
-				&padata->padata_value,
-				KRB5_KU_TGS_REQ_AUTH_CKSUM,
-				usage
-				/* KRB5_KU_TGS_REQ_AUTH */);
- out:
-    free (buf);
-    if(ret)
-	return ret;
-    padata->padata_type = KRB5_PADATA_TGS_REQ;
-    return 0;
-}
-
-/*
- * Set the `enc-authorization-data' in `req_body' based on `authdata'
- */
-
-static krb5_error_code
-set_auth_data (krb5_context context,
-	       KDC_REQ_BODY *req_body,
-	       krb5_authdata *authdata,
-	       krb5_keyblock *key)
-{
-    if(authdata->len) {
-	size_t len, buf_size;
-	unsigned char *buf;
-	krb5_crypto crypto;
-	krb5_error_code ret;
-
-	ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata,
-			   &len, ret);
-	if (ret)
-	    return ret;
-	if (buf_size != len)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ALLOC(req_body->enc_authorization_data, 1);
-	if (req_body->enc_authorization_data == NULL) {
-	    free (buf);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	if (ret) {
-	    free (buf);
-	    free (req_body->enc_authorization_data);
-	    req_body->enc_authorization_data = NULL;
-	    return ret;
-	}
-	krb5_encrypt_EncryptedData(context, 
-				   crypto,
-				   KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, 
-				   /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */
-				   buf,
-				   len,
-				   0,
-				   req_body->enc_authorization_data);
-	free (buf);
-	krb5_crypto_destroy(context, crypto);
-    } else {
-	req_body->enc_authorization_data = NULL;
-    }
-    return 0;
-}    
-
-/*
- * Create a tgs-req in `t' with `addresses', `flags', `second_ticket'
- * (if not-NULL), `in_creds', `krbtgt', and returning the generated
- * subkey in `subkey'.
- */
-
-static krb5_error_code
-init_tgs_req (krb5_context context,
-	      krb5_ccache ccache,
-	      krb5_addresses *addresses,
-	      krb5_kdc_flags flags,
-	      Ticket *second_ticket,
-	      krb5_creds *in_creds,
-	      krb5_creds *krbtgt,
-	      unsigned nonce,
-	      const METHOD_DATA *padata,
-	      krb5_keyblock **subkey,
-	      TGS_REQ *t,
-	      krb5_key_usage usage)
-{
-    krb5_error_code ret = 0;
-
-    memset(t, 0, sizeof(*t));
-    t->pvno = 5;
-    t->msg_type = krb_tgs_req;
-    if (in_creds->session.keytype) {
-	ALLOC_SEQ(&t->req_body.etype, 1);
-	if(t->req_body.etype.val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	t->req_body.etype.val[0] = in_creds->session.keytype;
-    } else {
-	ret = krb5_init_etype(context, 
-			      &t->req_body.etype.len, 
-			      &t->req_body.etype.val, 
-			      NULL);
-    }
-    if (ret)
-	goto fail;
-    t->req_body.addresses = addresses;
-    t->req_body.kdc_options = flags.b;
-    ret = copy_Realm(&in_creds->server->realm, &t->req_body.realm);
-    if (ret)
-	goto fail;
-    ALLOC(t->req_body.sname, 1);
-    if (t->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    /* some versions of some code might require that the client be
-       present in TGS-REQs, but this is clearly against the spec */
-
-    ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname);
-    if (ret)
-	goto fail;
-
-    /* req_body.till should be NULL if there is no endtime specified,
-       but old MIT code (like DCE secd) doesn't like that */
-    ALLOC(t->req_body.till, 1);
-    if(t->req_body.till == NULL){
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    *t->req_body.till = in_creds->times.endtime;
-    
-    t->req_body.nonce = nonce;
-    if(second_ticket){
-	ALLOC(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ALLOC_SEQ(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets->val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); 
-	if (ret)
-	    goto fail;
-    }
-    ALLOC(t->padata, 1);
-    if (t->padata == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ALLOC_SEQ(t->padata, 1 + padata->len);
-    if (t->padata->val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    {
-	int i;
-	for (i = 0; i < padata->len; i++) {
-	    ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]);
-	    if (ret) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		goto fail;
-	    }
-	}
-    }
-
-    {
-	krb5_auth_context ac;
-	krb5_keyblock *key = NULL;
-
-	ret = krb5_auth_con_init(context, &ac);
-	if(ret)
-	    goto fail;
-
-	if (krb5_config_get_bool_default(context, NULL, FALSE,
-					 "realms",
-					 krbtgt->server->realm,
-					 "tgs_require_subkey",
-					 NULL))
-	{
-	    ret = krb5_generate_subkey (context, &krbtgt->session, &key);
-	    if (ret) {
-		krb5_auth_con_free (context, ac);
-		goto fail;
-	    }
-
-	    ret = krb5_auth_con_setlocalsubkey(context, ac, key);
-	    if (ret) {
-		if (key)
-		    krb5_free_keyblock (context, key);
-		krb5_auth_con_free (context, ac);
-		goto fail;
-	    }
-	}
-
-	ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
-			     key ? key : &krbtgt->session);
-	if (ret) {
-	    if (key)
-		krb5_free_keyblock (context, key);
-	    krb5_auth_con_free (context, ac);
-	    goto fail;
-	}
-
-	ret = make_pa_tgs_req(context,
-			      ac,
-			      &t->req_body, 
-			      &t->padata->val[0],
-			      krbtgt,
-			      usage);
-	if(ret) {
-	    if (key)
-		krb5_free_keyblock (context, key);
-	    krb5_auth_con_free(context, ac);
-	    goto fail;
-	}
-	*subkey = key;
-	
-	krb5_auth_con_free(context, ac);
-    }
-fail:
-    if (ret) {
-	t->req_body.addresses = NULL;
-	free_TGS_REQ (t);
-    }
-    return ret;
-}
-
-krb5_error_code
-_krb5_get_krbtgt(krb5_context context,
-		 krb5_ccache  id,
-		 krb5_realm realm,
-		 krb5_creds **cred)
-{
-    krb5_error_code ret;
-    krb5_creds tmp_cred;
-
-    memset(&tmp_cred, 0, sizeof(tmp_cred));
-
-    ret = krb5_cc_get_principal(context, id, &tmp_cred.client);
-    if (ret)
-	return ret;
-
-    ret = krb5_make_principal(context, 
-			      &tmp_cred.server,
-			      realm,
-			      KRB5_TGS_NAME,
-			      realm,
-			      NULL);
-    if(ret) {
-	krb5_free_principal(context, tmp_cred.client);
-	return ret;
-    }
-    ret = krb5_get_credentials(context,
-			       KRB5_GC_CACHED,
-			       id,
-			       &tmp_cred,
-			       cred);
-    krb5_free_principal(context, tmp_cred.client);
-    krb5_free_principal(context, tmp_cred.server);
-    if(ret)
-	return ret;
-    return 0;
-}
-
-/* DCE compatible decrypt proc */
-static krb5_error_code
-decrypt_tkt_with_subkey (krb5_context context,
-			 krb5_keyblock *key,
-			 krb5_key_usage usage,
-			 krb5_const_pointer subkey,
-			 krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-    
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-    if(ret && subkey){
-	/* DCE compat -- try to decrypt with subkey */
-	ret = krb5_crypto_init(context, subkey, 0, &crypto);
-	if (ret)
-	    return ret;
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
-					  &dec_rep->kdc_rep.enc_part,
-					  &data);
-	krb5_crypto_destroy(context, crypto);
-    }
-    if (ret)
-	return ret;
-    
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static krb5_error_code
-get_cred_kdc_usage(krb5_context context, 
-		   krb5_ccache id, 
-		   krb5_kdc_flags flags,
-		   krb5_addresses *addresses, 
-		   krb5_creds *in_creds,
-		   krb5_creds *krbtgt,
-		   krb5_principal impersonate_principal,
-		   Ticket *second_ticket,
-		   krb5_creds *out_creds,
-		   krb5_key_usage usage)
-{
-    TGS_REQ req;
-    krb5_data enc;
-    krb5_data resp;
-    krb5_kdc_rep rep;
-    KRB_ERROR error;
-    krb5_error_code ret;
-    unsigned nonce;
-    krb5_keyblock *subkey = NULL;
-    size_t len;
-    Ticket second_ticket_data;
-    METHOD_DATA padata;
-    
-    krb5_data_zero(&resp);
-    krb5_data_zero(&enc);
-    padata.val = NULL;
-    padata.len = 0;
-
-    krb5_generate_random_block(&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-    
-    if(flags.b.enc_tkt_in_skey && second_ticket == NULL){
-	ret = decode_Ticket(in_creds->second_ticket.data, 
-			    in_creds->second_ticket.length, 
-			    &second_ticket_data, &len);
-	if(ret)
-	    return ret;
-	second_ticket = &second_ticket_data;
-    }
-
-
-    if (impersonate_principal) {
-	krb5_crypto crypto;
-	PA_S4U2Self self;
-	krb5_data data;
-	void *buf;
-	size_t size;
-
-	self.name = impersonate_principal->name;
-	self.realm = impersonate_principal->realm;
-	self.auth = estrdup("Kerberos");
-	
-	ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
-	if (ret) {
-	    free(self.auth);
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, &krbtgt->session, 0, &crypto);
-	if (ret) {
-	    free(self.auth);
-	    krb5_data_free(&data);
-	    goto out;
-	}
-
-	ret = krb5_create_checksum(context,
-				   crypto,
-				   KRB5_KU_OTHER_CKSUM,
-				   0,
-				   data.data,
-				   data.length, 
-				   &self.cksum);
-	krb5_crypto_destroy(context, crypto);
-	krb5_data_free(&data);
-	if (ret) {
-	    free(self.auth);
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(PA_S4U2Self, buf, len, &self, &size, ret);
-	free(self.auth);
-	free_Checksum(&self.cksum);
-	if (ret)
-	    goto out;
-	if (len != size)
-	    krb5_abortx(context, "internal asn1 error");
-	
-	ret = krb5_padata_add(context, &padata, KRB5_PADATA_S4U2SELF, buf, len);
-	if (ret)
-	    goto out;
-    }
-
-    ret = init_tgs_req (context,
-			id,
-			addresses,
-			flags,
-			second_ticket,
-			in_creds,
-			krbtgt,
-			nonce,
-			&padata,
-			&subkey, 
-			&req,
-			usage);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret);
-    if (ret) 
-	goto out;
-    if(enc.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    /* don't free addresses */
-    req.req_body.addresses = NULL;
-    free_TGS_REQ(&req);
-
-    /*
-     * Send and receive
-     */
-    {
-	krb5_sendto_ctx stctx;
-	ret = krb5_sendto_ctx_alloc(context, &stctx);
-	if (ret)
-	    return ret;
-	krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
-
-	ret = krb5_sendto_context (context, stctx, &enc,
-				   krbtgt->server->name.name_string.val[1],
-				   &resp);
-	krb5_sendto_ctx_free(context, stctx);
-    }
-    if(ret)
-	goto out;
-
-    memset(&rep, 0, sizeof(rep));
-    if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){
-	ret = krb5_copy_principal(context, 
-				  in_creds->client, 
-				  &out_creds->client);
-	if(ret)
-	    goto out;
-	ret = krb5_copy_principal(context, 
-				  in_creds->server, 
-				  &out_creds->server);
-	if(ret)
-	    goto out;
-	/* this should go someplace else */
-	out_creds->times.endtime = in_creds->times.endtime;
-
-	ret = _krb5_extract_ticket(context,
-				   &rep,
-				   out_creds,
-				   &krbtgt->session,
-				   NULL,
-				   KRB5_KU_TGS_REP_ENC_PART_SESSION,
-				   &krbtgt->addresses,
-				   nonce,
-				   EXTRACT_TICKET_ALLOW_CNAME_MISMATCH|
-				   EXTRACT_TICKET_ALLOW_SERVER_MISMATCH,
-				   decrypt_tkt_with_subkey,
-				   subkey);
-	krb5_free_kdc_rep(context, &rep);
-    } else if(krb5_rd_error(context, &resp, &error) == 0) {
-	ret = krb5_error_from_rd_error(context, &error, in_creds);
-	krb5_free_error_contents(context, &error);
-    } else if(resp.data && ((char*)resp.data)[0] == 4) {
-	ret = KRB5KRB_AP_ERR_V4_REPLY;
-	krb5_clear_error_string(context);
-    } else {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string(context);
-    }
-
-out:
-    if (second_ticket == &second_ticket_data)
-	free_Ticket(&second_ticket_data);
-    free_METHOD_DATA(&padata);
-    krb5_data_free(&resp);
-    krb5_data_free(&enc);
-    if(subkey){
-	krb5_free_keyblock_contents(context, subkey);
-	free(subkey);
-    }
-    return ret;
-    
-}
-
-static krb5_error_code
-get_cred_kdc(krb5_context context, 
-	     krb5_ccache id, 
-	     krb5_kdc_flags flags,
-	     krb5_addresses *addresses, 
-	     krb5_creds *in_creds, 
-	     krb5_creds *krbtgt,
-	     krb5_principal impersonate_principal,
-	     Ticket *second_ticket,
-	     krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-
-    ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-			     krbtgt, impersonate_principal, second_ticket,
-			     out_creds, KRB5_KU_TGS_REQ_AUTH);
-    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	krb5_clear_error_string (context);
-	ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-				 krbtgt, impersonate_principal, second_ticket,
-				 out_creds, KRB5_KU_AP_REQ_AUTH);
-    }
-    return ret;
-}
-
-/* same as above, just get local addresses first */
-
-static krb5_error_code
-get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, 
-		krb5_creds *in_creds, krb5_creds *krbtgt, 
-		krb5_principal impersonate_principal, Ticket *second_ticket,
-		krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_addresses addresses, *addrs = &addresses;
-    
-    krb5_get_all_client_addrs(context, &addresses);
-    /* XXX this sucks. */
-    if(addresses.len == 0)
-	addrs = NULL;
-    ret = get_cred_kdc(context, id, flags, addrs, 
-		       in_creds, krbtgt, impersonate_principal, second_ticket,
-		       out_creds);
-    krb5_free_addresses(context, &addresses);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_cred(krb5_context context,
-		  krb5_ccache id,
-		  krb5_kdc_flags flags,
-		  krb5_addresses *addresses,
-		  Ticket  *second_ticket,
-		  krb5_creds *in_creds,
-		  krb5_creds **out_creds
-		  )
-{
-    krb5_error_code ret;
-    krb5_creds *krbtgt;
-
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = _krb5_get_krbtgt (context,
-			    id,
-			    in_creds->server->realm,
-			    &krbtgt);
-    if(ret) {
-	free(*out_creds);
-	return ret;
-    }
-    ret = get_cred_kdc(context, id, flags, addresses, 
-		       in_creds, krbtgt, NULL, NULL, *out_creds);
-    krb5_free_creds (context, krbtgt);
-    if(ret)
-	free(*out_creds);
-    return ret;
-}
-
-static void
-not_found(krb5_context context, krb5_const_principal p)
-{
-    krb5_error_code ret;
-    char *str;
-
-    ret = krb5_unparse_name(context, p, &str);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return;
-    }
-    krb5_set_error_string(context, "Matching credential (%s) not found", str);
-    free(str);
-}
-
-static krb5_error_code
-find_cred(krb5_context context,
-	  krb5_ccache id,
-	  krb5_principal server,
-	  krb5_creds **tgts,
-	  krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds mcreds;
-
-    krb5_cc_clear_mcred(&mcreds);
-    mcreds.server = server;
-    ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, 
-				&mcreds, out_creds);
-    if(ret == 0)
-	return 0;
-    while(tgts && *tgts){
-	if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, 
-			      &mcreds, *tgts)){
-	    ret = krb5_copy_creds_contents(context, *tgts, out_creds);
-	    return ret;
-	}
-	tgts++;
-    }
-    not_found(context, server);
-    return KRB5_CC_NOTFOUND;
-}
-
-static krb5_error_code
-add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_creds **tmp = *tgts;
-
-    for(i = 0; tmp && tmp[i]; i++); /* XXX */
-    tmp = realloc(tmp, (i+2)*sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *tgts = tmp;
-    ret = krb5_copy_creds(context, tkt, &tmp[i]);
-    tmp[i+1] = NULL;
-    return ret;
-}
-
-/*
-get_cred(server)
-	creds = cc_get_cred(server)
-	if(creds) return creds
-	tgt = cc_get_cred(krbtgt/server_realm@any_realm)
-	if(tgt)
-		return get_cred_tgt(server, tgt)
-	if(client_realm == server_realm)
-		return NULL
-	tgt = get_cred(krbtgt/server_realm@client_realm)
-	while(tgt_inst != server_realm)
-		tgt = get_cred(krbtgt/server_realm@tgt_inst)
-	return get_cred_tgt(server, tgt)
-	*/
-
-static krb5_error_code
-get_cred_from_kdc_flags(krb5_context context,
-			krb5_kdc_flags flags,
-			krb5_ccache ccache,
-			krb5_creds *in_creds,
-			krb5_principal impersonate_principal,
-			Ticket *second_ticket,			
-			krb5_creds **out_creds,
-			krb5_creds ***ret_tgts)
-{
-    krb5_error_code ret;
-    krb5_creds *tgt, tmp_creds;
-    krb5_const_realm client_realm, server_realm, try_realm;
-
-    *out_creds = NULL;
-
-    client_realm = krb5_principal_get_realm(context, in_creds->client);
-    server_realm = krb5_principal_get_realm(context, in_creds->server);
-    memset(&tmp_creds, 0, sizeof(tmp_creds));
-    ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
-    if(ret)
-	return ret;
-
-    try_realm = krb5_config_get_string(context, NULL, "capaths", 
-				       client_realm, server_realm, NULL);
-    
-#if 1
-    /* XXX remove in future release */
-    if(try_realm == NULL)
-	try_realm = krb5_config_get_string(context, NULL, "libdefaults", 
-					   "capath", server_realm, NULL);
-#endif
-
-    if (try_realm == NULL)
-	try_realm = client_realm;
-
-    ret = krb5_make_principal(context,
-			      &tmp_creds.server,
-			      try_realm,
-			      KRB5_TGS_NAME,
-			      server_realm, 
-			      NULL);
-    if(ret){
-	krb5_free_principal(context, tmp_creds.client);
-	return ret;
-    }
-    {
-	krb5_creds tgts;
-	/* XXX try krb5_cc_retrieve_cred first? */
-	ret = find_cred(context, ccache, tmp_creds.server, 
-			*ret_tgts, &tgts);
-	if(ret == 0){
-	    *out_creds = calloc(1, sizeof(**out_creds));
-	    if(*out_creds == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-	    } else {
-		krb5_boolean noaddr;
-
-		krb5_appdefault_boolean(context, NULL, tgts.server->realm,
-					"no-addresses", FALSE, &noaddr);
-
-		if (noaddr)
-		    ret = get_cred_kdc(context, ccache, flags, NULL,
-				       in_creds, &tgts,
-				       impersonate_principal, 
-				       second_ticket,
-				       *out_creds);
-		else
-		    ret = get_cred_kdc_la(context, ccache, flags, 
-					  in_creds, &tgts, 
-					  impersonate_principal, 
-					  second_ticket,
-					  *out_creds);
-		if (ret) {
-		    free (*out_creds);
-		    *out_creds = NULL;
-		}
-	    }
-	    krb5_free_cred_contents(context, &tgts);
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-    if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
-	not_found(context, in_creds->server);
-	return KRB5_CC_NOTFOUND;
-    }
-    /* XXX this can loop forever */
-    while(1){
-	heim_general_string tgt_inst;
-
-	ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, 
-				      NULL, NULL, &tgt, ret_tgts);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = add_cred(context, ret_tgts, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	tgt_inst = tgt->server->name.name_string.val[1];
-	if(strcmp(tgt_inst, server_realm) == 0)
-	    break;
-	krb5_free_principal(context, tmp_creds.server);
-	ret = krb5_make_principal(context, &tmp_creds.server, 
-				  tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = krb5_free_creds(context, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-	
-    krb5_free_principal(context, tmp_creds.server);
-    krb5_free_principal(context, tmp_creds.client);
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-    } else {
-	krb5_boolean noaddr;
-
-	krb5_appdefault_boolean(context, NULL, tgt->server->realm,
-				"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
-				&noaddr);
-	if (noaddr)
-	    ret = get_cred_kdc (context, ccache, flags, NULL,
-				in_creds, tgt, NULL, NULL,
-				*out_creds);
-	else
-	    ret = get_cred_kdc_la(context, ccache, flags, 
-				  in_creds, tgt, NULL, NULL,
-				  *out_creds);
-	if (ret) {
-	    free (*out_creds);
-	    *out_creds = NULL;
-	}
-    }
-    krb5_free_creds(context, tgt);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc_opt(krb5_context context,
-			   krb5_ccache ccache,
-			   krb5_creds *in_creds,
-			   krb5_creds **out_creds,
-			   krb5_creds ***ret_tgts,
-			   krb5_flags flags)
-{
-    krb5_kdc_flags f;
-    f.i = flags;
-    return get_cred_from_kdc_flags(context, f, ccache, 
-				   in_creds, NULL, NULL,
-				   out_creds, ret_tgts);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc(krb5_context context,
-		       krb5_ccache ccache,
-		       krb5_creds *in_creds,
-		       krb5_creds **out_creds,
-		       krb5_creds ***ret_tgts)
-{
-    return krb5_get_cred_from_kdc_opt(context, ccache, 
-				      in_creds, out_creds, ret_tgts, 0);
-}
-     
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials_with_flags(krb5_context context,
-				krb5_flags options,
-				krb5_kdc_flags flags,
-				krb5_ccache ccache,
-				krb5_creds *in_creds,
-				krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds **tgts;
-    krb5_creds *res_creds;
-    int i;
-    
-    *out_creds = NULL;
-    res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (in_creds->session.keytype)
-	options |= KRB5_TC_MATCH_KEYTYPE;
-
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it.
-     */
-    ret = krb5_cc_retrieve_cred(context,
-                                ccache,
-                                in_creds->session.keytype ?
-                                KRB5_TC_MATCH_KEYTYPE : 0,
-                                in_creds, res_creds);
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
-     */
-    if (ret == 0) {
-	krb5_timestamp timeret;
-
-	/* If expired ok, don't bother checking */
-        if(options & KRB5_GC_EXPIRED_OK) {
-            *out_creds = res_creds;
-            return 0;
-        }
-	    
-	krb5_timeofday(context, &timeret);
-	if(res_creds->times.endtime > timeret) {
-	    *out_creds = res_creds;
-	    return 0;
-	}
-	if(options & KRB5_GC_CACHED)
-	    krb5_cc_remove_cred(context, ccache, 0, res_creds);
-
-    } else if(ret != KRB5_CC_END) {
-        free(res_creds);
-        return ret;
-    }
-    free(res_creds);
-    if(options & KRB5_GC_CACHED) {
-	not_found(context, in_creds->server);
-        return KRB5_CC_NOTFOUND;
-    }
-    if(options & KRB5_GC_USER_USER)
-	flags.b.enc_tkt_in_skey = 1;
-    if (flags.b.enc_tkt_in_skey)
-	options |= KRB5_GC_NO_STORE;
-
-    tgts = NULL;
-    ret = get_cred_from_kdc_flags(context, flags, ccache, 
-				  in_creds, NULL, NULL, out_creds, &tgts);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
-	krb5_free_creds(context, tgts[i]);
-    }
-    free(tgts);
-    if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
-	krb5_cc_store_cred(context, ccache, *out_creds);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials(krb5_context context,
-		     krb5_flags options,
-		     krb5_ccache ccache,
-		     krb5_creds *in_creds,
-		     krb5_creds **out_creds)
-{
-    krb5_kdc_flags flags;
-    flags.i = 0;
-    return krb5_get_credentials_with_flags(context, options, flags,
-					   ccache, in_creds, out_creds);
-}
-
-struct krb5_get_creds_opt_data {
-    krb5_principal self;
-    krb5_flags options;
-    krb5_enctype enctype;
-    Ticket *ticket;
-};
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
-{
-    *opt = calloc(1, sizeof(**opt));
-    if (*opt == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
-{
-    if (opt->self)
-	krb5_free_principal(context, opt->self);
-    memset(opt, 0, sizeof(*opt));
-    free(opt);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_options(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_flags options)
-{
-    opt->options = options;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_add_options(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_flags options)
-{
-    opt->options |= options;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_enctype(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_enctype enctype)
-{
-    opt->enctype = enctype;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_impersonate(krb5_context context,
-				   krb5_get_creds_opt opt,
-				   krb5_const_principal self)
-{
-    if (opt->self)
-	krb5_free_principal(context, opt->self);
-    return krb5_copy_principal(context, self, &opt->self);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_ticket(krb5_context context,
-			      krb5_get_creds_opt opt,
-			      const Ticket *ticket)
-{
-    if (opt->ticket) {
-	free_Ticket(opt->ticket);
-	free(opt->ticket);
-	opt->ticket = NULL;
-    }
-    if (ticket) {
-	krb5_error_code ret;
-
-	opt->ticket = malloc(sizeof(*ticket));
-	if (opt->ticket == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = copy_Ticket(ticket, opt->ticket);
-	if (ret) {
-	    free(opt->ticket);
-	    opt->ticket = NULL;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds(krb5_context context,
-	       krb5_get_creds_opt opt,
-	       krb5_ccache ccache,
-	       krb5_const_principal inprinc,
-	       krb5_creds **out_creds)
-{
-    krb5_kdc_flags flags;
-    krb5_flags options;
-    krb5_creds in_creds;
-    krb5_error_code ret;
-    krb5_creds **tgts;
-    krb5_creds *res_creds;
-    int i;
-    
-    memset(&in_creds, 0, sizeof(in_creds));
-    in_creds.server = rk_UNCONST(inprinc);
-
-    ret = krb5_cc_get_principal(context, ccache, &in_creds.client);
-    if (ret)
-	return ret;
-
-    options = opt->options;
-    flags.i = 0;
-
-    *out_creds = NULL;
-    res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL) {
-	krb5_free_principal(context, in_creds.client);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (opt->enctype) {
-	in_creds.session.keytype = opt->enctype;
-	options |= KRB5_TC_MATCH_KEYTYPE;
-    }
-
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it.
-     */
-    ret = krb5_cc_retrieve_cred(context,
-                                ccache,
-				opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0,
-                                &in_creds, res_creds);
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
-     */
-    if (ret == 0) {
-	krb5_timestamp timeret;
-
-	/* If expired ok, don't bother checking */
-        if(options & KRB5_GC_EXPIRED_OK) {
-            *out_creds = res_creds;
-	    krb5_free_principal(context, in_creds.client);
-            return 0;
-        }
-	    
-	krb5_timeofday(context, &timeret);
-	if(res_creds->times.endtime > timeret) {
-	    *out_creds = res_creds;
-	    krb5_free_principal(context, in_creds.client);
-	    return 0;
-	}
-	if(options & KRB5_GC_CACHED)
-	    krb5_cc_remove_cred(context, ccache, 0, res_creds);
-
-    } else if(ret != KRB5_CC_END) {
-        free(res_creds);
-	krb5_free_principal(context, in_creds.client);
-        return ret;
-    }
-    free(res_creds);
-    if(options & KRB5_GC_CACHED) {
-	not_found(context, in_creds.server);
-	krb5_free_principal(context, in_creds.client);
-        return KRB5_CC_NOTFOUND;
-    }
-    if(options & KRB5_GC_USER_USER) {
-	flags.b.enc_tkt_in_skey = 1;
-	options |= KRB5_GC_NO_STORE;
-    }
-    if (options & KRB5_GC_FORWARDABLE)
-	flags.b.forwardable = 1;
-    if (options & KRB5_GC_NO_TRANSIT_CHECK)
-	flags.b.disable_transited_check = 1;
-    if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
-	flags.b.request_anonymous = 1; /* XXX ARGH confusion */
-	flags.b.constrained_delegation = 1;
-    }
-
-    tgts = NULL;
-    ret = get_cred_from_kdc_flags(context, flags, ccache, 
-				  &in_creds, opt->self, opt->ticket,
-				  out_creds, &tgts);
-    krb5_free_principal(context, in_creds.client);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
-	krb5_free_creds(context, tgts[i]);
-    }
-    free(tgts);
-    if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
-	krb5_cc_store_cred(context, ccache, *out_creds);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_renewed_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_const_principal client,
-		       krb5_ccache ccache,
-		       const char *in_tkt_service)
-{
-    krb5_error_code ret;
-    krb5_kdc_flags flags;
-    krb5_creds in, *template, *out = NULL;
-
-    memset(&in, 0, sizeof(in));
-    memset(creds, 0, sizeof(*creds));
-
-    ret = krb5_copy_principal(context, client, &in.client);
-    if (ret)
-	return ret;
-
-    if (in_tkt_service) {
-	ret = krb5_parse_name(context, in_tkt_service, &in.server);
-	if (ret) {
-	    krb5_free_principal(context, in.client);
-	    return ret;
-	}
-    } else {
-	const char *realm = krb5_principal_get_realm(context, client);
-	
-	ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
-				  realm, NULL);
-	if (ret) {
-	    krb5_free_principal(context, in.client);
-	    return ret;
-	}
-    }
-
-    flags.i = 0;
-    flags.b.renewable = flags.b.renew = 1;
-
-    /*
-     * Get template from old credential cache for the same entry, if
-     * this failes, no worries.
-     */
-    ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template);
-    if (ret == 0) {
-	flags.b.forwardable = template->flags.b.forwardable;
-	flags.b.proxiable = template->flags.b.proxiable;
-	krb5_free_creds (context, template);
-    }
-
-    ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
-    krb5_free_principal(context, in.client);
-    krb5_free_principal(context, in.server);
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_creds_contents(context, out, creds);
-    krb5_free_creds(context, out);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c
deleted file mode 100644
index 83fb2b0..0000000
--- a/crypto/heimdal/lib/krb5/get_default_principal.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_principal.c 14870 2005-04-20 20:53:29Z lha $");
-
-/*
- * Try to find out what's a reasonable default principal.
- */
-
-static const char*
-get_env_user(void)
-{
-    const char *user = getenv("USER");
-    if(user == NULL)
-	user = getenv("LOGNAME");
-    if(user == NULL)
-	user = getenv("USERNAME");
-    return user;
-}
-
-/*
- * Will only use operating-system dependant operation to get the
- * default principal, for use of functions that in ccache layer to
- * avoid recursive calls.
- */
-
-krb5_error_code
-_krb5_get_default_principal_local (krb5_context context, 
-				   krb5_principal *princ)
-{
-    krb5_error_code ret;
-    const char *user;
-    uid_t uid;
-
-    *princ = NULL;
-
-    uid = getuid();    
-    if(uid == 0) {
-	user = getlogin();
-	if(user == NULL)
-	    user = get_env_user();
-	if(user != NULL && strcmp(user, "root") != 0)
-	    ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
-	else
-	    ret = krb5_make_principal(context, princ, NULL, "root", NULL);
-    } else {
-	struct passwd *pw = getpwuid(uid);	
-	if(pw != NULL)
-	    user = pw->pw_name;
-	else {
-	    user = get_env_user();
-	    if(user == NULL)
-		user = getlogin();
-	}
-	if(user == NULL) {
-	    krb5_set_error_string(context,
-				  "unable to figure out current principal");
-	    return ENOTTY; /* XXX */
-	}
-	ret = krb5_make_principal(context, princ, NULL, user, NULL);
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_principal (krb5_context context,
-			    krb5_principal *princ)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-
-    *princ = NULL;
-
-    ret = krb5_cc_default (context, &id);
-    if (ret == 0) {
-	ret = krb5_cc_get_principal (context, id, princ);
-	krb5_cc_close (context, id);
-	if (ret == 0)
-	    return 0;
-    }
-
-    return _krb5_get_default_principal_local(context, princ);
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c
deleted file mode 100644
index 09c8577..0000000
--- a/crypto/heimdal/lib/krb5/get_default_realm.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Return a NULL-terminated list of default realms in `realms'.
- * Free this memory with krb5_free_host_realm.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realms (krb5_context context,
-			 krb5_realm **realms)
-{
-    if (context->default_realms == NULL) {
-	krb5_error_code ret = krb5_set_default_realm (context, NULL);
-	if (ret)
-	    return KRB5_CONFIG_NODEFREALM;
-    }
-
-    return krb5_copy_host_realm (context,
-				 context->default_realms,
-				 realms);
-}
-
-/*
- * Return the first default realm.  For compatibility.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realm(krb5_context context,
-		       krb5_realm *realm)
-{
-    krb5_error_code ret;
-    char *res;
-
-    if (context->default_realms == NULL
-	|| context->default_realms[0] == NULL) {
-	krb5_clear_error_string(context);
-	ret = krb5_set_default_realm (context, NULL);
-	if (ret)
-	    return ret;
-    }
-
-    res = strdup (context->default_realms[0]);
-    if (res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realm = res;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c
deleted file mode 100644
index cb8b7c8..0000000
--- a/crypto/heimdal/lib/krb5/get_for_creds.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_for_creds.c 22504 2008-01-21 15:49:58Z lha $");
-
-static krb5_error_code
-add_addrs(krb5_context context,
-	  krb5_addresses *addr,
-	  struct addrinfo *ai)
-{
-    krb5_error_code ret;
-    unsigned n, i;
-    void *tmp;
-    struct addrinfo *a;
-
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
-    if (tmp == NULL && (addr->len + n) != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto fail;
-    }
-    addr->val = tmp;
-    for (i = addr->len; i < (addr->len + n); ++i) {
-	addr->val[i].addr_type = 0;
-	krb5_data_zero(&addr->val[i].address);
-    }
-    i = addr->len;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	krb5_address ad;
-
-	ret = krb5_sockaddr2address (context, a->ai_addr, &ad);
-	if (ret == 0) {
-	    if (krb5_address_search(context, &ad, addr))
-		krb5_free_address(context, &ad);
-	    else
-		addr->val[i++] = ad;
-	}
-	else if (ret == KRB5_PROG_ATYPE_NOSUPP)
-	    krb5_clear_error_string (context);
-	else
-	    goto fail;
-	addr->len = i;
-    }
-    return 0;
-fail:
-    krb5_free_addresses (context, addr);
-    return ret;
-}
-
-/**
- * Forward credentials for client to host hostname , making them
- * forwardable if forwardable, and returning the blob of data to sent
- * in out_data.  If hostname == NULL, pick it from server.
- *
- * @param context A kerberos 5 context.
- * @param auth_context the auth context with the key to encrypt the out_data.
- * @param hostname the host to forward the tickets too.
- * @param client the client to delegate from.
- * @param server the server to delegate the credential too.
- * @param ccache credential cache to use.
- * @param forwardable make the forwarded ticket forwabledable.
- * @param out_data the resulting credential.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_credential
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_fwd_tgt_creds (krb5_context	context,
-		    krb5_auth_context	auth_context,
-		    const char		*hostname,
-		    krb5_principal	client,
-		    krb5_principal	server,
-		    krb5_ccache		ccache,
-		    int			forwardable,
-		    krb5_data		*out_data)
-{
-    krb5_flags flags = 0;
-    krb5_creds creds;
-    krb5_error_code ret;
-    krb5_const_realm client_realm;
-
-    flags |= KDC_OPT_FORWARDED;
-
-    if (forwardable)
-	flags |= KDC_OPT_FORWARDABLE;
-
-    if (hostname == NULL &&
-	krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) {
-	const char *inst = krb5_principal_get_comp_string(context, server, 0);
-	const char *host = krb5_principal_get_comp_string(context, server, 1);
-
-	if (inst != NULL &&
-	    strcmp(inst, "host") == 0 &&
-	    host != NULL && 
-	    krb5_principal_get_comp_string(context, server, 2) == NULL)
-	    hostname = host;
-    }
-
-    client_realm = krb5_principal_get_realm(context, client);
-    
-    memset (&creds, 0, sizeof(creds));
-    creds.client = client;
-
-    ret = krb5_build_principal(context,
-			       &creds.server,
-			       strlen(client_realm),
-			       client_realm,
-			       KRB5_TGS_NAME,
-			       client_realm,
-			       NULL);
-    if (ret)
-	return ret;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags,
-				    hostname,
-				    &creds,
-				    out_data);
-    return ret;
-}
-
-/**
- * Gets tickets forwarded to hostname. If the tickets that are
- * forwarded are address-less, the forwarded tickets will also be
- * address-less.
- * 
- * If the ticket have any address, hostname will be used for figure
- * out the address to forward the ticket too. This since this might
- * use DNS, its insecure and also doesn't represent configured all
- * addresses of the host. For example, the host might have two
- * adresses, one IPv4 and one IPv6 address where the later is not
- * published in DNS. This IPv6 address might be used communications
- * and thus the resulting ticket useless.
- *
- * @param context A kerberos 5 context.
- * @param auth_context the auth context with the key to encrypt the out_data.
- * @param ccache credential cache to use
- * @param flags the flags to control the resulting ticket flags
- * @param hostname the host to forward the tickets too.
- * @param in_creds the in client and server ticket names.  The client
- * and server components forwarded to the remote host.
- * @param out_data the resulting credential.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_credential
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_forwarded_creds (krb5_context	    context,
-			  krb5_auth_context auth_context,
-			  krb5_ccache       ccache,
-			  krb5_flags        flags,
-			  const char        *hostname,
-			  krb5_creds        *in_creds,
-			  krb5_data         *out_data)
-{
-    krb5_error_code ret;
-    krb5_creds *out_creds;
-    krb5_addresses addrs, *paddrs;
-    KRB_CRED cred;
-    KrbCredInfo *krb_cred_info;
-    EncKrbCredPart enc_krb_cred_part;
-    size_t len;
-    unsigned char *buf;
-    size_t buf_size;
-    krb5_kdc_flags kdc_flags;
-    krb5_crypto crypto;
-    struct addrinfo *ai;
-    int save_errno;
-    krb5_creds *ticket;
-
-    paddrs = NULL;
-    addrs.len = 0;
-    addrs.val = NULL;
-
-    ret = krb5_get_credentials(context, 0, ccache, in_creds, &ticket);
-    if(ret == 0) {
-	if (ticket->addresses.len)
-	    paddrs = &addrs;
-	krb5_free_creds (context, ticket);
-    } else {
-	krb5_boolean noaddr;
-	krb5_appdefault_boolean(context, NULL,
-				krb5_principal_get_realm(context, 
-							 in_creds->client),
-				"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
-				&noaddr);
-	if (!noaddr)
-	    paddrs = &addrs;
-    }
-	
-    /*
-     * If tickets have addresses, get the address of the remote host.
-     */
-
-    if (paddrs != NULL) {
-
-	ret = getaddrinfo (hostname, NULL, NULL, &ai);
-	if (ret) {
-	    save_errno = errno;
-	    krb5_set_error_string(context, "resolving %s: %s",
-				  hostname, gai_strerror(ret));
-	    return krb5_eai_to_heim_errno(ret, save_errno);
-	}
-	
-	ret = add_addrs (context, &addrs, ai);
-	freeaddrinfo (ai);
-	if (ret)
-	    return ret;
-    }
-    
-    kdc_flags.b = int2KDCOptions(flags);
-
-    ret = krb5_get_kdc_cred (context,
-			     ccache,
-			     kdc_flags,
-			     paddrs,
-			     NULL,
-			     in_creds,
-			     &out_creds);
-    krb5_free_addresses (context, &addrs);
-    if (ret)
-	return ret;
-
-    memset (&cred, 0, sizeof(cred));
-    cred.pvno = 5;
-    cred.msg_type = krb_cred;
-    ALLOC_SEQ(&cred.tickets, 1);
-    if (cred.tickets.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out2;
-    }
-    ret = decode_Ticket(out_creds->ticket.data,
-			out_creds->ticket.length,
-			cred.tickets.val, &len);
-    if (ret)
-	goto out3;
-
-    memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
-    ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
-    if (enc_krb_cred_part.ticket_info.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out4;
-    }
-    
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-	int32_t usec;
-	
-	krb5_us_timeofday (context, &sec, &usec);
-	
-	ALLOC(enc_krb_cred_part.timestamp, 1);
-	if (enc_krb_cred_part.timestamp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto out4;
-	}
-	*enc_krb_cred_part.timestamp = sec;
-	ALLOC(enc_krb_cred_part.usec, 1);
-	if (enc_krb_cred_part.usec == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto out4;
-	}
-	*enc_krb_cred_part.usec      = usec;
-    } else {
-	enc_krb_cred_part.timestamp = NULL;
-	enc_krb_cred_part.usec = NULL;
-    }
-
-    if (auth_context->local_address && auth_context->local_port && paddrs) {
-
-	ret = krb5_make_addrport (context,
-				  &enc_krb_cred_part.s_address,
-				  auth_context->local_address,
-				  auth_context->local_port);
-	if (ret)
-	    goto out4;
-    }
-
-    if (auth_context->remote_address) {
-	if (auth_context->remote_port) {
-	    krb5_boolean noaddr;
-	    krb5_const_realm srealm;
-
-	    srealm = krb5_principal_get_realm(context, out_creds->server);
-	    /* Is this correct, and should we use the paddrs == NULL
-               trick here as well? Having an address-less ticket may
-               indicate that we don't know our own global address, but
-               it does not necessary mean that we don't know the
-               server's. */
-	    krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
-				    FALSE, &noaddr);
-	    if (!noaddr) {
-		ret = krb5_make_addrport (context,
-					  &enc_krb_cred_part.r_address,
-					  auth_context->remote_address,
-					  auth_context->remote_port);
-		if (ret)
-		    goto out4;
-	    }
-	} else {
-	    ALLOC(enc_krb_cred_part.r_address, 1);
-	    if (enc_krb_cred_part.r_address == NULL) {
-		ret = ENOMEM;
-		krb5_set_error_string(context, "malloc: out of memory");
-		goto out4;
-	    }
-
-	    ret = krb5_copy_address (context, auth_context->remote_address,
-				     enc_krb_cred_part.r_address);
-	    if (ret)
-		goto out4;
-	}
-    }
-
-    /* fill ticket_info.val[0] */
-
-    enc_krb_cred_part.ticket_info.len = 1;
-
-    krb_cred_info = enc_krb_cred_part.ticket_info.val;
-
-    copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
-    ALLOC(krb_cred_info->prealm, 1);
-    copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
-    ALLOC(krb_cred_info->pname, 1);
-    copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
-    ALLOC(krb_cred_info->flags, 1);
-    *krb_cred_info->flags          = out_creds->flags.b;
-    ALLOC(krb_cred_info->authtime, 1);
-    *krb_cred_info->authtime       = out_creds->times.authtime;
-    ALLOC(krb_cred_info->starttime, 1);
-    *krb_cred_info->starttime      = out_creds->times.starttime;
-    ALLOC(krb_cred_info->endtime, 1);
-    *krb_cred_info->endtime        = out_creds->times.endtime;
-    ALLOC(krb_cred_info->renew_till, 1);
-    *krb_cred_info->renew_till = out_creds->times.renew_till;
-    ALLOC(krb_cred_info->srealm, 1);
-    copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
-    ALLOC(krb_cred_info->sname, 1);
-    copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
-    ALLOC(krb_cred_info->caddr, 1);
-    copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
-
-    krb5_free_creds (context, out_creds);
-
-    /* encode EncKrbCredPart */
-
-    ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, 
-		       &enc_krb_cred_part, &len, ret);
-    free_EncKrbCredPart (&enc_krb_cred_part);
-    if (ret) {
-	free_KRB_CRED(&cred);
-	return ret;
-    }
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    /**
-     * Some older of the MIT gssapi library used clear-text tickets
-     * (warped inside AP-REQ encryption), use the krb5_auth_context
-     * flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those
-     * tickets. The session key is used otherwise to encrypt the
-     * forwarded ticket.
-     */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) {
-	cred.enc_part.etype = ENCTYPE_NULL;
-	cred.enc_part.kvno = NULL;
-	cred.enc_part.cipher.data = buf;
-	cred.enc_part.cipher.length = buf_size;
-    } else {
-	/* 
-	 * Here older versions then 0.7.2 of Heimdal used the local or
-	 * remote subkey. That is wrong, the session key should be
-	 * used. Heimdal 0.7.2 and newer have code to try both in the
-	 * receiving end.
-	 */
-	
-	ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
-	if (ret) {
-	    free(buf);
-	    free_KRB_CRED(&cred);
-	    return ret;
-	}
-	ret = krb5_encrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_KRB_CRED,
-					  buf,
-					  len,
-					  0,
-					  &cred.enc_part);
-	free(buf);
-	krb5_crypto_destroy(context, crypto);
-	if (ret) {
-	    free_KRB_CRED(&cred);
-	    return ret;
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
-    free_KRB_CRED (&cred);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    out_data->length = len;
-    out_data->data   = buf;
-    return 0;
- out4:
-    free_EncKrbCredPart(&enc_krb_cred_part);
- out3:
-    free_KRB_CRED(&cred);
- out2:
-    krb5_free_creds (context, out_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c
deleted file mode 100644
index d709e4b..0000000
--- a/crypto/heimdal/lib/krb5/get_host_realm.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-
-RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $");
-
-/* To automagically find the correct realm of a host (without
- * [domain_realm] in krb5.conf) add a text record for your domain with
- * the name of your realm, like this:
- *
- * _kerberos	IN	TXT	"FOO.SE"
- *
- * The search is recursive, so you can add entries for specific
- * hosts. To find the realm of host a.b.c, it first tries
- * _kerberos.a.b.c, then _kerberos.b.c and so on.
- *
- * This method is described in draft-ietf-cat-krb-dns-locate-03.txt.
- *
- */
-
-static int
-copy_txt_to_realms (struct resource_record *head,
-		    krb5_realm **realms)
-{
-    struct resource_record *rr;
-    int n, i;
-
-    for(n = 0, rr = head; rr; rr = rr->next)
-	if (rr->type == T_TXT)
-	    ++n;
-
-    if (n == 0)
-	return -1;
-
-    *realms = malloc ((n + 1) * sizeof(krb5_realm));
-    if (*realms == NULL)
-	return -1;
-
-    for (i = 0; i < n + 1; ++i)
-	(*realms)[i] = NULL;
-
-    for (i = 0, rr = head; rr; rr = rr->next) {
-	if (rr->type == T_TXT) {
-	    char *tmp;
-
-	    tmp = strdup(rr->u.txt);
-	    if (tmp == NULL) {
-		for (i = 0; i < n; ++i)
-		    free ((*realms)[i]);
-		free (*realms);
-		return -1;
-	    }
-	    (*realms)[i] = tmp;
-	    ++i;
-	}
-    }
-    return 0;
-}
-
-static int
-dns_find_realm(krb5_context context,
-	       const char *domain,
-	       krb5_realm **realms)
-{
-    static const char *default_labels[] = { "_kerberos", NULL };
-    char dom[MAXHOSTNAMELEN];
-    struct dns_reply *r;
-    const char **labels;
-    char **config_labels;
-    int i, ret;
-    
-    config_labels = krb5_config_get_strings(context, NULL, "libdefaults",
-					    "dns_lookup_realm_labels", NULL);
-    if(config_labels != NULL)
-	labels = (const char **)config_labels;
-    else
-	labels = default_labels;
-    if(*domain == '.')
-	domain++;
-    for (i = 0; labels[i] != NULL; i++) {
-	ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
-	if(ret < 0 || ret >= sizeof(dom)) {
-	    if (config_labels)
-		krb5_config_free_strings(config_labels);
-	    return -1;
-	}
-    	r = dns_lookup(dom, "TXT");
-    	if(r != NULL) {
-	    ret = copy_txt_to_realms (r->head, realms);
-	    dns_free_data(r);
-	    if(ret == 0) {
-		if (config_labels)
-		    krb5_config_free_strings(config_labels);
-		return 0;
-	    }
-	}
-    }
-    if (config_labels)
-	krb5_config_free_strings(config_labels);
-    return -1;
-}
-
-/*
- * Try to figure out what realms host in `domain' belong to from the
- * configuration file.
- */
-
-static int
-config_find_realm(krb5_context context, 
-		  const char *domain, 
-		  krb5_realm **realms)
-{
-    char **tmp = krb5_config_get_strings (context, NULL,
-					  "domain_realm",
-					  domain,
-					  NULL);
-
-    if (tmp == NULL)
-	return -1;
-    *realms = tmp;
-    return 0;
-}
-
-/*
- * This function assumes that `host' is a FQDN (and doesn't handle the
- * special case of host == NULL either).
- * Try to find mapping in the config file or DNS and it that fails,
- * fall back to guessing
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_get_host_realm_int (krb5_context context,
-			  const char *host,
-			  krb5_boolean use_dns,
-			  krb5_realm **realms)
-{
-    const char *p, *q;
-    krb5_boolean dns_locate_enable;
-
-    dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
-	"libdefaults", "dns_lookup_realm", NULL);
-    for (p = host; p != NULL; p = strchr (p + 1, '.')) {
-	if(config_find_realm(context, p, realms) == 0) {
-	    if(strcasecmp(*realms[0], "dns_locate") == 0) {
-		if(use_dns)
-		    for (q = host; q != NULL; q = strchr(q + 1, '.'))
-			if(dns_find_realm(context, q, realms) == 0)
-			    return 0;
-		continue; 
-	    } else 
-	    	return 0;
-	}
-	else if(use_dns && dns_locate_enable) {
-	    if(dns_find_realm(context, p, realms) == 0)
-		return 0;
-	}
-    }
-    p = strchr(host, '.');
-    if(p != NULL) {
-	p++;
-	*realms = malloc(2 * sizeof(krb5_realm));
-	if (*realms == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-
-	(*realms)[0] = strdup(p);
-	if((*realms)[0] == NULL) {
-	    free(*realms);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	strupr((*realms)[0]);
-	(*realms)[1] = NULL;
-	return 0;
-    }
-    krb5_set_error_string(context, "unable to find realm of host %s", host);
-    return KRB5_ERR_HOST_REALM_UNKNOWN;
-}
-
-/*
- * Return the realm(s) of `host' as a NULL-terminated list in
- * `realms'. Free `realms' with krb5_free_host_realm().
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_host_realm(krb5_context context,
-		    const char *targethost,
-		    krb5_realm **realms)
-{
-    const char *host = targethost;
-    char hostname[MAXHOSTNAMELEN];
-    krb5_error_code ret;
-    int use_dns;
-
-    if (host == NULL) {
-	if (gethostname (hostname, sizeof(hostname))) {
-	    *realms = NULL;
-	    return errno;
-	}
-	host = hostname;
-    }
-
-    /* 
-     * If our local hostname is without components, don't even try to dns.
-     */
-
-    use_dns = (strchr(host, '.') != NULL);
-
-    ret = _krb5_get_host_realm_int (context, host, use_dns, realms);
-    if (ret && targethost != NULL) {
-	/*
-	 * If there was no realm mapping for the host (and we wasn't
-	 * looking for ourself), guess at the local realm, maybe our
-	 * KDC knows better then we do and we get a referral back.
-	 */
-	ret = krb5_get_default_realms(context, realms);
-	if (ret) {
-	    krb5_set_error_string(context, "Unable to find realm of host %s",
-				  host);
-	    return KRB5_ERR_HOST_REALM_UNKNOWN;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c
deleted file mode 100644
index ffd4ca2..0000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt.c
+++ /dev/null
@@ -1,834 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt.c 20226 2007-02-16 03:31:50Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_etype (krb5_context context,
-		 unsigned *len,
-		 krb5_enctype **val,
-		 const krb5_enctype *etypes)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_enctype *tmp = NULL;
-
-    ret = 0;
-    if (etypes == NULL) {
-	ret = krb5_get_default_in_tkt_etypes(context,
-					     &tmp);
-	if (ret)
-	    return ret;
-	etypes = tmp;
-    }
-
-    for (i = 0; etypes[i]; ++i)
-	;
-    *len = i;
-    *val = malloc(i * sizeof(**val));
-    if (i != 0 && *val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto cleanup;
-    }
-    memmove (*val,
-	     etypes,
-	     i * sizeof(*tmp));
-cleanup:
-    if (tmp != NULL)
-	free (tmp);
-    return ret;
-}
-
-
-static krb5_error_code
-decrypt_tkt (krb5_context context,
-	     krb5_keyblock *key,
-	     krb5_key_usage usage,
-	     krb5_const_pointer decrypt_arg,
-	     krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    if (ret)
-	return ret;
-    return 0;
-}
-
-int
-_krb5_extract_ticket(krb5_context context, 
-		     krb5_kdc_rep *rep, 
-		     krb5_creds *creds,		
-		     krb5_keyblock *key,
-		     krb5_const_pointer keyseed,
-		     krb5_key_usage key_usage,
-		     krb5_addresses *addrs,
-		     unsigned nonce,
-		     unsigned flags,
-		     krb5_decrypt_proc decrypt_proc,
-		     krb5_const_pointer decryptarg)
-{
-    krb5_error_code ret;
-    krb5_principal tmp_principal;
-    int tmp;
-    size_t len;
-    time_t tmp_time;
-    krb5_timestamp sec_now;
-
-    ret = _krb5_principalname2krb5_principal (context,
-					      &tmp_principal,
-					      rep->kdc_rep.cname,
-					      rep->kdc_rep.crealm);
-    if (ret)
-	goto out;
-
-    /* compare client */
-
-    if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){
-	tmp = krb5_principal_compare (context, tmp_principal, creds->client);
-	if (!tmp) {
-	    krb5_free_principal (context, tmp_principal);
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    goto out;
-	}
-    }
-
-    krb5_free_principal (context, creds->client);
-    creds->client = tmp_principal;
-
-    /* extract ticket */
-    ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-		       &rep->kdc_rep.ticket, &len, ret);
-    if(ret)
-	goto out;
-    if (creds->ticket.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    creds->second_ticket.length = 0;
-    creds->second_ticket.data   = NULL;
-
-    /* compare server */
-
-    ret = _krb5_principalname2krb5_principal (context,
-					      &tmp_principal,
-					      rep->kdc_rep.ticket.sname,
-					      rep->kdc_rep.ticket.realm);
-    if (ret)
-	goto out;
-    if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){
-	krb5_free_principal(context, creds->server);
-	creds->server = tmp_principal;
-	tmp_principal = NULL;
-    } else {
-	tmp = krb5_principal_compare (context, tmp_principal,
-				      creds->server);
-	krb5_free_principal (context, tmp_principal);
-	if (!tmp) {
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-    
-    /* decrypt */
-
-    if (decrypt_proc == NULL)
-	decrypt_proc = decrypt_tkt;
-    
-    ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
-    if (ret)
-	goto out;
-
-    /* verify names */
-    if(flags & EXTRACT_TICKET_MATCH_REALM){
-	const char *srealm = krb5_principal_get_realm(context, creds->server);
-	const char *crealm = krb5_principal_get_realm(context, creds->client);
-
-	if (strcmp(rep->enc_part.srealm, srealm) != 0 ||
-	    strcmp(rep->enc_part.srealm, crealm) != 0)
-	{
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-    }
-
-    /* compare nonces */
-
-    if (nonce != rep->enc_part.nonce) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out;
-    }
-
-    /* set kdc-offset */
-
-    krb5_timeofday (context, &sec_now);
-    if (rep->enc_part.flags.initial
-	&& context->kdc_sec_offset == 0
-	&& krb5_config_get_bool (context, NULL,
-				 "libdefaults",
-				 "kdc_timesync",
-				 NULL)) {
-	context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
-	krb5_timeofday (context, &sec_now);
-    }
-
-    /* check all times */
-
-    if (rep->enc_part.starttime) {
-	tmp_time = *rep->enc_part.starttime;
-    } else
-	tmp_time = rep->enc_part.authtime;
-
-    if (creds->times.starttime == 0
-	&& abs(tmp_time - sec_now) > context->max_skew) {
-	ret = KRB5KRB_AP_ERR_SKEW;
-	krb5_set_error_string (context,
-			       "time skew (%d) larger than max (%d)",
-			       abs(tmp_time - sec_now),
-			       (int)context->max_skew);
-	goto out;
-    }
-
-    if (creds->times.starttime != 0
-	&& tmp_time != creds->times.starttime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.starttime = tmp_time;
-
-    if (rep->enc_part.renew_till) {
-	tmp_time = *rep->enc_part.renew_till;
-    } else
-	tmp_time = 0;
-
-    if (creds->times.renew_till != 0
-	&& tmp_time > creds->times.renew_till) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.renew_till = tmp_time;
-
-    creds->times.authtime = rep->enc_part.authtime;
-
-    if (creds->times.endtime != 0
-	&& rep->enc_part.endtime > creds->times.endtime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.endtime  = rep->enc_part.endtime;
-
-    if(rep->enc_part.caddr)
-	krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
-    else if(addrs)
-	krb5_copy_addresses (context, addrs, &creds->addresses);
-    else {
-	creds->addresses.len = 0;
-	creds->addresses.val = NULL;
-    }
-    creds->flags.b = rep->enc_part.flags;
-	  
-    creds->authdata.len = 0;
-    creds->authdata.val = NULL;
-    creds->session.keyvalue.length = 0;
-    creds->session.keyvalue.data   = NULL;
-    creds->session.keytype = rep->enc_part.key.keytype;
-    ret = krb5_data_copy (&creds->session.keyvalue,
-			  rep->enc_part.key.keyvalue.data,
-			  rep->enc_part.key.keyvalue.length);
-
-out:
-    memset (rep->enc_part.key.keyvalue.data, 0,
-	    rep->enc_part.key.keyvalue.length);
-    return ret;
-}
-
-
-static krb5_error_code
-make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, 
-		      krb5_enctype etype, krb5_keyblock *key)
-{
-    PA_ENC_TS_ENC p;
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    EncryptedData encdata;
-    krb5_error_code ret;
-    int32_t usec;
-    int usec2;
-    krb5_crypto crypto;
-    
-    krb5_us_timeofday (context, &p.patimestamp, &usec);
-    usec2         = usec;
-    p.pausec      = &usec2;
-
-    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_PA_ENC_TIMESTAMP,
-				     buf,
-				     len,
-				     0,
-				     &encdata);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-		    
-    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
-    free_EncryptedData(&encdata);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
-    pa->padata_value.length = len;
-    pa->padata_value.data = buf;
-    return 0;
-}
-
-static krb5_error_code
-add_padata(krb5_context context,
-	   METHOD_DATA *md, 
-	   krb5_principal client,
-	   krb5_key_proc key_proc,
-	   krb5_const_pointer keyseed,
-	   krb5_enctype *enctypes,
-	   unsigned netypes,
-	   krb5_salt *salt)
-{
-    krb5_error_code ret;
-    PA_DATA *pa2;
-    krb5_salt salt2;
-    krb5_enctype *ep;
-    int i;
-    
-    if(salt == NULL) {
-	/* default to standard salt */
-	ret = krb5_get_pw_salt (context, client, &salt2);
-	salt = &salt2;
-    }
-    if (!enctypes) {
-	enctypes = context->etypes;
-	netypes = 0;
-	for (ep = enctypes; *ep != ETYPE_NULL; ep++)
-	    netypes++;
-    }
-    pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
-    if (pa2 == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    md->val = pa2;
-
-    for (i = 0; i < netypes; ++i) {
-	krb5_keyblock *key;
-
-	ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key);
-	if (ret)
-	    continue;
-	ret = make_pa_enc_timestamp (context, &md->val[md->len],
-				     enctypes[i], key);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    return ret;
-	++md->len;
-    }
-    if(salt == &salt2)
-	krb5_free_salt(context, salt2);
-    return 0;
-}
-
-static krb5_error_code
-init_as_req (krb5_context context,
-	     KDCOptions opts,
-	     krb5_creds *creds,
-	     const krb5_addresses *addrs,
-	     const krb5_enctype *etypes,
-	     const krb5_preauthtype *ptypes,
-	     const krb5_preauthdata *preauth,
-	     krb5_key_proc key_proc,
-	     krb5_const_pointer keyseed,
-	     unsigned nonce,
-	     AS_REQ *a)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    memset(a, 0, sizeof(*a));
-
-    a->pvno = 5;
-    a->msg_type = krb_as_req;
-    a->req_body.kdc_options = opts;
-    a->req_body.cname = malloc(sizeof(*a->req_body.cname));
-    if (a->req_body.cname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    a->req_body.sname = malloc(sizeof(*a->req_body.sname));
-    if (a->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
-    if (ret)
-	goto fail;
-    ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
-    if (ret)
-	goto fail;
-    ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
-    if (ret)
-	goto fail;
-
-    if(creds->times.starttime) {
-	a->req_body.from = malloc(sizeof(*a->req_body.from));
-	if (a->req_body.from == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.from = creds->times.starttime;
-    }
-    if(creds->times.endtime){
-	ALLOC(a->req_body.till, 1);
-	*a->req_body.till = creds->times.endtime;
-    }
-    if(creds->times.renew_till){
-	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
-	if (a->req_body.rtime == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.rtime = creds->times.renew_till;
-    }
-    a->req_body.nonce = nonce;
-    ret = krb5_init_etype (context,
-			   &a->req_body.etype.len,
-			   &a->req_body.etype.val,
-			   etypes);
-    if (ret)
-	goto fail;
-
-    /*
-     * This means no addresses
-     */
-
-    if (addrs && addrs->len == 0) {
-	a->req_body.addresses = NULL;
-    } else {
-	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
-	if (a->req_body.addresses == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-
-	if (addrs)
-	    ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
-	else {
-	    ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
-	    if(ret == 0 && a->req_body.addresses->len == 0) {
-		free(a->req_body.addresses);
-		a->req_body.addresses = NULL;
-	    }
-	}
-	if (ret)
-	    return ret;
-    }
-
-    a->req_body.enc_authorization_data = NULL;
-    a->req_body.additional_tickets = NULL;
-
-    if(preauth != NULL) {
-	int i;
-	ALLOC(a->padata, 1);
-	if(a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	a->padata->val = NULL;
-	a->padata->len = 0;
-	for(i = 0; i < preauth->len; i++) {
-	    if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
-		int j;
-
-		for(j = 0; j < preauth->val[i].info.len; j++) {
-		    krb5_salt *sp = &salt;
-		    if(preauth->val[i].info.val[j].salttype)
-			salt.salttype = *preauth->val[i].info.val[j].salttype;
-		    else
-			salt.salttype = KRB5_PW_SALT;
-		    if(preauth->val[i].info.val[j].salt)
-			salt.saltvalue = *preauth->val[i].info.val[j].salt;
-		    else
-			if(salt.salttype == KRB5_PW_SALT)
-			    sp = NULL;
-			else
-			    krb5_data_zero(&salt.saltvalue);
-		    ret = add_padata(context, a->padata, creds->client, 
-				     key_proc, keyseed, 
-				     &preauth->val[i].info.val[j].etype, 1,
-				     sp);
-		    if (ret == 0)
-			break;
-		}
-	    }
-	}
-    } else 
-    /* not sure this is the way to use `ptypes' */
-    if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
-	a->padata = NULL;
-    else if (*ptypes ==  KRB5_PADATA_ENC_TIMESTAMP) {
-	ALLOC(a->padata, 1);
-	if (a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	a->padata->len = 0;
-	a->padata->val = NULL;
-
-	/* make a v5 salted pa-data */
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, NULL);
-	
-	/* make a v4 salted pa-data */
-	salt.salttype = KRB5_PW_SALT;
-	krb5_data_zero(&salt.saltvalue);
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, &salt);
-    } else {
-	krb5_set_error_string (context, "pre-auth type %d not supported",
-			       *ptypes);
-	ret = KRB5_PREAUTH_BAD_TYPE;
-	goto fail;
-    }
-    return 0;
-fail:
-    free_AS_REQ(a);
-    return ret;
-}
-
-static int
-set_ptypes(krb5_context context,
-	   KRB_ERROR *error, 
-	   const krb5_preauthtype **ptypes,
-	   krb5_preauthdata **preauth)
-{
-    static krb5_preauthdata preauth2;
-    static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE };
-
-    if(error->e_data) {
-	METHOD_DATA md;
-	int i;
-	decode_METHOD_DATA(error->e_data->data, 
-			   error->e_data->length, 
-			   &md, 
-			   NULL);
-	for(i = 0; i < md.len; i++){
-	    switch(md.val[i].padata_type){
-	    case KRB5_PADATA_ENC_TIMESTAMP:
-		*ptypes = ptypes2;
-		break;
-	    case KRB5_PADATA_ETYPE_INFO:
-		*preauth = &preauth2;
-		ALLOC_SEQ(*preauth, 1);
-		(*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
-		krb5_decode_ETYPE_INFO(context,
-				       md.val[i].padata_value.data, 
-				       md.val[i].padata_value.length,
-				       &(*preauth)->val[0].info,
-				       NULL);
-		break;
-	    default:
-		break;
-	    }
-	}
-	free_METHOD_DATA(&md);
-    } else {
-	*ptypes = ptypes2;
-    }
-    return(1);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_cred(krb5_context context,
-		 krb5_flags options,
-		 const krb5_addresses *addrs,
-		 const krb5_enctype *etypes,
-		 const krb5_preauthtype *ptypes,
-		 const krb5_preauthdata *preauth,
-		 krb5_key_proc key_proc,
-		 krb5_const_pointer keyseed,
-		 krb5_decrypt_proc decrypt_proc,
-		 krb5_const_pointer decryptarg,
-		 krb5_creds *creds,
-		 krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    AS_REQ a;
-    krb5_kdc_rep rep;
-    krb5_data req, resp;
-    size_t len;
-    krb5_salt salt;
-    krb5_keyblock *key;
-    size_t size;
-    KDCOptions opts;
-    PA_DATA *pa;
-    krb5_enctype etype;
-    krb5_preauthdata *my_preauth = NULL;
-    unsigned nonce;
-    int done;
-
-    opts = int2KDCOptions(options);
-
-    krb5_generate_random_block (&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-
-    do {
-	done = 1;
-	ret = init_as_req (context,
-			   opts,
-			   creds,
-			   addrs,
-			   etypes,
-			   ptypes,
-			   preauth,
-			   key_proc,
-			   keyseed,
-			   nonce,
-			   &a);
-	if (my_preauth) {
-	    free_ETYPE_INFO(&my_preauth->val[0].info);
-	    free (my_preauth->val);
-	    my_preauth = NULL;
-	}
-	if (ret)
-	    return ret;
-
-	ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
-	free_AS_REQ(&a);
-	if (ret)
-	    return ret;
-	if(len != req.length)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
-	krb5_data_free(&req);
-	if (ret)
-	    return ret;
-
-	memset (&rep, 0, sizeof(rep));
-	ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
-	if(ret) {
-	    /* let's try to parse it as a KRB-ERROR */
-	    KRB_ERROR error;
-	    int ret2;
-
-	    ret2 = krb5_rd_error(context, &resp, &error);
-	    if(ret2 && resp.data && ((char*)resp.data)[0] == 4)
-		ret = KRB5KRB_AP_ERR_V4_REPLY;
-	    krb5_data_free(&resp);
-	    if (ret2 == 0) {
-		ret = krb5_error_from_rd_error(context, &error, creds);
-		/* if no preauth was set and KDC requires it, give it
-                   one more try */
-		if (!ptypes && !preauth
-		    && ret == KRB5KDC_ERR_PREAUTH_REQUIRED
-#if 0
-			|| ret == KRB5KDC_ERR_BADOPTION
-#endif
-		    && set_ptypes(context, &error, &ptypes, &my_preauth)) {
-		    done = 0;
-		    preauth = my_preauth;
-		    krb5_free_error_contents(context, &error);
-		    krb5_clear_error_string(context);
-		    continue;
-		}
-		if(ret_as_reply)
-		    ret_as_reply->error = error;
-		else
-		    free_KRB_ERROR (&error);
-		return ret;
-	    }
-	    return ret;
-	}
-	krb5_data_free(&resp);
-    } while(!done);
-    
-    pa = NULL;
-    etype = rep.kdc_rep.enc_part.etype;
-    if(rep.kdc_rep.padata){
-	int i = 0;
-	pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, 
-			      KRB5_PADATA_PW_SALT, &i);
-	if(pa == NULL) {
-	    i = 0;
-	    pa = krb5_find_padata(rep.kdc_rep.padata->val, 
-				  rep.kdc_rep.padata->len, 
-				  KRB5_PADATA_AFS3_SALT, &i);
-	}
-    }
-    if(pa) {
-	salt.salttype = pa->padata_type;
-	salt.saltvalue = pa->padata_value;
-	
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-    } else {
-	/* make a v5 salted pa-data */
-	ret = krb5_get_pw_salt (context, creds->client, &salt);
-	
-	if (ret)
-	    goto out;
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-	krb5_free_salt(context, salt);
-    }
-    if (ret)
-	goto out;
-	
-    {
-	unsigned flags = 0;
-	if (opts.request_anonymous)
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-
-	ret = _krb5_extract_ticket(context, 
-				   &rep, 
-				   creds, 
-				   key, 
-				   keyseed, 
-				   KRB5_KU_AS_REP_ENC_PART,
-				   NULL, 
-				   nonce, 
-				   flags,
-				   decrypt_proc, 
-				   decryptarg);
-    }
-    memset (key->keyvalue.data, 0, key->keyvalue.length);
-    krb5_free_keyblock_contents (context, key);
-    free (key);
-
-out:
-    if (ret == 0 && ret_as_reply)
-	*ret_as_reply = rep;
-    else
-	krb5_free_kdc_rep (context, &rep);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt(krb5_context context,
-		krb5_flags options,
-		const krb5_addresses *addrs,
-		const krb5_enctype *etypes,
-		const krb5_preauthtype *ptypes,
-		krb5_key_proc key_proc,
-		krb5_const_pointer keyseed,
-		krb5_decrypt_proc decrypt_proc,
-		krb5_const_pointer decryptarg,
-		krb5_creds *creds,
-		krb5_ccache ccache,
-		krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    
-    ret = krb5_get_in_cred (context,
-			    options,
-			    addrs,
-			    etypes,
-			    ptypes,
-			    NULL,
-			    key_proc,
-			    keyseed,
-			    decrypt_proc,
-			    decryptarg,
-			    creds,
-			    ret_as_reply);
-    if(ret) 
-	return ret;
-    if (ccache)
-	ret = krb5_cc_store_cred (context, ccache, creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
deleted file mode 100644
index 21b27c6..0000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_pw.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_password_key_proc (krb5_context context,
-			krb5_enctype type,
-			krb5_salt salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    const char *password = (const char *)keyseed;
-    char buf[BUFSIZ];
-     
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (password == NULL) {
-	if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
-	    free (*key);
-	    krb5_clear_error_string(context);
-	    return KRB5_LIBOS_PWDINTR;
-	}
-	password = buf;
-    }
-    ret = krb5_string_to_key_salt (context, type, password, salt, *key);
-    memset (buf, 0, sizeof(buf));
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_password (krb5_context context,
-			       krb5_flags options,
-			       krb5_addresses *addrs,
-			       const krb5_enctype *etypes,
-			       const krb5_preauthtype *pre_auth_types,
-			       const char *password,
-			       krb5_ccache ccache,
-			       krb5_creds *creds,
-			       krb5_kdc_rep *ret_as_reply)
-{
-     return krb5_get_in_tkt (context,
-			     options,
-			     addrs,
-			     etypes,
-			     pre_auth_types,
-			     krb5_password_key_proc,
-			     password,
-			     NULL,
-			     NULL,
-			     creds,
-			     ccache,
-			     ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
deleted file mode 100644
index 52f95c4..0000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytab_key_proc (krb5_context context,
-		      krb5_enctype enctype,
-		      krb5_salt salt,
-		      krb5_const_pointer keyseed,
-		      krb5_keyblock **key)
-{
-    krb5_keytab_key_proc_args *args  = rk_UNCONST(keyseed);
-    krb5_keytab keytab = args->keytab;
-    krb5_principal principal  = args->principal;
-    krb5_error_code ret;
-    krb5_keytab real_keytab;
-    krb5_keytab_entry entry;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-
-    ret = krb5_kt_get_entry (context, real_keytab, principal,
-			     0, enctype, &entry);
-
-    if (keytab == NULL)
-	krb5_kt_close (context, real_keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_keytab (krb5_context context,
-			     krb5_flags options,
-			     krb5_addresses *addrs,
-			     const krb5_enctype *etypes,
-			     const krb5_preauthtype *pre_auth_types,
-			     krb5_keytab keytab,
-			     krb5_ccache ccache,
-			     krb5_creds *creds,
-			     krb5_kdc_rep *ret_as_reply)
-{
-    krb5_keytab_key_proc_args a;
-
-    a.principal = creds->client;
-    a.keytab    = keytab;
-
-    return krb5_get_in_tkt (context,
-			    options,
-			    addrs,
-			    etypes,
-			    pre_auth_types,
-			    krb5_keytab_key_proc,
-			    &a,
-			    NULL,
-			    NULL,
-			    creds,
-			    ccache,
-			    ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
deleted file mode 100644
index 1936fa1..0000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_skey.c 13863 2004-05-25 21:46:46Z lha $");
-
-static krb5_error_code
-krb5_skey_key_proc (krb5_context context,
-		    krb5_enctype type,
-		    krb5_salt salt,
-		    krb5_const_pointer keyseed,
-		    krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_skey (krb5_context context,
-			   krb5_flags options,
-			   krb5_addresses *addrs,
-			   const krb5_enctype *etypes,
-			   const krb5_preauthtype *pre_auth_types,
-			   const krb5_keyblock *key,
-			   krb5_ccache ccache,
-			   krb5_creds *creds,
-			   krb5_kdc_rep *ret_as_reply)
-{
-    if(key == NULL)
-	return krb5_get_in_tkt_with_keytab (context,
-					    options,
-					    addrs,
-					    etypes,
-					    pre_auth_types,
-					    NULL,
-					    ccache,
-					    creds,
-					    ret_as_reply);
-    else
-	return krb5_get_in_tkt (context,
-				options,
-				addrs,
-				etypes,
-				pre_auth_types,
-				krb5_skey_key_proc,
-				key,
-				NULL,
-				NULL,
-				creds,
-				ccache,
-				ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_port.c b/crypto/heimdal/lib/krb5/get_port.c
deleted file mode 100644
index 85587ea..0000000
--- a/crypto/heimdal/lib/krb5/get_port.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $");
-
-int KRB5_LIB_FUNCTION
-krb5_getportbyname (krb5_context context,
-		    const char *service,
-		    const char *proto,
-		    int default_port)
-{
-    struct servent *sp;
-
-    if ((sp = roken_getservbyname (service, proto)) == NULL) {
-#if 0
-	krb5_warnx(context, "%s/%s unknown service, using default port %d", 
-		   service, proto, default_port);
-#endif
-	return htons(default_port);
-    } else
-	return sp->s_port;
-}
diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et
deleted file mode 100644
index 1b8ab49..0000000
--- a/crypto/heimdal/lib/krb5/heim_err.et
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $"
-
-error_table heim
-
-prefix HEIM_ERR
-
-error_code LOG_PARSE,		"Error parsing log destination"
-error_code V4_PRINC_NO_CONV,	"Failed to convert v4 principal"
-error_code SALTTYPE_NOSUPP,	"Salt type is not supported by enctype"
-error_code NOHOST,		"Host not found"
-error_code OPNOTSUPP,		"Operation not supported"
-error_code EOF,			"End of file"
-error_code BAD_MKEY,		"Failed to get the master key"
-error_code SERVICE_NOMATCH,	"Unacceptable service used"
-
-index 64
-prefix HEIM_PKINIT
-error_code NO_CERTIFICATE,	"Certificate missing"
-error_code NO_PRIVATE_KEY,	"Private key missing"
-error_code NO_VALID_CA,		"No valid certificate authority"
-error_code CERTIFICATE_INVALID,	"Certificate invalid"
-error_code PRIVATE_KEY_INVALID,	"Private key invalid"
-
-index 128
-prefix HEIM_EAI
-#error_code NOERROR,		"no error"
-error_code UNKNOWN,		"unknown error from getaddrinfo"
-error_code ADDRFAMILY,		"address family for nodename not supported"
-error_code AGAIN,		"temporary failure in name resolution"
-error_code BADFLAGS,		"invalid value for ai_flags"
-error_code FAIL,		"non-recoverable failure in name resolution"
-error_code FAMILY,		"ai_family not supported"
-error_code MEMORY,		"memory allocation failure"
-error_code NODATA,		"no address associated with nodename"
-error_code NONAME,		"nodename nor servname provided, or not known"
-error_code SERVICE,		"servname not supported for ai_socktype"
-error_code SOCKTYPE,		"ai_socktype not supported"
-error_code SYSTEM,		"system error returned in errno"
-end
diff --git a/crypto/heimdal/lib/krb5/heim_threads.h b/crypto/heimdal/lib/krb5/heim_threads.h
deleted file mode 100644
index 3c27d13..0000000
--- a/crypto/heimdal/lib/krb5/heim_threads.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */
-
-/*
- * Provide wrapper macros for thread synchronization primitives so we
- * can use native thread functions for those operating system that
- * supports it.
- *
- * This is so libkrb5.so (or more importantly, libgssapi.so) can have
- * thread support while the program that that dlopen(3)s the library
- * don't need to be linked to libpthread.
- */
-
-#ifndef HEIM_THREADS_H
-#define HEIM_THREADS_H 1
-
-/* assume headers already included */
-
-#if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT)
-
-/* 
- * NetBSD have a thread lib that we can use that part of libc that
- * works regardless if application are linked to pthreads or not.
- * NetBSD newer then 2.99.11 just use pthread.h, and the same thing
- * will happen.
- */
-#include <threadlib.h>
-
-#define HEIMDAL_MUTEX mutex_t
-#define HEIMDAL_MUTEX_INITIALIZER MUTEX_INITIALIZER
-#define HEIMDAL_MUTEX_init(m) mutex_init(m, NULL)
-#define HEIMDAL_MUTEX_lock(m) mutex_lock(m)
-#define HEIMDAL_MUTEX_unlock(m) mutex_unlock(m)
-#define HEIMDAL_MUTEX_destroy(m) mutex_destroy(m)
-
-#define HEIMDAL_RWLOCK rwlock_t
-#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define	HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)	
-#define	HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)	
-#define	HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)	
-#define	HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)	
-#define	HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)	
-#define	HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)	
-#define	HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)	
-
-#define HEIMDAL_thread_key thread_key_t
-#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { r = thr_setspecific(k,s); } while(0)
-#define HEIMDAL_getspecific(k) thr_getspecific(k)
-#define HEIMDAL_key_delete(k) thr_keydelete(k)
-
-#elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200)
-
-#include <pthread.h>
-
-#define HEIMDAL_MUTEX pthread_mutex_t
-#define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
-#define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
-#define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
-#define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
-#define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
-
-#define HEIMDAL_RWLOCK rwlock_t
-#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define	HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)	
-#define	HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)	
-#define	HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)	
-#define	HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)	
-#define	HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)	
-#define	HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)	
-#define	HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)	
-
-#define HEIMDAL_thread_key pthread_key_t
-#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { r = pthread_setspecific(k,s); } while(0)
-#define HEIMDAL_getspecific(k) pthread_getspecific(k)
-#define HEIMDAL_key_delete(k) pthread_key_delete(k)
-
-#elif defined(HEIMDAL_DEBUG_THREADS)
-
-/* no threads support, just do consistency checks */
-#include <stdlib.h>
-
-#define HEIMDAL_MUTEX int
-#define HEIMDAL_MUTEX_INITIALIZER 0
-#define HEIMDAL_MUTEX_init(m)  do { (*(m)) = 0; } while(0)
-#define HEIMDAL_MUTEX_lock(m)  do { if ((*(m))++ != 0) abort(); } while(0)
-#define HEIMDAL_MUTEX_unlock(m) do { if ((*(m))-- != 1) abort(); } while(0)
-#define HEIMDAL_MUTEX_destroy(m) do {if ((*(m)) != 0) abort(); } while(0)
-
-#define HEIMDAL_RWLOCK rwlock_t int
-#define HEIMDAL_RWLOCK_INITIALIZER 0
-#define	HEIMDAL_RWLOCK_init(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_unlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_destroy(l) do { } while(0)
-
-#define HEIMDAL_internal_thread_key 1
-
-#else /* no thread support, no debug case */
-
-#define HEIMDAL_MUTEX int
-#define HEIMDAL_MUTEX_INITIALIZER 0
-#define HEIMDAL_MUTEX_init(m)  do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_lock(m)  do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
-
-#define HEIMDAL_RWLOCK rwlock_t int
-#define HEIMDAL_RWLOCK_INITIALIZER 0
-#define	HEIMDAL_RWLOCK_init(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_unlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_destroy(l) do { } while(0)
-
-#define HEIMDAL_internal_thread_key 1
-
-#endif /* no thread support */
-
-#ifdef HEIMDAL_internal_thread_key
-
-typedef struct heim_thread_key {
-    void *value;
-    void (*destructor)(void *);
-} heim_thread_key;
-
-#define HEIMDAL_thread_key heim_thread_key
-#define HEIMDAL_key_create(k,d,r) \
-	do { (k)->value = NULL; (k)->destructor = (d); r = 0; } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { (k).value = s ; r = 0; } while(0)
-#define HEIMDAL_getspecific(k) ((k).value)
-#define HEIMDAL_key_delete(k) do { (*(k).destructor)((k).value); } while(0)
-
-#undef HEIMDAL_internal_thread_key
-#endif /* HEIMDAL_internal_thread_key */
-
-#endif /* HEIM_THREADS_H */
diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c
deleted file mode 100644
index a59c903..0000000
--- a/crypto/heimdal/lib/krb5/init_creds.c
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds.c 21711 2007-07-27 14:22:02Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
-{
-    memset (opt, 0, sizeof(*opt));
-    opt->flags = 0;
-    opt->opt_private = NULL;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_alloc(krb5_context context, 
-			      krb5_get_init_creds_opt **opt)
-{
-    krb5_get_init_creds_opt *o;
-    
-    *opt = NULL;
-    o = calloc(1, sizeof(*o));
-    if (o == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_get_init_creds_opt_init(o);
-    o->opt_private = calloc(1, sizeof(*o->opt_private));
-    if (o->opt_private == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(o);
-	return ENOMEM;
-    }
-    o->opt_private->refcount = 1;
-    *opt = o;
-    return 0;
-}
-
-krb5_error_code
-_krb5_get_init_creds_opt_copy(krb5_context context, 
-			      const krb5_get_init_creds_opt *in,
-			      krb5_get_init_creds_opt **out)
-{
-    krb5_get_init_creds_opt *opt;
-
-    *out = NULL;
-    opt = calloc(1, sizeof(*opt));
-    if (opt == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    if (in)
-	*opt = *in;
-    if(opt->opt_private == NULL) {
-	opt->opt_private = calloc(1, sizeof(*opt->opt_private));
-	if (opt->opt_private == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    free(opt);
-	    return ENOMEM;
-	}
-	opt->opt_private->refcount = 1;
-    } else
-	opt->opt_private->refcount++;
-    *out = opt;
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt)
-{
-    if (opt->opt_private == NULL || opt->opt_private->error == NULL)
-	return;
-    free_KRB_ERROR(opt->opt_private->error);
-    free(opt->opt_private->error);
-    opt->opt_private->error = NULL;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_set_krb5_error(krb5_context context,
-					krb5_get_init_creds_opt *opt, 
-					const KRB_ERROR *error)
-{
-    krb5_error_code ret;
-
-    if (opt->opt_private == NULL)
-	return;
-
-    _krb5_get_init_creds_opt_free_krb5_error(opt);
-
-    opt->opt_private->error = malloc(sizeof(*opt->opt_private->error));
-    if (opt->opt_private->error == NULL)
-	return;
-    ret = copy_KRB_ERROR(error, opt->opt_private->error);
-    if (ret) {
-	free(opt->opt_private->error);
-	opt->opt_private->error = NULL;
-    }	
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_free(krb5_context context,
-			     krb5_get_init_creds_opt *opt)
-{
-    if (opt == NULL || opt->opt_private == NULL)
-	return;
-    if (opt->opt_private->refcount < 1) /* abort ? */
-	return;
-    if (--opt->opt_private->refcount == 0) {
-	_krb5_get_init_creds_opt_free_krb5_error(opt);
-	_krb5_get_init_creds_opt_free_pkinit(opt);
-	free(opt->opt_private);
-    }
-    memset(opt, 0, sizeof(*opt));
-    free(opt);
-}
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_boolean
-get_config_bool (krb5_context context,
-		 const char *realm,
-		 const char *name)
-{
-    return krb5_config_get_bool (context,
-				 NULL,
-				 "realms",
-				 realm,
-				 name,
-				 NULL)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 name,
-				 NULL);
-}
-
-/*
- * set all the values in `opt' to the appropriate values for
- * application `appname' (default to getprogname() if NULL), and realm
- * `realm'.  First looks in [appdefaults] but falls back to
- * [realms] or [libdefaults] for some of the values.
- */
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_default_flags(krb5_context context,
-					  const char *appname,
-					  krb5_const_realm realm,
-					  krb5_get_init_creds_opt *opt)
-{
-    krb5_boolean b;
-    time_t t;
-
-    b = get_config_bool (context, realm, "forwardable");
-    krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
-    krb5_get_init_creds_opt_set_forwardable(opt, b);
-
-    b = get_config_bool (context, realm, "proxiable");
-    krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
-    krb5_get_init_creds_opt_set_proxiable (opt, b);
-
-    krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "ticket_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_tkt_life(opt, t);
-
-    krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "renew_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_renew_life(opt, t);
-
-    krb5_appdefault_boolean(context, appname, realm, "no-addresses", 
-			    KRB5_ADDRESSLESS_DEFAULT, &b);
-    krb5_get_init_creds_opt_set_addressless (context, opt, b);
-
-#if 0
-    krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
-    krb5_get_init_creds_opt_set_anonymous (opt, b);
-
-    krb5_get_init_creds_opt_set_etype_list(opt, enctype,
-					   etype_str.num_strings);
-
-    krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				     krb5_data *salt);
-
-    krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					     krb5_preauthtype *preauth_list,
-					     int preauth_list_length);
-#endif
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
-				     krb5_deltat tkt_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
-    opt->tkt_life = tkt_life;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
-				       krb5_deltat renew_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
-    opt->renew_life = renew_life;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
-					int forwardable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
-    opt->forwardable = forwardable;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
-				      int proxiable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
-    opt->proxiable = proxiable;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
-				       krb5_enctype *etype_list,
-				       int etype_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
-    opt->etype_list = etype_list;
-    opt->etype_list_length = etype_list_length;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
-					 krb5_addresses *addresses)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
-    opt->address_list = addresses;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					 krb5_preauthtype *preauth_list,
-					 int preauth_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
-    opt->preauth_list_length = preauth_list_length;
-    opt->preauth_list = preauth_list;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				 krb5_data *salt)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
-    opt->salt = salt;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
-				      int anonymous)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
-    opt->anonymous = anonymous;
-}
-
-static krb5_error_code
-require_ext_opt(krb5_context context,
-		krb5_get_init_creds_opt *opt,
-		const char *type)
-{
-    if (opt->opt_private == NULL) {
-	krb5_set_error_string(context, "%s on non extendable opt", type);
-	return EINVAL;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pa_password(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					const char *password,
-					krb5_s2k_proc key_proc)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
-    if (ret)
-	return ret;
-    opt->opt_private->password = password;
-    opt->opt_private->key_proc = key_proc;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pac_request(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					krb5_boolean req_pac)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
-    if (ret)
-	return ret;
-    opt->opt_private->req_pac = req_pac ?
-	KRB5_INIT_CREDS_TRISTATE_TRUE :
-	KRB5_INIT_CREDS_TRISTATE_FALSE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_get_error(krb5_context context,
-				  krb5_get_init_creds_opt *opt,
-				  KRB_ERROR **error)
-{
-    krb5_error_code ret;
-
-    *error = NULL;
-
-    ret = require_ext_opt(context, opt, "init_creds_opt_get_error");
-    if (ret)
-	return ret;
-
-    if (opt->opt_private->error == NULL)
-	return 0;
-
-    *error = malloc(sizeof(**error));
-    if (*error == NULL) {
-	krb5_set_error_string(context, "malloc - out memory");
-	return ENOMEM;
-    }
-
-    ret = copy_KRB_ERROR(opt->opt_private->error, *error);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_addressless(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					krb5_boolean addressless)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
-    if (ret)
-	return ret;
-    if (addressless)
-	opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
-    else
-	opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
-					 krb5_get_init_creds_opt *opt,
-					 krb5_boolean req)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
-    if (ret)
-	return ret;
-    if (req)
-	opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
-    else
-	opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_win2k(krb5_context context,
-				  krb5_get_init_creds_opt *opt,
-				  krb5_boolean req)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
-    if (ret)
-	return ret;
-    if (req)
-	opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
-    else
-	opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c
deleted file mode 100644
index 441adff..0000000
--- a/crypto/heimdal/lib/krb5/init_creds_pw.c
+++ /dev/null
@@ -1,1658 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds_pw.c 21931 2007-08-27 14:11:55Z lha $");
-
-typedef struct krb5_get_init_creds_ctx {
-    KDCOptions flags;
-    krb5_creds cred;
-    krb5_addresses *addrs;
-    krb5_enctype *etypes;
-    krb5_preauthtype *pre_auth_types;
-    const char *in_tkt_service;
-    unsigned nonce;
-    unsigned pk_nonce;
-
-    krb5_data req_buffer;
-    AS_REQ as_req;
-    int pa_counter;
-
-    const char *password;
-    krb5_s2k_proc key_proc;
-
-    krb5_get_init_creds_tristate req_pac;
-
-    krb5_pk_init_ctx pk_init_ctx;
-    int ic_flags;
-} krb5_get_init_creds_ctx;
-
-static krb5_error_code
-default_s2k_func(krb5_context context, krb5_enctype type, 
-		 krb5_const_pointer keyseed,
-		 krb5_salt salt, krb5_data *s2kparms,
-		 krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    krb5_data password;
-    krb5_data opaque;
-
-    password.data = rk_UNCONST(keyseed);
-    password.length = strlen(keyseed);
-    if (s2kparms)
-	opaque = *s2kparms;
-    else
-	krb5_data_zero(&opaque);
-	
-    *key = malloc(sizeof(**key));
-    if (*key == NULL)
-	return ENOMEM;
-    ret = krb5_string_to_key_data_salt_opaque(context, type, password,
-					      salt, opaque, *key);
-    if (ret) {
-	free(*key);
-	*key = NULL;
-    }
-    return ret;
-}
-
-static void
-free_init_creds_ctx(krb5_context context, krb5_get_init_creds_ctx *ctx)
-{
-    if (ctx->etypes)
-	free(ctx->etypes);
-    if (ctx->pre_auth_types)
-	free (ctx->pre_auth_types);
-    free_AS_REQ(&ctx->as_req);
-    memset(&ctx->as_req, 0, sizeof(ctx->as_req));
-}
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_error_code
-init_cred (krb5_context context,
-	   krb5_creds *cred,
-	   krb5_principal client,
-	   krb5_deltat start_time,
-	   const char *in_tkt_service,
-	   krb5_get_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_const_realm client_realm;
-    int tmp;
-    krb5_timestamp now;
-
-    krb5_timeofday (context, &now);
-
-    memset (cred, 0, sizeof(*cred));
-    
-    if (client)
-	krb5_copy_principal(context, client, &cred->client);
-    else {
-	ret = krb5_get_default_principal (context,
-					  &cred->client);
-	if (ret)
-	    goto out;
-    }
-
-    client_realm = krb5_principal_get_realm (context, cred->client);
-
-    if (start_time)
-	cred->times.starttime  = now + start_time;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
-	tmp = options->tkt_life;
-    else
-	tmp = 10 * 60 * 60;
-    cred->times.endtime = now + tmp;
-
-    if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
-	options->renew_life > 0) {
-	cred->times.renew_till = now + options->renew_life;
-    }
-
-    if (in_tkt_service) {
-	krb5_realm server_realm;
-
-	ret = krb5_parse_name (context, in_tkt_service, &cred->server);
-	if (ret)
-	    goto out;
-	server_realm = strdup (client_realm);
-	free (*krb5_princ_realm(context, cred->server));
-	krb5_princ_set_realm (context, cred->server, &server_realm);
-    } else {
-	ret = krb5_make_principal(context, &cred->server, 
-				  client_realm, KRB5_TGS_NAME, client_realm,
-				  NULL);
-	if (ret)
-	    goto out;
-    }
-    return 0;
-
-out:
-    krb5_free_cred_contents (context, cred);
-    return ret;
-}
-
-/*
- * Print a message (str) to the user about the expiration in `lr'
- */
-
-static void
-report_expiration (krb5_context context,
-		   krb5_prompter_fct prompter,
-		   krb5_data *data,
-		   const char *str,
-		   time_t now)
-{
-    char *p;
-	    
-    asprintf (&p, "%s%s", str, ctime(&now));
-    (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-}
-
-/*
- * Parse the last_req data and show it to the user if it's interesting
- */
-
-static void
-print_expire (krb5_context context,
-	      krb5_const_realm realm,
-	      krb5_kdc_rep *rep,
-	      krb5_prompter_fct prompter,
-	      krb5_data *data)
-{
-    int i;
-    LastReq *lr = &rep->enc_part.last_req;
-    krb5_timestamp sec;
-    time_t t;
-    krb5_boolean reported = FALSE;
-
-    krb5_timeofday (context, &sec);
-
-    t = sec + get_config_time (context,
-			       realm,
-			       "warn_pwexpire",
-			       7 * 24 * 60 * 60);
-
-    for (i = 0; i < lr->len; ++i) {
-	if (lr->val[i].lr_value <= t) {
-	    switch (abs(lr->val[i].lr_type)) {
-	    case LR_PW_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your password will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    case LR_ACCT_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your account will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    }
-	}
-    }
-
-    if (!reported
-	&& rep->enc_part.key_expiration
-	&& *rep->enc_part.key_expiration <= t) {
-	report_expiration(context, prompter, data,
-			  "Your password/account will expire at ",
-			  *rep->enc_part.key_expiration);
-    }
-}
-
-static krb5_addresses no_addrs = { 0, NULL };
-
-static krb5_error_code
-get_init_creds_common(krb5_context context,
-		      krb5_principal client,
-		      krb5_deltat start_time,
-		      const char *in_tkt_service,
-		      krb5_get_init_creds_opt *options,
-		      krb5_get_init_creds_ctx *ctx)
-{
-    krb5_get_init_creds_opt default_opt;
-    krb5_error_code ret;
-    krb5_enctype *etypes;
-    krb5_preauthtype *pre_auth_types;
-
-    memset(ctx, 0, sizeof(*ctx));
-
-    if (options == NULL) {
-	krb5_get_init_creds_opt_init (&default_opt);
-	options = &default_opt;
-    } else {
-	_krb5_get_init_creds_opt_free_krb5_error(options);
-    }
-
-    if (options->opt_private) {
-	ctx->password = options->opt_private->password;
-	ctx->key_proc = options->opt_private->key_proc;
-	ctx->req_pac = options->opt_private->req_pac;
-	ctx->pk_init_ctx = options->opt_private->pk_init_ctx;
-	ctx->ic_flags = options->opt_private->flags;
-    } else
-	ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET;
-
-    if (ctx->key_proc == NULL)
-	ctx->key_proc = default_s2k_func;
-
-    if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE)
-	ctx->flags.canonicalize = 1;
-
-    ctx->pre_auth_types = NULL;
-    ctx->addrs = NULL;
-    ctx->etypes = NULL;
-    ctx->pre_auth_types = NULL;
-    ctx->in_tkt_service = in_tkt_service;
-
-    ret = init_cred (context, &ctx->cred, client, start_time,
-		     in_tkt_service, options);
-    if (ret)
-	return ret;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
-	ctx->flags.forwardable = options->forwardable;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
-	ctx->flags.proxiable = options->proxiable;
-
-    if (start_time)
-	ctx->flags.postdated = 1;
-    if (ctx->cred.times.renew_till)
-	ctx->flags.renewable = 1;
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
-	ctx->addrs = options->address_list;
-    } else if (options->opt_private) {
-	switch (options->opt_private->addressless) {
-	case KRB5_INIT_CREDS_TRISTATE_UNSET:
-#if KRB5_ADDRESSLESS_DEFAULT == TRUE
-	    ctx->addrs = &no_addrs;
-#else
-	    ctx->addrs = NULL;
-#endif
-	    break;
-	case KRB5_INIT_CREDS_TRISTATE_FALSE:
-	    ctx->addrs = NULL;
-	    break;
-	case KRB5_INIT_CREDS_TRISTATE_TRUE:
-	    ctx->addrs = &no_addrs;
-	    break;
-	}
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
-	etypes = malloc((options->etype_list_length + 1)
-			* sizeof(krb5_enctype));
-	if (etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (etypes, options->etype_list,
-		options->etype_list_length * sizeof(krb5_enctype));
-	etypes[options->etype_list_length] = ETYPE_NULL;
-	ctx->etypes = etypes;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
-	pre_auth_types = malloc((options->preauth_list_length + 1)
-				* sizeof(krb5_preauthtype));
-	if (pre_auth_types == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (pre_auth_types, options->preauth_list,
-		options->preauth_list_length * sizeof(krb5_preauthtype));
-	pre_auth_types[options->preauth_list_length] = KRB5_PADATA_NONE;
-	ctx->pre_auth_types = pre_auth_types;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
-	;			/* XXX */
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS)
-	ctx->flags.request_anonymous = options->anonymous;
-    return 0;
-}
-
-static krb5_error_code
-change_password (krb5_context context,
-		 krb5_principal client,
-		 const char *password,
-		 char *newpw,
-		 size_t newpw_sz,
-		 krb5_prompter_fct prompter,
-		 void *data,
-		 krb5_get_init_creds_opt *old_options)
-{
-    krb5_prompt prompts[2];
-    krb5_error_code ret;
-    krb5_creds cpw_cred;
-    char buf1[BUFSIZ], buf2[BUFSIZ];
-    krb5_data password_data[2];
-    int result_code;
-    krb5_data result_code_string;
-    krb5_data result_string;
-    char *p;
-    krb5_get_init_creds_opt options;
-
-    memset (&cpw_cred, 0, sizeof(cpw_cred));
-
-    krb5_get_init_creds_opt_init (&options);
-    krb5_get_init_creds_opt_set_tkt_life (&options, 60);
-    krb5_get_init_creds_opt_set_forwardable (&options, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (&options, FALSE);
-    if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
-	krb5_get_init_creds_opt_set_preauth_list (&options,
-						  old_options->preauth_list,
-						  old_options->preauth_list_length);					      
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_get_init_creds_password (context,
-					&cpw_cred,
-					client,
-					password,
-					prompter,
-					data,
-					0,
-					"kadmin/changepw",
-					&options);
-    if (ret)
-	goto out;
-
-    for(;;) {
-	password_data[0].data   = buf1;
-	password_data[0].length = sizeof(buf1);
-
-	prompts[0].hidden = 1;
-	prompts[0].prompt = "New password: ";
-	prompts[0].reply  = &password_data[0];
-	prompts[0].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD;
-
-	password_data[1].data   = buf2;
-	password_data[1].length = sizeof(buf2);
-
-	prompts[1].hidden = 1;
-	prompts[1].prompt = "Repeat new password: ";
-	prompts[1].reply  = &password_data[1];
-	prompts[1].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
-
-	ret = (*prompter) (context, data, NULL, "Changing password",
-			   2, prompts);
-	if (ret) {
-	    memset (buf1, 0, sizeof(buf1));
-	    memset (buf2, 0, sizeof(buf2));
-	    goto out;
-	}
-
-	if (strcmp (buf1, buf2) == 0)
-	    break;
-	memset (buf1, 0, sizeof(buf1));
-	memset (buf2, 0, sizeof(buf2));
-    }
-    
-    ret = krb5_change_password (context,
-				&cpw_cred,
-				buf1,
-				&result_code,
-				&result_code_string,
-				&result_string);
-    if (ret)
-	goto out;
-    asprintf (&p, "%s: %.*s\n",
-	      result_code ? "Error" : "Success",
-	      (int)result_string.length,
-	      result_string.length > 0 ? (char*)result_string.data : "");
-
-    ret = (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-    if (result_code == 0) {
-	strlcpy (newpw, buf1, newpw_sz);
-	ret = 0;
-    } else {
-	krb5_set_error_string (context, "failed changing password");
-	ret = ENOTTY;
-    }
-
-out:
-    memset (buf1, 0, sizeof(buf1));
-    memset (buf2, 0, sizeof(buf2));
-    krb5_data_free (&result_string);
-    krb5_data_free (&result_code_string);
-    krb5_free_cred_contents (context, &cpw_cred);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_key_proc (krb5_context context,
-			krb5_keytype type,
-			krb5_data *salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keytab(krb5_context context,
-			   krb5_creds *creds,
-			   krb5_principal client,
-			   krb5_keytab keytab,
-			   krb5_deltat start_time,
-			   const char *in_tkt_service,
-			   krb5_get_init_creds_opt *options)
-{
-    krb5_get_init_creds_ctx ctx;
-    krb5_error_code ret;
-    krb5_keytab_key_proc_args *a;
-    
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    a = malloc (sizeof(*a));
-    if (a == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    a->principal = ctx.cred.client;
-    a->keytab    = keytab;
-
-    ret = krb5_get_in_cred (context,
-			    KDCOptions2int(ctx.flags),
-			    ctx.addrs,
-			    ctx.etypes,
-			    ctx.pre_auth_types,
-			    NULL,
-			    krb5_keytab_key_proc,
-			    a,
-			    NULL,
-			    NULL,
-			    &ctx.cred,
-			    NULL);
-    free (a);
-
-    if (ret == 0 && creds)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
- out:
-    free_init_creds_ctx(context, &ctx);
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-init_creds_init_as_req (krb5_context context,
-			KDCOptions opts,
-			const krb5_creds *creds,
-			const krb5_addresses *addrs,
-			const krb5_enctype *etypes,
-			AS_REQ *a)
-{
-    krb5_error_code ret;
-
-    memset(a, 0, sizeof(*a));
-
-    a->pvno = 5;
-    a->msg_type = krb_as_req;
-    a->req_body.kdc_options = opts;
-    a->req_body.cname = malloc(sizeof(*a->req_body.cname));
-    if (a->req_body.cname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    a->req_body.sname = malloc(sizeof(*a->req_body.sname));
-    if (a->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
-    if (ret)
-	goto fail;
-    ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
-    if (ret)
-	goto fail;
-
-    ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
-    if (ret)
-	goto fail;
-
-    if(creds->times.starttime) {
-	a->req_body.from = malloc(sizeof(*a->req_body.from));
-	if (a->req_body.from == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.from = creds->times.starttime;
-    }
-    if(creds->times.endtime){
-	ALLOC(a->req_body.till, 1);
-	*a->req_body.till = creds->times.endtime;
-    }
-    if(creds->times.renew_till){
-	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
-	if (a->req_body.rtime == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.rtime = creds->times.renew_till;
-    }
-    a->req_body.nonce = 0;
-    ret = krb5_init_etype (context,
-			   &a->req_body.etype.len,
-			   &a->req_body.etype.val,
-			   etypes);
-    if (ret)
-	goto fail;
-
-    /*
-     * This means no addresses
-     */
-
-    if (addrs && addrs->len == 0) {
-	a->req_body.addresses = NULL;
-    } else {
-	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
-	if (a->req_body.addresses == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-
-	if (addrs)
-	    ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
-	else {
-	    ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
-	    if(ret == 0 && a->req_body.addresses->len == 0) {
-		free(a->req_body.addresses);
-		a->req_body.addresses = NULL;
-	    }
-	}
-	if (ret)
-	    goto fail;
-    }
-
-    a->req_body.enc_authorization_data = NULL;
-    a->req_body.additional_tickets = NULL;
-
-    a->padata = NULL;
-
-    return 0;
- fail:
-    free_AS_REQ(a);
-    memset(a, 0, sizeof(*a));
-    return ret;
-}
-
-struct pa_info_data {
-    krb5_enctype etype;
-    krb5_salt salt;
-    krb5_data *s2kparams;
-};
-
-static void
-free_paid(krb5_context context, struct pa_info_data *ppaid)
-{
-    krb5_free_salt(context, ppaid->salt);
-    if (ppaid->s2kparams)
-	krb5_free_data(context, ppaid->s2kparams);
-}
-
-
-static krb5_error_code
-set_paid(struct pa_info_data *paid, krb5_context context,
-	 krb5_enctype etype,
-	 krb5_salttype salttype, void *salt_string, size_t salt_len,
-	 krb5_data *s2kparams)
-{
-    paid->etype = etype;
-    paid->salt.salttype = salttype;
-    paid->salt.saltvalue.data = malloc(salt_len + 1);
-    if (paid->salt.saltvalue.data == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    memcpy(paid->salt.saltvalue.data, salt_string, salt_len);
-    ((char *)paid->salt.saltvalue.data)[salt_len] = '\0';
-    paid->salt.saltvalue.length = salt_len;
-    if (s2kparams) {
-	krb5_error_code ret;
-
-	ret = krb5_copy_data(context, s2kparams, &paid->s2kparams);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    krb5_free_salt(context, paid->salt);
-	    return ret;
-	}
-    } else
-	paid->s2kparams = NULL;
-
-    return 0;
-}
-
-static struct pa_info_data *
-pa_etype_info2(krb5_context context,
-	       const krb5_principal client, 
-	       const AS_REQ *asreq,
-	       struct pa_info_data *paid, 
-	       heim_octet_string *data)
-{
-    krb5_error_code ret;
-    ETYPE_INFO2 e;
-    size_t sz;
-    int i, j;
-
-    memset(&e, 0, sizeof(e));
-    ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz);
-    if (ret)
-	goto out;
-    if (e.len == 0)
-	goto out;
-    for (j = 0; j < asreq->req_body.etype.len; j++) {
-	for (i = 0; i < e.len; i++) {
-	    if (asreq->req_body.etype.val[j] == e.val[i].etype) {
-		krb5_salt salt;
-		if (e.val[i].salt == NULL)
-		    ret = krb5_get_pw_salt(context, client, &salt);
-		else {
-		    salt.saltvalue.data = *e.val[i].salt;
-		    salt.saltvalue.length = strlen(*e.val[i].salt);
-		    ret = 0;
-		}
-		if (ret == 0)
-		    ret = set_paid(paid, context, e.val[i].etype,
-				   KRB5_PW_SALT,
-				   salt.saltvalue.data, 
-				   salt.saltvalue.length,
-				   e.val[i].s2kparams);
-		if (e.val[i].salt == NULL)
-		    krb5_free_salt(context, salt);
-		if (ret == 0) {
-		    free_ETYPE_INFO2(&e);
-		    return paid;
-		}
-	    }
-	}
-    }
- out:
-    free_ETYPE_INFO2(&e);
-    return NULL;
-}
-
-static struct pa_info_data *
-pa_etype_info(krb5_context context,
-	      const krb5_principal client, 
-	      const AS_REQ *asreq,
-	      struct pa_info_data *paid,
-	      heim_octet_string *data)
-{
-    krb5_error_code ret;
-    ETYPE_INFO e;
-    size_t sz;
-    int i, j;
-
-    memset(&e, 0, sizeof(e));
-    ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz);
-    if (ret)
-	goto out;
-    if (e.len == 0)
-	goto out;
-    for (j = 0; j < asreq->req_body.etype.len; j++) {
-	for (i = 0; i < e.len; i++) {
-	    if (asreq->req_body.etype.val[j] == e.val[i].etype) {
-		krb5_salt salt;
-		salt.salttype = KRB5_PW_SALT;
-		if (e.val[i].salt == NULL)
-		    ret = krb5_get_pw_salt(context, client, &salt);
-		else {
-		    salt.saltvalue = *e.val[i].salt;
-		    ret = 0;
-		}
-		if (e.val[i].salttype)
-		    salt.salttype = *e.val[i].salttype;
-		if (ret == 0) {
-		    ret = set_paid(paid, context, e.val[i].etype,
-				   salt.salttype,
-				   salt.saltvalue.data, 
-				   salt.saltvalue.length,
-				   NULL);
-		    if (e.val[i].salt == NULL)
-			krb5_free_salt(context, salt);
-		}
-		if (ret == 0) {
-		    free_ETYPE_INFO(&e);
-		    return paid;
-		}
-	    }
-	}
-    }
- out:
-    free_ETYPE_INFO(&e);
-    return NULL;
-}
-
-static struct pa_info_data *
-pa_pw_or_afs3_salt(krb5_context context,
-		   const krb5_principal client, 
-		   const AS_REQ *asreq,
-		   struct pa_info_data *paid,
-		   heim_octet_string *data)
-{
-    krb5_error_code ret;
-    if (paid->etype == ENCTYPE_NULL)
-	return NULL;
-    ret = set_paid(paid, context, 
-		   paid->etype,
-		   paid->salt.salttype,
-		   data->data, 
-		   data->length,
-		   NULL);
-    if (ret)
-	return NULL;
-    return paid;
-}
-
-
-struct pa_info {
-    krb5_preauthtype type;
-    struct pa_info_data *(*salt_info)(krb5_context,
-				      const krb5_principal, 
-				      const AS_REQ *,
-				      struct pa_info_data *, 
-				      heim_octet_string *);
-};
-
-static struct pa_info pa_prefs[] = {
-    { KRB5_PADATA_ETYPE_INFO2, pa_etype_info2 },
-    { KRB5_PADATA_ETYPE_INFO, pa_etype_info },
-    { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt },
-    { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt }
-};
-    
-static PA_DATA *
-find_pa_data(const METHOD_DATA *md, int type)
-{
-    int i;
-    if (md == NULL)
-	return NULL;
-    for (i = 0; i < md->len; i++)
-	if (md->val[i].padata_type == type)
-	    return &md->val[i];
-    return NULL;
-}
-
-static struct pa_info_data *
-process_pa_info(krb5_context context, 
-		const krb5_principal client, 
-		const AS_REQ *asreq,
-		struct pa_info_data *paid,
-		METHOD_DATA *md)
-{
-    struct pa_info_data *p = NULL;
-    int i;
-
-    for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) {
-	PA_DATA *pa = find_pa_data(md, pa_prefs[i].type);
-	if (pa == NULL)
-	    continue;
-	paid->salt.salttype = pa_prefs[i].type;
-	p = (*pa_prefs[i].salt_info)(context, client, asreq,
-				     paid, &pa->padata_value);
-    }
-    return p;
-}
-
-static krb5_error_code
-make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, 
-		      krb5_enctype etype, krb5_keyblock *key)
-{
-    PA_ENC_TS_ENC p;
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    EncryptedData encdata;
-    krb5_error_code ret;
-    int32_t usec;
-    int usec2;
-    krb5_crypto crypto;
-    
-    krb5_us_timeofday (context, &p.patimestamp, &usec);
-    usec2         = usec;
-    p.pausec      = &usec2;
-
-    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_PA_ENC_TIMESTAMP,
-				     buf,
-				     len,
-				     0,
-				     &encdata);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-		    
-    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
-    free_EncryptedData(&encdata);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_padata_add(context, md, KRB5_PADATA_ENC_TIMESTAMP, buf, len);
-    if (ret)
-	free(buf);
-    return ret;
-}
-
-static krb5_error_code
-add_enc_ts_padata(krb5_context context,
-		  METHOD_DATA *md, 
-		  krb5_principal client,
-		  krb5_s2k_proc key_proc,
-		  krb5_const_pointer keyseed,
-		  krb5_enctype *enctypes,
-		  unsigned netypes,
-		  krb5_salt *salt,
-		  krb5_data *s2kparams)
-{
-    krb5_error_code ret;
-    krb5_salt salt2;
-    krb5_enctype *ep;
-    int i;
-    
-    if(salt == NULL) {
-	/* default to standard salt */
-	ret = krb5_get_pw_salt (context, client, &salt2);
-	salt = &salt2;
-    }
-    if (!enctypes) {
-	enctypes = context->etypes;
-	netypes = 0;
-	for (ep = enctypes; *ep != ETYPE_NULL; ep++)
-	    netypes++;
-    }
-
-    for (i = 0; i < netypes; ++i) {
-	krb5_keyblock *key;
-
-	ret = (*key_proc)(context, enctypes[i], keyseed,
-			  *salt, s2kparams, &key);
-	if (ret)
-	    continue;
-	ret = make_pa_enc_timestamp (context, md, enctypes[i], key);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    return ret;
-    }
-    if(salt == &salt2)
-	krb5_free_salt(context, salt2);
-    return 0;
-}
-
-static krb5_error_code
-pa_data_to_md_ts_enc(krb5_context context,
-		     const AS_REQ *a,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     struct pa_info_data *ppaid,
-		     METHOD_DATA *md)
-{
-    if (ctx->key_proc == NULL || ctx->password == NULL)
-	return 0;
-
-    if (ppaid) {
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password,
-			  &ppaid->etype, 1,
-			  &ppaid->salt, ppaid->s2kparams);
-    } else {
-	krb5_salt salt;
-	
-	/* make a v5 salted pa-data */
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password,
-			  a->req_body.etype.val, a->req_body.etype.len, 
-			  NULL, NULL);
-	
-	/* make a v4 salted pa-data */
-	salt.salttype = KRB5_PW_SALT;
-	krb5_data_zero(&salt.saltvalue);
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password, 
-			  a->req_body.etype.val, a->req_body.etype.len, 
-			  &salt, NULL);
-    }
-    return 0;
-}
-
-static krb5_error_code
-pa_data_to_key_plain(krb5_context context,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     krb5_salt salt,
-		     krb5_data *s2kparams,
-		     krb5_enctype etype,
-		     krb5_keyblock **key)
-{
-    krb5_error_code ret;
-
-    ret = (*ctx->key_proc)(context, etype, ctx->password,
-			   salt, s2kparams, key);
-    return ret;
-}
-
-
-static krb5_error_code
-pa_data_to_md_pkinit(krb5_context context,
-		     const AS_REQ *a,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     METHOD_DATA *md)
-{
-    if (ctx->pk_init_ctx == NULL)
-	return 0;
-#ifdef PKINIT
-    return _krb5_pk_mk_padata(context,
-			     ctx->pk_init_ctx,
-			     &a->req_body,
-			     ctx->pk_nonce,
-			     md);
-#else
-    krb5_set_error_string(context, "no support for PKINIT compiled in");
-    return EINVAL;
-#endif
-}
-
-static krb5_error_code
-pa_data_add_pac_request(krb5_context context,
-			krb5_get_init_creds_ctx *ctx,
-			METHOD_DATA *md)
-{
-    size_t len, length;
-    krb5_error_code ret;
-    PA_PAC_REQUEST req;
-    void *buf;
-    
-    switch (ctx->req_pac) {
-    case KRB5_INIT_CREDS_TRISTATE_UNSET:
-	return 0; /* don't bother */
-    case KRB5_INIT_CREDS_TRISTATE_TRUE:
-	req.include_pac = 1;
-	break;
-    case KRB5_INIT_CREDS_TRISTATE_FALSE:
-	req.include_pac = 0;
-    }	
-
-    ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, 
-		       &req, &len, ret);
-    if (ret)
-	return ret;
-    if(len != length)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_padata_add(context, md, KRB5_PADATA_PA_PAC_REQUEST, buf, len);
-    if (ret)
-	free(buf);
-
-    return 0;
-}
-
-/*
- * Assumes caller always will free `out_md', even on error.
- */
-
-static krb5_error_code
-process_pa_data_to_md(krb5_context context,
-		      const krb5_creds *creds,
-		      const AS_REQ *a,
-		      krb5_get_init_creds_ctx *ctx,
-		      METHOD_DATA *in_md,
-		      METHOD_DATA **out_md,
-		      krb5_prompter_fct prompter,
-		      void *prompter_data)
-{
-    krb5_error_code ret;
-
-    ALLOC(*out_md, 1);
-    if (*out_md == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*out_md)->len = 0;
-    (*out_md)->val = NULL;
-    
-    /*
-     * Make sure we don't sent both ENC-TS and PK-INIT pa data, no
-     * need to expose our password protecting our PKCS12 key.
-     */
-
-    if (ctx->pk_init_ctx) {
-
-	ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md);
-	if (ret)
-	    return ret;
-
-    } else if (in_md->len != 0) {
-	struct pa_info_data paid, *ppaid;
-	
-	memset(&paid, 0, sizeof(paid));
-	
-	paid.etype = ENCTYPE_NULL;
-	ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
-	
-	pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
-	if (ppaid)
-	    free_paid(context, ppaid);
-    }
-
-    pa_data_add_pac_request(context, ctx, *out_md);
-
-    if ((*out_md)->len == 0) {
-	free(*out_md);
-	*out_md = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-process_pa_data_to_key(krb5_context context,
-		       krb5_get_init_creds_ctx *ctx,
-		       krb5_creds *creds,
-		       AS_REQ *a,
-		       krb5_kdc_rep *rep,
-		       const krb5_krbhst_info *hi,
-		       krb5_keyblock **key)
-{
-    struct pa_info_data paid, *ppaid = NULL;
-    krb5_error_code ret;
-    krb5_enctype etype;
-    PA_DATA *pa;
-
-    memset(&paid, 0, sizeof(paid));
-
-    etype = rep->kdc_rep.enc_part.etype;
-
-    if (rep->kdc_rep.padata) {
-	paid.etype = etype;
-	ppaid = process_pa_info(context, creds->client, a, &paid, 
-				rep->kdc_rep.padata);
-    }
-    if (ppaid == NULL) {
-	ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
-	if (ret)
-	    return ret;
-	paid.etype = etype;
-	paid.s2kparams = NULL;
-    }
-
-    pa = NULL;
-    if (rep->kdc_rep.padata) {
-	int idx = 0;
-	pa = krb5_find_padata(rep->kdc_rep.padata->val, 
-			      rep->kdc_rep.padata->len,
-			      KRB5_PADATA_PK_AS_REP,
-			      &idx);
-	if (pa == NULL) {
-	    idx = 0;
-	    pa = krb5_find_padata(rep->kdc_rep.padata->val, 
-				  rep->kdc_rep.padata->len,
-				  KRB5_PADATA_PK_AS_REP_19,
-				  &idx);
-	}
-    }
-    if (pa && ctx->pk_init_ctx) {
-#ifdef PKINIT
-	ret = _krb5_pk_rd_pa_reply(context,
-				   a->req_body.realm,
-				   ctx->pk_init_ctx,
-				   etype,
-				   hi,
-				   ctx->pk_nonce,
-				   &ctx->req_buffer,
-				   pa,
-				   key);
-#else
-	krb5_set_error_string(context, "no support for PKINIT compiled in");
-	ret = EINVAL;
-#endif
-    } else if (ctx->password)
-	ret = pa_data_to_key_plain(context, creds->client, ctx, 
-				   paid.salt, paid.s2kparams, etype, key);
-    else {
-	krb5_set_error_string(context, "No usable pa data type");
-	ret = EINVAL;
-    }
-
-    free_paid(context, &paid);
-    return ret;
-}
-
-static krb5_error_code
-init_cred_loop(krb5_context context,
-	       krb5_get_init_creds_opt *init_cred_opts,
-	       const krb5_prompter_fct prompter,
-	       void *prompter_data,
-	       krb5_get_init_creds_ctx *ctx,
-	       krb5_creds *creds,
-	       krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    krb5_kdc_rep rep;
-    METHOD_DATA md;
-    krb5_data resp;
-    size_t len;
-    size_t size;
-    krb5_krbhst_info *hi = NULL;
-    krb5_sendto_ctx stctx = NULL;
-
-
-    memset(&md, 0, sizeof(md));
-    memset(&rep, 0, sizeof(rep));
-
-    _krb5_get_init_creds_opt_free_krb5_error(init_cred_opts);
-
-    if (ret_as_reply)
-	memset(ret_as_reply, 0, sizeof(*ret_as_reply));
-
-    ret = init_creds_init_as_req(context, ctx->flags, creds,
-				 ctx->addrs, ctx->etypes, &ctx->as_req);
-    if (ret)
-	return ret;
-
-    ret = krb5_sendto_ctx_alloc(context, &stctx);
-    if (ret)
-	goto out;
-    krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
-
-    /* Set a new nonce. */
-    krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce));
-    ctx->nonce &= 0xffffffff;
-    /* XXX these just needs to be the same when using Windows PK-INIT */
-    ctx->pk_nonce = ctx->nonce;
-
-    /*
-     * Increase counter when we want other pre-auth types then
-     * KRB5_PA_ENC_TIMESTAMP.
-     */
-#define MAX_PA_COUNTER 3 
-
-    ctx->pa_counter = 0;
-    while (ctx->pa_counter < MAX_PA_COUNTER) {
-
-	ctx->pa_counter++;
-
-	if (ctx->as_req.padata) {
-	    free_METHOD_DATA(ctx->as_req.padata);
-	    free(ctx->as_req.padata);
-	    ctx->as_req.padata = NULL;
-	}
-
-	/* Set a new nonce. */
-	ctx->as_req.req_body.nonce = ctx->nonce;
-
-	/* fill_in_md_data */
-	ret = process_pa_data_to_md(context, creds, &ctx->as_req, ctx,
-				    &md, &ctx->as_req.padata,
-				    prompter, prompter_data);
-	if (ret)
-	    goto out;
-
-	krb5_data_free(&ctx->req_buffer);
-
-	ASN1_MALLOC_ENCODE(AS_REQ, 
-			   ctx->req_buffer.data, ctx->req_buffer.length, 
-			   &ctx->as_req, &len, ret);
-	if (ret)
-	    goto out;
-	if(len != ctx->req_buffer.length)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ret = krb5_sendto_context (context, stctx, &ctx->req_buffer,
-				   creds->client->realm, &resp);
-    	if (ret)
-	    goto out;
-
-	memset (&rep, 0, sizeof(rep));
-	ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
-	if (ret == 0) {
-	    krb5_data_free(&resp);
-	    krb5_clear_error_string(context);
-	    break;
-	} else {
-	    /* let's try to parse it as a KRB-ERROR */
-	    KRB_ERROR error;
-
-	    ret = krb5_rd_error(context, &resp, &error);
-	    if(ret && resp.data && ((char*)resp.data)[0] == 4)
-		ret = KRB5KRB_AP_ERR_V4_REPLY;
-	    krb5_data_free(&resp);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_error_from_rd_error(context, &error, creds);
-
-	    /*
-	     * If no preauth was set and KDC requires it, give it one
-	     * more try.
-	     */
-
-	    if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
-		free_METHOD_DATA(&md);
-		memset(&md, 0, sizeof(md));
-
-		if (error.e_data) {
-		    ret = decode_METHOD_DATA(error.e_data->data, 
-					     error.e_data->length, 
-					     &md, 
-					     NULL);
-		    if (ret)
-			krb5_set_error_string(context,
-					      "failed to decode METHOD DATA");
-		} else {
-		    /* XXX guess what the server want here add add md */
-		}
-		krb5_free_error_contents(context, &error);
-		if (ret)
-		    goto out;
-	    } else {
-		_krb5_get_init_creds_opt_set_krb5_error(context,
-							init_cred_opts,
-							&error);
-		if (ret_as_reply)
-		    rep.error = error;
-		else
-		    krb5_free_error_contents(context, &error);
-		goto out;
-	    }
-	}
-    }
-
-    {
-	krb5_keyblock *key = NULL;
-	unsigned flags = 0;
-
-	if (ctx->flags.request_anonymous)
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-	if (ctx->flags.canonicalize) {
-	    flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-	    flags |= EXTRACT_TICKET_MATCH_REALM;
-	}
-
-	ret = process_pa_data_to_key(context, ctx, creds, 
-				     &ctx->as_req, &rep, hi, &key);
-	if (ret)
-	    goto out;
-	
-	ret = _krb5_extract_ticket(context,
-				   &rep,
-				   creds,
-				   key,
-				   NULL,
-				   KRB5_KU_AS_REP_ENC_PART,
-				   NULL,
-				   ctx->nonce,
-				   flags,
-				   NULL,
-				   NULL);
-	krb5_free_keyblock(context, key);
-    }
-    /*
-     * Verify referral data
-     */
-    if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) &&
-	(ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0)
-    {
-	PA_ClientCanonicalized canon;
-	krb5_crypto crypto;
-	krb5_data data;
-	PA_DATA *pa;
-	size_t len;
-
-	pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED);
-	if (pa == NULL) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, "Client canonicalizion not signed");
-	    goto out;
-	}
-	
-	ret = decode_PA_ClientCanonicalized(pa->padata_value.data, 
-					    pa->padata_value.length,
-					    &canon, &len);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode "
-				  "PA_ClientCanonicalized");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-			   &canon.names, &len, ret);
-	if (ret) 
-	    goto out;
-	if (data.length != len)
-	    krb5_abortx(context, "internal asn.1 error");
-
-	ret = krb5_crypto_init(context, &creds->session, 0, &crypto);
-	if (ret) {
-	    free(data.data);
-	    free_PA_ClientCanonicalized(&canon);
-	    goto out;
-	}
-
-	ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
-				   data.data, data.length,
-				   &canon.canon_checksum);
-	krb5_crypto_destroy(context, crypto);
-	free(data.data);
-	free_PA_ClientCanonicalized(&canon);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to verify "
-				  "client canonicalized data");
-	    goto out;
-	}
-    }
-out:
-    if (stctx)
-	krb5_sendto_ctx_free(context, stctx);
-    krb5_data_free(&ctx->req_buffer);
-    free_METHOD_DATA(&md);
-    memset(&md, 0, sizeof(md));
-
-    if (ret == 0 && ret_as_reply)
-	*ret_as_reply = rep;
-    else 
-	krb5_free_kdc_rep (context, &rep);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds(krb5_context context,
-		    krb5_creds *creds,
-		    krb5_principal client,
-		    krb5_prompter_fct prompter,
-		    void *data,
-		    krb5_deltat start_time,
-		    const char *in_tkt_service,
-		    krb5_get_init_creds_opt *options)
-{
-    krb5_get_init_creds_ctx ctx;
-    krb5_kdc_rep kdc_reply;
-    krb5_error_code ret;
-    char buf[BUFSIZ];
-    int done;
-
-    memset(&kdc_reply, 0, sizeof(kdc_reply));
-
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    done = 0;
-    while(!done) {
-	memset(&kdc_reply, 0, sizeof(kdc_reply));
-
-	ret = init_cred_loop(context,
-			     options,
-			     prompter,
-			     data,
-			     &ctx,
-			     &ctx.cred,
-			     &kdc_reply);
-	
-	switch (ret) {
-	case 0 :
-	    done = 1;
-	    break;
-	case KRB5KDC_ERR_KEY_EXPIRED :
-	    /* try to avoid recursion */
-
-	    /* don't try to change password where then where none */
-	    if (prompter == NULL || ctx.password == NULL)
-		goto out;
-
-	    krb5_clear_error_string (context);
-
-	    if (ctx.in_tkt_service != NULL
-		&& strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0)
-		goto out;
-
-	    ret = change_password (context,
-				   client,
-				   ctx.password,
-				   buf,
-				   sizeof(buf),
-				   prompter,
-				   data,
-				   options);
-	    if (ret)
-		goto out;
-	    ctx.password = buf;
-	    break;
-	default:
-	    goto out;
-	}
-    }
-
-    if (prompter)
-	print_expire (context,
-		      krb5_principal_get_realm (context, ctx.cred.client),
-		      &kdc_reply,
-		      prompter,
-		      data);
-
- out:
-    memset (buf, 0, sizeof(buf));
-    free_init_creds_ctx(context, &ctx);
-    krb5_free_kdc_rep (context, &kdc_reply);
-    if (ret == 0)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     const char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     const char *in_tkt_service,
-			     krb5_get_init_creds_opt *in_options)
-{
-    krb5_get_init_creds_opt *options;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-
-    if (in_options == NULL) {
-	const char *realm = krb5_principal_get_realm(context, client);
-	ret = krb5_get_init_creds_opt_alloc(context, &options);
-	if (ret == 0)
-	    krb5_get_init_creds_opt_set_default_flags(context, 
-						      NULL, 
-						      realm, 
-						      options);
-    } else
-	ret = _krb5_get_init_creds_opt_copy(context, in_options, &options);
-    if (ret)
-	return ret;
-
-    if (password == NULL &&
-	options->opt_private->password == NULL &&
-	options->opt_private->pk_init_ctx == NULL)
-    {
-	krb5_prompt prompt;
-	krb5_data password_data;
-	char *p, *q;
-
-	krb5_unparse_name (context, client, &p);
-	asprintf (&q, "%s's Password: ", p);
-	free (p);
-	prompt.prompt = q;
-	password_data.data   = buf;
-	password_data.length = sizeof(buf);
-	prompt.hidden = 1;
-	prompt.reply  = &password_data;
-	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
-
-	ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
-	free (q);
-	if (ret) {
-	    memset (buf, 0, sizeof(buf));
-	    krb5_get_init_creds_opt_free(context, options);
-	    ret = KRB5_LIBOS_PWDINTR;
-	    krb5_clear_error_string (context);
-	    return ret;
-	}
-	password = password_data.data;
-    }
-
-    if (options->opt_private->password == NULL) {
-	ret = krb5_get_init_creds_opt_set_pa_password(context, options,
-						      password, NULL);
-	if (ret) {
-	    krb5_get_init_creds_opt_free(context, options);
-	    memset(buf, 0, sizeof(buf));
-	    return ret;
-	}
-    }
-
-    ret = krb5_get_init_creds(context, creds, client, prompter,
-			      data, start_time, in_tkt_service, options);
-    krb5_get_init_creds_opt_free(context, options);
-    memset(buf, 0, sizeof(buf));
-    return ret;
-}
-
-static krb5_error_code
-init_creds_keyblock_key_proc (krb5_context context,
-			      krb5_enctype type,
-			      krb5_salt salt,
-			      krb5_const_pointer keyseed,
-			      krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keyblock(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     krb5_keyblock *keyblock,
-			     krb5_deltat start_time,
-			     const char *in_tkt_service,
-			     krb5_get_init_creds_opt *options)
-{
-    struct krb5_get_init_creds_ctx ctx;
-    krb5_error_code ret;
-    
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    ret = krb5_get_in_cred (context,
-			    KDCOptions2int(ctx.flags),
-			    ctx.addrs,
-			    ctx.etypes,
-			    ctx.pre_auth_types,
-			    NULL,
-			    init_creds_keyblock_key_proc,
-			    keyblock,
-			    NULL,
-			    NULL,
-			    &ctx.cred,
-			    NULL);
-
-    if (ret == 0 && creds)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
- out:
-    free_init_creds_ctx(context, &ctx);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/k524_err.et b/crypto/heimdal/lib/krb5/k524_err.et
deleted file mode 100644
index 0ca25f7..0000000
--- a/crypto/heimdal/lib/krb5/k524_err.et
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Error messages for the k524 functions
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $"
-
-error_table k524
-
-prefix KRB524
-error_code BADKEY,		"wrong keytype in ticket"
-error_code BADADDR,		"incorrect network address"
-error_code BADPRINC,		"cannot convert V5 principal"		#unused
-error_code BADREALM,		"V5 realm name longer than V4 maximum"	#unused
-error_code V4ERR,		"kerberos V4 error server"
-error_code ENCFULL,		"encoding too large at server"
-error_code DECEMPTY,		"decoding out of data"			#unused
-error_code NOTRESP,		"service not responding"		#unused
-end
-
diff --git a/crypto/heimdal/lib/krb5/kcm.c b/crypto/heimdal/lib/krb5/kcm.c
deleted file mode 100644
index 8afaa6e..0000000
--- a/crypto/heimdal/lib/krb5/kcm.c
+++ /dev/null
@@ -1,1122 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-#ifdef HAVE_KCM
-/*
- * Client library for Kerberos Credentials Manager (KCM) daemon
- */
-
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
-#include "kcm.h"
-
-RCSID("$Id: kcm.c 22108 2007-12-03 17:23:53Z lha $");
-
-typedef struct krb5_kcmcache {
-    char *name;
-    struct sockaddr_un path;
-    char *door_path;
-} krb5_kcmcache;
-
-#define KCMCACHE(X)	((krb5_kcmcache *)(X)->data.data)
-#define CACHENAME(X)	(KCMCACHE(X)->name)
-#define KCMCURSOR(C)	(*(uint32_t *)(C))
-
-static krb5_error_code
-try_door(krb5_context context, const krb5_kcmcache *k,
-	 krb5_data *request_data,
-	 krb5_data *response_data)
-{
-#ifdef HAVE_DOOR_CREATE
-    door_arg_t arg;
-    int fd;
-    int ret;
-
-    memset(&arg, 0, sizeof(arg));
-	   
-    fd = open(k->door_path, O_RDWR);
-    if (fd < 0)
-	return KRB5_CC_IO;
-
-    arg.data_ptr = request_data->data;
-    arg.data_size = request_data->length;
-    arg.desc_ptr = NULL;
-    arg.desc_num = 0;
-    arg.rbuf = NULL;
-    arg.rsize = 0;
-
-    ret = door_call(fd, &arg);
-    close(fd);
-    if (ret != 0)
-	return KRB5_CC_IO;
-
-    ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize);
-    munmap(arg.rbuf, arg.rsize);
-    if (ret)
-	return ret;
-
-    return 0;
-#else
-    return KRB5_CC_IO;
-#endif
-}
-
-static krb5_error_code
-try_unix_socket(krb5_context context, const krb5_kcmcache *k,
-		krb5_data *request_data,
-		krb5_data *response_data)
-{
-    krb5_error_code ret;
-    int fd;
-
-    fd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (fd < 0)
-	return KRB5_CC_IO;
-    
-    if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) {
-	close(fd);
-	return KRB5_CC_IO;
-    }
-    
-    ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout,
-				  request_data, response_data);
-    close(fd);
-    return ret;
-}
-    
-static krb5_error_code
-kcm_send_request(krb5_context context,
-		 krb5_kcmcache *k,
-		 krb5_storage *request,
-		 krb5_data *response_data)
-{
-    krb5_error_code ret;
-    krb5_data request_data;
-    int i;
-
-    response_data->data = NULL;
-    response_data->length = 0;
-
-    ret = krb5_storage_to_data(request, &request_data);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return KRB5_CC_NOMEM;
-    }
-
-    ret = KRB5_CC_IO;
-
-    for (i = 0; i < context->max_retries; i++) {
-	ret = try_door(context, k, &request_data, response_data);
-	if (ret == 0 && response_data->length != 0)
-	    break;
-	ret = try_unix_socket(context, k, &request_data, response_data);
-	if (ret == 0 && response_data->length != 0)
-	    break;
-    }
-
-    krb5_data_free(&request_data);
-
-    if (ret) {
-	krb5_clear_error_string(context);
-	ret = KRB5_CC_IO;
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-kcm_storage_request(krb5_context context,
-		    kcm_operation opcode,
-		    krb5_storage **storage_p)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-
-    *storage_p = NULL;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    /* Send MAJOR | VERSION | OPCODE */
-    ret  = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR);
-    if (ret)
-	goto fail;
-    ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR);
-    if (ret)
-	goto fail;
-    ret = krb5_store_int16(sp, opcode);
-    if (ret)
-	goto fail;
-
-    *storage_p = sp;
- fail:
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode request");
-	krb5_storage_free(sp);
-    }
-   
-    return ret; 
-}
-
-static krb5_error_code
-kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
-{
-    krb5_kcmcache *k;
-    const char *path;
-
-    k = malloc(sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    if (name != NULL) {
-	k->name = strdup(name);
-	if (k->name == NULL) {
-	    free(k);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return KRB5_CC_NOMEM;
-	}
-    } else
-	k->name = NULL;
-
-    path = krb5_config_get_string_default(context, NULL,
-					  _PATH_KCM_SOCKET,
-					  "libdefaults", 
-					  "kcm_socket",
-					  NULL);
-    
-    k->path.sun_family = AF_UNIX;
-    strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path));
-
-    path = krb5_config_get_string_default(context, NULL,
-					  _PATH_KCM_DOOR,
-					  "libdefaults", 
-					  "kcm_door",
-					  NULL);
-    k->door_path = strdup(path);
-
-    (*id)->data.data = k;
-    (*id)->data.length = sizeof(*k);
-
-    return 0;
-}
-
-static krb5_error_code
-kcm_call(krb5_context context,
-	 krb5_kcmcache *k,
-	 krb5_storage *request,
-	 krb5_storage **response_p,
-	 krb5_data *response_data_p)
-{
-    krb5_data response_data;
-    krb5_error_code ret;
-    int32_t status;
-    krb5_storage *response;
-
-    if (response_p != NULL)
-	*response_p = NULL;
-
-    ret = kcm_send_request(context, k, request, &response_data);
-    if (ret) {
-	return ret;
-    }
-
-    response = krb5_storage_from_data(&response_data);
-    if (response == NULL) {
-	krb5_data_free(&response_data);
-	return KRB5_CC_IO;
-    }
-
-    ret = krb5_ret_int32(response, &status);
-    if (ret) {
-	krb5_storage_free(response);
-	krb5_data_free(&response_data);
-	return KRB5_CC_FORMAT;
-    }
-
-    if (status) {
-	krb5_storage_free(response);
-	krb5_data_free(&response_data);
-	return status;
-    }
-
-    if (response_p != NULL) {
-	*response_data_p = response_data;
-	*response_p = response;
-
-	return 0;
-    }
-
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return 0;
-}
-
-static void
-kcm_free(krb5_context context, krb5_ccache *id)
-{
-    krb5_kcmcache *k = KCMCACHE(*id);
-
-    if (k != NULL) {
-	if (k->name != NULL)
-	    free(k->name);
-	if (k->door_path)
-	    free(k->door_path);
-	memset(k, 0, sizeof(*k));
-	krb5_data_free(&(*id)->data);
-    }
-
-    *id = NULL;
-}
-
-static const char *
-kcm_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return CACHENAME(id);
-}
-
-static krb5_error_code
-kcm_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    return kcm_alloc(context, res, id);
-}
-
-/*
- * Request:
- *
- * Response:
- *      NameZ
- */
-static krb5_error_code
-kcm_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_kcmcache *k;
-    krb5_error_code ret;
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_alloc(context, NULL, id);
-    if (ret)
-	return ret;
-
-    k = KCMCACHE(*id);
-
-    ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
-    if (ret) {
-	kcm_free(context, id);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	kcm_free(context, id);
-	return ret;
-    }
-
-    ret = krb5_ret_stringz(response, &k->name);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    if (ret)
-	kcm_free(context, id);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Principal
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_principal(request, primary_principal);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_close(krb5_context context,
-	  krb5_ccache id)
-{
-    kcm_free(context, &id);
-    return 0;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_DESTROY, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Creds
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_STORE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds(request, creds);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      WhichFields
- *      MatchCreds
- *
- * Response:
- *      Creds
- *
- */
-static krb5_error_code
-kcm_retrieve(krb5_context context,
-	     krb5_ccache id,
-	     krb5_flags which,
-	     const krb5_creds *mcred,
-	     krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, which);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_creds(response, creds);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *      Principal
- */
-static krb5_error_code
-kcm_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_principal(response, principal);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *      Cursor
- *
- */
-static krb5_error_code
-kcm_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-    int32_t tmp;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_int32(response, &tmp);
-    if (ret || tmp < 0)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    if (ret)
-	return ret;
-
-    *cursor = malloc(sizeof(tmp));
-    if (*cursor == NULL)
-	return KRB5_CC_NOMEM;
-
-    KCMCURSOR(*cursor) = tmp;
-
-    return 0;
-}
-
-/*
- * Request:
- *      NameZ
- *      Cursor
- *
- * Response:
- *      Creds
- */
-static krb5_error_code
-kcm_get_next (krb5_context context,
-		krb5_ccache id,
-		krb5_cc_cursor *cursor,
-		krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, KCMCURSOR(*cursor));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_creds(response, creds);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Cursor
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, KCMCURSOR(*cursor));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-  
-    krb5_storage_free(request);
-
-    KCMCURSOR(*cursor) = 0;
-    free(*cursor);
-    *cursor = NULL;
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      WhichFields
- *      MatchCreds
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_remove_cred(krb5_context context,
-		krb5_ccache id,
-		krb5_flags which,
-		krb5_creds *cred)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, which);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds_tag(request, cred);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, flags);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return 0;
-}
-
-static krb5_error_code
-kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_set_error_string(context, "kcm_move not implemented");
-    return EINVAL;
-}
-
-static krb5_error_code
-kcm_default_name(krb5_context context, char **str)
-{
-    return _krb5_expand_default_cc_name(context, 
-					KRB5_DEFAULT_CCNAME_KCM,
-					str);
-}
-
-/**
- * Variable containing the KCM based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_kcm_ops = {
-    "KCM",
-    kcm_get_name,
-    kcm_resolve,
-    kcm_gen_new,
-    kcm_initialize,
-    kcm_destroy,
-    kcm_close,
-    kcm_store_cred,
-    kcm_retrieve,
-    kcm_get_principal,
-    kcm_get_first,
-    kcm_get_next,
-    kcm_end_get,
-    kcm_remove_cred,
-    kcm_set_flags,
-    kcm_get_version,
-    NULL,
-    NULL,
-    NULL,
-    kcm_move,
-    kcm_default_name
-};
-
-krb5_boolean
-_krb5_kcm_is_running(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache_data ccdata;
-    krb5_ccache id = &ccdata;
-    krb5_boolean running;
-
-    ret = kcm_alloc(context, NULL, &id);
-    if (ret)
-	return 0;
-
-    running = (_krb5_kcm_noop(context, id) == 0);
-
-    kcm_free(context, &id);
-
-    return running;
-}
-
-/*
- * Request:
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_noop(krb5_context context,
-	       krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
-    if (ret)
-	return ret;
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      Mode
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_chmod(krb5_context context,
-		krb5_ccache id,
-		uint16_t mode)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int16(request, mode);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      UID
- *      GID
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_chown(krb5_context context,
-		krb5_ccache id,
-		uint32_t uid,
-		uint32_t gid)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_CHOWN, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, uid);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, gid);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      ServerPrincipalPresent
- *      ServerPrincipal OPTIONAL
- *      Key
- *
- * Repsonse:
- *
- */
-krb5_error_code
-_krb5_kcm_get_initial_ticket(krb5_context context,
-			     krb5_ccache id,
-			     krb5_principal server,
-			     krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    if (server != NULL) {
-	ret = krb5_store_principal(request, server);
-	if (ret) {
-	    krb5_storage_free(request);
-	    return ret;
-	}
-    }
-
-    ret = krb5_store_keyblock(request, *key);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      KDCFlags
- *      EncryptionType
- *      ServerPrincipal
- *
- * Repsonse:
- *
- */
-krb5_error_code
-_krb5_kcm_get_ticket(krb5_context context,
-		     krb5_ccache id,
-		     krb5_kdc_flags flags,
-		     krb5_enctype enctype,
-		     krb5_principal server)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, flags.i);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, enctype);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_principal(request, server);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-#endif /* HAVE_KCM */
diff --git a/crypto/heimdal/lib/krb5/kcm.h b/crypto/heimdal/lib/krb5/kcm.h
deleted file mode 100644
index 10dfa44..0000000
--- a/crypto/heimdal/lib/krb5/kcm.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __KCM_H__
-#define __KCM_H__
-
-/*
- * KCM protocol definitions
- */
-
-#define KCM_PROTOCOL_VERSION_MAJOR	1
-#define KCM_PROTOCOL_VERSION_MINOR	0
-
-typedef enum kcm_operation {
-    KCM_OP_NOOP,
-    KCM_OP_GET_NAME,
-    KCM_OP_RESOLVE,
-    KCM_OP_GEN_NEW,
-    KCM_OP_INITIALIZE,
-    KCM_OP_DESTROY,
-    KCM_OP_STORE,
-    KCM_OP_RETRIEVE,
-    KCM_OP_GET_PRINCIPAL,
-    KCM_OP_GET_FIRST,
-    KCM_OP_GET_NEXT,
-    KCM_OP_END_GET,
-    KCM_OP_REMOVE_CRED,
-    KCM_OP_SET_FLAGS,
-    KCM_OP_CHOWN,
-    KCM_OP_CHMOD,
-    KCM_OP_GET_INITIAL_TICKET,
-    KCM_OP_GET_TICKET,
-    KCM_OP_MAX
-} kcm_operation;
-
-#define _PATH_KCM_SOCKET      "/var/run/.kcm_socket"
-#define _PATH_KCM_DOOR      "/var/run/.kcm_door"
-
-#endif /* __KCM_H__ */
-
diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8
deleted file mode 100644
index e45c947..0000000
--- a/crypto/heimdal/lib/krb5/kerberos.8
+++ /dev/null
@@ -1,107 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: kerberos.8 16121 2005-10-03 14:24:36Z lha $
-.\"
-.Dd September 1, 2000
-.Dt KERBEROS 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kerberos
-.Nd introduction to the Kerberos system
-.Sh DESCRIPTION
-Kerberos is a network authentication system. Its purpose is to
-securely authenticate users and services in an insecure network
-environment.
-.Pp
-This is done with a Kerberos server acting as a trusted third party,
-keeping a database with secret keys for all users and services
-(collectively called
-.Em principals ) .
-.Pp
-Each principal belongs to exactly one
-.Em realm ,
-which is the administrative domain in Kerberos. A realm usually
-corresponds to an organisation, and the realm should normally be
-derived from that organisation's domain name. A realm is served by one
-or more Kerberos servers.
-.Pp
-The authentication process involves exchange of
-.Sq tickets
-and
-.Sq authenticators
-which together prove the principal's identity.
-.Pp
-When you login to the Kerberos system, either through the normal
-system login or with the
-.Xr kinit 1
-program, you acquire a
-.Em ticket granting ticket
-which allows you to get new tickets for other services, such as
-.Ic telnet
-or
-.Ic ftp ,
-without giving your password.
-.Pp
-For more information on how Kerberos works, and other general Kerberos
-questions see the Kerberos FAQ at
-.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
-.Pp
-For setup instructions see the Heimdal Texinfo manual.
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr kdestroy 1 ,
-.Xr kinit 1 ,
-.Xr klist 1 ,
-.Xr kpasswd 1 ,
-.Xr telnet 1
-.Sh HISTORY
-The Kerberos authentication system was developed in the late 1980's as
-part of the Athena Project at the Massachusetts Institute of
-Technology. Versions one through three never reached outside MIT, but
-version 4 was (and still is) quite popular, especially in the academic
-community, but is also used in commercial products like the AFS
-filesystem.
-.Pp
-The problems with version 4 are that it has many limitations, the code
-was not too well written (since it had been developed over a long
-time), and it has a number of known security problems. To resolve many
-of these issues work on version five started, and resulted in IETF RFC
-1510 in 1993. IETF RFC 1510 was obsoleted in 2005 with IETF RFC 4120,
-also known as Kerberos clarifications. With the arrival of IETF RFC
-4120, the work on adding extensibility and internationalization have
-started (Kerberos extensions), and a new RFC will hopefully appear
-soon.
-.Pp
-This manual page is part of the
-.Nm Heimdal
-Kerberos 5 distribution, which has been in development at the Royal
-Institute of Technology in Stockholm, Sweden, since about 1997.
diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c
deleted file mode 100644
index ff4f972..0000000
--- a/crypto/heimdal/lib/krb5/keyblock.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keyblock.c 15167 2005-05-18 04:21:57Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_keyblock_zero(krb5_keyblock *keyblock)
-{
-    keyblock->keytype = 0;
-    krb5_data_zero(&keyblock->keyvalue);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock_contents(krb5_context context,
-			    krb5_keyblock *keyblock)
-{
-    if(keyblock) {
-	if (keyblock->keyvalue.data != NULL)
-	    memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length);
-	krb5_data_free (&keyblock->keyvalue);
-	keyblock->keytype = ENCTYPE_NULL;
-    }
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock(krb5_context context,
-		   krb5_keyblock *keyblock)
-{
-    if(keyblock){
-	krb5_free_keyblock_contents(context, keyblock);
-	free(keyblock);
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock_contents (krb5_context context,
-			     const krb5_keyblock *inblock,
-			     krb5_keyblock *to)
-{
-    return copy_EncryptionKey(inblock, to);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock (krb5_context context,
-		    const krb5_keyblock *inblock,
-		    krb5_keyblock **to)
-{
-    krb5_keyblock *k;
-
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *to = k;
-    return krb5_copy_keyblock_contents (context, inblock, k);
-}
-
-krb5_enctype
-krb5_keyblock_get_enctype(const krb5_keyblock *block)
-{
-    return block->keytype;
-}
-
-/*
- * Fill in `key' with key data of type `enctype' from `data' of length
- * `size'. Key should be freed using krb5_free_keyblock_contents.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_init(krb5_context context,
-		   krb5_enctype type,
-		   const void *data,
-		   size_t size,
-		   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    size_t len;
-
-    memset(key, 0, sizeof(*key));
-
-    ret = krb5_enctype_keysize(context, type, &len);
-    if (ret)
-	return ret;
-
-    if (len != size) {
-	krb5_set_error_string(context, "Encryption key %d is %lu bytes "
-			      "long, %lu was passed in",
-			      type, (unsigned long)len, (unsigned long)size);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_copy(&key->keyvalue, data, len);
-    if(ret) {
-	krb5_set_error_string(context, "malloc failed: %lu",
-			      (unsigned long)len);
-	return ret;
-    }
-    key->keytype = type;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c
deleted file mode 100644
index f6c7858..0000000
--- a/crypto/heimdal/lib/krb5/keytab.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab.c 20211 2007-02-09 07:11:03Z lha $");
-
-/*
- * Register a new keytab in `ops'
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_register(krb5_context context,
-		 const krb5_kt_ops *ops)
-{
-    struct krb5_keytab_data *tmp;
-
-    if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
-	krb5_set_error_string(context, "krb5_kt_register; prefix too long");
-	return KRB5_KT_BADNAME;
-    }
-
-    tmp = realloc(context->kt_types,
-		  (context->num_kt_types + 1) * sizeof(*context->kt_types));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(&tmp[context->num_kt_types], ops,
-	   sizeof(tmp[context->num_kt_types]));
-    context->kt_types = tmp;
-    context->num_kt_types++;
-    return 0;
-}
-
-/*
- * Resolve the keytab name (of the form `type:residual') in `name'
- * into a keytab in `id'.
- * Return 0 or an error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_resolve(krb5_context context,
-		const char *name,
-		krb5_keytab *id)
-{
-    krb5_keytab k;
-    int i;
-    const char *type, *residual;
-    size_t type_len;
-    krb5_error_code ret;
-
-    residual = strchr(name, ':');
-    if(residual == NULL) {
-	type = "FILE";
-	type_len = strlen(type);
-	residual = name;
-    } else {
-	type = name;
-	type_len = residual - name;
-	residual++;
-    }
-    
-    for(i = 0; i < context->num_kt_types; i++) {
-	if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0)
-	    break;
-    }
-    if(i == context->num_kt_types) {
-	krb5_set_error_string(context, "unknown keytab type %.*s", 
-			      (int)type_len, type);
-	return KRB5_KT_UNKNOWN_TYPE;
-    }
-    
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(k, &context->kt_types[i], sizeof(*k));
-    k->data = NULL;
-    ret = (*k->resolve)(context, residual, k);
-    if(ret) {
-	free(k);
-	k = NULL;
-    }
-    *id = k;
-    return ret;
-}
-
-/*
- * copy the name of the default keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
-{
-    if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * copy the name of the default modify keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
-{
-    const char *kt = NULL;
-    if(context->default_keytab_modify == NULL) {
-	if(strncasecmp(context->default_keytab, "ANY:", 4) != 0)
-	    kt = context->default_keytab;
-	else {
-	    size_t len = strcspn(context->default_keytab + 4, ",");
-	    if(len >= namesize) {
-		krb5_clear_error_string(context);
-		return KRB5_CONFIG_NOTENUFSPACE;
-	    }
-	    strlcpy(name, context->default_keytab + 4, namesize);
-	    name[len] = '\0';
-	    return 0;
-	}    
-    } else
-	kt = context->default_keytab_modify;
-    if (strlcpy (name, kt, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * Set `id' to the default keytab.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default(krb5_context context, krb5_keytab *id)
-{
-    return krb5_kt_resolve (context, context->default_keytab, id);
-}
-
-/*
- * Read the key identified by `(principal, vno, enctype)' from the
- * keytab in `keyprocarg' (the default if == NULL) into `*key'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_read_service_key(krb5_context context,
-			 krb5_pointer keyprocarg,
-			 krb5_principal principal,
-			 krb5_kvno vno,
-			 krb5_enctype enctype,
-			 krb5_keyblock **key)
-{
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-
-    if (keyprocarg)
-	ret = krb5_kt_resolve (context, keyprocarg, &keytab);
-    else
-	ret = krb5_kt_default (context, &keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
-    krb5_kt_close (context, keytab);
-    if (ret)
-	return ret;
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-/*
- * Return the type of the `keytab' in the string `prefix of length
- * `prefixsize'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_type(krb5_context context,
-		 krb5_keytab keytab,
-		 char *prefix,
-		 size_t prefixsize)
-{
-    strlcpy(prefix, keytab->prefix, prefixsize);
-    return 0;
-}
-
-/*
- * Retrieve the name of the keytab `keytab' into `name', `namesize'
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_name(krb5_context context, 
-		 krb5_keytab keytab,
-		 char *name,
-		 size_t namesize)
-{
-    return (*keytab->get_name)(context, keytab, name, namesize);
-}
-
-/*
- * Retrieve the full name of the keytab `keytab' and store the name in
- * `str'. `str' needs to be freed by the caller using free(3).
- * Returns 0 or an error. On error, *str is set to NULL.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_full_name(krb5_context context, 
-		      krb5_keytab keytab,
-		      char **str)
-{
-    char type[KRB5_KT_PREFIX_MAX_LEN];
-    char name[MAXPATHLEN];
-    krb5_error_code ret;
-	      
-    *str = NULL;
-
-    ret = krb5_kt_get_type(context, keytab, type, sizeof(type));
-    if (ret)
-	return ret;
-
-    ret = krb5_kt_get_name(context, keytab, name, sizeof(name));
-    if (ret)
-	return ret;
-
-    if (asprintf(str, "%s:%s", type, name) == -1) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	*str = NULL;
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-/*
- * Finish using the keytab in `id'.  All resources will be released,
- * even on errors.  Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_close(krb5_context context, 
-	      krb5_keytab id)
-{
-    krb5_error_code ret;
-
-    ret = (*id->close)(context, id);
-    memset(id, 0, sizeof(*id));
-    free(id);
-    return ret;
-}
-
-/*
- * Compare `entry' against `principal, vno, enctype'.
- * Any of `principal, vno, enctype' might be 0 which acts as a wildcard.
- * Return TRUE if they compare the same, FALSE otherwise.
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kt_compare(krb5_context context,
-		krb5_keytab_entry *entry, 
-		krb5_const_principal principal,
-		krb5_kvno vno,
-		krb5_enctype enctype)
-{
-    if(principal != NULL && 
-       !krb5_principal_compare(context, entry->principal, principal))
-	return FALSE;
-    if(vno && vno != entry->vno)
-	return FALSE;
-    if(enctype && enctype != entry->keyblock.keytype)
-	return FALSE;
-    return TRUE;
-}
-
-/*
- * Retrieve the keytab entry for `principal, kvno, enctype' into `entry'
- * from the keytab `id'.
- * kvno == 0 is a wildcard and gives the keytab with the highest vno.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_const_principal principal,
-		  krb5_kvno kvno,
-		  krb5_enctype enctype,
-		  krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry tmp;
-    krb5_error_code ret;
-    krb5_kt_cursor cursor;
-
-    if(id->get)
-	return (*id->get)(context, id, principal, kvno, enctype, entry);
-
-    ret = krb5_kt_start_seq_get (context, id, &cursor);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
-    }
-
-    entry->vno = 0;
-    while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) {
-	if (krb5_kt_compare(context, &tmp, principal, 0, enctype)) {
-	    /* the file keytab might only store the lower 8 bits of
-	       the kvno, so only compare those bits */
-	    if (kvno == tmp.vno
-		|| (tmp.vno < 256 && kvno % 256 == tmp.vno)) {
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-		krb5_kt_free_entry (context, &tmp);
-		krb5_kt_end_seq_get(context, id, &cursor);
-		return 0;
-	    } else if (kvno == 0 && tmp.vno > entry->vno) {
-		if (entry->vno)
-		    krb5_kt_free_entry (context, entry);
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-	    }
-	}
-	krb5_kt_free_entry(context, &tmp);
-    }
-    krb5_kt_end_seq_get (context, id, &cursor);
-    if (entry->vno) {
-	return 0;
-    } else {
-	char princ[256], kvno_str[25], *kt_name;
-	char *enctype_str = NULL;
-
-	krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
-	krb5_kt_get_full_name (context, id, &kt_name);
-	krb5_enctype_to_string(context, enctype, &enctype_str);
-
-	if (kvno)
-	    snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
-	else
-	    kvno_str[0] = '\0';
-
-	krb5_set_error_string (context,
- 			       "Failed to find %s%s in keytab %s (%s)",
-			       princ,
-			       kvno_str,
-			       kt_name ? kt_name : "unknown keytab",
-			       enctype_str ? enctype_str : "unknown enctype");
-	free(kt_name);
-	free(enctype_str);
-	return KRB5_KT_NOTFOUND;
-    }
-}
-
-/*
- * Copy the contents of `in' into `out'.
- * Return 0 or an error.  */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_copy_entry_contents(krb5_context context,
-			    const krb5_keytab_entry *in,
-			    krb5_keytab_entry *out)
-{
-    krb5_error_code ret;
-
-    memset(out, 0, sizeof(*out));
-    out->vno = in->vno;
-
-    ret = krb5_copy_principal (context, in->principal, &out->principal);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context,
-				       &in->keyblock,
-				       &out->keyblock);
-    if (ret)
-	goto fail;
-    out->timestamp = in->timestamp;
-    return 0;
-fail:
-    krb5_kt_free_entry (context, out);
-    return ret;
-}
-
-/*
- * Free the contents of `entry'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_free_entry(krb5_context context,
-		   krb5_keytab_entry *entry)
-{
-    krb5_free_principal (context, entry->principal);
-    krb5_free_keyblock_contents (context, &entry->keyblock);
-    memset(entry, 0, sizeof(*entry));
-    return 0;
-}
-
-/*
- * Set `cursor' to point at the beginning of `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_start_seq_get(krb5_context context,
-		      krb5_keytab id,
-		      krb5_kt_cursor *cursor)
-{
-    if(id->start_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "start_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->start_seq_get)(context, id, cursor);
-}
-
-/*
- * Get the next entry from `id' pointed to by `cursor' and advance the
- * `cursor'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_next_entry(krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry,
-		   krb5_kt_cursor *cursor)
-{
-    if(id->next_entry == NULL) {
-	krb5_set_error_string(context,
-			      "next_entry is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->next_entry)(context, id, entry, cursor);
-}
-
-/*
- * Release all resources associated with `cursor'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_end_seq_get(krb5_context context,
-		    krb5_keytab id,
-		    krb5_kt_cursor *cursor)
-{
-    if(id->end_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "end_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->end_seq_get)(context, id, cursor);
-}
-
-/*
- * Add the entry in `entry' to the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_add_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_keytab_entry *entry)
-{
-    if(id->add == NULL) {
-	krb5_set_error_string(context, "Add is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    entry->timestamp = time(NULL);
-    return (*id->add)(context, id,entry);
-}
-
-/*
- * Remove the entry `entry' from the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_remove_entry(krb5_context context,
-		     krb5_keytab id,
-		     krb5_keytab_entry *entry)
-{
-    if(id->remove == NULL) {
-	krb5_set_error_string(context,
-			      "Remove is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    return (*id->remove)(context, id, entry);
-}
diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c
deleted file mode 100644
index 54272d4..0000000
--- a/crypto/heimdal/lib/krb5/keytab_any.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_any.c 17035 2006-04-10 09:20:13Z lha $");
-
-struct any_data {
-    krb5_keytab kt;
-    char *name;
-    struct any_data *next;
-};
-
-static void
-free_list (krb5_context context, struct any_data *a)
-{
-    struct any_data *next;
-
-    for (; a != NULL; a = next) {
-	next = a->next;
-	free (a->name);
-	if(a->kt)
-	    krb5_kt_close(context, a->kt);
-	free (a);
-    }
-}
-
-static krb5_error_code
-any_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct any_data *a, *a0 = NULL, *prev = NULL;
-    krb5_error_code ret;
-    char buf[256];
-
-    while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
-	a = malloc(sizeof(*a));
-	if (a == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	if (a0 == NULL) {
-	    a0 = a;
-	    a->name = strdup(buf);
-	    if (a->name == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto fail;
-	    }
-	} else
-	    a->name = NULL;
-	if (prev != NULL)
-	    prev->next = a;
-	a->next = NULL;
-	ret = krb5_kt_resolve (context, buf, &a->kt);
-	if (ret)
-	    goto fail;
-	prev = a;
-    }
-    if (a0 == NULL) {
-	krb5_set_error_string(context, "empty ANY: keytab");
-	return ENOENT;
-    }
-    id->data = a0;
-    return 0;
- fail:
-    free_list (context, a0);
-    return ret;
-}
-
-static krb5_error_code
-any_get_name (krb5_context context,
-	      krb5_keytab id,
-	      char *name,
-	      size_t namesize)
-{
-    struct any_data *a = id->data;
-    strlcpy(name, a->name, namesize);
-    return 0;
-}
-
-static krb5_error_code
-any_close (krb5_context context,
-	   krb5_keytab id)
-{
-    struct any_data *a = id->data;
-
-    free_list (context, a);
-    return 0;
-}
-
-struct any_cursor_extra_data {
-    struct any_data *a;
-    krb5_kt_cursor cursor;
-};
-
-static krb5_error_code
-any_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    struct any_data *a = id->data;
-    struct any_cursor_extra_data *ed;
-    krb5_error_code ret;
-
-    c->data = malloc (sizeof(struct any_cursor_extra_data));
-    if(c->data == NULL){
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed = (struct any_cursor_extra_data *)c->data;
-    ed->a = a;
-    ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-    if (ret) {
-	free (c->data);
-	c->data = NULL;
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_next_entry (krb5_context context,
-		krb5_keytab id,
-		krb5_keytab_entry *entry,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret, ret2;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    do {
-	ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
-	if (ret == 0)
-	    return 0;
-	else if (ret != KRB5_KT_END)
-	    return ret;
-
-	ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
-	if (ret2)
-	    return ret2;
-	while ((ed->a = ed->a->next) != NULL) {
-	    ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-	    if (ret2 == 0)
-		break;
-	}
-	if (ed->a == NULL) {
-	    krb5_clear_error_string (context);
-	    return KRB5_KT_END;
-	}
-    } while (1);
-}
-
-static krb5_error_code
-any_end_seq_get(krb5_context context,
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret = 0;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    if (ed->a != NULL)
-	ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
-    free (ed);
-    cursor->data = NULL;
-    return ret;
-}
-
-static krb5_error_code
-any_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    while(a != NULL) {
-	ret = krb5_kt_add_entry(context, a->kt, entry);
-	if(ret != 0 && ret != KRB5_KT_NOWRITE) {
-	    krb5_set_error_string(context, "failed to add entry to %s", 
-				  a->name);
-	    return ret;
-	}
-	a = a->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    int found = 0;
-    while(a != NULL) {
-	ret = krb5_kt_remove_entry(context, a->kt, entry);
-	if(ret == 0)
-	    found++;
-	else {
-	    if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
-		krb5_set_error_string(context, "failed to remove entry from %s", 
-				      a->name);
-		return ret;
-	    }
-	}
-	a = a->next;
-    }
-    if(!found)
-	return KRB5_KT_NOTFOUND;
-    return 0;
-}
-
-const krb5_kt_ops krb5_any_ops = {
-    "ANY",
-    any_resolve,
-    any_get_name,
-    any_close,
-    NULL, /* get */
-    any_start_seq_get,
-    any_next_entry,
-    any_end_seq_get,
-    any_add_entry,
-    any_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c
deleted file mode 100644
index 4ada3a4..0000000
--- a/crypto/heimdal/lib/krb5/keytab_file.c
+++ /dev/null
@@ -1,696 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_file.c 17457 2006-05-05 12:36:57Z lha $");
-
-#define KRB5_KT_VNO_1 1
-#define KRB5_KT_VNO_2 2
-#define KRB5_KT_VNO   KRB5_KT_VNO_2
-
-#define KRB5_KT_FL_JAVA 1
-
-
-/* file operations -------------------------------------------- */
-
-struct fkt_data {
-    char *filename;
-    int flags;
-};
-
-static krb5_error_code
-krb5_kt_ret_data(krb5_context context,
-		 krb5_storage *sp,
-		 krb5_data *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    data->length = size;
-    data->data = malloc(size);
-    if (data->data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, data->data, size);
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_string(krb5_context context,
-		   krb5_storage *sp,
-		   heim_general_string *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    *data = malloc(size + 1);
-    if (*data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, *data, size);
-    (*data)[size] = '\0';
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_data(krb5_context context,
-		   krb5_storage *sp,
-		   krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int16(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_string(krb5_storage *sp,
-		     heim_general_string data)
-{
-    int ret;
-    size_t len = strlen(data);
-    ret = krb5_store_int16(sp, len);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data, len);
-    if(ret != len){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
-    if(ret) return ret;
-    p->keytype = tmp;
-    ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
-    return ret;
-}
-
-static krb5_error_code
-krb5_kt_store_keyblock(krb5_context context,
-		       krb5_storage *sp, 
-		       krb5_keyblock *p)
-{
-    int ret;
-
-    ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
-    if(ret) return ret;
-    ret = krb5_kt_store_data(context, sp, p->keyvalue);
-    return ret;
-}
-
-
-static krb5_error_code
-krb5_kt_ret_principal(krb5_context context,
-		      krb5_storage *sp,
-		      krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int16_t len;
-    
-    ALLOC(p, 1);
-    if(p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_ret_int16(sp, &len);
-    if(ret) {
-	krb5_set_error_string(context,
-			      "Failed decoding length of keytab principal");
-	goto out;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	len--;
-    if (len < 0) {
-	krb5_set_error_string(context, 
-			      "Keytab principal contains invalid length");
-	ret = KRB5_KT_END;
-	goto out;
-    }
-    ret = krb5_kt_ret_string(context, sp, &p->realm);
-    if(ret)
-	goto out;
-    p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    p->name.name_string.len = len;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
-	if(ret)
-	    goto out;
-    }
-    if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	p->name.name_type = KRB5_NT_UNKNOWN;
-    else {
-	int32_t tmp32;
-	ret = krb5_ret_int32(sp, &tmp32);
-	p->name.name_type = tmp32;
-	if (ret)
-	    goto out;
-    }
-    *princ = p;
-    return 0;
-out:
-    krb5_free_principal(context, p);
-    return ret;
-}
-
-static krb5_error_code
-krb5_kt_store_principal(krb5_context context,
-			krb5_storage *sp,
-			krb5_principal p)
-{
-    int i;
-    int ret;
-    
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int16(sp, p->name.name_string.len + 1);
-    else
-	ret = krb5_store_int16(sp, p->name.name_string.len);
-    if(ret) return ret;
-    ret = krb5_kt_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
-	if(ret)
-	    return ret;
-    }
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-	ret = krb5_store_int32(sp, p->name.name_type);
-	if(ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct fkt_data *d;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup(name);
-    if(d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->flags = 0;
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
-{
-    krb5_error_code ret;
-
-    ret = fkt_resolve(context, name, id);
-    if (ret == 0) {
-	struct fkt_data *d = id->data;
-	d->flags |= KRB5_KT_FL_JAVA;
-    }
-    return ret;
-}
-
-static krb5_error_code
-fkt_close(krb5_context context, krb5_keytab id)
-{
-    struct fkt_data *d = id->data;
-    free(d->filename);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-fkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    /* This function is XXX */
-    struct fkt_data *d = id->data;
-    strlcpy(name, d->filename, namesize);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_KT_VNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_KT_VNO_2:
-	break;
-    default:
-	krb5_warnx(context, 
-		   "storage_set_flags called with bad vno (%d)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fkt_start_seq_get_int(krb5_context context, 
-		      krb5_keytab id, 
-		      int flags,
-		      int exclusive,
-		      krb5_kt_cursor *c)
-{
-    int8_t pvno, tag;
-    krb5_error_code ret;
-    struct fkt_data *d = id->data;
-    
-    c->fd = open (d->filename, flags);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "%s: %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
-    if (ret) {
-	close(c->fd);
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    if (c->sp == NULL) {
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    ret = krb5_ret_int8(c->sp, &pvno);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if(pvno != 5) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	return KRB5_KEYTAB_BADVNO;
-    }
-    ret = krb5_ret_int8(c->sp, &tag);
-    if (ret) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    id->version = tag;
-    storage_set_flags(context, c->sp, id->version);
-    return 0;
-}
-
-static krb5_error_code
-fkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
-}
-
-static krb5_error_code
-fkt_next_entry_int(krb5_context context, 
-		   krb5_keytab id, 
-		   krb5_keytab_entry *entry, 
-		   krb5_kt_cursor *cursor,
-		   off_t *start,
-		   off_t *end)
-{
-    int32_t len;
-    int ret;
-    int8_t tmp8;
-    int32_t tmp32;
-    off_t pos, curpos;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-loop:
-    ret = krb5_ret_int32(cursor->sp, &len);
-    if (ret)
-	return ret;
-    if(len < 0) {
-	pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
-	goto loop;
-    }
-    ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
-    if (ret)
-	goto out;
-    ret = krb5_ret_int32(cursor->sp, &tmp32);
-    entry->timestamp = tmp32;
-    if (ret)
-	goto out;
-    ret = krb5_ret_int8(cursor->sp, &tmp8);
-    if (ret)
-	goto out;
-    entry->vno = tmp8;
-    ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
-    if (ret)
-	goto out;
-    /* there might be a 32 bit kvno here
-     * if it's zero, assume that the 8bit one was right,
-     * otherwise trust the new value */
-    curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-    if(len + 4 + pos - curpos >= 4) {
-	ret = krb5_ret_int32(cursor->sp, &tmp32);
-	if (ret == 0 && tmp32 != 0) {
-	    entry->vno = tmp32;
-	}
-    }
-    if(start) *start = pos;
-    if(end) *end = pos + 4 + len;
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-fkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
-}
-
-static krb5_error_code
-fkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    _krb5_xunlock(context, cursor->fd);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-fkt_setup_keytab(krb5_context context,
-		 krb5_keytab id,
-		 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    ret = krb5_store_int8(sp, 5);
-    if(ret)
-	return ret;
-    if(id->version == 0)
-	id->version = KRB5_KT_VNO;
-    return krb5_store_int8 (sp, id->version);
-}
-		 
-static krb5_error_code
-fkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    int ret;
-    int fd;
-    krb5_storage *sp;
-    struct fkt_data *d = id->data;
-    krb5_data keytab;
-    int32_t len;
-    
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	ret = _krb5_xlock(context, fd, 1, d->filename);
-	if (ret) {
-	    close(fd);
-	    return ret;
-	}
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = fkt_setup_keytab(context, id, sp);
-	if(ret) {
-	    goto out;
-	}
-	storage_set_flags(context, sp, id->version);
-    } else {
-	int8_t pvno, tag;
-	ret = _krb5_xlock(context, fd, 1, d->filename);
-	if (ret) {
-	    close(fd);
-	    return ret;
-	}
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = krb5_ret_int8(sp, &pvno);
-	if(ret) {
-	    /* we probably have a zero byte file, so try to set it up
-               properly */
-	    ret = fkt_setup_keytab(context, id, sp);
-	    if(ret) {
-		krb5_set_error_string(context, "%s: keytab is corrupted: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    storage_set_flags(context, sp, id->version);
-	} else {
-	    if(pvno != 5) {
-		ret = KRB5_KEYTAB_BADVNO;
-		krb5_set_error_string(context, "%s: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    ret = krb5_ret_int8 (sp, &tag);
-	    if (ret) {
-		krb5_set_error_string(context, "%s: reading tag: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    id->version = tag;
-	    storage_set_flags(context, sp, id->version);
-	}
-    }
-
-    {
-	krb5_storage *emem;
-	emem = krb5_storage_emem();
-	if(emem == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-	ret = krb5_kt_store_principal(context, emem, entry->principal);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int32 (emem, entry->timestamp);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int8 (emem, entry->vno % 256);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
-	    ret = krb5_store_int32 (emem, entry->vno);
-	    if (ret) {
-		krb5_storage_free(emem);
-		goto out;
-	    }
-	}
-
-	ret = krb5_storage_to_data(emem, &keytab);
-	krb5_storage_free(emem);
-	if(ret)
-	    goto out;
-    }
-    
-    while(1) {
-	ret = krb5_ret_int32(sp, &len);
-	if(ret == KRB5_KT_END) {
-	    len = keytab.length;
-	    break;
-	}
-	if(len < 0) {
-	    len = -len;
-	    if(len >= keytab.length) {
-		krb5_storage_seek(sp, -4, SEEK_CUR);
-		break;
-	    }
-	}
-	krb5_storage_seek(sp, len, SEEK_CUR);
-    }
-    ret = krb5_store_int32(sp, len);
-    if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
-	ret = errno;
-    memset(keytab.data, 0, keytab.length);
-    krb5_data_free(&keytab);
-  out:
-    krb5_storage_free(sp);
-    _krb5_xunlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    off_t pos_start, pos_end;
-    int found = 0;
-    krb5_error_code ret;
-    
-    ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
-    if(ret != 0) 
-	goto out; /* return other error here? */
-    while(fkt_next_entry_int(context, id, &e, &cursor, 
-			     &pos_start, &pos_end) == 0) {
-	if(krb5_kt_compare(context, &e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    int32_t len;
-	    unsigned char buf[128];
-	    found = 1;
-	    krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
-	    len = pos_end - pos_start - 4;
-	    krb5_store_int32(cursor.sp, -len);
-	    memset(buf, 0, sizeof(buf));
-	    while(len > 0) {
-		krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
-		len -= min(len, sizeof(buf));
-	    }
-	}
-	krb5_kt_free_entry(context, &e);
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    if (!found) {
-	krb5_clear_error_string (context);
-	return KRB5_KT_NOTFOUND;
-    }
-    return 0;
-}
-
-const krb5_kt_ops krb5_fkt_ops = {
-    "FILE",
-    fkt_resolve,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
-
-const krb5_kt_ops krb5_wrfkt_ops = {
-    "WRFILE",
-    fkt_resolve,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
-
-const krb5_kt_ops krb5_javakt_ops = {
-    "JAVA14",
-    fkt_resolve_java14,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c
deleted file mode 100644
index 77455ba..0000000
--- a/crypto/heimdal/lib/krb5/keytab_keyfile.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $");
-
-/* afs keyfile operations --------------------------------------- */
-
-/*
- * Minimum tools to handle the AFS KeyFile.
- * 
- * Format of the KeyFile is:
- * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
- *
- * It just adds to the end of the keyfile, deleting isn't implemented.
- * Use your favorite text/hex editor to delete keys.
- *
- */
-
-#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
-#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
-
-struct akf_data {
-    int num_entries;
-    char *filename;
-    char *cell;
-    char *realm;
-};
-
-/*
- * set `d->cell' and `d->realm'
- */
-
-static int
-get_cell_and_realm (krb5_context context, struct akf_data *d)
-{
-    FILE *f;
-    char buf[BUFSIZ], *cp;
-    int ret;
-
-    f = fopen (AFS_SERVERTHISCELL, "r");
-    if (f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
-			       strerror(ret));
-	return ret;
-    }
-    if (fgets (buf, sizeof(buf), f) == NULL) {
-	fclose (f);
-	krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
-	return EINVAL;
-    }
-    buf[strcspn(buf, "\n")] = '\0';
-    fclose(f);
-
-    d->cell = strdup (buf);
-    if (d->cell == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    f = fopen (AFS_SERVERMAGICKRBCONF, "r");
-    if (f != NULL) {
-	if (fgets (buf, sizeof(buf), f) == NULL) {
-	    free (d->cell);
-	    d->cell = NULL;
-	    fclose (f);
-	    krb5_set_error_string (context, "no realm in %s",
-				   AFS_SERVERMAGICKRBCONF);
-	    return EINVAL;
-	}
-	buf[strcspn(buf, "\n")] = '\0';
-	fclose(f);
-    }
-    /* uppercase */
-    for (cp = buf; *cp != '\0'; cp++)
-	*cp = toupper((unsigned char)*cp);
-    
-    d->realm = strdup (buf);
-    if (d->realm == NULL) {
-	free (d->cell);
-	d->cell = NULL;
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/*
- * init and get filename
- */
-
-static krb5_error_code
-akf_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    int ret;
-    struct akf_data *d = malloc(sizeof (struct akf_data));
-
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    d->num_entries = 0;
-    ret = get_cell_and_realm (context, d);
-    if (ret) {
-	free (d);
-	return ret;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free (d->cell);
-	free (d->realm);
-	free (d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    
-    return 0;
-}
-
-/*
- * cleanup
- */
-
-static krb5_error_code
-akf_close(krb5_context context, krb5_keytab id)
-{
-    struct akf_data *d = id->data;
-
-    free (d->filename);
-    free (d->cell);
-    free (d);
-    return 0;
-}
-
-/*
- * Return filename
- */
-
-static krb5_error_code 
-akf_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t name_sz)
-{
-    struct akf_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-/*
- * Init 
- */
-
-static krb5_error_code
-akf_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    int32_t ret;
-    struct akf_data *d = id->data;
-
-    c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-
-    c->sp = krb5_storage_from_fd(c->fd);
-    ret = krb5_ret_int32(c->sp, &d->num_entries);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	if(ret == KRB5_KT_END)
-	    return KRB5_KT_NOTFOUND;
-	return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-akf_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    struct akf_data *d = id->data;
-    int32_t kvno;
-    off_t pos;
-    int ret;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-
-    if ((pos - 4) / (4 + 8) >= d->num_entries)
-	return KRB5_KT_END;
-
-    ret = krb5_make_principal (context, &entry->principal,
-			       d->realm, "afs", d->cell, NULL);
-    if (ret)
-	goto out;
-
-    ret = krb5_ret_int32(cursor->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, entry->principal);
-	goto out;
-    }
-
-    entry->vno = kvno;
-
-    entry->keyblock.keytype         = ETYPE_DES_CBC_MD5;
-    entry->keyblock.keyvalue.length = 8;
-    entry->keyblock.keyvalue.data   = malloc (8);
-    if (entry->keyblock.keyvalue.data == NULL) {
-	krb5_free_principal (context, entry->principal);
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
-    if(ret != 8)
-	ret = (ret < 0) ? errno : KRB5_KT_END;
-    else
-	ret = 0;
-
-    entry->timestamp = time(NULL);
-
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-akf_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-akf_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct akf_data *d = id->data;
-    int fd, created = 0;
-    krb5_error_code ret;
-    int32_t len;
-    krb5_storage *sp;
-
-
-    if (entry->keyblock.keyvalue.length != 8)
-	return 0;
-    switch(entry->keyblock.keytype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-	break;
-    default:
-	return 0;
-    }
-
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename,
-		   O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	created = 1;
-    }
-
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (created)
-	len = 0;
-    else {
-	if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	    ret = errno;
-	    krb5_storage_free(sp);
-	    close(fd);
-	    krb5_set_error_string (context, "seek: %s", strerror(ret));
-	    return ret;
-	}
-	    
-	ret = krb5_ret_int32(sp, &len);
-	if(ret) {
-	    krb5_storage_free(sp);
-	    close(fd);
-	    return ret;
-	}
-    }
-
-    /*
-     * Make sure we don't add the entry twice, assumes the DES
-     * encryption types are all the same key.
-     */
-    if (len > 0) {
-	int32_t kvno;
-	int i;
-
-	for (i = 0; i < len; i++) {
-	    ret = krb5_ret_int32(sp, &kvno);
-	    if (ret) {
-		krb5_set_error_string (context, "Failed to get kvno ");
-		goto out;
-	    }
-	    if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
-		krb5_set_error_string (context, "seek: %s", strerror(ret));
-		goto out;
-	    }
-	    if (kvno == entry->vno) {
-		ret = 0;
-		goto out;
-	    }
-	}
-    }
-
-    len++;
-	
-    if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "seek: %s", strerror(ret));
-	goto out;
-    }
-	
-    ret = krb5_store_int32(sp, len);
-    if(ret) {
-	krb5_set_error_string(context, "keytab keyfile failed new length");
-	return ret;
-    }
-
-    if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "seek to end: %s", strerror(ret));
-	goto out;
-    }
-	
-    ret = krb5_store_int32(sp, entry->vno);
-    if(ret) {
-	krb5_set_error_string(context, "keytab keyfile failed store kvno");
-	goto out;
-    }
-    ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 
-			     entry->keyblock.keyvalue.length);
-    if(ret != entry->keyblock.keyvalue.length) {
-	if (ret < 0)
-	    ret = errno;
-	else
-	    ret = ENOTTY;
-	krb5_set_error_string(context, "keytab keyfile failed to add key");
-	goto out;
-    }
-    ret = 0;
-out:
-    krb5_storage_free(sp);
-    close (fd);
-    return ret;
-}
-
-const krb5_kt_ops krb5_akf_ops = {
-    "AFSKEYFILE",
-    akf_resolve,
-    akf_get_name,
-    akf_close,
-    NULL, /* get */
-    akf_start_seq_get,
-    akf_next_entry,
-    akf_end_seq_get,
-    akf_add_entry,
-    NULL /* remove */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c
deleted file mode 100644
index 907836c..0000000
--- a/crypto/heimdal/lib/krb5/keytab_krb4.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_krb4.c 17046 2006-04-10 17:10:53Z lha $");
-
-struct krb4_kt_data {
-    char *filename;
-};
-
-static krb5_error_code
-krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct krb4_kt_data *d;
-
-    d = malloc (sizeof(*d));
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_get_name (krb5_context context,
-		  krb5_keytab id,
-		  char *name,
-		  size_t name_sz)
-{
-    struct krb4_kt_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_close (krb5_context context,
-	       krb5_keytab id)
-{
-    struct krb4_kt_data *d = id->data;
-
-    free (d->filename);
-    free (d);
-    return 0;
-}
-
-struct krb4_cursor_extra_data {
-    krb5_keytab_entry entry;
-    int num;
-};
-
-static int
-open_flock(const char *filename, int flags, int mode)
-{
-    int lock_mode;
-    int tries = 0;
-    int fd = open(filename, flags, mode);
-    if(fd < 0)
-	return fd;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	lock_mode = LOCK_SH | LOCK_NB;
-    else
-	lock_mode = LOCK_EX | LOCK_NB;
-    while(flock(fd, lock_mode) < 0) {
-	if(++tries < 5) {
-	    sleep(1);
-	} else {
-	    close(fd);
-	    return -1;
-	}
-    }
-    return fd;
-}
-
-
-
-static krb5_error_code
-krb4_kt_start_seq_get_int (krb5_context context,
-			   krb5_keytab id,
-			   int flags,
-			   krb5_kt_cursor *c)
-{
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed;
-    int ret;
-
-    ed = malloc (sizeof(*ed));
-    if (ed == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed->entry.principal = NULL;
-    ed->num = -1;
-    c->data = ed;
-    c->fd = open_flock (d->filename, flags, 0);
-    if (c->fd < 0) {
-	ret = errno;
-	free (ed);
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    if(c->sp == NULL) {
-	close(c->fd);
-	free(ed);
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_start_seq_get (krb5_context context,
-		       krb5_keytab id,
-		       krb5_kt_cursor *c)
-{
-    return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c);
-}
-
-static krb5_error_code
-read_v4_entry (krb5_context context,
-	       struct krb4_kt_data *d,
-	       krb5_kt_cursor *c,
-	       struct krb4_cursor_extra_data *ed)
-{
-    unsigned char des_key[8];
-    krb5_error_code ret;
-    char *service, *instance, *realm;
-    int8_t kvno;
-
-    ret = krb5_ret_stringz(c->sp, &service);
-    if (ret)
-	return ret;
-    ret = krb5_ret_stringz(c->sp, &instance);
-    if (ret) {
-	free (service);
-	return ret;
-    }
-    ret = krb5_ret_stringz(c->sp, &realm);
-    if (ret) {
-	free (service);
-	free (instance);
-	return ret;
-    }
-    ret = krb5_425_conv_principal (context, service, instance, realm,
-				   &ed->entry.principal);
-    free (service);
-    free (instance);
-    free (realm);
-    if (ret)
-	return ret;
-    ret = krb5_ret_int8(c->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, ed->entry.principal);
-	return ret;
-    }
-    ret = krb5_storage_read(c->sp, des_key, sizeof(des_key));
-    if (ret < 0) {
-	krb5_free_principal(context, ed->entry.principal);
-	return ret;
-    }
-    if (ret < 8) {
-	krb5_free_principal(context, ed->entry.principal);
-	return EINVAL;
-    }
-    ed->entry.vno = kvno;
-    ret = krb5_data_copy (&ed->entry.keyblock.keyvalue,
-			  des_key, sizeof(des_key));
-    if (ret)
-	return ret;
-    ed->entry.timestamp = time(NULL);
-    ed->num = 0;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_next_entry (krb5_context context,
-		    krb5_keytab id,
-		    krb5_keytab_entry *entry,
-		    krb5_kt_cursor *c)
-{
-    krb5_error_code ret;
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed = c->data;
-    const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5,
-				     ETYPE_DES_CBC_MD4,
-				     ETYPE_DES_CBC_CRC};
-
-    if (ed->num == -1) {
-	ret = read_v4_entry (context, d, c, ed);
-	if (ret)
-	    return ret;
-    }
-    ret = krb5_kt_copy_entry_contents (context,
-				       &ed->entry,
-				       entry);
-    if (ret)
-	return ret;
-    entry->keyblock.keytype = keytypes[ed->num];
-    if (++ed->num == 3) {
-	krb5_kt_free_entry (context, &ed->entry);
-	ed->num = -1;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_end_seq_get (krb5_context context,
-		     krb5_keytab id,
-		     krb5_kt_cursor *c)
-{
-    struct krb4_cursor_extra_data *ed = c->data;
-
-    krb5_storage_free (c->sp);
-    if (ed->num != -1)
-	krb5_kt_free_entry (context, &ed->entry);
-    free (c->data);
-    close (c->fd);
-    return 0;
-}
-
-static krb5_error_code
-krb4_store_keytab_entry(krb5_context context, 
-			krb5_keytab_entry *entry, 
-			krb5_storage *sp)
-{
-    krb5_error_code ret;
-#define ANAME_SZ 40
-#define INST_SZ 40
-#define REALM_SZ 40
-    char service[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    ret = krb5_524_conv_principal (context, entry->principal,
-				   service, instance, realm);
-    if (ret)
-	return ret;
-    if (entry->keyblock.keyvalue.length == 8
-	&& entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
-	ret = krb5_store_stringz(sp, service);
-	ret = krb5_store_stringz(sp, instance);
-	ret = krb5_store_stringz(sp, realm);
-	ret = krb5_store_int8(sp, entry->vno);
-	ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_add_entry (krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_storage *sp;
-    krb5_error_code ret;
-    int fd;
-
-    fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0);
-    if (fd < 0) {
-	fd = open_flock (d->filename,
-		   O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(sp, KRB5_KT_END);
-    ret = krb4_store_keytab_entry(context, entry, sp);
-    krb5_storage_free(sp);
-    if(close (fd) < 0)
-	return errno;
-    return ret;
-}
-
-static krb5_error_code
-krb4_kt_remove_entry(krb5_context context,
-		     krb5_keytab id,
-		     krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_error_code ret;
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    krb5_storage *sp;
-    int remove_flag = 0;
-    
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }	
-    while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) {
-	if(!krb5_kt_compare(context, &e, entry->principal, 
-			    entry->vno, entry->keyblock.keytype)) {
-	    ret = krb4_store_keytab_entry(context, &e, sp);
-	    if(ret) {
-		krb5_kt_free_entry(context, &e);
-		krb5_storage_free(sp);
-		return ret;
-	    }
-	} else
-	    remove_flag = 1;
-	krb5_kt_free_entry(context, &e);
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-    if(remove_flag) {
-	int fd;
-	unsigned char buf[1024];
-	ssize_t n;
-	krb5_data data;
-	struct stat st;
-
-	krb5_storage_to_data(sp, &data);
-	krb5_storage_free(sp);
-
-	fd = open_flock (d->filename, O_RDWR | O_BINARY, 0);
-	if(fd < 0) {
-	    memset(data.data, 0, data.length);
-	    krb5_data_free(&data);
-	    if(errno == EACCES || errno == EROFS) 
-		return KRB5_KT_NOWRITE;
-	    return errno;
-	}
-
-	if(write(fd, data.data, data.length) != data.length) {
-	    memset(data.data, 0, data.length);
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-	    return errno;
-	}
-	memset(data.data, 0, data.length);
-	if(fstat(fd, &st) < 0) {
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename);
-	    return errno;
-	}
-	st.st_size -= data.length;
-	memset(buf, 0, sizeof(buf));
-	while(st.st_size > 0) {
-	    n = min(st.st_size, sizeof(buf));
-	    n = write(fd, buf, n);
-	    if(n <= 0) {
-		krb5_data_free(&data);
-		close(fd);
-		krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-		return errno;
-		
-	    }
-	    st.st_size -= n;
-	}
-	if(ftruncate(fd, data.length) < 0) {
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed truncating \"%s\"", d->filename);
-	    return errno;
-	}
-	krb5_data_free(&data);
-	if(close(fd) < 0) {
-	    krb5_set_error_string(context, "error closing \"%s\"", d->filename);
-	    return errno;
-	}
-	return 0;
-    } else {
-	krb5_storage_free(sp);
-	return KRB5_KT_NOTFOUND;
-    }
-}
-
-
-const krb5_kt_ops krb4_fkt_ops = {
-    "krb4",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
-
-const krb5_kt_ops krb5_srvtab_fkt_ops = {
-    "SRVTAB",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c
deleted file mode 100644
index 0ad8720..0000000
--- a/crypto/heimdal/lib/krb5/keytab_memory.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_memory.c 16352 2005-12-05 18:39:46Z lha $");
-
-/* memory operations -------------------------------------------- */
-
-struct mkt_data {
-    krb5_keytab_entry *entries;
-    int num_entries;
-    char *name;
-    int refcount;
-    struct mkt_data *next;
-};
-
-/* this mutex protects mkt_head, ->refcount, and ->next 
- * content is not protected (name is static and need no protection)
- */
-static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct mkt_data *mkt_head;
-
-
-static krb5_error_code
-mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct mkt_data *d;
-
-    HEIMDAL_MUTEX_lock(&mkt_mutex);
-
-    for (d = mkt_head; d != NULL; d = d->next)
-	if (strcmp(d->name, name) == 0)
-	    break;
-    if (d) {
-	if (d->refcount < 1)
-	    krb5_abortx(context, "Double close on memory keytab, "
-			"refcount < 1 %d", d->refcount);
-	d->refcount++;
-	id->data = d;
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	return 0;
-    }
-
-    d = calloc(1, sizeof(*d));
-    if(d == NULL) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->name = strdup(name);
-    if (d->name == NULL) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = NULL;
-    d->num_entries = 0;
-    d->refcount = 1;
-    d->next = mkt_head;
-    mkt_head = d;
-    HEIMDAL_MUTEX_unlock(&mkt_mutex);
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-mkt_close(krb5_context context, krb5_keytab id)
-{
-    struct mkt_data *d = id->data, **dp;
-    int i;
-
-    HEIMDAL_MUTEX_lock(&mkt_mutex);
-    if (d->refcount < 1)
-	krb5_abortx(context, 
-		    "krb5 internal error, memory keytab refcount < 1 on close");
-
-    if (--d->refcount > 0) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	return 0;
-    }
-    for (dp = &mkt_head; *dp != NULL; dp = &(*dp)->next) {
-	if (*dp == d) {
-	    *dp = d->next;
-	    break;
-	}
-    }
-    HEIMDAL_MUTEX_unlock(&mkt_mutex);
-
-    free(d->name);
-    for(i = 0; i < d->num_entries; i++)
-	krb5_kt_free_entry(context, &d->entries[i]);
-    free(d->entries);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-mkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    struct mkt_data *d = id->data;
-    strlcpy(name, d->name, namesize);
-    return 0;
-}
-
-static krb5_error_code
-mkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    /* XXX */
-    c->fd = 0;
-    return 0;
-}
-
-static krb5_error_code
-mkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *c)
-{
-    struct mkt_data *d = id->data;
-    if(c->fd >= d->num_entries)
-	return KRB5_KT_END;
-    return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry);
-}
-
-static krb5_error_code
-mkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *tmp;
-    tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = tmp;
-    return krb5_kt_copy_entry_contents(context, entry, 
-				       &d->entries[d->num_entries++]);
-}
-
-static krb5_error_code
-mkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *e, *end;
-    int found = 0;
-    
-    if (d->num_entries == 0) {
-	krb5_clear_error_string(context);
-        return KRB5_KT_NOTFOUND;
-    }
-
-    /* do this backwards to minimize copying */
-    for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) {
-	if(krb5_kt_compare(context, e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    krb5_kt_free_entry(context, e);
-	    memmove(e, e + 1, (end - e - 1) * sizeof(*e));
-	    memset(end - 1, 0, sizeof(*end));
-	    d->num_entries--;
-	    end--;
-	    found = 1;
-	}
-    }
-    if (!found) {
-	krb5_clear_error_string (context);
-	return KRB5_KT_NOTFOUND;
-    }
-    e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
-    if(e != NULL || d->num_entries == 0)
-	d->entries = e;
-    return 0;
-}
-
-const krb5_kt_ops krb5_mkt_ops = {
-    "MEMORY",
-    mkt_resolve,
-    mkt_get_name,
-    mkt_close,
-    NULL, /* get */
-    mkt_start_seq_get,
-    mkt_next_entry,
-    mkt_end_seq_get,
-    mkt_add_entry,
-    mkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h
deleted file mode 100644
index 7e04446..0000000
--- a/crypto/heimdal/lib/krb5/krb5-private.h
+++ /dev/null
@@ -1,447 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_private_h__
-#define __krb5_private_h__
-
-#include <stdarg.h>
-
-void KRB5_LIB_FUNCTION
-_krb5_aes_cts_encrypt (
-	const unsigned char */*in*/,
-	unsigned char */*out*/,
-	size_t /*len*/,
-	const AES_KEY */*key*/,
-	unsigned char */*ivec*/,
-	const int /*encryptp*/);
-
-krb5_error_code
-_krb5_cc_allocate (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_ccache */*id*/);
-
-void
-_krb5_crc_init_table (void);
-
-uint32_t
-_krb5_crc_update (
-	const char */*p*/,
-	size_t /*len*/,
-	uint32_t /*res*/);
-
-krb5_error_code
-_krb5_dh_group_ok (
-	krb5_context /*context*/,
-	unsigned long /*bits*/,
-	heim_integer */*p*/,
-	heim_integer */*g*/,
-	heim_integer */*q*/,
-	struct krb5_dh_moduli **/*moduli*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_enctype_to_oid (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	heim_oid */*oid*/);
-
-krb5_error_code
-_krb5_expand_default_cc_name (
-	krb5_context /*context*/,
-	const char */*str*/,
-	char **/*res*/);
-
-int
-_krb5_extract_ticket (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/,
-	krb5_creds */*creds*/,
-	krb5_keyblock */*key*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_key_usage /*key_usage*/,
-	krb5_addresses */*addrs*/,
-	unsigned /*nonce*/,
-	unsigned /*flags*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/);
-
-void
-_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/);
-
-void
-_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/);
-
-krb5_error_code
-_krb5_get_default_principal_local (
-	krb5_context /*context*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_get_host_realm_int (
-	krb5_context /*context*/,
-	const char */*host*/,
-	krb5_boolean /*use_dns*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code
-_krb5_get_init_creds_opt_copy (
-	krb5_context /*context*/,
-	const krb5_get_init_creds_opt */*in*/,
-	krb5_get_init_creds_opt **/*out*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_set_krb5_error (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	const KRB_ERROR */*error*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_get_int (
-	void */*buffer*/,
-	unsigned long */*value*/,
-	size_t /*size*/);
-
-krb5_error_code
-_krb5_get_krbtgt (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_realm /*realm*/,
-	krb5_creds **/*cred*/);
-
-krb5_error_code
-_krb5_kcm_chmod (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	uint16_t /*mode*/);
-
-krb5_error_code
-_krb5_kcm_chown (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	uint32_t /*uid*/,
-	uint32_t /*gid*/);
-
-krb5_error_code
-_krb5_kcm_get_initial_ticket (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*server*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-_krb5_kcm_get_ticket (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_enctype /*enctype*/,
-	krb5_principal /*server*/);
-
-krb5_boolean
-_krb5_kcm_is_running (krb5_context /*context*/);
-
-krb5_error_code
-_krb5_kcm_noop (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-_krb5_kdc_retry (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/,
-	void */*data*/,
-	const krb5_data */*reply*/,
-	int */*action*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_cr_err_reply (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*inst*/,
-	const char */*realm*/,
-	uint32_t /*time_ws*/,
-	uint32_t /*e*/,
-	const char */*e_string*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_auth_reply (
-	krb5_context /*context*/,
-	const char */*pname*/,
-	const char */*pinst*/,
-	const char */*prealm*/,
-	int32_t /*time_ws*/,
-	int /*n*/,
-	uint32_t /*x_date*/,
-	unsigned char /*kvno*/,
-	const krb5_data */*cipher*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ciph (
-	krb5_context /*context*/,
-	const krb5_keyblock */*session*/,
-	const char */*service*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	uint32_t /*life*/,
-	unsigned char /*kvno*/,
-	const krb5_data */*ticket*/,
-	uint32_t /*kdc_time*/,
-	const krb5_keyblock */*key*/,
-	krb5_data */*enc_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ticket (
-	krb5_context /*context*/,
-	unsigned char /*flags*/,
-	const char */*pname*/,
-	const char */*pinstance*/,
-	const char */*prealm*/,
-	int32_t /*paddress*/,
-	const krb5_keyblock */*session*/,
-	int16_t /*life*/,
-	int32_t /*life_sec*/,
-	const char */*sname*/,
-	const char */*sinstance*/,
-	const krb5_keyblock */*key*/,
-	krb5_data */*enc_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_decomp_ticket (
-	krb5_context /*context*/,
-	const krb5_data */*enc_ticket*/,
-	const krb5_keyblock */*key*/,
-	const char */*local_realm*/,
-	char **/*sname*/,
-	char **/*sinstance*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_dest_tkt (
-	krb5_context /*context*/,
-	const char */*tkfile*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_krb_free_auth_data (
-	krb5_context /*context*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-time_t KRB5_LIB_FUNCTION
-_krb5_krb_life_to_time (
-	int /*start*/,
-	int /*life_*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_rd_req (
-	krb5_context /*context*/,
-	krb5_data */*authent*/,
-	const char */*service*/,
-	const char */*instance*/,
-	const char */*local_realm*/,
-	int32_t /*from_addr*/,
-	const krb5_keyblock */*key*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_tf_setup (
-	krb5_context /*context*/,
-	struct credentials */*v4creds*/,
-	const char */*tkfile*/,
-	int /*append*/);
-
-int KRB5_LIB_FUNCTION
-_krb5_krb_time_to_life (
-	time_t /*start*/,
-	time_t /*end*/);
-
-krb5_error_code
-_krb5_krbhost_info_move (
-	krb5_context /*context*/,
-	krb5_krbhst_info */*from*/,
-	krb5_krbhst_info **/*to*/);
-
-krb5_error_code
-_krb5_mk_req_internal (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/,
-	krb5_key_usage /*checksum_usage*/,
-	krb5_key_usage /*encrypt_usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_n_fold (
-	const void */*str*/,
-	size_t /*len*/,
-	void */*key*/,
-	size_t /*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_oid_to_enctype (
-	krb5_context /*context*/,
-	const heim_oid */*oid*/,
-	krb5_enctype */*etype*/);
-
-krb5_error_code
-_krb5_pac_sign (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	time_t /*authtime*/,
-	krb5_principal /*principal*/,
-	const krb5_keyblock */*server_key*/,
-	const krb5_keyblock */*priv_key*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-_krb5_parse_moduli (
-	krb5_context /*context*/,
-	const char */*file*/,
-	struct krb5_dh_moduli ***/*moduli*/);
-
-krb5_error_code
-_krb5_parse_moduli_line (
-	krb5_context /*context*/,
-	const char */*file*/,
-	int /*lineno*/,
-	char */*p*/,
-	struct krb5_dh_moduli **/*m*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_allow_proxy_certificate (
-	struct krb5_pk_identity */*id*/,
-	int /*boolean*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_id (
-	krb5_context /*context*/,
-	struct krb5_pk_identity **/*ret_id*/,
-	const char */*user_id*/,
-	const char */*anchor_id*/,
-	char * const */*chain_list*/,
-	char * const */*revoke_list*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*prompter_data*/,
-	char */*password*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_ContentInfo (
-	krb5_context /*context*/,
-	const krb5_data */*buf*/,
-	const heim_oid */*oid*/,
-	struct ContentInfo */*content_info*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_padata (
-	krb5_context /*context*/,
-	void */*c*/,
-	const KDC_REQ_BODY */*req_body*/,
-	unsigned /*nonce*/,
-	METHOD_DATA */*md*/);
-
-krb5_error_code
-_krb5_pk_octetstring2key (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*dhdata*/,
-	size_t /*dhsize*/,
-	const heim_octet_string */*c_n*/,
-	const heim_octet_string */*k_n*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_rd_pa_reply (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	void */*c*/,
-	krb5_enctype /*etype*/,
-	const krb5_krbhst_info */*hi*/,
-	unsigned /*nonce*/,
-	const krb5_data */*req_buffer*/,
-	PA_DATA */*pa*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_verify_sign (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	struct krb5_pk_identity */*id*/,
-	heim_oid */*contentType*/,
-	krb5_data */*content*/,
-	struct krb5_pk_cert **/*signer*/);
-
-krb5_error_code
-_krb5_plugin_find (
-	krb5_context /*context*/,
-	enum krb5_plugin_type /*type*/,
-	const char */*name*/,
-	struct krb5_plugin **/*list*/);
-
-void
-_krb5_plugin_free (struct krb5_plugin */*list*/);
-
-struct krb5_plugin *
-_krb5_plugin_get_next (struct krb5_plugin */*p*/);
-
-void *
-_krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principal2principalname (
-	PrincipalName */*p*/,
-	const krb5_principal /*from*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	const PrincipalName /*from*/,
-	const Realm /*realm*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int (
-	void */*buffer*/,
-	unsigned long /*value*/,
-	size_t /*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_req_out_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx */*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_s4u2self_to_checksumdata (
-	krb5_context /*context*/,
-	const PA_S4U2Self */*self*/,
-	krb5_data */*data*/);
-
-int
-_krb5_send_and_recv_tcp (
-	int /*fd*/,
-	time_t /*tmout*/,
-	const krb5_data */*req*/,
-	krb5_data */*rep*/);
-
-int
-_krb5_xlock (
-	krb5_context /*context*/,
-	int /*fd*/,
-	krb5_boolean /*exclusive*/,
-	const char */*filename*/);
-
-int
-_krb5_xunlock (
-	krb5_context /*context*/,
-	int /*fd*/);
-
-#endif /* __krb5_private_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
deleted file mode 100644
index 647d888..0000000
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ /dev/null
@@ -1,4114 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_protos_h__
-#define __krb5_protos_h__
-
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef KRB5_LIB_FUNCTION
-#if defined(_WIN32)
-#define KRB5_LIB_FUNCTION _stdcall
-#else
-#define KRB5_LIB_FUNCTION
-#endif
-#endif
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc (
-	krb5_context /*context*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc_ccache (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_boolean (*/*func*/)(krb5_context, krb5_principal),
-	krb5_boolean /*resolve*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext2 (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal),
-	void */*funcctx*/,
-	krb5_boolean /*resolve*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_524_conv_principal (
-	krb5_context /*context*/,
-	const krb5_principal /*principal*/,
-	char */*name*/,
-	char */*instance*/,
-	char */*realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_file (
-	krb5_context /*context*/,
-	const char */*file*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_string (
-	krb5_context /*context*/,
-	const char */*string*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_et_list (
-	krb5_context /*context*/,
-	void (*/*func*/)(struct et_list **));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*f*/,
-	const char */*orig*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_func (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*min*/,
-	int /*max*/,
-	krb5_log_log_func_t /*log_func*/,
-	krb5_log_close_func_t /*close_func*/,
-	void */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addr2sockaddr (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_compare (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-int KRB5_LIB_FUNCTION
-krb5_address_order (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_address_prefixlen_boundary (
-	krb5_context /*context*/,
-	const krb5_address */*inaddr*/,
-	unsigned long /*prefixlen*/,
-	krb5_address */*low*/,
-	krb5_address */*high*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_search (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	const krb5_addresses */*addrlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_aname_to_localname (
-	krb5_context /*context*/,
-	krb5_const_principal /*aname*/,
-	size_t /*lnsize*/,
-	char */*lname*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_anyaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_boolean (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	krb5_boolean /*def_val*/,
-	krb5_boolean */*ret_val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_string (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	const char */*def_val*/,
-	char **/*ret_val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_time (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	time_t /*def_val*/,
-	time_t */*ret_val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_append_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*dest*/,
-	const krb5_addresses */*source*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_addflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*addflags*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_free (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_genaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int /*fd*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_generatelocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address **/*local_addr*/,
-	krb5_address **/*remote_addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getauthenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_authenticator */*authenticator*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype */*cksumtype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache */*rcache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_init (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_removeflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*removeflags*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address */*local_addr*/,
-	krb5_address */*remote_addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs_from_fd (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	void */*p_fd*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype /*cksumtype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype /*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache /*rcache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setuserkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_ap_req (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	krb5_flags /*ap_options*/,
-	krb5_data /*authenticator*/,
-	krb5_data */*retdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_authenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	Checksum */*cksum*/,
-	Authenticator **/*auth_result*/,
-	krb5_data */*result*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_block_size (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t */*blocksize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_checksum_length (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cksumtype*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_decrypt (
-	krb5_context /*context*/,
-	const krb5_keyblock /*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*ivec*/,
-	krb5_enc_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*ivec*/,
-	const krb5_data */*input*/,
-	krb5_enc_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt_length (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t /*inputlen*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_enctype_compare (
-	krb5_context /*context*/,
-	krb5_enctype /*e1*/,
-	krb5_enctype /*e2*/,
-	krb5_boolean */*similar*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_get_checksum (
-	krb5_context /*context*/,
-	const krb5_checksum */*cksum*/,
-	krb5_cksumtype */*type*/,
-	krb5_data **/*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_keylengths (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t */*ilen*/,
-	size_t */*keylen*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_checksum (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cksumtype*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*input*/,
-	krb5_checksum */*cksum*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_random_key (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_keyblock */*random_key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	const krb5_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf_length (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_set_checksum (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/,
-	krb5_cksumtype /*type*/,
-	const krb5_data */*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_enctype (krb5_enctype /*etype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_verify_checksum (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*data*/,
-	const krb5_checksum */*cksum*/,
-	krb5_boolean */*valid*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_end_seq_get (
-	krb5_context /*context*/,
-	krb5_cc_cache_cursor /*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_get_first (
-	krb5_context /*context*/,
-	const char */*type*/,
-	krb5_cc_cache_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_match (
-	krb5_context /*context*/,
-	krb5_principal /*client*/,
-	const char */*type*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_next (
-	krb5_context /*context*/,
-	krb5_cc_cache_cursor /*cursor*/,
-	krb5_ccache */*id*/);
-
-void KRB5_LIB_FUNCTION
-krb5_cc_clear_mcred (krb5_creds */*mcred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_close (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache (
-	krb5_context /*context*/,
-	const krb5_ccache /*from*/,
-	krb5_ccache /*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache_match (
-	krb5_context /*context*/,
-	const krb5_ccache /*from*/,
-	krb5_ccache /*to*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/,
-	unsigned int */*matched*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_default (
-	krb5_context /*context*/,
-	krb5_ccache */*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_default_name (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_destroy (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_end_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_gen_new (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_full_name (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	char **/*str*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_name (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-const krb5_cc_ops *
-krb5_cc_get_ops (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-const krb5_cc_ops *
-krb5_cc_get_prefix_ops (
-	krb5_context /*context*/,
-	const char */*prefix*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_principal (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal */*principal*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_type (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_version (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_initialize (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*primary_principal*/);
-
-krb5_error_code
-krb5_cc_move (
-	krb5_context /*context*/,
-	krb5_ccache /*from*/,
-	krb5_ccache /*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_new_unique (
-	krb5_context /*context*/,
-	const char */*type*/,
-	const char */*hint*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred_match (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor * /*cursor*/,
-	krb5_creds * /*creds*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_register (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_boolean /*override*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_remove_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*which*/,
-	krb5_creds */*cred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_retrieve_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_default_name (
-	krb5_context /*context*/,
-	const char */*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_flags (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_start_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_store_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_change_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	const char */*newpw*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited (
-	krb5_context /*context*/,
-	krb5_const_realm /*client_realm*/,
-	krb5_const_realm /*server_realm*/,
-	krb5_realm */*realms*/,
-	int /*num_realms*/,
-	int */*bad_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited_realms (
-	krb5_context /*context*/,
-	const char *const */*realms*/,
-	int /*num_realms*/,
-	int */*bad_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksum_disable (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-void KRB5_LIB_FUNCTION
-krb5_checksum_free (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_collision_proof (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_keyed (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksumsize (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/,
-	size_t */*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cksumtype_valid (
-	krb5_context /*context*/,
-	krb5_cksumtype /*ctype*/);
-
-void KRB5_LIB_FUNCTION
-krb5_clear_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_closelog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_compare_creds (
-	krb5_context /*context*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/,
-	const krb5_creds * /*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_file_free (
-	krb5_context /*context*/,
-	krb5_config_section */*s*/);
-
-void KRB5_LIB_FUNCTION
-krb5_config_free_strings (char **/*strings*/);
-
-const void *
-krb5_config_get (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	...);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-const krb5_config_binding *
-krb5_config_get_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const void *
-krb5_config_get_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	...);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	...);
-
-char**
-krb5_config_get_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file_multi (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_string_multi (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_config_section **/*res*/);
-
-const void *
-krb5_config_vget (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	va_list /*args*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-const krb5_config_binding *
-krb5_config_vget_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const void *
-krb5_config_vget_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	va_list /*args*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	va_list /*args*/);
-
-char ** KRB5_LIB_FUNCTION
-krb5_config_vget_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_address (
-	krb5_context /*context*/,
-	const krb5_address */*inaddr*/,
-	krb5_address */*outaddr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*inaddr*/,
-	krb5_addresses */*outaddr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_checksum (
-	krb5_context /*context*/,
-	const krb5_checksum */*old*/,
-	krb5_checksum **/*new*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds **/*outcred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds_contents (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds */*c*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_data (
-	krb5_context /*context*/,
-	const krb5_data */*indata*/,
-	krb5_data **/*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_host_realm (
-	krb5_context /*context*/,
-	const krb5_realm */*from*/,
-	krb5_realm **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock_contents (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock */*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_principal (
-	krb5_context /*context*/,
-	krb5_const_principal /*inprinc*/,
-	krb5_principal */*outprinc*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_ticket (
-	krb5_context /*context*/,
-	const krb5_ticket */*from*/,
-	krb5_ticket **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_create_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	int /*type*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_destroy (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_get_checksum_type (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_cksumtype */*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getblocksize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*blocksize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getconfoundersize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*confoundersize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getenctype (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_enctype */*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getpadsize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*padsize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_init (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	krb5_crypto */*crypto*/);
-
-size_t
-krb5_crypto_overhead (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf (
-	krb5_context /*context*/,
-	const krb5_crypto /*crypto*/,
-	const krb5_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf_length (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_alloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_data_cmp (
-	const krb5_data */*data1*/,
-	const krb5_data */*data2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_copy (
-	krb5_data */*p*/,
-	const void */*data*/,
-	size_t /*len*/);
-
-void KRB5_LIB_FUNCTION
-krb5_data_free (krb5_data */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_realloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-void KRB5_LIB_FUNCTION
-krb5_data_zero (krb5_data */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_Authenticator (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO2 (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO2 */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncAPRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncASRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncKrbCredPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTGSRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTicketPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ap_req (
-	krb5_context /*context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_req */*ap_req*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const EncryptedData */*e*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ticket (
-	krb5_context /*context*/,
-	Ticket */*ticket*/,
-	krb5_keyblock */*key*/,
-	EncTicketPart */*out*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_derive_key (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	const void */*constant*/,
-	size_t /*constant_len*/,
-	krb5_keyblock **/*derived_key*/);
-
-krb5_error_code
-krb5_digest_alloc (
-	krb5_context /*context*/,
-	krb5_digest */*digest*/);
-
-void
-krb5_digest_free (krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_get_client_binding (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	char **/*type*/,
-	char **/*binding*/);
-
-const char *
-krb5_digest_get_identifier (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_opaque (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_rsp (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_server_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_get_session_key (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_digest_get_tickets (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	Ticket **/*tickets*/);
-
-krb5_error_code
-krb5_digest_init_request (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code
-krb5_digest_probe (
-	krb5_context /*context*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/,
-	unsigned */*flags*/);
-
-krb5_boolean
-krb5_digest_rep_get_status (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_request (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code
-krb5_digest_set_authentication_user (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_principal /*authentication_user*/);
-
-krb5_error_code
-krb5_digest_set_authid (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*authid*/);
-
-krb5_error_code
-krb5_digest_set_client_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce*/);
-
-krb5_error_code
-krb5_digest_set_digest (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*dgst*/);
-
-krb5_error_code
-krb5_digest_set_hostname (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*hostname*/);
-
-krb5_error_code
-krb5_digest_set_identifier (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*id*/);
-
-krb5_error_code
-krb5_digest_set_method (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*method*/);
-
-krb5_error_code
-krb5_digest_set_nonceCount (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce_count*/);
-
-krb5_error_code
-krb5_digest_set_opaque (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*opaque*/);
-
-krb5_error_code
-krb5_digest_set_qop (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*qop*/);
-
-krb5_error_code
-krb5_digest_set_realm (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*realm*/);
-
-int
-krb5_digest_set_responseData (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*response*/);
-
-krb5_error_code
-krb5_digest_set_server_cb (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*type*/,
-	const char */*binding*/);
-
-krb5_error_code
-krb5_digest_set_server_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce*/);
-
-krb5_error_code
-krb5_digest_set_type (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*type*/);
-
-krb5_error_code
-krb5_digest_set_uri (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*uri*/);
-
-krb5_error_code
-krb5_digest_set_username (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*username*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_decode (
-	krb5_context /*context*/,
-	krb5_data /*tr*/,
-	char ***/*realms*/,
-	int */*num_realms*/,
-	const char */*client_realm*/,
-	const char */*server_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_encode (
-	char **/*realms*/,
-	int /*num_realms*/,
-	krb5_data */*encoding*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_eai_to_heim_errno (
-	int /*eai_errno*/,
-	int /*system_error*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_Authenticator (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO2 (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO2 */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncAPRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncASRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncKrbCredPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTGSRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTicketPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	int /*kvno*/,
-	EncryptedData */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_disable (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keybits (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*keybits*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keysize (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*keysize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_keytype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_valid (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_enctypes_compatible_keys (
-	krb5_context /*context*/,
-	krb5_enctype /*etype1*/,
-	krb5_enctype /*etype2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_err (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 4, 5)));
-
-krb5_error_code KRB5_LIB_FUNCTION 
-    __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_error_from_rd_error (
-	krb5_context /*context*/,
-	const krb5_error */*error*/,
-	const krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_errx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname_realms (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/,
-	char ***/*realms*/);
-
-PA_DATA *
-krb5_find_padata (
-	PA_DATA */*val*/,
-	unsigned /*len*/,
-	int /*type*/,
-	int */*idx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_format_time (
-	krb5_context /*context*/,
-	time_t /*t*/,
-	char */*s*/,
-	size_t /*len*/,
-	krb5_boolean /*include_time*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_address (
-	krb5_context /*context*/,
-	krb5_address */*address*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_ap_rep_enc_part (
-	krb5_context /*context*/,
-	krb5_ap_rep_enc_part */*val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_authenticator (
-	krb5_context /*context*/,
-	krb5_authenticator */*authenticator*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum_contents (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_config_files (char **/*filenames*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_context (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_cred_contents (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_creds (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_data (
-	krb5_context /*context*/,
-	krb5_data */*p*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_data_contents (
-	krb5_context /*context*/,
-	krb5_data */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_contents (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_string (
-	krb5_context /*context*/,
-	char */*str*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_host_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realmlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_kdc_rep (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock_contents (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_krbhst (
-	krb5_context /*context*/,
-	char **/*hostlist*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_principal (
-	krb5_context /*context*/,
-	krb5_principal /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_salt (
-	krb5_context /*context*/,
-	krb5_salt /*salt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_ticket (
-	krb5_context /*context*/,
-	krb5_ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_fwd_tgt_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const char */*hostname*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_ccache /*ccache*/,
-	int /*forwardable*/,
-	krb5_data */*out_data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_generate_random_block (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_random_keyblock (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_seq_number (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	uint32_t */*seqno*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyblock **/*subkey*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey_extended (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	krb5_keyblock **/*subkey*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_client_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_server_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc_opt (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials_with_flags (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_ccache /*ccache*/,
-	krb5_const_principal /*inprinc*/,
-	krb5_creds **/*out_creds*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_add_options (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_flags /*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_alloc (
-	krb5_context /*context*/,
-	krb5_get_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_free (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_enctype (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_impersonate (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_const_principal /*self*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_options (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_flags /*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_ticket (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	const Ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_config_files (char ***/*pfilenames*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	krb5_enctype **/*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_principal (
-	krb5_context /*context*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realms (
-	krb5_context /*context*/,
-	krb5_realm **/*realms*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_dns_canonicalize_hostname (krb5_context /*context*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/);
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_message (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/);
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_fcache_version (
-	krb5_context /*context*/,
-	int */*version*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_forwarded_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_flags /*flags*/,
-	const char */*hostname*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*out_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_host_realm (
-	krb5_context /*context*/,
-	const char */*targethost*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_cred (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	const krb5_preauthdata */*preauth*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_keytab (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	krb5_keytab /*keytab*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_password (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const char */*password*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_skey (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const krb5_keyblock */*key*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*data*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keyblock (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keytab (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_keytab /*keytab*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_alloc (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt **/*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_free (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_get_error (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	KRB_ERROR **/*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_address_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_addressless (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*addressless*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_anonymous (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*anonymous*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_canonicalize (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_default_flags (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_etype_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_enctype */*etype_list*/,
-	int /*etype_list_length*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_forwardable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*forwardable*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pa_password (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	const char */*password*/,
-	krb5_s2k_proc /*key_proc*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pac_request (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req_pac*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pkinit (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_principal /*principal*/,
-	const char */*user_id*/,
-	const char */*x509_anchors*/,
-	char * const * /*pool*/,
-	char * const * /*pki_revoke*/,
-	int /*flags*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*prompter_data*/,
-	char */*password*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_preauth_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_preauthtype */*preauth_list*/,
-	int /*preauth_list_length*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_proxiable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*proxiable*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_renew_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*renew_life*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_salt (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_data */*salt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_tkt_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*tkt_life*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_win2k (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	const char */*password*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*data*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*in_options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_addresses */*addresses*/,
-	Ticket */*second_ticket*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **out_creds );
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_sec_offset (
-	krb5_context /*context*/,
-	int32_t */*sec*/,
-	int32_t */*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb524hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_admin_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_changepw_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krbhst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-time_t KRB5_LIB_FUNCTION
-krb5_get_max_time_skew (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_pw_salt (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	krb5_salt */*salt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_renewed_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_const_principal /*client*/,
-	krb5_ccache /*ccache*/,
-	const char */*in_tkt_service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_server_rcache (
-	krb5_context /*context*/,
-	const krb5_data */*piece*/,
-	krb5_rcache */*id*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_use_admin_kdc (krb5_context /*context*/);
-
-krb5_log_facility * KRB5_LIB_FUNCTION
-krb5_get_warn_dest (krb5_context /*context*/);
-
-size_t
-krb5_get_wrapped_length (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t /*data_len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_getportbyname (
-	krb5_context /*context*/,
-	const char */*service*/,
-	const char */*proto*/,
-	int /*default_port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2addr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*haddr*/,
-	krb5_address */*addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2sockaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_errno_to_heim_errno (int /*eai_errno*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_have_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_hmac (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cktype*/,
-	const void */*data*/,
-	size_t /*len*/,
-	unsigned /*usage*/,
-	krb5_keyblock */*key*/,
-	Checksum */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_context (krb5_context */*context*/);
-
-void KRB5_LIB_FUNCTION
-krb5_init_ets (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_etype (
-	krb5_context /*context*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_initlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_is_thread_safe (void);
-
-const krb5_enctype * KRB5_LIB_FUNCTION
-krb5_kerberos_enctypes (krb5_context /*context*/);
-
-krb5_enctype
-krb5_keyblock_get_enctype (const krb5_keyblock */*block*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_init (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*data*/,
-	size_t /*size*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_key_proc (
-	krb5_context /*context*/,
-	krb5_keytype /*type*/,
-	krb5_data */*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-void KRB5_LIB_FUNCTION
-krb5_keyblock_zero (krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytab_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes_default (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_string (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_format_string (
-	krb5_context /*context*/,
-	const krb5_krbhst_info */*host*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_free (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_get_addrinfo (
-	krb5_context /*context*/,
-	krb5_krbhst_info */*host*/,
-	struct addrinfo **/*ai*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	unsigned int /*type*/,
-	krb5_krbhst_handle */*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init_flags (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	unsigned int /*type*/,
-	int /*flags*/,
-	krb5_krbhst_handle */*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_krbhst_info **/*host*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next_as_string (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_reset (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_add_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_close (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kt_compare (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_copy_entry_contents (
-	krb5_context /*context*/,
-	const krb5_keytab_entry */*in*/,
-	krb5_keytab_entry */*out*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default (
-	krb5_context /*context*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_modify_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_end_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_free_entry (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*kvno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_full_name (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char **/*str*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_name (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_type (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*prefix*/,
-	size_t /*prefixsize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_next_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_read_service_key (
-	krb5_context /*context*/,
-	krb5_pointer /*keyprocarg*/,
-	krb5_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_register (
-	krb5_context /*context*/,
-	const krb5_kt_ops */*ops*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_remove_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_start_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kuserok (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*luser*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 4, 5)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	char **/*reply*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 5, 6)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_addrport (
-	krb5_context /*context*/,
-	krb5_address **/*res*/,
-	const krb5_address */*addr*/,
-	int16_t /*port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-size_t KRB5_LIB_FUNCTION
-krb5_max_sockaddr_size (void);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_error (
-	krb5_context /*context*/,
-	krb5_error_code /*error_code*/,
-	const char */*e_text*/,
-	const krb5_data */*e_data*/,
-	const krb5_principal /*client*/,
-	const krb5_principal /*server*/,
-	time_t */*client_time*/,
-	int */*client_usec*/,
-	krb5_data */*reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const char */*service*/,
-	const char */*hostname*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_exact (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const krb5_principal /*server*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_extended (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_read (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write_block (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	const void */*buf*/,
-	size_t /*len*/,
-	time_t /*timeout*/);
-
-krb5_error_code
-krb5_ntlm_alloc (
-	krb5_context /*context*/,
-	krb5_ntlm */*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_free (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_init_get_challange (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*challange*/);
-
-krb5_error_code
-krb5_ntlm_init_get_flags (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	uint32_t */*flags*/);
-
-krb5_error_code
-krb5_ntlm_init_get_opaque (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*opaque*/);
-
-krb5_error_code
-krb5_ntlm_init_get_targetinfo (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_ntlm_init_get_targetname (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	char **/*name*/);
-
-krb5_error_code
-krb5_ntlm_init_request (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/,
-	uint32_t /*flags*/,
-	const char */*hostname*/,
-	const char */*domainname*/);
-
-krb5_error_code
-krb5_ntlm_rep_get_sessionkey (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*data*/);
-
-krb5_boolean
-krb5_ntlm_rep_get_status (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_req_set_flags (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	uint32_t /*flags*/);
-
-krb5_error_code
-krb5_ntlm_req_set_lm (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*hash*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_ntlm_req_set_ntlm (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*hash*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_ntlm_req_set_opaque (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*opaque*/);
-
-krb5_error_code
-krb5_ntlm_req_set_session (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*sessionkey*/,
-	size_t /*length*/);
-
-krb5_error_code
-krb5_ntlm_req_set_targetname (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	const char */*targetname*/);
-
-krb5_error_code
-krb5_ntlm_req_set_username (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	const char */*username*/);
-
-krb5_error_code
-krb5_ntlm_request (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_openlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_error_code
-krb5_pac_add_buffer (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	uint32_t /*type*/,
-	const krb5_data */*data*/);
-
-void
-krb5_pac_free (
-	krb5_context /*context*/,
-	krb5_pac /*pac*/);
-
-krb5_error_code
-krb5_pac_get_buffer (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	uint32_t /*type*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_pac_get_types (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	size_t */*len*/,
-	uint32_t **/*types*/);
-
-krb5_error_code
-krb5_pac_init (
-	krb5_context /*context*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-krb5_pac_parse (
-	krb5_context /*context*/,
-	const void */*ptr*/,
-	size_t /*len*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-krb5_pac_verify (
-	krb5_context /*context*/,
-	const krb5_pac /*pac*/,
-	time_t /*authtime*/,
-	krb5_const_principal /*principal*/,
-	const krb5_keyblock */*server*/,
-	const krb5_keyblock */*privsvr*/);
-
-int KRB5_LIB_FUNCTION
-krb5_padata_add (
-	krb5_context /*context*/,
-	METHOD_DATA */*md*/,
-	int /*type*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_address (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name_flags (
-	krb5_context /*context*/,
-	const char */*name*/,
-	int /*flags*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code
-krb5_parse_nametype (
-	krb5_context /*context*/,
-	const char */*str*/,
-	int32_t */*nametype*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_passwd_result_to_string (
-	krb5_context /*context*/,
-	int /*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_password_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-krb5_plugin_register (
-	krb5_context /*context*/,
-	enum krb5_plugin_type /*type*/,
-	const char */*name*/,
-	void */*symbol*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files (
-	const char */*filelist*/,
-	char **/*pq*/,
-	char ***/*ret_pp*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files_default (
-	const char */*filelist*/,
-	char ***/*pfilenames*/);
-
-krb5_realm * KRB5_LIB_FUNCTION
-krb5_princ_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/);
-
-void KRB5_LIB_FUNCTION
-krb5_princ_set_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_realm */*realm*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare_any_realm (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_comp_string (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	unsigned int /*component*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_realm (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/);
-
-int KRB5_LIB_FUNCTION
-krb5_principal_get_type (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_match (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ*/,
-	krb5_const_principal /*pattern*/);
-
-void KRB5_LIB_FUNCTION
-krb5_principal_set_type (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	int /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_print_address (
-	const krb5_address */*addr*/,
-	char */*str*/,
-	size_t /*len*/,
-	size_t */*ret_len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_program_setup (
-	krb5_context */*context*/,
-	int /*argc*/,
-	char **/*argv*/,
-	struct getargs */*args*/,
-	int /*num_args*/,
-	void (*/*usage*/)(int, struct getargs*, int));
-
-int KRB5_LIB_FUNCTION
-krb5_prompter_posix (
-	krb5_context /*context*/,
-	void */*data*/,
-	const char */*name*/,
-	const char */*banner*/,
-	int /*num_prompts*/,
-	krb5_prompt prompts[]);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_random_to_key (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*data*/,
-	size_t /*size*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_close (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_default (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_name (krb5_context /*context*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_type (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_destroy (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_expunge (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_get_lifespan (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat */*auth_lifespan*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_name (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_type (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_initialize (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat /*auth_lifespan*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_recover (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	const char */*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_full (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*string_name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_type (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_store (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_donot_replay */*rep*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*in_data*/,
-	krb5_creds ***/*ret_creds*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred2 (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*in_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_error (
-	krb5_context /*context*/,
-	const krb5_data */*msg*/,
-	KRB_ERROR */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_rep_enc_part **/*repl*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keytab /*keytab*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_ctx (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_rd_req_in_ctx /*inctx*/,
-	krb5_rd_req_out_ctx */*outctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx */*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_free (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keyblock (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keytab (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_keytab /*keytab*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_pac_check (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_boolean /*flag*/);
-
-void KRB5_LIB_FUNCTION
-krb5_rd_req_out_ctx_free (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ap_req_options (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_flags */*ap_req_options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_keyblock (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ticket (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_with_keyblock (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_realm_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth_match_version (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_boolean (*/*match_appl_version*/)(const void *, const char*),
-	const void */*match_data*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_address (
-	krb5_storage */*sp*/,
-	krb5_address */*adr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses */*adr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata */*auth*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds_tag (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int16 (
-	krb5_storage */*sp*/,
-	int16_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int32 (
-	krb5_storage */*sp*/,
-	int32_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int8 (
-	krb5_storage */*sp*/,
-	int8_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_principal (
-	krb5_storage */*sp*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_string (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringnl (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringz (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_times (
-	krb5_storage */*sp*/,
-	krb5_times */*times*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint16 (
-	krb5_storage */*sp*/,
-	uint16_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint32 (
-	krb5_storage */*sp*/,
-	uint32_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint8 (
-	krb5_storage */*sp*/,
-	uint8_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_salttype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_salttype /*stype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_error **/*ret_error*/,
-	krb5_ap_rep_enc_part **/*rep_result*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_data */*receive*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_context (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm /*realm*/,
-	krb5_data */*receive*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_add_flags (
-	krb5_sendto_ctx /*ctx*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_sendto_ctx */*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_free (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/);
-
-int KRB5_LIB_FUNCTION
-krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_func (
-	krb5_sendto_ctx /*ctx*/,
-	krb5_sendto_ctx_func /*func*/,
-	void */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_type (
-	krb5_sendto_ctx /*ctx*/,
-	int /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc_flags (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_config_files (
-	krb5_context /*context*/,
-	char **/*filenames*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_realm (
-	krb5_context /*context*/,
-	const char */*realm*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_dns_canonicalize_hostname (
-	krb5_context /*context*/,
-	krb5_boolean /*flag*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_extra_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_fcache_version (
-	krb5_context /*context*/,
-	int /*version*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_ignore_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_max_time_skew (
-	krb5_context /*context*/,
-	time_t /*t*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	const char */*newpw*/,
-	krb5_principal /*targprinc*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password_using_ccache (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	const char */*newpw*/,
-	krb5_principal /*targprinc*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_real_time (
-	krb5_context /*context*/,
-	krb5_timestamp /*sec*/,
-	int32_t /*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_send_to_kdc_func (
-	krb5_context /*context*/,
-	krb5_send_to_kdc_func /*func*/,
-	void */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_use_admin_kdc (
-	krb5_context /*context*/,
-	krb5_boolean /*flag*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_warn_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sname_to_principal (
-	krb5_context /*context*/,
-	const char */*hostname*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sock_to_principal (
-	krb5_context /*context*/,
-	int /*sock*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2address (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	krb5_address */*addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2port (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	int16_t */*port*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/);
-
-void KRB5_LIB_FUNCTION
-krb5_std_usage (
-	int /*code*/,
-	struct getargs */*args*/,
-	int /*num_args*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_clear_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_emem (void);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_free (krb5_storage */*sp*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_data (krb5_data */*data*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd (int /*fd*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_mem (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_readonly_mem (
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_flags KRB5_LIB_FUNCTION
-krb5_storage_get_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_storage_is_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_read (
-	krb5_storage */*sp*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-off_t KRB5_LIB_FUNCTION
-krb5_storage_seek (
-	krb5_storage */*sp*/,
-	off_t /*offset*/,
-	int /*whence*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_eof_code (
-	krb5_storage */*sp*/,
-	int /*code*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_to_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_write (
-	krb5_storage */*sp*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_address (
-	krb5_storage */*sp*/,
-	krb5_address /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata /*auth*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds_tag (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_data (
-	krb5_storage */*sp*/,
-	krb5_data /*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int16 (
-	krb5_storage */*sp*/,
-	int16_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int32 (
-	krb5_storage */*sp*/,
-	int32_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int8 (
-	krb5_storage */*sp*/,
-	int8_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_principal (
-	krb5_storage */*sp*/,
-	krb5_const_principal /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_string (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringnl (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringz (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_times (
-	krb5_storage */*sp*/,
-	krb5_times /*times*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint16 (
-	krb5_storage */*sp*/,
-	uint16_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint32 (
-	krb5_storage */*sp*/,
-	uint32_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint8 (
-	krb5_storage */*sp*/,
-	uint8_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_deltat (
-	const char */*string*/,
-	krb5_deltat */*deltat*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_enctype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_enctype */*etype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt_opaque (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_data /*opaque*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_derived (
-	krb5_context /*context*/,
-	const void */*str*/,
-	size_t /*len*/,
-	krb5_enctype /*etype*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt_opaque (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_salt /*salt*/,
-	krb5_data /*opaque*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_keytype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_salttype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	const char */*string*/,
-	krb5_salttype */*salttype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_authorization_data_type (
-	krb5_context /*context*/,
-	krb5_ticket */*ticket*/,
-	int /*type*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_client (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/,
-	krb5_principal */*client*/);
-
-time_t KRB5_LIB_FUNCTION
-krb5_ticket_get_endtime (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_server (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/,
-	krb5_principal */*server*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_timeofday (
-	krb5_context /*context*/,
-	krb5_timestamp */*timeret*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_flags (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	int /*flags*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_flags (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	int /*flags*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_us_timeofday (
-	krb5_context /*context*/,
-	krb5_timestamp */*sec*/,
-	int32_t */*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req2 (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_authenticator_checksum (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	void */*data*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*cksum*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_init_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*ap_req_server*/,
-	krb5_keytab /*ap_req_keytab*/,
-	krb5_ccache */*ccache*/,
-	krb5_verify_init_creds_opt */*options*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_set_ap_req_nofail (
-	krb5_verify_init_creds_opt */*options*/,
-	int /*ap_req_nofail*/);
-
-int KRB5_LIB_FUNCTION
-krb5_verify_opt_alloc (
-	krb5_context /*context*/,
-	krb5_verify_opt **/*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_free (krb5_verify_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_init (krb5_verify_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_ccache (
-	krb5_verify_opt */*opt*/,
-	krb5_ccache /*ccache*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_flags (
-	krb5_verify_opt */*opt*/,
-	unsigned int /*flags*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_keytab (
-	krb5_verify_opt */*opt*/,
-	krb5_keytab /*keytab*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_secure (
-	krb5_verify_opt */*opt*/,
-	krb5_boolean /*secure*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_service (
-	krb5_verify_opt */*opt*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_lrealm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_opt (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*password*/,
-	krb5_verify_opt */*opt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verr (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 4, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verrx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 4, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	char **/*reply*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 5, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vset_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*args*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_xfree (void */*ptr*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __krb5_protos_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h
deleted file mode 100644
index dfd7e94..0000000
--- a/crypto/heimdal/lib/krb5/krb5-v4compat.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
-
-#ifndef __KRB5_V4COMPAT_H__
-#define __KRB5_V4COMPAT_H__
-
-#include "krb_err.h"
-
-/* 
- * This file must only be included with v4 compat glue stuff in
- * heimdal sources.
- *
- * It MUST NOT be installed.
- */
-
-#define		KRB_PROT_VERSION 	4
-
-#define		AUTH_MSG_KDC_REQUEST			 (1<<1)
-#define 	AUTH_MSG_KDC_REPLY			 (2<<1)
-#define		AUTH_MSG_APPL_REQUEST			 (3<<1)
-#define		AUTH_MSG_APPL_REQUEST_MUTUAL		 (4<<1)
-#define		AUTH_MSG_ERR_REPLY			 (5<<1)
-#define		AUTH_MSG_PRIVATE			 (6<<1)
-#define		AUTH_MSG_SAFE				 (7<<1)
-#define		AUTH_MSG_APPL_ERR			 (8<<1)
-#define		AUTH_MSG_KDC_FORWARD			 (9<<1)
-#define		AUTH_MSG_KDC_RENEW			(10<<1)
-#define 	AUTH_MSG_DIE				(63<<1)
-
-/* General definitions */
-#define		KSUCCESS	0
-#define		KFAILURE	255
-
-/* */
-
-#define		MAX_KTXT_LEN	1250
-
-#define 	ANAME_SZ	40
-#define		REALM_SZ	40
-#define		SNAME_SZ	40
-#define		INST_SZ		40
-
-struct ktext {
-    unsigned int length;		/* Length of the text */
-    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
-    uint32_t mbz;		/* zero to catch runaway strings */
-};
-
-struct credentials {
-    char    service[ANAME_SZ];	/* Service name */
-    char    instance[INST_SZ];	/* Instance */
-    char    realm[REALM_SZ];	/* Auth domain */
-    char    session[8];		/* Session key */
-    int     lifetime;		/* Lifetime */
-    int     kvno;		/* Key version number */
-    struct ktext ticket_st;	/* The ticket itself */
-    int32_t    issue_date;	/* The issue time */
-    char    pname[ANAME_SZ];	/* Principal's name */
-    char    pinst[INST_SZ];	/* Principal's instance */
-};
-
-#define TKTLIFENUMFIXED 64
-#define TKTLIFEMINFIXED 0x80
-#define TKTLIFEMAXFIXED 0xBF
-#define TKTLIFENOEXPIRE 0xFF
-#define MAXTKTLIFETIME	(30*24*3600)	/* 30 days */
-#ifndef NEVERDATE
-#define NEVERDATE ((time_t)0x7fffffffL)
-#endif
-
-#define		KERB_ERR_NULL_KEY	10
-
-#define 	CLOCK_SKEW	5*60
-
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-
-struct _krb5_krb_auth_data {
-    int8_t  k_flags;		/* Flags from ticket */
-    char    *pname;		/* Principal's name */
-    char    *pinst;		/* His Instance */
-    char    *prealm;		/* His Realm */
-    uint32_t checksum;		/* Data checksum (opt) */
-    krb5_keyblock session;	/* Session Key */
-    unsigned char life;		/* Life of ticket */
-    uint32_t time_sec;		/* Time ticket issued */
-    uint32_t address;		/* Address in ticket */
-};
-
-time_t		_krb5_krb_life_to_time (int, int);
-int		_krb5_krb_time_to_life (time_t, time_t);
-krb5_error_code	_krb5_krb_tf_setup (krb5_context, struct credentials *,
-				    const char *, int);
-krb5_error_code	_krb5_krb_dest_tkt(krb5_context, const char *);
-
-#define krb_time_to_life	_krb5_krb_time_to_life
-#define krb_life_to_time	_krb5_krb_life_to_time
-
-#endif /*  __KRB5_V4COMPAT_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3
deleted file mode 100644
index 3ce8c1f..0000000
--- a/crypto/heimdal/lib/krb5/krb5.3
+++ /dev/null
@@ -1,526 +0,0 @@
-.\" Copyright (c) 2001, 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5.3 18212 2006-10-03 10:39:35Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5 3
-.Os
-.Sh NAME
-.Nm krb5
-.Nd Kerberos 5 library
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-These functions constitute the Kerberos 5 library,
-.Em libkrb5 .
-.Sh LIST OF FUNCTIONS
-.sp 2
-.nf
-.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-krb524_convert_creds_kdc.3
-krb524_convert_creds_kdc_cache.3
-krb5_425_conv_principal.3
-krb5_425_conv_principal_ext.3
-krb5_524_conv_principal.3
-krb5_abort.3
-krb5_abortx.3
-krb5_acl_match_file.3
-krb5_acl_match_string.3
-krb5_add_et_list.3
-krb5_add_extra_addresses.3
-krb5_add_ignore_addresses.3
-krb5_addlog_dest.3
-krb5_addlog_func.3
-krb5_addr2sockaddr.3
-krb5_address.3
-krb5_address_compare.3
-krb5_address_order.3
-krb5_address_search.3
-krb5_addresses.3
-krb5_aname_to_localname.3
-krb5_anyaddr.3
-krb5_appdefault_boolean.3
-krb5_appdefault_string.3
-krb5_appdefault_time.3
-krb5_append_addresses.3
-krb5_auth_con_addflags.3
-krb5_auth_con_free.3
-krb5_auth_con_genaddrs.3
-krb5_auth_con_generatelocalsubkey.3
-krb5_auth_con_getaddrs.3
-krb5_auth_con_getauthenticator.3
-krb5_auth_con_getcksumtype.3
-krb5_auth_con_getflags.3
-krb5_auth_con_getkey.3
-krb5_auth_con_getkeytype.3
-krb5_auth_con_getlocalseqnumber.3
-krb5_auth_con_getlocalsubkey.3
-krb5_auth_con_getrcache.3
-krb5_auth_con_getremotesubkey.3
-krb5_auth_con_getuserkey.3
-krb5_auth_con_init.3
-krb5_auth_con_initivector.3
-krb5_auth_con_removeflags.3
-krb5_auth_con_setaddrs.3
-krb5_auth_con_setaddrs_from_fd.3
-krb5_auth_con_setcksumtype.3
-krb5_auth_con_setflags.3
-krb5_auth_con_setivector.3
-krb5_auth_con_setkey.3
-krb5_auth_con_setkeytype.3
-krb5_auth_con_setlocalseqnumber.3
-krb5_auth_con_setlocalsubkey.3
-krb5_auth_con_setrcache.3
-krb5_auth_con_setremoteseqnumber.3
-krb5_auth_con_setremotesubkey.3
-krb5_auth_con_setuserkey.3
-krb5_auth_context.3
-krb5_auth_getremoteseqnumber.3
-krb5_build_principal.3
-krb5_build_principal_ext.3
-krb5_build_principal_va.3
-krb5_build_principal_va_ext.3
-krb5_c_block_size.3
-krb5_c_checksum_length.3
-krb5_c_decrypt.3
-krb5_c_encrypt.3
-krb5_c_encrypt_length.3
-krb5_c_enctype_compare.3
-krb5_c_get_checksum.3
-krb5_c_is_coll_proof_cksum.3
-krb5_c_is_keyed_cksum.3
-krb5_c_make_checksum.3
-krb5_c_make_random_key.3
-krb5_c_set_checksum.3
-krb5_c_valid_cksumtype.3
-krb5_c_valid_enctype.3
-krb5_c_verify_checksum.3
-krb5_cc_cache_end_seq_get.3
-krb5_cc_cache_get_first.3
-krb5_cc_cache_match.3
-krb5_cc_cache_next.3
-krb5_cc_close.3
-krb5_cc_copy_cache.3
-krb5_cc_default.3
-krb5_cc_default_name.3
-krb5_cc_destroy.3
-krb5_cc_end_seq_get.3
-krb5_cc_gen_new.3
-krb5_cc_get_full_name.3
-krb5_cc_get_name.3
-krb5_cc_get_ops.3
-krb5_cc_get_principal.3
-krb5_cc_get_type.3
-krb5_cc_get_version.3
-krb5_cc_initialize.3
-krb5_cc_new_unique.3
-krb5_cc_next_cred.3
-krb5_cc_register.3
-krb5_cc_remove_cred.3
-krb5_cc_resolve.3
-krb5_cc_retrieve_cred.3
-krb5_cc_set_default_name.3
-krb5_cc_set_flags.3
-krb5_cc_store_cred.3
-krb5_change_password.3
-krb5_check_transited.3
-krb5_check_transited_realms.3
-krb5_checksum_disable.3
-krb5_checksum_free.3
-krb5_checksum_is_collision_proof.3
-krb5_checksum_is_keyed.3
-krb5_checksumsize.3
-krb5_clear_error_string.3
-krb5_closelog.3
-krb5_config_file_free.3
-krb5_config_free_strings.3
-krb5_config_get.3
-krb5_config_get_bool.3
-krb5_config_get_bool_default.3
-krb5_config_get_int.3
-krb5_config_get_int_default.3
-krb5_config_get_list.3
-krb5_config_get_next.3
-krb5_config_get_string.3
-krb5_config_get_string_default.3
-krb5_config_get_strings.3
-krb5_config_get_time.3
-krb5_config_get_time_default.3
-krb5_config_parse_file.3
-krb5_config_parse_file_multi.3
-krb5_config_vget.3
-krb5_config_vget_bool.3
-krb5_config_vget_bool_default.3
-krb5_config_vget_int.3
-krb5_config_vget_int_default.3
-krb5_config_vget_list.3
-krb5_config_vget_next.3
-krb5_config_vget_string.3
-krb5_config_vget_string_default.3
-krb5_config_vget_strings.3
-krb5_config_vget_time.3
-krb5_config_vget_time_default.3
-krb5_context.3
-krb5_copy_address.3
-krb5_copy_addresses.3
-krb5_copy_checksum.3
-krb5_copy_data.3
-krb5_copy_host_realm.3
-krb5_copy_keyblock.3
-krb5_copy_keyblock_contents.3
-krb5_copy_principal.3
-krb5_copy_ticket.3
-krb5_create_checksum.3
-krb5_creds.3
-krb5_crypto_destroy.3
-krb5_crypto_get_checksum_type.3
-krb5_crypto_getblocksize.3
-krb5_crypto_getconfoundersize.3
-krb5_crypto_getenctype.3
-krb5_crypto_getpadsize.3
-krb5_crypto_init.3
-krb5_data_alloc.3
-krb5_data_copy.3
-krb5_data_free.3
-krb5_data_realloc.3
-krb5_data_zero.3
-krb5_decrypt.3
-krb5_decrypt_EncryptedData.3
-krb5_digest.3
-krb5_digest_alloc.3
-krb5_digest_free.3
-krb5_digest_get_a1_hash.3
-krb5_digest_get_client_binding.3
-krb5_digest_get_identifier.3
-krb5_digest_get_opaque.3
-krb5_digest_get_responseData.3
-krb5_digest_get_rsp.3
-krb5_digest_get_server_nonce.3
-krb5_digest_get_tickets.3
-krb5_digest_init_request.3
-krb5_digest_request.3
-krb5_digest_set_authentication_user.3
-krb5_digest_set_authid.3
-krb5_digest_set_client_nonce.3
-krb5_digest_set_digest.3
-krb5_digest_set_hostname.3
-krb5_digest_set_identifier.3
-krb5_digest_set_method.3
-krb5_digest_set_nonceCount.3
-krb5_digest_set_opaque.3
-krb5_digest_set_qop.3
-krb5_digest_set_realm.3
-krb5_digest_set_server_cb.3
-krb5_digest_set_server_nonce.3
-krb5_digest_set_type.3
-krb5_digest_set_uri.3
-krb5_digest_set_username.3
-krb5_domain_x500_decode.3
-krb5_domain_x500_encode.3
-krb5_eai_to_heim_errno.3
-krb5_encrypt.3
-krb5_encrypt_EncryptedData.3
-krb5_enctype_disable.3
-krb5_enctype_to_string.3
-krb5_enctype_valid.3
-krb5_err.3
-krb5_errx.3
-krb5_expand_hostname.3
-krb5_expand_hostname_realms.3
-krb5_find_padata.3
-krb5_format_time.3
-krb5_free_address.3
-krb5_free_addresses.3
-krb5_free_authenticator.3
-krb5_free_checksum.3
-krb5_free_checksum_contents.3
-krb5_free_config_files.3
-krb5_free_context.3
-krb5_free_data.3
-krb5_free_data_contents.3
-krb5_free_error_string.3
-krb5_free_host_realm.3
-krb5_free_kdc_rep.3
-krb5_free_keyblock.3
-krb5_free_keyblock_contents.3
-krb5_free_krbhst.3
-krb5_free_principal.3
-krb5_free_salt.3
-krb5_free_ticket.3
-krb5_fwd_tgt_creds.3
-krb5_generate_random_block.3
-krb5_generate_random_keyblock.3
-krb5_generate_subkey.3
-krb5_get_all_client_addrs.3
-krb5_get_all_server_addrs.3
-krb5_get_cred_from_kdc.3
-krb5_get_cred_from_kdc_opt.3
-krb5_get_credentials.3
-krb5_get_credentials_with_flags.3
-krb5_get_default_config_files.3
-krb5_get_default_principal.3
-krb5_get_default_realm.3
-krb5_get_default_realms.3
-krb5_get_err_text.3
-krb5_get_error_message.3
-krb5_get_error_string.3
-krb5_get_extra_addresses.3
-krb5_get_fcache_version.3
-krb5_get_forwarded_creds.3
-krb5_get_host_realm.3
-krb5_get_ignore_addresses.3
-krb5_get_in_cred.3
-krb5_get_in_tkt.3
-krb5_get_in_tkt_with_keytab.3
-krb5_get_in_tkt_with_password.3
-krb5_get_in_tkt_with_skey.3
-krb5_get_init_creds.3
-krb5_get_init_creds_keytab.3
-krb5_get_init_creds_opt_alloc.3
-krb5_get_init_creds_opt_free.3
-krb5_get_init_creds_opt_free_pkinit.3
-krb5_get_init_creds_opt_init.3
-krb5_get_init_creds_opt_set_address_list.3
-krb5_get_init_creds_opt_set_anonymous.3
-krb5_get_init_creds_opt_set_default_flags.3
-krb5_get_init_creds_opt_set_etype_list.3
-krb5_get_init_creds_opt_set_forwardable.3
-krb5_get_init_creds_opt_set_pa_password.3
-krb5_get_init_creds_opt_set_paq_request.3
-krb5_get_init_creds_opt_set_pkinit.3
-krb5_get_init_creds_opt_set_preauth_list.3
-krb5_get_init_creds_opt_set_proxiable.3
-krb5_get_init_creds_opt_set_renew_life.3
-krb5_get_init_creds_opt_set_salt.3
-krb5_get_init_creds_opt_set_tkt_life.3
-krb5_get_init_creds_password.3
-krb5_get_kdc_cred.3
-krb5_get_krb524hst.3
-krb5_get_krb_admin_hst.3
-krb5_get_krb_changepw_hst.3
-krb5_get_krbhst.3
-krb5_get_pw_salt.3
-krb5_get_server_rcache.3
-krb5_get_use_admin_kdc.3
-krb5_get_wrapped_length.3
-krb5_getportbyname.3
-krb5_h_addr2addr.3
-krb5_h_addr2sockaddr.3
-krb5_h_errno_to_heim_errno.3
-krb5_have_error_string.3
-krb5_hmac.3
-krb5_init_context.3
-krb5_init_ets.3
-krb5_initlog.3
-krb5_keyblock_get_enctype.3
-krb5_keyblock_zero.3
-krb5_keytab_entry.3
-krb5_krbhst_format_string.3
-krb5_krbhst_free.3
-krb5_krbhst_get_addrinfo.3
-krb5_krbhst_init.3
-krb5_krbhst_init_flags.3
-krb5_krbhst_next.3
-krb5_krbhst_next_as_string.3
-krb5_krbhst_reset.3
-krb5_kt_add_entry.3
-krb5_kt_close.3
-krb5_kt_compare.3
-krb5_kt_copy_entry_contents.3
-krb5_kt_cursor.3
-krb5_kt_default.3
-krb5_kt_default_modify_name.3
-krb5_kt_default_name.3
-krb5_kt_end_seq_get.3
-krb5_kt_free_entry.3
-krb5_kt_get_entry.3
-krb5_kt_get_name.3
-krb5_kt_get_type.3
-krb5_kt_next_entry.3
-krb5_kt_ops.3
-krb5_kt_read_service_key.3
-krb5_kt_register.3
-krb5_kt_remove_entry.3
-krb5_kt_resolve.3.3
-krb5_kt_start_seq_get
-krb5_kuserok.3
-krb5_log.3
-krb5_log_msg.3
-krb5_make_addrport.3
-krb5_make_principal.3
-krb5_max_sockaddr_size.3
-krb5_openlog.3
-krb5_padata_add.3
-krb5_parse_address.3
-krb5_parse_name.3
-krb5_passwd_result_to_string.3
-krb5_password_key_proc.3
-krb5_prepend_config_files.3
-krb5_prepend_config_files_default.3
-krb5_princ_realm.3
-krb5_princ_set_realm.3
-krb5_principal.3
-krb5_principal_compare.3
-krb5_principal_compare_any_realm.3
-krb5_principal_get_comp_string.3
-krb5_principal_get_realm.3
-krb5_principal_get_type.3
-krb5_principal_match.3
-krb5_principal_set_type.3
-krb5_print_address.3
-krb5_rc_close.3
-krb5_rc_default.3
-krb5_rc_default_name.3
-krb5_rc_default_type.3
-krb5_rc_destroy.3
-krb5_rc_expunge.3
-krb5_rc_get_lifespan.3
-krb5_rc_get_name.3
-krb5_rc_get_type.3
-krb5_rc_initialize.3
-krb5_rc_recover.3
-krb5_rc_resolve.3
-krb5_rc_resolve_full.3
-krb5_rc_resolve_type.3
-krb5_rc_store.3
-krb5_rcache.3
-krb5_realm_compare.3
-krb5_ret_address.3
-krb5_ret_addrs.3
-krb5_ret_authdata.3
-krb5_ret_creds.3
-krb5_ret_data.3
-krb5_ret_int16.3
-krb5_ret_int32.3
-krb5_ret_int8.3
-krb5_ret_keyblock.3
-krb5_ret_principal.3
-krb5_ret_string.3
-krb5_ret_stringz.3
-krb5_ret_times.3
-krb5_set_config_files.3
-krb5_set_default_realm.3
-krb5_set_error_string.3
-krb5_set_extra_addresses.3
-krb5_set_fcache_version.3
-krb5_set_ignore_addresses.3
-krb5_set_password.3
-krb5_set_password_using_ccache.3
-krb5_set_real_time.3
-krb5_set_use_admin_kdc.3
-krb5_set_warn_dest.3
-krb5_sname_to_principal.3
-krb5_sock_to_principal.3
-krb5_sockaddr2address.3
-krb5_sockaddr2port.3
-krb5_sockaddr_uninteresting.3
-krb5_storage.3
-krb5_storage_clear_flags.3
-krb5_storage_emem.3
-krb5_storage_free.3
-krb5_storage_from_data.3
-krb5_storage_from_fd.3
-krb5_storage_from_mem.3
-krb5_storage_get_byteorder.3
-krb5_storage_is_flags.3
-krb5_storage_read.3
-krb5_storage_seek.3
-krb5_storage_set_byteorder.3
-krb5_storage_set_eof_code.3
-krb5_storage_set_flags.3
-krb5_storage_to_data.3
-krb5_storage_write.3
-krb5_store_address.3
-krb5_store_addrs.3
-krb5_store_authdata.3
-krb5_store_creds.3
-krb5_store_data.3
-krb5_store_int16.3
-krb5_store_int32.3
-krb5_store_int8.3
-krb5_store_keyblock.3
-krb5_store_principal.3
-krb5_store_string.3
-krb5_store_stringz.3
-krb5_store_times.3
-krb5_string_to_deltat.3
-krb5_string_to_enctype.3
-krb5_string_to_key.3
-krb5_string_to_key_data.3
-krb5_string_to_key_data_salt.3
-krb5_string_to_key_data_salt_opaque.3
-krb5_string_to_key_salt.3
-krb5_string_to_key_salt_opaque.3
-krb5_ticket.3
-krb5_ticket_get_authorization_data_type.3
-krb5_ticket_get_client.3
-krb5_ticket_get_server.3
-krb5_timeofday.3
-krb5_unparse_name.3
-krb5_unparse_name_fixed.3
-krb5_unparse_name_fixed_short.3
-krb5_unparse_name_short.3
-krb5_us_timeofday.3
-krb5_vabort.3
-krb5_vabortx.3
-krb5_verify_checksum.3
-krb5_verify_init_creds.3
-krb5_verify_init_creds_opt_init.3
-krb5_verify_init_creds_opt_set_ap_req_nofail.3
-krb5_verify_opt_init.3
-krb5_verify_opt_set_ccache.3
-krb5_verify_opt_set_flags.3
-krb5_verify_opt_set_keytab.3
-krb5_verify_opt_set_secure.3
-krb5_verify_opt_set_service.3
-krb5_verify_user.3
-krb5_verify_user_lrealm.3
-krb5_verify_user_opt.3
-krb5_verr.3
-krb5_verrx.3
-krb5_vlog.3
-krb5_vlog_msg.3
-krb5_vset_error_string.3
-krb5_vwarn.3
-krb5_vwarnx.3
-krb5_warn.3
-krb5_warnx.3
-.ta
-.Fi
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5
deleted file mode 100644
index ceb16a4..0000000
--- a/crypto/heimdal/lib/krb5/krb5.conf.5
+++ /dev/null
@@ -1,530 +0,0 @@
-.\" Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5.conf.5 15514 2005-06-23 18:43:34Z lha $
-.\"
-.Dd May  4, 2005
-.Dt KRB5.CONF 5
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5.conf
-.Nd configuration file for Kerberos 5
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-The
-.Nm
-file specifies several configuration parameters for the Kerberos 5
-library, as well as for some programs.
-.Pp
-The file consists of one or more sections, containing a number of
-bindings.
-The value of each binding can be either a string or a list of other
-bindings.
-The grammar looks like:
-.Bd -literal -offset indent
-file:
-	/* empty */
-	sections
-
-sections:
-	section sections
-	section
-
-section:
-	'[' section_name ']' bindings
-
-section_name:
-	STRING
-
-bindings:
-	binding bindings
-	binding
-
-binding:
-	name '=' STRING
-	name '=' '{' bindings '}'
-
-name:
-	STRING
-
-.Ed
-.Li STRINGs
-consists of one or more non-whitespace characters.
-.Pp
-STRINGs that are specified later in this man-page uses the following
-notation.
-.Bl -tag -width "xxx" -offset indent
-.It boolean
-values can be either yes/true or no/false.
-.It time
-values can be a list of year, month, day, hour, min, second.
-Example: 1 month 2 days 30 min.
-If no unit is given, seconds is assumed.
-.It etypes
-valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
-des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96, and
-aes256-cts-hmac-sha1-96 .
-.It address
-an address can be either a IPv4 or a IPv6 address.
-.El
-.Pp
-Currently recognised sections and bindings are:
-.Bl -tag -width "xxx" -offset indent
-.It Li [appdefaults]
-Specifies the default values to be used for Kerberos applications.
-You can specify defaults per application, realm, or a combination of
-these.
-The preference order is:
-.Bl -enum -compact
-.It
-.Va application Va realm Va option
-.It
-.Va application Va option
-.It
-.Va realm Va option
-.It
-.Va option
-.El
-.Pp
-The supported options are:
-.Bl -tag -width "xxx" -offset indent
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-.It Li no-addresses = Va boolean
-When obtaining initial credentials, request them for an empty set of
-addresses, making the tickets valid from any address.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.It Li encrypt = Va boolean
-Use encryption, when available.
-.It Li forward = Va boolean
-Forward credentials to remote host (for
-.Xr rsh 1 ,
-.Xr telnet 1 ,
-etc).
-.El
-.It Li [libdefaults]
-.Bl -tag -width "xxx" -offset indent
-.It Li default_realm = Va REALM
-Default realm to use, this is also known as your
-.Dq local realm .
-The default is the result of
-.Fn krb5_get_host_realm "local hostname" .
-.It Li clockskew = Va time
-Maximum time differential (in seconds) allowed when comparing
-times.
-Default is 300 seconds (five minutes).
-.It Li kdc_timeout = Va time
-Maximum time to wait for a reply from the kdc, default is 3 seconds.
-.It Li v4_name_convert
-.It Li v4_instance_resolve
-These are described in the
-.Xr krb5_425_conv_principal  3
-manual page.
-.It Li capath = {
-.Bl -tag -width "xxx" -offset indent
-.It Va destination-realm Li = Va next-hop-realm
-.It ...
-.It Li }
-.El
-This is deprecated, see the 
-.Li capaths
-section below.
-.It Li default_cc_name = Va ccname
-the default credentials cache name.
-The string can contain variables that are expanded on runtime.
-Only support variable now is
-.Li %{uid}
-that expands to the current user id.
-.It Li default_etypes = Va etypes ...
-A list of default encryption types to use.
-.It Li default_etypes_des = Va etypes ...
-A list of default encryption types to use when requesting a DES credential.
-.It Li default_keytab_name = Va keytab
-The keytab to use if no other is specified, default is
-.Dq FILE:/etc/krb5.keytab .
-.It Li dns_lookup_kdc = Va boolean
-Use DNS SRV records to lookup KDC services location.
-.It Li dns_lookup_realm = Va boolean
-Use DNS TXT records to lookup domain to realm mappings.
-.It Li kdc_timesync = Va boolean
-Try to keep track of the time differential between the local machine
-and the KDC, and then compensate for that when issuing requests.
-.It Li max_retries = Va number
-The max number of times to try to contact each KDC.
-.It Li large_msg_size = Va number
-The threshold where protocols with tiny maximum message sizes are not
-considered usable to send messages to the KDC.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-This option is also valid in the [realms] section.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-This option is also valid in the [realms] section.
-.It Li verify_ap_req_nofail = Va boolean
-If enabled, failure to verify credentials against a local key is a
-fatal error.
-The application has to be able to read the corresponding service key
-for this to work.
-Some applications, like
-.Xr su 1 ,
-enable this option unconditionally.
-.It Li warn_pwexpire = Va time
-How soon to warn for expiring password.
-Default is seven days.
-.It Li http_proxy = Va proxy-spec
-A HTTP-proxy to use when talking to the KDC via HTTP.
-.It Li dns_proxy = Va proxy-spec
-Enable using DNS via HTTP.
-.It Li extra_addresses = Va address ...
-A list of addresses to get tickets for along with all local addresses.
-.It Li time_format = Va string
-How to print time strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li date_format = Va string
-How to print date strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li log_utc = Va boolean
-Write log-entries using UTC instead of your local time zone.
-.It Li scan_interfaces = Va boolean
-Scan all network interfaces for addresses, as opposed to simply using
-the address associated with the system's host name.
-.It Li fcache_version = Va int
-Use file credential cache format version specified.
-.It Li krb4_get_tickets = Va boolean
-Also get Kerberos 4 tickets in
-.Nm kinit ,
-.Nm login ,
-and other programs.
-This option is also valid in the [realms] section.
-.It Li fcc-mit-ticketflags = Va boolean
-Use MIT compatible format for file credential cache.
-It's the field ticketflags that is stored in reverse bit order for
-older than Heimdal 0.7.
-Setting this flag to
-.Dv TRUE
-make it store the MIT way, this is default for Heimdal 0.7.
-.El
-.It Li [domain_realm]
-This is a list of mappings from DNS domain to Kerberos realm.
-Each binding in this section looks like:
-.Pp
-.Dl domain = realm
-.Pp
-The domain can be either a full name of a host or a trailing
-component, in the latter case the domain-string should start with a
-period.
-The trailing component only matches hosts that are in the same domain, ie
-.Dq .example.com
-matches
-.Dq foo.example.com ,
-but not
-.Dq foo.test.example.com .
-.Pp
-The realm may be the token `dns_locate', in which case the actual
-realm will be determined using DNS (independently of the setting
-of the `dns_lookup_realm' option).
-.It Li [realms]
-.Bl -tag -width "xxx" -offset indent
-.It Va REALM Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Li kdc = Va [service/]host[:port]
-Specifies a list of kdcs for this realm.
-If the optional
-.Va port
-is absent, the
-default value for the
-.Dq kerberos/udp
-.Dq kerberos/tcp ,
-and
-.Dq http/tcp
-port (depending on service) will be used.
-The kdcs will be used in the order that they are specified.
-.Pp
-The optional
-.Va service
-specifies over what medium the kdc should be
-contacted.
-Possible services are
-.Dq udp ,
-.Dq tcp ,
-and
-.Dq http .
-Http can also be written as
-.Dq http:// .
-Default service is
-.Dq udp
-and
-.Dq tcp .
-.It Li admin_server = Va host[:port]
-Specifies the admin server for this realm, where all the modifications
-to the database are performed.
-.It Li kpasswd_server = Va host[:port]
-Points to the server where all the password changes are performed.
-If there is no such entry, the kpasswd port on the admin_server host
-will be tried.
-.It Li krb524_server = Va host[:port]
-Points to the server that does 524 conversions.
-If it is not mentioned, the krb524 port on the kdcs will be tried.
-.It Li v4_instance_convert
-.It Li v4_name_convert
-.It Li default_domain
-See
-.Xr krb5_425_conv_principal 3 .
-.It Li tgs_require_subkey
-a boolan variable that defaults to false.
-Old DCE secd (pre 1.1) might need this to be true.
-.El
-.It Li }
-.El
-.It Li [capaths]
-.Bl -tag -width "xxx" -offset indent
-.It Va client-realm Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Va server-realm Li = Va hop-realm ...
-This serves two purposes. First the first listed
-.Va hop-realm
-tells a client which realm it should contact in order to ultimately
-obtain credentials for a service in the
-.Va server-realm .
-Secondly, it tells the KDC (and other servers) which realms are
-allowed in a multi-hop traversal from
-.Va client-realm 
-to
-.Va server-realm .
-Except for the client case, the order of the realms are not important.
-.El
-.It Va }
-.El
-.It Li [logging]
-.Bl -tag -width "xxx" -offset indent
-.It Va entity Li = Va destination
-Specifies that
-.Va entity
-should use the specified
-.Li destination
-for logging.
-See the
-.Xr krb5_openlog 3
-manual page for a list of defined destinations.
-.El
-.It Li [kdc]
-.Bl -tag -width "xxx" -offset indent
-.It Li database Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Li dbname Li = Va DATABASENAME
-Use this database for this realm.
-See the info documetation how to configure diffrent database backends.
-.It Li realm Li = Va REALM
-Specifies the realm that will be stored in this database.
-It realm isn't set, it will used as the default database, there can
-only be one entry that doesn't have a
-.Li realm
-stanza.
-.It Li mkey_file Li = Pa FILENAME
-Use this keytab file for the master key of this database.
-If not specified
-.Va DATABASENAME Ns .mkey
-will be used.
-.It Li acl_file Li = PA FILENAME
-Use this file for the ACL list of this database.
-.It Li log_file Li = Pa FILENAME
-Use this file as the log of changes performed to the database.
-This file is used by
-.Nm ipropd-master
-for propagating changes to slaves.
-.El
-.It Li }
-.It Li max-request = Va SIZE
-Maximum size of a kdc request.
-.It Li require-preauth = Va BOOL
-If set pre-authentication is required.
-Since krb4 requests are not pre-authenticated they will be rejected.
-.It Li ports = Va "list of ports"
-List of ports the kdc should listen to.
-.It Li addresses = Va "list of interfaces"
-List of addresses the kdc should bind to.
-.It Li enable-kerberos4 = Va BOOL
-Turn on Kerberos 4 support.
-.It Li v4-realm = Va REALM
-To what realm v4 requests should be mapped.
-.It Li enable-524 = Va BOOL
-Should the Kerberos 524 converting facility be turned on.
-Default is the same as
-.Va enable-kerberos4 .
-.It Li enable-http = Va BOOL
-Should the kdc answer kdc-requests over http.
-.It Li enable-kaserver = Va BOOL
-If this kdc should emulate the AFS kaserver.
-.It Li check-ticket-addresses = Va BOOL
-Verify the addresses in the tickets used in tgs requests.
-.\" XXX
-.It Li allow-null-ticket-addresses = Va BOOL
-Allow address-less tickets.
-.\" XXX
-.It Li allow-anonymous = Va BOOL
-If the kdc is allowed to hand out anonymous tickets.
-.It Li encode_as_rep_as_tgs_rep = Va BOOL
-Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
-.\" XXX
-.It Li kdc_warn_pwexpire = Va TIME
-The time before expiration that the user should be warned that her
-password is about to expire.
-.It Li logging = Va Logging
-What type of logging the kdc should use, see also [logging]/kdc.
-.It Li use_2b = {
-.Bl -tag -width "xxx" -offset indent
-.It Va principal Li = Va BOOL
-boolean value if the 524 daemon should return AFS 2b tokens for
-.Fa principal .
-.It ...
-.El
-.It Li }
-.It Li hdb-ldap-structural-object Va structural object
-If the LDAP backend is used for storing principals, this is the
-structural object that will be used when creating and when reading
-objects.
-The default value is account .
-.It Li hdb-ldap-create-base Va creation dn
-is the dn that will be appended to the principal when creating entries.
-Default value is the search dn.
-.El
-.It Li [kadmin]
-.Bl -tag -width "xxx" -offset indent
-.It Li require-preauth = Va BOOL
-If pre-authentication is required to talk to the kadmin server.
-.It Li password_lifetime = Va time
-If a principal already have its password set for expiration, this is
-the time it will be valid for after a change.
-.It Li default_keys = Va keytypes...
-For each entry in
-.Va default_keys
-try to parse it as a sequence of
-.Va etype:salttype:salt
-syntax of this if something like:
-.Pp
-[(des|des3|etype):](pw-salt|afs3-salt)[:string]
-.Pp
-If
-.Ar etype
-is omitted it means everything, and if string is omitted it means the
-default salt string (for that principal and encryption type).
-Additional special values of keytypes are:
-.Bl -tag -width "xxx" -offset indent
-.It Li v5
-The Kerberos 5 salt
-.Va pw-salt
-.It Li v4
-The Kerberos 4 salt
-.Va des:pw-salt:
-.El
-.It Li use_v4_salt = Va BOOL
-When true, this is the same as
-.Pp
-.Va default_keys = Va des3:pw-salt Va v4
-.Pp
-and is only left for backwards compatibility.
-.El
-.It Li [password-quality]
-Check the Password quality assurance in the info documentation for
-more information.
-.Bl -tag -width "xxx" -offset indent
-.It Li check_library = Va library-name
-Library name that contains the password check_function
-.It Li check_function = Va function-name
-Function name for checking passwords in check_library
-.It Li policy_libraries = Va library1 ... libraryN
-List of libraries that can do password policy checks
-.It Li policies = Va policy1 ... policyN
-List of policy names to apply to the password. Builtin policies are
-among other minimum-length, character-class, external-check.
-.El
-.El
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh FILES
-.Bl -tag -width "/etc/krb5.conf"
-.It Pa /etc/krb5.conf
-configuration file for Kerberos 5.
-.El
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[libdefaults]
-	default_realm = FOO.SE
-[domain_realm]
-	.foo.se = FOO.SE
-	.bar.se = FOO.SE
-[realms]
-	FOO.SE = {
-		kdc = kerberos.foo.se
-		v4_name_convert = {
-			rcmd = host
-		}
-		v4_instance_convert = {
-			xyz = xyz.bar.se
-		}
-		default_domain = foo.se
-	}
-[logging]
-	kdc = FILE:/var/heimdal/kdc.log
-	kdc = SYSLOG:INFO
-	default = SYSLOG:INFO:USER
-.Ed
-.Sh DIAGNOSTICS
-Since
-.Nm
-is read and parsed by the krb5 library, there is not a lot of
-opportunities for programs to report parsing errors in any useful
-format.
-To help overcome this problem, there is a program
-.Nm verify_krb5_conf
-that reads
-.Nm
-and tries to emit useful diagnostics from parsing errors.
-Note that this program does not have any way of knowing what options
-are actually used and thus cannot warn about unknown or misspelled
-ones.
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_openlog 3 ,
-.Xr strftime 3 ,
-.Xr verify_krb5_conf 8
diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h
deleted file mode 100644
index 571eb61..0000000
--- a/crypto/heimdal/lib/krb5/krb5.h
+++ /dev/null
@@ -1,780 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5.h 22100 2007-12-03 17:15:00Z lha $ */
-
-#ifndef __KRB5_H__
-#define __KRB5_H__
-
-#include <time.h>
-#include <krb5-types.h>
-
-#include <asn1_err.h>
-#include <krb5_err.h>
-#include <heim_err.h>
-#include <k524_err.h>
-
-#include <krb5_asn1.h>
-
-/* name confusion with MIT */
-#ifndef KRB5KDC_ERR_KEY_EXP
-#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
-#endif
-
-/* simple constants */
-
-#ifndef TRUE
-#define TRUE  1
-#define FALSE 0
-#endif
-
-typedef int krb5_boolean;
-
-typedef int32_t krb5_error_code;
-
-typedef int krb5_kvno;
-
-typedef uint32_t krb5_flags;
-
-typedef void *krb5_pointer;
-typedef const void *krb5_const_pointer;
-
-struct krb5_crypto_data;
-typedef struct krb5_crypto_data *krb5_crypto;
-
-struct krb5_get_creds_opt_data;
-typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
-
-struct krb5_digest_data;
-typedef struct krb5_digest_data *krb5_digest;
-struct krb5_ntlm_data;
-typedef struct krb5_ntlm_data *krb5_ntlm;
-
-struct krb5_pac_data;
-typedef struct krb5_pac_data *krb5_pac;
-
-typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
-typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
-
-typedef CKSUMTYPE krb5_cksumtype;
-
-typedef Checksum krb5_checksum;
-
-typedef ENCTYPE krb5_enctype;
-
-typedef heim_octet_string krb5_data;
-
-/* PKINIT related forward declarations */
-struct ContentInfo;
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-
-/* krb5_enc_data is a mit compat structure */
-typedef struct krb5_enc_data {
-    krb5_enctype enctype;
-    krb5_kvno kvno;
-    krb5_data ciphertext;
-} krb5_enc_data;
-
-/* alternative names */
-enum {
-    ENCTYPE_NULL		= ETYPE_NULL,
-    ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
-    ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
-    ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
-    ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
-    ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
-    ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
-    ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
-    ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
-    ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
-    ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
-    ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
-    ENCTYPE_ARCFOUR_HMAC	= ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
-    ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
-    ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
-    ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
-    ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
-    ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE
-};
-
-typedef PADATA_TYPE krb5_preauthtype;
-
-typedef enum krb5_key_usage {
-    KRB5_KU_PA_ENC_TIMESTAMP = 1,
-    /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-       client key (section 5.4.1) */
-    KRB5_KU_TICKET = 2,
-    /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-       application session key), encrypted with the service key
-       (section 5.4.2) */
-    KRB5_KU_AS_REP_ENC_PART = 3,
-    /* AS-REP encrypted part (includes tgs session key or application
-       session key), encrypted with the client key (section 5.4.2) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-       session key (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          authenticator subkey (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-       with the tgs session key (sections 5.3.2, 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH = 7,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-       authenticator subkey), encrypted with the tgs session key
-       (section 5.3.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs session key (section 5.4.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs authenticator subkey (section 5.4.2) */
-    KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
-    /* AP-REQ Authenticator cksum, keyed with the application session
-       key (section 5.3.2) */
-    KRB5_KU_AP_REQ_AUTH = 11,
-    /* AP-REQ Authenticator (includes application authenticator
-       subkey), encrypted with the application session key (section
-       5.3.2) */
-    KRB5_KU_AP_REQ_ENC_PART = 12,
-    /* AP-REP encrypted part (includes application session subkey),
-       encrypted with the application session key (section 5.5.2) */
-    KRB5_KU_KRB_PRIV = 13,
-    /* KRB-PRIV encrypted part, encrypted with a key chosen by the
-       application (section 5.7.1) */
-    KRB5_KU_KRB_CRED = 14,
-    /* KRB-CRED encrypted part, encrypted with a key chosen by the
-       application (section 5.8.1) */
-    KRB5_KU_KRB_SAFE_CKSUM = 15,
-    /* KRB-SAFE cksum, keyed with a key chosen by the application
-       (section 5.6.1) */
-    KRB5_KU_OTHER_ENCRYPTED = 16,
-    /* Data which is defined in some specification outside of
-       Kerberos to be encrypted using an RFC1510 encryption type. */
-    KRB5_KU_OTHER_CKSUM = 17,
-    /* Data which is defined in some specification outside of
-       Kerberos to be checksummed using an RFC1510 checksum type. */
-    KRB5_KU_KRB_ERROR = 18,
-    /* Krb-error checksum */
-    KRB5_KU_AD_KDC_ISSUED = 19,
-    /* AD-KDCIssued checksum */
-    KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
-    /* Checksum for Mandatory Ticket Extensions */
-    KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
-    /* Checksum in Authorization Data in Ticket Extensions */
-    KRB5_KU_USAGE_SEAL = 22,
-    /* seal in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SIGN = 23,
-    /* sign in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SEQ = 24,
-    /* SEQ in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
-    /* acceptor sign in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
-    /* acceptor seal in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_INITIATOR_SEAL = 24,       
-    /* initiator sign in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_INITIATOR_SIGN = 25,
-    /* initiator seal in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
-    /* encrypted server referral data */
-    KRB5_KU_SAM_CHECKSUM = 25,
-    /* Checksum for the SAM-CHECKSUM field */
-    KRB5_KU_SAM_ENC_TRACK_ID = 26,
-    /* Encryption of the SAM-TRACK-ID field */
-    KRB5_KU_PA_SERVER_REFERRAL = 26,
-    /* Keyusage for the server referral in a TGS req */
-    KRB5_KU_SAM_ENC_NONCE_SAD = 27,
-    /* Encryption of the SAM-NONCE-OR-SAD field */
-    KRB5_KU_DIGEST_ENCRYPT = -18,
-    /* Encryption key usage used in the digest encryption field */
-    KRB5_KU_DIGEST_OPAQUE = -19,
-    /* Checksum key usage used in the digest opaque field */
-    KRB5_KU_KRB5SIGNEDPATH = -21,
-    /* Checksum key usage on KRB5SignedPath */
-    KRB5_KU_CANONICALIZED_NAMES = -23
-    /* Checksum key usage on PA-CANONICALIZED */
-} krb5_key_usage;
-
-typedef krb5_key_usage krb5_keyusage;
-
-typedef enum krb5_salttype {
-    KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
-    KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
-}krb5_salttype;
-
-typedef struct krb5_salt {
-    krb5_salttype salttype;
-    krb5_data saltvalue;
-} krb5_salt;
-
-typedef ETYPE_INFO krb5_preauthinfo;
-
-typedef struct {
-    krb5_preauthtype type;
-    krb5_preauthinfo info; /* list of preauthinfo for this type */
-} krb5_preauthdata_entry;
-
-typedef struct krb5_preauthdata {
-    unsigned len;
-    krb5_preauthdata_entry *val;
-}krb5_preauthdata;
-
-typedef enum krb5_address_type { 
-    KRB5_ADDRESS_INET     =   2,
-    KRB5_ADDRESS_NETBIOS  =  20,
-    KRB5_ADDRESS_INET6    =  24,
-    KRB5_ADDRESS_ADDRPORT = 256,
-    KRB5_ADDRESS_IPPORT   = 257
-} krb5_address_type;
-
-enum {
-  AP_OPTS_USE_SESSION_KEY = 1,
-  AP_OPTS_MUTUAL_REQUIRED = 2,
-  AP_OPTS_USE_SUBKEY = 4		/* library internal */
-};
-
-typedef HostAddress krb5_address;
-
-typedef HostAddresses krb5_addresses;
-
-typedef enum krb5_keytype { 
-    KEYTYPE_NULL	= 0,
-    KEYTYPE_DES		= 1,
-    KEYTYPE_DES3	= 7,
-    KEYTYPE_AES128	= 17,
-    KEYTYPE_AES256	= 18,
-    KEYTYPE_ARCFOUR	= 23,
-    KEYTYPE_ARCFOUR_56	= 24
-} krb5_keytype;
-
-typedef EncryptionKey krb5_keyblock;
-
-typedef AP_REQ krb5_ap_req;
-
-struct krb5_cc_ops;
-
-#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
-
-#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
-
-#define KRB5_ACCEPT_NULL_ADDRESSES(C) 					 \
-    krb5_config_get_bool_default((C), NULL, TRUE, 			 \
-				 "libdefaults", "accept_null_addresses", \
-				 NULL)
-
-typedef void *krb5_cc_cursor;
-
-typedef struct krb5_ccache_data {
-    const struct krb5_cc_ops *ops;
-    krb5_data data;
-}krb5_ccache_data;
-
-typedef struct krb5_ccache_data *krb5_ccache;
-
-typedef struct krb5_context_data *krb5_context;
-
-typedef Realm krb5_realm;
-typedef const char *krb5_const_realm; /* stupid language */
-
-#define krb5_realm_length(r) strlen(r)
-#define krb5_realm_data(r) (r)
-
-typedef Principal krb5_principal_data;
-typedef struct Principal *krb5_principal;
-typedef const struct Principal *krb5_const_principal;
-
-typedef time_t krb5_deltat;
-typedef time_t krb5_timestamp;
-
-typedef struct krb5_times {
-  krb5_timestamp authtime;
-  krb5_timestamp starttime;
-  krb5_timestamp endtime;
-  krb5_timestamp renew_till;
-} krb5_times;
-
-typedef union {
-    TicketFlags b;
-    krb5_flags i;
-} krb5_ticket_flags;
-
-/* options for krb5_get_in_tkt() */
-#define KDC_OPT_FORWARDABLE		(1 << 1)
-#define KDC_OPT_FORWARDED		(1 << 2)
-#define KDC_OPT_PROXIABLE		(1 << 3)
-#define KDC_OPT_PROXY			(1 << 4)
-#define KDC_OPT_ALLOW_POSTDATE		(1 << 5)
-#define KDC_OPT_POSTDATED		(1 << 6)
-#define KDC_OPT_RENEWABLE		(1 << 8)
-#define KDC_OPT_REQUEST_ANONYMOUS	(1 << 14)
-#define KDC_OPT_DISABLE_TRANSITED_CHECK	(1 << 26)
-#define KDC_OPT_RENEWABLE_OK		(1 << 27)
-#define KDC_OPT_ENC_TKT_IN_SKEY		(1 << 28)
-#define KDC_OPT_RENEW			(1 << 30)
-#define KDC_OPT_VALIDATE		(1 << 31)
-
-typedef union {
-    KDCOptions b;
-    krb5_flags i;
-} krb5_kdc_flags;
-
-/* flags for krb5_verify_ap_req */
-
-#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID	(1 << 0)
-
-#define KRB5_GC_CACHED			(1U << 0)
-#define KRB5_GC_USER_USER		(1U << 1)
-#define KRB5_GC_EXPIRED_OK		(1U << 2)
-#define KRB5_GC_NO_STORE		(1U << 3)
-#define KRB5_GC_FORWARDABLE		(1U << 4)
-#define KRB5_GC_NO_TRANSIT_CHECK	(1U << 5)
-#define KRB5_GC_CONSTRAINED_DELEGATION	(1U << 6)
-
-/* constants for compare_creds (and cc_retrieve_cred) */
-#define KRB5_TC_DONT_MATCH_REALM	(1U << 31)
-#define KRB5_TC_MATCH_KEYTYPE		(1U << 30)
-#define KRB5_TC_MATCH_KTYPE		KRB5_TC_MATCH_KEYTYPE    /* MIT name */
-#define KRB5_TC_MATCH_SRV_NAMEONLY	(1 << 29)
-#define KRB5_TC_MATCH_FLAGS_EXACT	(1 << 28)
-#define KRB5_TC_MATCH_FLAGS		(1 << 27)
-#define KRB5_TC_MATCH_TIMES_EXACT	(1 << 26)
-#define KRB5_TC_MATCH_TIMES		(1 << 25)
-#define KRB5_TC_MATCH_AUTHDATA		(1 << 24)
-#define KRB5_TC_MATCH_2ND_TKT		(1 << 23)
-#define KRB5_TC_MATCH_IS_SKEY		(1 << 22)
-
-typedef AuthorizationData krb5_authdata;
-
-typedef KRB_ERROR krb5_error;
-
-typedef struct krb5_creds {
-    krb5_principal client;
-    krb5_principal server;
-    krb5_keyblock session;
-    krb5_times times;
-    krb5_data ticket;
-    krb5_data second_ticket;
-    krb5_authdata authdata;
-    krb5_addresses addresses;
-    krb5_ticket_flags flags;
-} krb5_creds;
-
-typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
-
-typedef struct krb5_cc_ops {
-    const char *prefix;
-    const char* (*get_name)(krb5_context, krb5_ccache);
-    krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
-    krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
-    krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
-    krb5_error_code (*destroy)(krb5_context, krb5_ccache);
-    krb5_error_code (*close)(krb5_context, krb5_ccache);
-    krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
-    krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 
-				krb5_flags, const krb5_creds*, krb5_creds *);
-    krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
-    krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
-    krb5_error_code (*get_next)(krb5_context, krb5_ccache, 
-				krb5_cc_cursor*, krb5_creds*);
-    krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
-    krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 
-				   krb5_flags, krb5_creds*);
-    krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
-    int (*get_version)(krb5_context, krb5_ccache);
-    krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
-    krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
-    krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
-    krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache);
-    krb5_error_code (*default_name)(krb5_context, char **);
-} krb5_cc_ops;
-
-struct krb5_log_facility;
-
-struct krb5_config_binding {
-    enum { krb5_config_string, krb5_config_list } type;
-    char *name;
-    struct krb5_config_binding *next;
-    union {
-	char *string;
-	struct krb5_config_binding *list;
-	void *generic;
-    } u;
-};
-
-typedef struct krb5_config_binding krb5_config_binding;
-
-typedef krb5_config_binding krb5_config_section;
-
-typedef struct krb5_ticket {
-    EncTicketPart ticket;
-    krb5_principal client;
-    krb5_principal server;
-} krb5_ticket;
-
-typedef Authenticator krb5_authenticator_data;
-
-typedef krb5_authenticator_data *krb5_authenticator;
-
-struct krb5_rcache_data;
-typedef struct krb5_rcache_data *krb5_rcache;
-typedef Authenticator krb5_donot_replay;
-
-#define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
-#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
-#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
-#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
-#define KRB5_STORAGE_BYTEORDER_MASK			0x60
-#define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
-#define KRB5_STORAGE_BYTEORDER_LE			0x20
-#define KRB5_STORAGE_BYTEORDER_HOST			0x40
-#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER		0x80
-
-struct krb5_storage_data;
-typedef struct krb5_storage_data krb5_storage;
-
-typedef struct krb5_keytab_entry {
-    krb5_principal principal;
-    krb5_kvno vno;
-    krb5_keyblock keyblock;
-    uint32_t timestamp;
-} krb5_keytab_entry;
-
-typedef struct krb5_kt_cursor {
-    int fd;
-    krb5_storage *sp;
-    void *data;
-} krb5_kt_cursor;
-
-struct krb5_keytab_data;
-
-typedef struct krb5_keytab_data *krb5_keytab;
-
-#define KRB5_KT_PREFIX_MAX_LEN	30
-
-struct krb5_keytab_data {
-    const char *prefix;
-    krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
-    krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
-    krb5_error_code (*close)(krb5_context, krb5_keytab);
-    krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, 
-			   krb5_kvno, krb5_enctype, krb5_keytab_entry*);
-    krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*next_entry)(krb5_context, krb5_keytab, 
-				  krb5_keytab_entry*, krb5_kt_cursor*);
-    krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    void *data;
-    int32_t version;
-};
-
-typedef struct krb5_keytab_data krb5_kt_ops;
-
-struct krb5_keytab_key_proc_args {
-    krb5_keytab keytab;
-    krb5_principal principal;
-};
-
-typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
-
-typedef struct krb5_replay_data {
-    krb5_timestamp timestamp;
-    int32_t usec;
-    uint32_t seq;
-} krb5_replay_data;
-
-/* flags for krb5_auth_con_setflags */
-enum {
-    KRB5_AUTH_CONTEXT_DO_TIME      		= 1,
-    KRB5_AUTH_CONTEXT_RET_TIME     		= 2,
-    KRB5_AUTH_CONTEXT_DO_SEQUENCE  		= 4,
-    KRB5_AUTH_CONTEXT_RET_SEQUENCE 		= 8,
-    KRB5_AUTH_CONTEXT_PERMIT_ALL   		= 16,
-    KRB5_AUTH_CONTEXT_USE_SUBKEY   		= 32,
-    KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED	= 64
-};
-
-/* flags for krb5_auth_con_genaddrs */
-enum {
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       = 1,
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  = 3,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      = 4,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
-};
-
-typedef struct krb5_auth_context_data {
-    unsigned int flags;
-
-    krb5_address *local_address;
-    krb5_address *remote_address;
-    int16_t local_port;
-    int16_t remote_port;
-    krb5_keyblock *keyblock;
-    krb5_keyblock *local_subkey;
-    krb5_keyblock *remote_subkey;
-
-    uint32_t local_seqnumber;
-    uint32_t remote_seqnumber;
-
-    krb5_authenticator authenticator;
-  
-    krb5_pointer i_vector;
-  
-    krb5_rcache rcache;
-
-    krb5_keytype keytype;	/* �requested key type ? */
-    krb5_cksumtype cksumtype;	/* �requested checksum type! */
-  
-}krb5_auth_context_data, *krb5_auth_context;
-
-typedef struct {
-    KDC_REP kdc_rep;
-    EncKDCRepPart enc_part;
-    KRB_ERROR error;
-} krb5_kdc_rep;
-
-extern const char *heimdal_version, *heimdal_long_version;
-
-typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
-typedef void (*krb5_log_close_func_t)(void*);
-
-typedef struct krb5_log_facility {
-    char *program;
-    int len;
-    struct facility *val;
-} krb5_log_facility;
-
-typedef EncAPRepPart krb5_ap_rep_enc_part;
-
-#define KRB5_RECVAUTH_IGNORE_VERSION 1
-
-#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
-
-#define KRB5_TGS_NAME_SIZE (6)
-#define KRB5_TGS_NAME ("krbtgt")
-
-#define KRB5_DIGEST_NAME ("digest")
-
-/* variables */
-
-extern const char *krb5_config_file;
-extern const char *krb5_defkeyname;
-
-typedef enum {
-    KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
-    KRB5_PROMPT_TYPE_PREAUTH		= 0x4,
-    KRB5_PROMPT_TYPE_INFO		= 0x5
-} krb5_prompt_type;
-
-typedef struct _krb5_prompt {
-    const char *prompt;
-    int hidden;
-    krb5_data *reply;
-    krb5_prompt_type type;
-} krb5_prompt;
-
-typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
-				 void * /*data*/,
-				 const char * /*name*/,
-				 const char * /*banner*/,
-				 int /*num_prompts*/,
-				 krb5_prompt /*prompts*/[]);
-typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
-					 krb5_enctype /*type*/,
-					 krb5_salt /*salt*/,
-					 krb5_const_pointer /*keyseed*/,
-					 krb5_keyblock ** /*key*/);
-typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
-					     krb5_keyblock * /*key*/,
-					     krb5_key_usage /*usage*/,
-					     krb5_const_pointer /*decrypt_arg*/,
-					     krb5_kdc_rep * /*dec_rep*/);
-typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
-					 krb5_enctype /*type*/,
-					 krb5_const_pointer /*keyseed*/,
-					 krb5_salt /*salt*/,
-					 krb5_data * /*s2kparms*/,
-					 krb5_keyblock ** /*key*/);
-
-struct _krb5_get_init_creds_opt_private;
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int forwardable;
-    int proxiable;
-    int anonymous;
-    krb5_enctype *etype_list;
-    int etype_list_length;
-    krb5_addresses *address_list;
-    /* XXX the next three should not be used, as they may be
-       removed later */
-    krb5_preauthtype *preauth_list;
-    int preauth_list_length;
-    krb5_data *salt;
-    struct _krb5_get_init_creds_opt_private *opt_private;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
-#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS	0x0100
-#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK	0x0200
-
-typedef struct _krb5_verify_init_creds_opt {
-    krb5_flags flags;
-    int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
-
-typedef struct krb5_verify_opt {
-    unsigned int flags;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_boolean secure;
-    const char *service;
-} krb5_verify_opt;
-
-#define KRB5_VERIFY_LREALMS		1
-#define KRB5_VERIFY_NO_ADDRESSES	2
-
-extern const krb5_cc_ops krb5_acc_ops;
-extern const krb5_cc_ops krb5_fcc_ops;
-extern const krb5_cc_ops krb5_mcc_ops;
-extern const krb5_cc_ops krb5_kcm_ops;
-
-extern const krb5_kt_ops krb5_fkt_ops;
-extern const krb5_kt_ops krb5_wrfkt_ops;
-extern const krb5_kt_ops krb5_javakt_ops;
-extern const krb5_kt_ops krb5_mkt_ops;
-extern const krb5_kt_ops krb5_akf_ops;
-extern const krb5_kt_ops krb4_fkt_ops;
-extern const krb5_kt_ops krb5_srvtab_fkt_ops;
-extern const krb5_kt_ops krb5_any_ops;
-
-#define KRB5_KPASSWD_VERS_CHANGEPW      1
-#define KRB5_KPASSWD_VERS_SETPW         0xff80
-
-#define KRB5_KPASSWD_SUCCESS	0
-#define KRB5_KPASSWD_MALFORMED	1
-#define KRB5_KPASSWD_HARDERROR	2
-#define KRB5_KPASSWD_AUTHERROR	3
-#define KRB5_KPASSWD_SOFTERROR	4
-#define KRB5_KPASSWD_ACCESSDENIED 5
-#define KRB5_KPASSWD_BAD_VERSION 6
-#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
-
-#define KPASSWD_PORT 464
-
-/* types for the new krbhst interface */
-struct krb5_krbhst_data;
-typedef struct krb5_krbhst_data *krb5_krbhst_handle;
-
-#define KRB5_KRBHST_KDC		1
-#define KRB5_KRBHST_ADMIN	2
-#define KRB5_KRBHST_CHANGEPW	3
-#define KRB5_KRBHST_KRB524	4
-#define KRB5_KRBHST_KCA		5
-
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    unsigned short def_port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1]; /* has to come last */
-} krb5_krbhst_info;
-
-/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
-enum {
-    KRB5_KRBHST_FLAGS_MASTER      = 1,
-    KRB5_KRBHST_FLAGS_LARGE_MSG	  = 2
-};
-
-typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, 
-						 void *, 
-						 krb5_krbhst_info *,
-						 const krb5_data *,
-						 krb5_data *);
-
-/* flags for krb5_parse_name_flags */
-enum {
-    KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
-    KRB5_PRINCIPAL_PARSE_MUST_REALM = 2,
-    KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4
-};
-
-/* flags for krb5_unparse_name_flags */
-enum {
-    KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
-    KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2,
-    KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4
-};
-
-typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
-
-#define KRB5_SENDTO_DONE	0
-#define KRB5_SENDTO_RESTART	1
-#define KRB5_SENDTO_CONTINUE	2
-
-typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
-
-struct krb5_plugin;
-enum krb5_plugin_type {
-    PLUGIN_TYPE_DATA = 1,
-    PLUGIN_TYPE_FUNC
-};
-
-struct credentials; /* this is to keep the compiler happy */
-struct getargs;
-struct sockaddr;
-
-#include <krb5-protos.h>
-
-#endif /* __KRB5_H__ */
-
diff --git a/crypto/heimdal/lib/krb5/krb5.moduli b/crypto/heimdal/lib/krb5/krb5.moduli
deleted file mode 100644
index f67d2b2..0000000
--- a/crypto/heimdal/lib/krb5/krb5.moduli
+++ /dev/null
@@ -1,3 +0,0 @@
-# $Id: krb5.moduli 16154 2005-10-08 15:39:42Z lha $
-# comment security-bits-decimal secure-prime(p)-hex generator(g)-hex (q)-hex
-rfc3526-MODP-group14 1760 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF 02 7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671DF1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9472D455655347FFFFFFFFFFFFFFF
diff --git a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 b/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3
deleted file mode 100644
index 1f4b9bf..0000000
--- a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb524_convert_creds_kdc.3 15239 2005-05-25 13:19:16Z lha $
-.\"
-.Dd March 20, 2004
-.Dt KRB524_CONVERT_CREDS_KDC 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb524_convert_creds_kdc ,
-.Nm krb524_convert_creds_kdc_ccache
-.Nd converts Kerberos 5 credentials to Kerberos 4 credentials
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb524_convert_creds_kdc
-.Fa "krb5_context context"
-.Fa "krb5_creds *in_cred"
-.Fa "struct credentials *v4creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb524_convert_creds_kdc_ccache
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_cred"
-.Fa "struct credentials *v4creds"
-.Fc
-.Sh DESCRIPTION
-Convert the Kerberos 5 credential to Kerberos 4 credential.
-This is done by sending them to the 524 service in the KDC.
-.Pp
-.Fn krb524_convert_creds_kdc
-converts the Kerberos 5 credential in
-.Fa in_cred
-to Kerberos 4 credential that is stored in
-.Fa credentials .
-.Pp
-.Fn krb524_convert_creds_kdc_ccache
-is diffrent from
-.Fn krb524_convert_creds_kdc
-in that way that if
-.Fa in_cred
-doesn't contain a DES session key, then a new one is fetched from the
-KDC and stored in the cred cache
-.Fa ccache ,
-and then the KDC is queried to convert the credential.
-.Pp
-This interfaces are used to make the migration to Kerberos 5 from
-Kerberos 4 easier.
-There are few services that still need Kerberos 4, and this is mainly
-for compatibility for those services.
-Some services, like AFS, really have Kerberos 5 supports, but still
-uses the 524 interface to make the migration easier.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
deleted file mode 100644
index 16c118f..0000000
--- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
+++ /dev/null
@@ -1,224 +0,0 @@
-.\" Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_425_conv_principal.3 12734 2003-09-03 00:13:07Z lha $
-.\"
-.Dd September  3, 2003
-.Dt KRB5_425_CONV_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_425_conv_principal ,
-.Nm krb5_425_conv_principal_ext ,
-.Nm krb5_524_conv_principal
-.Nd converts to and from version 4 principals
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
-.Sh DESCRIPTION
-Converting between version 4 and version 5 principals can at best be
-described as a mess.
-.Pp
-A version 4 principal consists of a name, an instance, and a realm. A
-version 5 principal consists of one or more components, and a
-realm. In some cases also the first component/name will differ between
-version 4 and version 5.  Furthermore the second component of a host
-principal will be the fully qualified domain name of the host in
-question, while the instance of a version 4 principal will only
-contain the first part (short hostname).  Because of these problems
-the conversion between principals will have to be site customized.
-.Pp
-.Fn krb5_425_conv_principal_ext
-will try to convert a version 4 principal, given by
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm ,
-to a version 5 principal. This can result in several possible
-principals, and if
-.Fa func
-is non-NULL, it will be called for each candidate principal.
-.Fa func
-should return true if the principal was
-.Dq good .
-To accomplish this,
-.Fn krb5_425_conv_principal_ext
-will look up the name in
-.Pa krb5.conf .
-It first looks in the
-.Li v4_name_convert/host
-subsection, which should contain a list of version 4 names whose
-instance should be treated as a hostname. This list can be specified
-for each realm (in the
-.Li realms
-section), or in the
-.Li libdefaults
-section.  If the name is found the resulting name of the principal
-will be the value of this binding. The instance is then first looked
-up in
-.Li v4_instance_convert
-for the specified realm. If found the resulting value will be used as
-instance (this can be used for special cases), no further attempts
-will be made to find a conversion if this fails (with
-.Fa func ) .
-If the
-.Fa resolve
-parameter is true, the instance will be looked up with
-.Fn gethostbyname .
-This can be a time consuming, error prone, and unsafe operation.  Next
-a list of hostnames will be created from the instance and the
-.Li v4_domains
-variable, which should contain a list of possible domains for the
-specific realm.
-.Pp
-On the other hand, if the name is not found in a
-.Li host
-section, it is looked up in a
-.Li v4_name_convert/plain
-binding. If found here the name will be converted, but the instance
-will be untouched.
-.Pp
-This list of default host-type conversions is compiled-in:
-.Bd -literal -offset indent
-v4_name_convert = {
-	host = {
-		ftp = ftp
-		hprop = hprop
-		imap = imap
-		pop = pop
-		rcmd = host
-		smtp = smtp
-	}
-}
-.Ed
-.Pp
-It will only be used if there isn't an entry for these names in the
-config file, so you can override these defaults.
-.Pp
-.Fn krb5_425_conv_principal
-will call
-.Fn krb5_425_conv_principal_ext
-with
-.Dv NULL
-as
-.Fa func ,
-and the value of
-.Li v4_instance_resolve
-(from the
-.Li libdefaults
-section) as
-.Fa resolve .
-.Pp
-.Fn krb5_524_conv_principal
-basically does the opposite of
-.Fn krb5_425_conv_principal ,
-it just doesn't have to look up any names, but will instead truncate
-instances found to belong to a host principal. The
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm
-should be at least 40 characters long.
-.Sh EXAMPLES
-Since this is confusing an example is in place.
-.Pp
-Assume that we have the
-.Dq foo.com ,
-and
-.Dq bar.com
-domains that have shared a single version 4 realm, FOO.COM. The version 4
-.Pa krb.realms
-file looked like:
-.Bd -literal -offset indent
-foo.com		FOO.COM
-\&.foo.com	FOO.COM
-\&.bar.com	FOO.COM
-.Ed
-.Pp
-A
-.Pa krb5.conf
-file that covers this case might look like:
-.Bd -literal -offset indent
-[libdefaults]
-	v4_instance_resolve = yes
-[realms]
-	FOO.COM = {
-		kdc = kerberos.foo.com
-		v4_instance_convert = {
-			foo = foo.com
-		}
-		v4_domains = foo.com
-	}
-.Ed
-.Pp
-With this setup and the following host table:
-.Bd -literal -offset indent
-foo.com
-a-host.foo.com
-b-host.bar.com
-.Ed
-the following conversions will be made:
-.Bd -literal -offset indent
-rcmd.a-host	-\*(Gt host/a-host.foo.com
-ftp.b-host	-\*(Gt ftp/b-host.bar.com
-pop.foo		-\*(Gt pop/foo.com
-ftp.other	-\*(Gt ftp/other.foo.com
-other.a-host	-\*(Gt other/a-host
-.Ed
-.Pp
-The first three are what you expect. If you remove the
-.Dq v4_domains ,
-the fourth entry will result in an error (since the host
-.Dq other
-can't be found). Even if
-.Dq a-host
-is a valid host name, the last entry will not be converted, since the
-.Dq other
-name is not known to represent a host-type principal.
-If you turn off
-.Dq v4_instance_resolve
-the second example will result in
-.Dq ftp/b-host.foo.com
-(because of the default domain). And all of this is of course only
-valid if you have working name resolving.
-.Sh SEE ALSO
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 b/crypto/heimdal/lib/krb5/krb5_acl_match_file.3
deleted file mode 100644
index 342645e..0000000
--- a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3
+++ /dev/null
@@ -1,111 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_acl_match_file.3 17534 2006-05-11 22:43:44Z lha $
-.\"
-.Dd May 12, 2006
-.Dt KRB5_ACL_MATCH_FILE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_acl_match_file ,
-.Nm krb5_acl_match_string
-.Nd ACL matching functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.Ft krb5_error_code
-.Fo krb5_acl_match_file
-.Fa "krb5_context context"
-.Fa "const char *file"
-.Fa "const char *format"
-.Fa "..."
-.Fc
-.Ft krb5_error_code
-.Fo krb5_acl_match_string
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "const char *format"
-.Fa "..."
-.Fc
-.Sh DESCRIPTION
-.Nm krb5_acl_match_file
-matches ACL format against each line in a file.
-Lines starting with # are treated like comments and ignored.
-.Pp
-.Nm krb5_acl_match_string
-matches ACL format against a string.
-.Pp
-The ACL format has three format specifiers: s, f, and r.
-Each specifier will retrieve one argument from the variable arguments
-for either matching or storing data.
-The input string is split up using " " and "\et" as a delimiter; multiple
-" " and "\et" in a row are considered to be the same.
-.Pp
-.Bl -tag -width "fXX" -offset indent
-.It s
-Matches a string using
-.Xr strcmp 3
-(case sensitive).
-.It f
-Matches the string with
-.Xr fnmatch 3 .
-The
-.Fa flags
-argument (the last argument) passed to the fnmatch function is 0.
-.It r
-Returns a copy of the string in the char ** passed in; the copy must be
-freed with
-.Xr free 3 .
-There is no need to
-.Xr free 3
-the string on error: the function will clean up and set the pointer to
-.Dv NULL .
-.El
-.Pp
-All unknown format specifiers cause an error.
-.Sh EXAMPLES
-.Bd -literal -offset indent
-char *s;
-
-ret = krb5_acl_match_string(context, "foo", "s", "foo");
-if (ret)
-    krb5_errx(context, 1, "acl didn't match");
-ret = krb5_acl_match_string(context, "foo foo baz/kaka",
-    "ss", "foo", &s, "foo/*");
-if (ret) {
-    /* no need to free(s) on error */
-    assert(s == NULL);
-    krb5_errx(context, 1, "acl didn't match");
-}
-free(s);
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3
deleted file mode 100644
index 06f7fa5..0000000
--- a/crypto/heimdal/lib/krb5/krb5_address.3
+++ /dev/null
@@ -1,359 +0,0 @@
-.\" Copyright (c) 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_address.3 17461 2006-05-05 13:13:18Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_ADDRESS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_address ,
-.Nm krb5_addresses ,
-.Nm krb5_sockaddr2address ,
-.Nm krb5_sockaddr2port ,
-.Nm krb5_addr2sockaddr ,
-.Nm krb5_max_sockaddr_size ,
-.Nm krb5_sockaddr_uninteresting ,
-.Nm krb5_h_addr2sockaddr ,
-.Nm krb5_h_addr2addr ,
-.Nm krb5_anyaddr ,
-.Nm krb5_print_address ,
-.Nm krb5_parse_address ,
-.Nm krb5_address_order ,
-.Nm krb5_address_compare ,
-.Nm krb5_address_search ,
-.Nm krb5_free_address ,
-.Nm krb5_free_addresses ,
-.Nm krb5_copy_address ,
-.Nm krb5_copy_addresses ,
-.Nm krb5_append_addresses ,
-.Nm krb5_make_addrport
-.Nd mange addresses in Kerberos
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_sockaddr2address
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_sockaddr2port
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "int16_t *port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft size_t
-.Fo krb5_max_sockaddr_size
-.Fa "void"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_sockaddr_uninteresting
-.Fa "const struct sockaddr *sa"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2addr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *haddr"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_anyaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_print_address
-.Fa "const krb5_address *addr"
-.Fa "char *str"
-.Fa "size_t len"
-.Fa "size_t *ret_len"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_parse_address
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft int
-.Fo "krb5_address_order"
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_compare
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_search
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "const krb5_addresses *addrlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_address
-.Fa "krb5_context context"
-.Fa "krb5_address *address"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_address
-.Fa "krb5_context context"
-.Fa "const krb5_address *inaddr"
-.Fa "krb5_address *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *inaddr"
-.Fa "krb5_addresses *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_append_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *dest"
-.Fa "const krb5_addresses *source"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_make_addrport
-.Fa "krb5_context context"
-.Fa "krb5_address **res"
-.Fa "const krb5_address *addr"
-.Fa "int16_t port"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_address
-structure holds a address that can be used in Kerberos API
-calls. There are help functions to set and extract address information
-of the address.
-.Pp
-The
-.Li krb5_addresses
-structure holds a set of krb5_address:es.
-.Pp
-.Fn krb5_sockaddr2address
-stores a address a
-.Li "struct sockaddr"
-.Fa sa
-in the krb5_address
-.Fa addr .
-.Pp
-.Fn krb5_sockaddr2port
-extracts a
-.Fa port
-(if possible) from a
-.Li "struct sockaddr"
-.Fa sa .
-.Pp
-.Fn krb5_addr2sockaddr
-sets the
-struct sockaddr
-.Fa sockaddr
-from
-.Fa addr
-and
-.Fa port .
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_max_sockaddr_size
-returns the max size of the
-.Li struct sockaddr
-that the Kerberos library will return.
-.Pp
-.Fn krb5_sockaddr_uninteresting
-returns
-.Dv TRUE
-for all
-.Fa sa
-that the kerberos library thinks are uninteresting.
-One example are link local addresses.
-.Pp
-.Fn krb5_h_addr2sockaddr
-initializes a
-.Li "struct sockaddr"
-.Fa sa
-from
-.Fa af
-and the
-.Li "struct hostent"
-(see
-.Xr gethostbyname 3 )
-.Fa h_addr_list
-component.
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_h_addr2addr
-works like
-.Fn krb5_h_addr2sockaddr
-with the exception that it operates on a
-.Li krb5_address
-instead of a
-.Li struct sockaddr .
-.Pp
-.Fn krb5_anyaddr
-fills in a
-.Li "struct sockaddr"
-.Fa sa
-that can be used to
-.Xr bind 2
-to.
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_print_address
-prints the address in
-.Fa addr
-to the string
-.Fa string
-that have the length
-.Fa len .
-If
-.Fa ret_len
-is not
-.Dv NULL ,
-it will be filled with the length of the string if size were unlimited (not
-including the final
-.Ql \e0 ) .
-.Pp
-.Fn krb5_parse_address
-Returns the resolved hostname in
-.Fa string
-to the
-.Li krb5_addresses
-.Fa addresses .
-.Pp
-.Fn krb5_address_order
-compares the addresses
-.Fa addr1
-and
-.Fa addr2
-so that it can be used for sorting addresses. If the addresses are the
-same address
-.Fa krb5_address_order
-will return 0.
-.Pp
-.Fn krb5_address_compare
-compares the addresses
-.Fa addr1
-and
-.Fa addr2 .
-Returns
-.Dv TRUE
-if the two addresses are the same.
-.Pp
-.Fn krb5_address_search
-checks if the address
-.Fa addr
-is a member of the address set list
-.Fa addrlist .
-.Pp
-.Fn krb5_free_address
-frees the data stored in the
-.Fa address
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_free_addresses
-frees the data stored in the
-.Fa addresses
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_copy_address
-copies the content of address
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_copy_addresses
-copies the content of the address list
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_append_addresses
-adds the set of addresses in
-.Fa source
-to
-.Fa dest .
-While copying the addresses, duplicates are also sorted out.
-.Pp
-.Fn krb5_make_addrport
-allocates and creates an
-krb5_address in
-.Fa res
-of type KRB5_ADDRESS_ADDRPORT from
-.Fa ( addr , port ) .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
deleted file mode 100644
index a0c3e4b..0000000
--- a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
+++ /dev/null
@@ -1,80 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_aname_to_localname.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd February 18, 2006
-.Dt KRB5_ANAME_TO_LOCALNAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_aname_to_localname
-.Nd converts a principal to a system local name
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_aname_to_localname
-.Fa "krb5_context context"
-.Fa "krb5_const_principal name"
-.Fa "size_t lnsize"
-.Fa "char *lname"
-.Fc
-.Sh DESCRIPTION
-This function takes a principal
-.Fa name ,
-verifies that it is in the local realm (using
-.Fn krb5_get_default_realms )
-and then returns the local name of the principal.
-.Pp
-If
-.Fa name
-isn't in one of the local realms an error is returned.
-.Pp
-If the size
-.Fa ( lnsize )
-of the local name
-.Fa ( lname )
-is too small, an error is returned.
-.Pp
-.Fn krb5_aname_to_localname
-should only be use by an application that implements protocols that
-don't transport the login name and thus needs to convert a principal
-to a local name.
-.Pp
-Protocols should be designed so that they authenticate using
-Kerberos, send over the login name and then verify the principal
-that is authenticated is allowed to login and the login name.
-A way to check if a user is allowed to login is using the function
-.Fn krb5_kuserok .
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_kuserok 3
diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3
deleted file mode 100644
index f5b5329..0000000
--- a/crypto/heimdal/lib/krb5/krb5_appdefault.3
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_appdefault.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd July 25, 2000
-.Dt KRB5_APPDEFAULT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_appdefault_boolean ,
-.Nm krb5_appdefault_string ,
-.Nm krb5_appdefault_time
-.Nd get application configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
-.Ft void
-.Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
-.Ft void
-.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
-.Sh DESCRIPTION
-These functions get application defaults from the
-.Dv appdefaults
-section of the
-.Xr krb5.conf 5
-configuration file. These defaults can be specified per application,
-and/or per realm.
-.Pp
-These values will be looked for in
-.Xr krb5.conf 5 ,
-in order of descending importance.
-.Bd -literal -offset indent
-[appdefaults]
-	appname = {
-		realm = {
-			option = value
-		}
-	}
-	appname = {
-		option = value
-	}
-	realm = {
-		option = value
-	}
-	option = value
-.Ed
-.Fa appname
-is the name of the application, and
-.Fa realm
-is the realm name. If the realm is omitted it will not be used for
-resolving values.
-.Fa def_val
-is the value to return if no value is found in
-.Xr krb5.conf 5 .
-.Sh SEE ALSO
-.Xr krb5_config 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3
deleted file mode 100644
index 66d150e..0000000
--- a/crypto/heimdal/lib/krb5/krb5_auth_context.3
+++ /dev/null
@@ -1,395 +0,0 @@
-.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_auth_context.3 15240 2005-05-25 13:47:58Z lha $
-.\"
-.Dd May 17, 2005
-.Dt KRB5_AUTH_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_auth_con_addflags ,
-.Nm krb5_auth_con_free ,
-.Nm krb5_auth_con_genaddrs ,
-.Nm krb5_auth_con_generatelocalsubkey ,
-.Nm krb5_auth_con_getaddrs ,
-.Nm krb5_auth_con_getauthenticator ,
-.Nm krb5_auth_con_getflags ,
-.Nm krb5_auth_con_getkey ,
-.Nm krb5_auth_con_getlocalsubkey ,
-.Nm krb5_auth_con_getrcache ,
-.Nm krb5_auth_con_getremotesubkey ,
-.Nm krb5_auth_con_getuserkey ,
-.Nm krb5_auth_con_init ,
-.Nm krb5_auth_con_initivector ,
-.Nm krb5_auth_con_removeflags ,
-.Nm krb5_auth_con_setaddrs ,
-.Nm krb5_auth_con_setaddrs_from_fd ,
-.Nm krb5_auth_con_setflags ,
-.Nm krb5_auth_con_setivector ,
-.Nm krb5_auth_con_setkey ,
-.Nm krb5_auth_con_setlocalsubkey ,
-.Nm krb5_auth_con_setrcache ,
-.Nm krb5_auth_con_setremotesubkey ,
-.Nm krb5_auth_con_setuserkey ,
-.Nm krb5_auth_context ,
-.Nm krb5_auth_getcksumtype ,
-.Nm krb5_auth_getkeytype ,
-.Nm krb5_auth_getlocalseqnumber ,
-.Nm krb5_auth_getremoteseqnumber ,
-.Nm krb5_auth_setcksumtype ,
-.Nm krb5_auth_setkeytype ,
-.Nm krb5_auth_setlocalseqnumber ,
-.Nm krb5_auth_setremoteseqnumber ,
-.Nm krb5_free_authenticator
-.Nd manage authentication on connection level
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_auth_con_init
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fc
-.Ft void
-.Fo krb5_auth_con_free
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_addflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t addflags"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_removeflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t removelags"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address *local_addr"
-.Fa "krb5_address *remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address **local_addr"
-.Fa "krb5_address **remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_genaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int fd"
-.Fa "int flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs_from_fd
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "void *p_fd"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getlocalsubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getremotesubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_generatelocalsubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_initivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "krb5_pointer ivector"
-.Fc
-.Ft void
-.Fo krb5_free_authenticator
-.Fa "krb5_context context"
-.Fa "krb5_authenticator *authenticator"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_auth_context
-structure holds all context related to an authenticated connection, in
-a similar way to
-.Nm krb5_context
-that holds the context for the thread or process.
-.Nm krb5_auth_context
-is used by various functions that are directly related to
-authentication between the server/client. Example of data that this
-structure contains are various flags, addresses of client and server,
-port numbers, keyblocks (and subkeys), sequence numbers, replay cache,
-and checksum-type.
-.Pp
-.Fn krb5_auth_con_init
-allocates and initializes the
-.Nm krb5_auth_context
-structure. Default values can be changed with
-.Fn krb5_auth_con_setcksumtype
-and
-.Fn krb5_auth_con_setflags .
-The
-.Nm auth_context
-structure must be freed by
-.Fn krb5_auth_con_free .
-.Pp
-.Fn krb5_auth_con_getflags ,
-.Fn krb5_auth_con_setflags ,
-.Fn krb5_auth_con_addflags
-and
-.Fn krb5_auth_con_removeflags
-gets and modifies the flags for a
-.Nm krb5_auth_context
-structure. Possible flags to set are:
-.Bl -tag -width Ds
-.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
-Generate and check sequence-number on each packet.
-.It Dv KRB5_AUTH_CONTEXT_DO_TIME
-Check timestamp on incoming packets.
-.It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
-Return sequence numbers and time stamps in the outdata parameters.
-.It Dv KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
-will force
-.Fn krb5_get_forwarded_creds
-and
-.Fn krb5_fwd_tgt_creds
-to create unencrypted )
-.Dv ENCTYPE_NULL )
-credentials.
-This is for use with old MIT server and JAVA based servers as
-they can't handle encrypted
-.Dv KRB-CRED .
-Note that sending such
-.Dv KRB-CRED
-is clear exposes crypto keys and tickets and is insecure,
-make sure the packet is encrypted in the protocol.
-.Xr krb5_rd_cred 3 ,
-.Xr krb5_rd_priv 3 ,
-.Xr krb5_rd_safe 3 ,
-.Xr krb5_mk_priv 3
-and
-.Xr krb5_mk_safe 3 .
-Setting this flag requires that parameter to be passed to these
-functions.
-.Pp
-The flags
-.Dv KRB5_AUTH_CONTEXT_DO_TIME
-also modifies the behavior the function
-.Fn krb5_get_forwarded_creds
-by removing the timestamp in the forward credential message, this have
-backward compatibility problems since not all versions of the heimdal
-supports timeless credentional messages.
-Is very useful since it always the sender of the message to cache
-forward message and thus avoiding a round trip to the KDC for each
-time a credential is forwarded.
-The same functionality can be obtained by using address-less tickets.
-.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
-.El
-.Pp
-.Fn krb5_auth_con_setaddrs ,
-.Fn krb5_auth_con_setaddrs_from_fd
-and
-.Fn krb5_auth_con_getaddrs
-gets and sets the addresses that are checked when a packet is received.
-It is mandatory to set an address for the remote
-host. If the local address is not set, it iss deduced from the underlaying
-operating system.
-.Fn krb5_auth_con_getaddrs
-will call
-.Fn krb5_free_address
-on any address that is passed in
-.Fa local_addr
-or
-.Fa remote_addr .
-.Fn krb5_auth_con_setaddr
-allows passing in a
-.Dv NULL
-pointer as
-.Fa local_addr
-and
-.Fa remote_addr ,
-in that case it will just not set that address.
-.Pp
-.Fn krb5_auth_con_setaddrs_from_fd
-fetches the addresses from a file descriptor.
-.Pp
-.Fn krb5_auth_con_genaddrs
-fetches the address information from the given file descriptor
-.Fa fd
-depending on the bitmap argument
-.Fa flags .
-.Pp
-Possible values on
-.Fa flags
-are:
-.Bl -tag -width Ds
-.It Va KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
-fetches the local address from
-.Fa fd .
-.It Va KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
-fetches the remote address from
-.Fa fd .
-.El
-.Pp
-.Fn krb5_auth_con_setkey ,
-.Fn krb5_auth_con_setuserkey
-and
-.Fn krb5_auth_con_getkey
-gets and sets the key used for this auth context. The keyblock returned by
-.Fn krb5_auth_con_getkey
-should be freed with
-.Fn krb5_free_keyblock .
-The keyblock send into
-.Fn krb5_auth_con_setkey
-is copied into the
-.Nm krb5_auth_context ,
-and thus no special handling is needed.
-.Dv NULL
-is not a valid keyblock to
-.Fn krb5_auth_con_setkey .
-.Pp
-.Fn krb5_auth_con_setuserkey
-is only useful when doing user to user authentication.
-.Fn krb5_auth_con_setkey
-is equivalent to
-.Fn krb5_auth_con_setuserkey .
-.Pp
-.Fn krb5_auth_con_getlocalsubkey ,
-.Fn krb5_auth_con_setlocalsubkey ,
-.Fn krb5_auth_con_getremotesubkey
-and
-.Fn krb5_auth_con_setremotesubkey
-gets and sets the keyblock for the local and remote subkey.
-The keyblock returned by
-.Fn krb5_auth_con_getlocalsubkey
-and
-.Fn krb5_auth_con_getremotesubkey
-must be freed with
-.Fn krb5_free_keyblock .
-.Pp
-.Fn krb5_auth_setcksumtype
-and
-.Fn krb5_auth_getcksumtype
-sets and gets the checksum type that should be used for this
-connection.
-.Pp
-.Fn krb5_auth_con_generatelocalsubkey
-generates a local subkey that have the same encryption type as
-.Fa key .
-.Pp
-.Fn krb5_auth_getremoteseqnumber
-.Fn krb5_auth_setremoteseqnumber ,
-.Fn krb5_auth_getlocalseqnumber
-and
-.Fn krb5_auth_setlocalseqnumber
-gets and sets the sequence-number for the local and remote
-sequence-number counter.
-.Pp
-.Fn krb5_auth_setkeytype
-and
-.Fn krb5_auth_getkeytype
-gets and gets the keytype of the keyblock in
-.Nm krb5_auth_context .
-.Pp
-.Fn krb5_auth_con_getauthenticator
-Retrieves the authenticator that was used during mutual
-authentication. The
-.Dv authenticator
-returned should be freed by calling
-.Fn krb5_free_authenticator .
-.Pp
-.Fn krb5_auth_con_getrcache
-and
-.Fn krb5_auth_con_setrcache
-gets and sets the replay-cache.
-.Pp
-.Fn krb5_auth_con_initivector
-allocates memory for and zeros the initial vector in the
-.Fa auth_context
-keyblock.
-.Pp
-.Fn krb5_auth_con_setivector
-sets the i_vector portion of
-.Fa auth_context
-to
-.Fa ivector .
-.Pp
-.Fn krb5_free_authenticator
-free the content of
-.Fa authenticator
-and
-.Fa authenticator
-itself.
-.Sh SEE ALSO
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
deleted file mode 100644
index e74c754..0000000
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_BUILD_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_make_principal
-.Nd principal creation functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Sh DESCRIPTION
-These functions create a Kerberos 5 principal from a realm and a list
-of components.
-All of these functions return an allocated principal in the
-.Fa principal
-parameter, this should be freed with
-.Fn krb5_free_principal
-after use.
-.Pp
-The
-.Dq build
-functions take a
-.Fa realm
-and the length of the realm.  The
-.Fn krb5_build_principal
-and
-.Fn krb5_build_principal_va
-also takes a list of components (zero-terminated strings), terminated
-with
-.Dv NULL .
-The
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-takes a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-The
-.Fn krb5_make_principal
-is a wrapper around
-.Fn krb5_build_principal .
-If the realm is
-.Dv NULL ,
-the default realm will be used.
-.Sh BUGS
-You can not have a NUL in a component. Until someone can give a good
-example of where it would be a good idea to have NUL's in a component,
-this will not be fixed.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 b/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3
deleted file mode 100644
index a323cce..0000000
--- a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3
+++ /dev/null
@@ -1,297 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_c_make_checksum.3 19066 2006-11-17 22:09:25Z lha $
-.\"
-.Dd Nov  17, 2006
-.Dt KRB5_C_MAKE_CHECKSUM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_c_block_size ,
-.Nm krb5_c_decrypt ,
-.Nm krb5_c_encrypt ,
-.Nm krb5_c_encrypt_length ,
-.Nm krb5_c_enctype_compare ,
-.Nm krb5_c_get_checksum ,
-.Nm krb5_c_is_coll_proof_cksum ,
-.Nm krb5_c_is_keyed_cksum ,
-.Nm krb5_c_keylength ,
-.Nm krb5_c_make_checksum ,
-.Nm krb5_c_make_random_key ,
-.Nm krb5_c_set_checksum ,
-.Nm krb5_c_valid_cksumtype ,
-.Nm krb5_c_valid_enctype ,
-.Nm krb5_c_verify_checksum ,
-.Nm krb5_c_checksum_length
-.Nd Kerberos 5 crypto API
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_c_block_size
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t *blocksize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_decrypt
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *ivec"
-.Fa "krb5_enc_data *input"
-.Fa "krb5_data *output"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_encrypt
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *ivec"
-.Fa "const krb5_data *input"
-.Fa "krb5_enc_data *output"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_encrypt_length
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t inputlen"
-.Fa "size_t *length"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_enctype_compare
-.Fa "krb5_context context"
-.Fa "krb5_enctype e1"
-.Fa "krb5_enctype e2"
-.Fa "krb5_boolean *similar"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_make_random_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock *random_key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_make_checksum
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cksumtype"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *input"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_verify_checksum
-.Fa "krb5_context context
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *data"
-.Fa "const krb5_checksum *cksum"
-.Fa "krb5_boolean *valid"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_checksum_length
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cksumtype"
-.Fa "size_t *length"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_get_checksum
-.Fa "krb5_context context"
-.Fa "const krb5_checksum *cksum"
-.Fa "krb5_cksumtype *type"
-.Fa "krb5_data **data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_set_checksum
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fa "krb5_cksumtype type"
-.Fa "const krb5_data *data"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_valid_enctype
-.Fa krb5_enctype etype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_valid_cksumtype
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_is_coll_proof_cksum
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_is_keyed_cksum
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_keylengths
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t *inlength"
-.Fa "size_t *keylength"
-.Fc
-.Sh DESCRIPTION
-The functions starting with krb5_c are compat functions with MIT kerberos.
-.Pp
-The
-.Li krb5_enc_data
-structure holds and encrypted data.
-There are two public accessable members of
-.Li krb5_enc_data .
-.Li enctype
-that holds the encryption type of the data encrypted and
-.Li ciphertext
-that is a
-.Ft krb5_data
-that might contain the encrypted data.
-.Pp
-.Fn krb5_c_block_size
-returns the blocksize of the encryption type.
-.Pp
-.Fn krb5_c_decrypt
-decrypts
-.Fa input
-and store the data in
-.Fa output.
-If 
-.Fa ivec
-is
-.Dv NULL
-the default initialization vector for that encryption type will be used.
-.Pp
-.Fn krb5_c_encrypt
-encrypts the plaintext in
-.Fa input
-and store the ciphertext in
-.Fa output .
-.Pp
-.Fn krb5_c_encrypt_length
-returns the length the encrypted data given the plaintext length.
-.Pp
-.Fn krb5_c_enctype_compare
-compares to encryption types and returns if they use compatible
-encryption key types.
-.Pp
-.Fn krb5_c_make_checksum
-creates a checksum
-.Fa cksum
-with the checksum type
-.Fa cksumtype
-of the data in
-.Fa data .
-.Fa key
-and
-.Fa usage
-are used if the checksum is a keyed checksum type.
-Returns 0 or an error code.
-.Pp
-.Fn krb5_c_verify_checksum
-verifies the checksum
-of
-.Fa data
-in
-.Fa cksum
-that was created with
-.Fa key
-using the key usage
-.Fa usage .
-.Fa verify
-is set to non-zero if the checksum verifies correctly and zero if not.
-Returns 0 or an error code.
-.Pp
-.Fn krb5_c_checksum_length
-returns the length of the checksum.
-.Pp
-.Fn krb5_c_set_checksum
-sets the
-.Li krb5_checksum
-structure given
-.Fa type
-and
-.Fa data .
-The content of
-.Fa cksum
-should be freeed with
-.Fn krb5_c_free_checksum_contents .
-.Pp
-.Fn krb5_c_get_checksum
-retrieves the components of the
-.Li krb5_checksum .
-structure.
-.Fa data
-should be free with
-.Fn krb5_free_data .
-If some either of
-.Fa data
-or
-.Fa checksum
-is not needed for the application, 
-.Dv NULL
-can be passed in.
-.Pp
-.Fn krb5_c_valid_enctype
-returns true if
-.Fa etype
-is a valid encryption type.
-.Pp
-.Fn krb5_c_valid_cksumtype
-returns true if
-.Fa ctype
-is a valid checksum type.
-.Pp
-.Fn krb5_c_is_keyed_cksum
-return true if
-.Fa ctype
-is a keyed checksum type.
-.Pp
-.Fn krb5_c_is_coll_proof_cksum
-returns true if
-.Fa ctype
-is a collition proof checksum type.
-.Pp
-.Fn krb5_c_keylengths
-return the minimum length (
-.Fa inlength )
-bytes needed to create a key and the
-length (
-.Fa keylength )
-of the resulting key
-for the
-.Fa enctype .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_free_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3
deleted file mode 100644
index 3fca595..0000000
--- a/crypto/heimdal/lib/krb5/krb5_ccache.3
+++ /dev/null
@@ -1,517 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_ccache.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd October 19, 2005
-.Dt KRB5_CCACHE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_ccache ,
-.Nm krb5_cc_cursor ,
-.Nm krb5_cc_ops ,
-.Nm krb5_fcc_ops ,
-.Nm krb5_mcc_ops ,
-.Nm krb5_cc_clear_mcred ,
-.Nm krb5_cc_close ,
-.Nm krb5_cc_copy_cache ,
-.Nm krb5_cc_default ,
-.Nm krb5_cc_default_name ,
-.Nm krb5_cc_destroy ,
-.Nm krb5_cc_end_seq_get ,
-.Nm krb5_cc_gen_new ,
-.Nm krb5_cc_get_full_name ,
-.Nm krb5_cc_get_name ,
-.Nm krb5_cc_get_ops ,
-.Nm krb5_cc_get_prefix_ops ,
-.Nm krb5_cc_get_principal ,
-.Nm krb5_cc_get_type ,
-.Nm krb5_cc_get_version ,
-.Nm krb5_cc_initialize ,
-.Nm krb5_cc_next_cred ,
-.Nm krb5_cc_next_cred_match ,
-.Nm krb5_cc_new_unique ,
-.Nm krb5_cc_register ,
-.Nm krb5_cc_remove_cred ,
-.Nm krb5_cc_resolve ,
-.Nm krb5_cc_retrieve_cred ,
-.Nm krb5_cc_set_default_name ,
-.Nm krb5_cc_set_flags ,
-.Nm krb5_cc_start_seq_get ,
-.Nm krb5_cc_store_cred
-.Nd mange credential cache
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_ccache;"
-.Pp
-.Li "struct krb5_cc_cursor;"
-.Pp
-.Li "struct krb5_cc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_fcc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_mcc_ops;"
-.Pp
-.Ft void
-.Fo krb5_cc_clear_mcred
-.Fa "krb5_creds *mcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_close
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_copy_cache
-.Fa "krb5_context context"
-.Fa "const krb5_ccache from"
-.Fa "krb5_ccache to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_default
-.Fa "krb5_context context"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_default_name
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_destroy
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_end_seq_get
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_gen_new
-.Fa "krb5_context context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_full_name
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "char **str"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_name
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_principal
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal *principal"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_type
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft "const krb5_cc_ops *"
-.Fo krb5_cc_get_ops
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft "const krb5_cc_ops *"
-.Fo krb5_cc_get_prefix_ops
-.Fa "krb5_context context"
-.Fa "const char *prefix"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_version
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_initialize
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal primary_principal"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_register
-.Fa "krb5_context context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_boolean override"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_resolve
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_retrieve_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_remove_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags which"
-.Fa "krb5_creds *cred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_default_name
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_start_seq_get
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_store_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_flags
-.Fa "krb5_context context"
-.Fa "krb5_cc_set_flags id"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_next_cred
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_next_cred_match
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fa "krb5_creds *creds"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_new_unique
-.Fa "krb5_context context"
-.Fa "const char *type"
-.Fa "const char *hint"
-.Fa "krb5_ccache *id"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_ccache
-structure holds a Kerberos credential cache.
-.Pp
-The
-.Li krb5_cc_cursor
-structure holds current position in a credential cache when
-iterating over the cache.
-.Pp
-The
-.Li krb5_cc_ops
-structure holds a set of operations that can me preformed on a
-credential cache.
-.Pp
-There is no component inside
-.Li krb5_ccache ,
-.Li krb5_cc_cursor
-nor
-.Li krb5_fcc_ops
-that is directly referable.
-.Pp
-The
-.Li krb5_creds
-holds a Kerberos credential, see manpage for
-.Xr krb5_creds 3 .
-.Pp
-.Fn krb5_cc_default_name
-and
-.Fn krb5_cc_set_default_name
-gets and sets the default name for the
-.Fa context .
-.Pp
-.Fn krb5_cc_default
-opens the default credential cache in
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_gen_new
-generates a new credential cache of type
-.Fa ops
-in
-.Fa id .
-Return 0 or an error code.
-The Heimdal version of this function also runs
-.Fn krb5_cc_initialize
-on the credential cache, but since the MIT version doesn't, portable
-code must call krb5_cc_initialize.
-.Pp
-.Fn krb5_cc_new_unique
-generates a new unique credential cache of
-.Fa type
-in
-.Fa id .
-If type is
-.Dv NULL ,
-the library chooses the default credential cache type.
-The supplied
-.Fa hint
-(that can be
-.Dv NULL )
-is a string that the credential cache type can use to base the name of
-the credential on, this is to make it easier for the user to
-differentiate the credentials.
-The returned credential cache
-.Fa id
-should be freed using
-.Fn krb5_cc_close
-or
-.Fn krb5_cc_destroy .
-Returns 0 or an error code.
-.Pp
-.Fn krb5_cc_resolve
-finds and allocates a credential cache in
-.Fa id
-from the specification in
-.Fa residual .
-If the credential cache name doesn't contain any colon (:), interpret it as a
-file name.
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_initialize
-creates a new credential cache in
-.Fa id
-for
-.Fa primary_principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_close
-stops using the credential cache
-.Fa id
-and frees the related resources.
-Return 0 or an error code.
-.Fn krb5_cc_destroy
-removes the credential cache
-and closes (by calling
-.Fn krb5_cc_close )
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_copy_cache
-copys the contents of
-.Fa from
-to
-.Fa to .
-.Pp
-.Fn krb5_cc_get_full_name
-returns the complete resolvable name of the credential cache
-.Fa id
-in
-.Fa str .
-.Fa str
-should be freed with
-.Xr free 3 .
-Returns 0 or an error, on error
-.Fa *str
-is set to
-.Dv NULL .
-.Pp
-.Fn krb5_cc_get_name
-returns the name of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_principal
-returns the principal of
-.Fa id
-in
-.Fa principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_get_type
-returns the type of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_ops
-returns the ops of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_version
-returns the version of
-.Fa id .
-.Pp
-.Fn krb5_cc_register
-Adds a new credential cache type with operations
-.Fa ops ,
-overwriting any existing one if
-.Fa override .
-Return an error code or 0.
-.Pp
-.Fn krb5_cc_get_prefix_ops
-Get the cc ops that is registered in
-.Fa context
-to handle the
-.Fa prefix .
-Returns
-.Dv NULL
-if ops not found.
-.Pp
-.Fn krb5_cc_remove_cred
-removes the credential identified by
-.Fa ( cred ,
-.Fa which )
-from
-.Fa id .
-.Pp
-.Fn krb5_cc_store_cred
-stores
-.Fa creds
-in the credential cache
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_set_flags
-sets the flags of
-.Fa id
-to
-.Fa flags .
-.Pp
-.Fn krb5_cc_clear_mcred
-clears the
-.Fa mcreds
-argument so it is reset and can be used with
-.Fa krb5_cc_retrieve_cred .
-.Pp
-.Fn krb5_cc_retrieve_cred ,
-retrieves the credential identified by
-.Fa mcreds
-(and
-.Fa whichfields )
-from
-.Fa id
-in
-.Fa creds .
-.Fa creds
-should be freed using
-.Fn krb5_free_cred_contents .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_start_seq_get
-initiates the
-.Li krb5_cc_cursor
-structure to be used for iteration over the credential cache.
-.Pp
-.Fn krb5_cc_next_cred
-retrieves the next cred pointed to by
-.Fa ( id ,
-.Fa cursor )
-in
-.Fa creds ,
-and advance
-.Fa cursor .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_next_cred_match
-is similar to
-.Fn krb5_cc_next_cred
-except that it will only return creds matching 
-.Fa whichfields
-and
-.Fa mcreds
-(as interpreted by 
-.Xr krb5_compare_creds 3 . )
-.Pp
-.Fn krb5_cc_end_seq_get
-Destroys the cursor
-.Fa cursor .
-.Sh EXAMPLE
-This is a minimalistic version of
-.Nm klist .
-.Pp
-.Bd -literal
-#include <krb5.h>
-
-int
-main (int argc, char **argv)
-{
-    krb5_context context;
-    krb5_cc_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache id;
-    krb5_creds creds;
-
-    if (krb5_init_context (&context) != 0)
-	errx(1, "krb5_context");
-
-    ret = krb5_cc_default (context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_cc_start_seq_get(context, id, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
-
-    while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
-        char *principal;
-
-	krb5_unparse_name_short(context, creds.server, &principal);
-	printf("principal: %s\\n", principal);
-	free(principal);
-	krb5_free_cred_contents (context, &creds);
-    }
-    ret = krb5_cc_end_seq_get(context, id, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
-
-    krb5_cc_close(context, id);
-
-    krb5_free_context(context);
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ccapi.h b/crypto/heimdal/lib/krb5/krb5_ccapi.h
deleted file mode 100644
index 59a3842..0000000
--- a/crypto/heimdal/lib/krb5/krb5_ccapi.h
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */
-
-#ifndef KRB5_CCAPI_H
-#define KRB5_CCAPI_H 1
-
-#include <krb5-types.h>
-
-enum {
-    cc_credentials_v5 = 2
-};
-
-enum {
-    ccapi_version_3 = 3,
-    ccapi_version_4 = 4
-};
-
-enum {
-    ccNoError						= 0,
-    
-    ccIteratorEnd					= 201,
-    ccErrBadParam,
-    ccErrNoMem,
-    ccErrInvalidContext,
-    ccErrInvalidCCache,
-
-    ccErrInvalidString,					/* 206 */
-    ccErrInvalidCredentials,
-    ccErrInvalidCCacheIterator,
-    ccErrInvalidCredentialsIterator,
-    ccErrInvalidLock,
-    
-    ccErrBadName,					/* 211 */
-    ccErrBadCredentialsVersion,
-    ccErrBadAPIVersion,
-    ccErrContextLocked,
-    ccErrContextUnlocked,
-    
-    ccErrCCacheLocked,					/* 216 */
-    ccErrCCacheUnlocked,
-    ccErrBadLockType,
-    ccErrNeverDefault,
-    ccErrCredentialsNotFound,
-    
-    ccErrCCacheNotFound,				/* 221 */
-    ccErrContextNotFound,
-    ccErrServerUnavailable,
-    ccErrServerInsecure,
-    ccErrServerCantBecomeUID,
-    
-    ccErrTimeOffsetNotSet				/* 226 */
-};
-
-typedef int32_t cc_int32;
-typedef uint32_t cc_uint32;
-typedef struct cc_context_t *cc_context_t;
-typedef struct cc_ccache_t *cc_ccache_t;
-typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t;
-typedef struct cc_credentials_v5_t cc_credentials_v5_t;
-typedef struct cc_credentials_t *cc_credentials_t;
-typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t;
-typedef struct cc_string_t *cc_string_t;
-typedef time_t cc_time_t;
-
-typedef struct cc_data {
-    cc_uint32 type;
-    cc_uint32 length;
-    void *data;
-} cc_data;
-
-struct cc_credentials_v5_t {
-    char *client;
-    char *server;
-    cc_data keyblock;
-    cc_time_t authtime;
-    cc_time_t starttime;
-    cc_time_t endtime;
-    cc_time_t renew_till;
-    cc_uint32 is_skey;
-    cc_uint32 ticket_flags;
-#define	KRB5_CCAPI_TKT_FLG_FORWARDABLE			0x40000000
-#define	KRB5_CCAPI_TKT_FLG_FORWARDED			0x20000000
-#define	KRB5_CCAPI_TKT_FLG_PROXIABLE			0x10000000
-#define	KRB5_CCAPI_TKT_FLG_PROXY			0x08000000
-#define	KRB5_CCAPI_TKT_FLG_MAY_POSTDATE			0x04000000
-#define	KRB5_CCAPI_TKT_FLG_POSTDATED			0x02000000
-#define	KRB5_CCAPI_TKT_FLG_INVALID			0x01000000
-#define	KRB5_CCAPI_TKT_FLG_RENEWABLE			0x00800000
-#define	KRB5_CCAPI_TKT_FLG_INITIAL			0x00400000
-#define	KRB5_CCAPI_TKT_FLG_PRE_AUTH			0x00200000
-#define	KRB5_CCAPI_TKT_FLG_HW_AUTH			0x00100000
-#define	KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED	0x00080000
-#define	KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE		0x00040000
-#define	KRB5_CCAPI_TKT_FLG_ANONYMOUS			0x00020000
-    cc_data **addresses;
-    cc_data ticket;
-    cc_data second_ticket;
-    cc_data **authdata;
-};
-
-
-typedef struct cc_string_functions {
-    cc_int32 (*release)(cc_string_t);
-} cc_string_functions;
-
-struct cc_string_t {
-    const char *data;
-    const cc_string_functions *func;
-};
-
-typedef struct cc_credentials_union {
-    cc_int32 version;
-    union {
-	cc_credentials_v5_t* credentials_v5;
-    } credentials;
-} cc_credentials_union;
-
-struct cc_credentials_functions {
-    cc_int32 (*release)(cc_credentials_t);
-    cc_int32 (*compare)(cc_credentials_t, cc_credentials_t, cc_uint32*);
-};
-
-struct cc_credentials_t {
-    const cc_credentials_union* data;
-    const struct cc_credentials_functions* func;
-};
-
-struct cc_credentials_iterator_functions {
-    cc_int32 (*release)(cc_credentials_iterator_t);
-    cc_int32 (*next)(cc_credentials_iterator_t, cc_credentials_t*);
-};
-
-struct cc_credentials_iterator_t {
-    const struct cc_credentials_iterator_functions *func;
-};
-
-struct cc_ccache_iterator_functions {
-    cc_int32 (*release) (cc_ccache_iterator_t);
-    cc_int32 (*next)(cc_ccache_iterator_t, cc_ccache_t*);
-};
-
-struct cc_ccache_iterator_t {
-    const struct cc_ccache_iterator_functions* func;
-};
-
-typedef struct cc_ccache_functions {
-    cc_int32 (*release)(cc_ccache_t);
-    cc_int32 (*destroy)(cc_ccache_t);
-    cc_int32 (*set_default)(cc_ccache_t);
-    cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*);
-    cc_int32 (*get_name)(cc_ccache_t, cc_string_t*);
-    cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*);
-    cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*);
-    cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*);
-    cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t);
-    cc_int32 (*new_credentials_iterator)(cc_ccache_t,
-					 cc_credentials_iterator_t*);
-    cc_int32 (*move)(cc_ccache_t, cc_ccache_t);
-    cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32);
-    cc_int32 (*unlock)(cc_ccache_t);
-    cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*);
-    cc_int32 (*get_change_time)(cc_ccache_t, cc_time_t*);
-    cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*);
-    cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *);
-    cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t);
-    cc_int32 (*clear_kdc_time_offset)(cc_ccache_t, cc_int32);
-} cc_ccache_functions;
-
-struct cc_ccache_t {
-    const cc_ccache_functions *func;
-};
-
-struct  cc_context_functions {
-    cc_int32 (*release)(cc_context_t);
-    cc_int32 (*get_change_time)(cc_context_t, cc_time_t *);
-    cc_int32 (*get_default_ccache_name)(cc_context_t, cc_string_t*);
-    cc_int32 (*open_ccache)(cc_context_t, const char*, cc_ccache_t *);
-    cc_int32 (*open_default_ccache)(cc_context_t, cc_ccache_t*);
-    cc_int32 (*create_ccache)(cc_context_t,const char*, cc_uint32,
-			      const char*, cc_ccache_t*);
-    cc_int32 (*create_default_ccache)(cc_context_t, cc_uint32,
-				      const char*, cc_ccache_t*);
-    cc_int32 (*create_new_ccache)(cc_context_t, cc_uint32,
-				  const char*, cc_ccache_t*);
-    cc_int32 (*new_ccache_iterator)(cc_context_t, cc_ccache_iterator_t*);
-    cc_int32 (*lock)(cc_context_t, cc_uint32, cc_uint32);
-    cc_int32 (*unlock)(cc_context_t);
-    cc_int32 (*compare)(cc_context_t, cc_context_t, cc_uint32*);
-};
-
-struct cc_context_t {
-    const struct cc_context_functions* func;
-};
-
-typedef cc_int32 
-(*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **);
-
-#endif /* KRB5_CCAPI_H */
diff --git a/crypto/heimdal/lib/krb5/krb5_check_transited.3 b/crypto/heimdal/lib/krb5/krb5_check_transited.3
deleted file mode 100644
index 65ce077..0000000
--- a/crypto/heimdal/lib/krb5/krb5_check_transited.3
+++ /dev/null
@@ -1,106 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_check_transited.3 17382 2006-05-01 07:09:16Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_CHECK_TRANSITED 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_check_transited ,
-.Nm krb5_check_transited_realms ,
-.Nm krb5_domain_x500_decode ,
-.Nm krb5_domain_x500_encode
-.Nd realm transit verification and encoding/decoding functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_check_transited
-.Fa "krb5_context context"
-.Fa "krb5_const_realm client_realm"
-.Fa "krb5_const_realm server_realm"
-.Fa "krb5_realm *realms"
-.Fa "int num_realms"
-.Fa "int *bad_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_check_transited_realms
-.Fa "krb5_context context"
-.Fa "const char *const *realms"
-.Fa "int num_realms"
-.Fa "int *bad_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_domain_x500_decode
-.Fa "krb5_context context"
-.Fa "krb5_data tr"
-.Fa "char ***realms"
-.Fa "int *num_realms"
-.Fa "const char *client_realm"
-.Fa "const char *server_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_domain_x500_encode
-.Fa "char **realms"
-.Fa "int num_realms"
-.Fa "krb5_data *encoding"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_check_transited
-checks the path from
-.Fa client_realm
-to
-.Fa server_realm
-where
-.Fa realms
-and
-.Fa num_realms
-is the realms between them.
-If the function returns an error value, 
-.Fa bad_realm
-will be set to the realm in the list causing the error.
-.Fn krb5_check_transited
-is used internally by the KDC and libkrb5 and should not be called by
-client applications.
-.Pp
-.Fn krb5_check_transited_realms
-is deprecated.
-.Pp
-.Fn krb5_domain_x500_encode
-and
-.Fn krb5_domain_x500_decode
-encodes and decodes the realm names in the X500 format that Kerberos
-uses to describe the transited realms in krbtgts.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_compare_creds.3 b/crypto/heimdal/lib/krb5/krb5_compare_creds.3
deleted file mode 100644
index 9fd2bbb..0000000
--- a/crypto/heimdal/lib/krb5/krb5_compare_creds.3
+++ /dev/null
@@ -1,104 +0,0 @@
-.\" Copyright (c) 2004-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_compare_creds.3 15110 2005-05-10 09:21:06Z lha $
-.\"
-.Dd May 10, 2005
-.Dt KRB5_COMPARE_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_compare_creds
-.Nd compare Kerberos 5 credentials
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_compare_creds
-.Fa "krb5_context context"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "const krb5_creds *creds"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_compare_creds
-compares
-.Fa mcreds
-(usually filled in by the application)
-to
-.Fa creds
-(most often from a credentials cache)
-and return
-.Dv TRUE
-if they are equal.
-Unless
-.Va mcreds-\*[Gt]server
-is
-.Dv NULL ,
-the service of the credentials are always compared.  If the client
-name in
-.Fa mcreds
-is present, the client names are also compared. This function is
-normally only called indirectly via
-.Xr krb5_cc_retrieve_cred 3 .
-.Pp
-The following flags, set in
-.Fa whichfields ,
-affects the comparison:
-.Bl -tag -width KRB5_TC_MATCH_SRV_NAMEONLY -compact -offset indent
-.It KRB5_TC_MATCH_SRV_NAMEONLY
-Consider all realms equal when comparing the service principal.
-.It KRB5_TC_MATCH_KEYTYPE
-Compare enctypes.
-.It KRB5_TC_MATCH_FLAGS_EXACT
-Make sure that the ticket flags are identical.
-.It KRB5_TC_MATCH_FLAGS
-Make sure that all ticket flags set in
-.Fa mcreds
-are also present  in
-.Fa creds .
-.It KRB5_TC_MATCH_TIMES_EXACT
-Compares the ticket times exactly.
-.It KRB5_TC_MATCH_TIMES
-Compares only the expiration times of the creds.
-.It KRB5_TC_MATCH_AUTHDATA
-Compares the authdata fields.
-.It KRB5_TC_MATCH_2ND_TKT
-Compares the second tickets (used by user-to-user authentication).
-.It KRB5_TC_MATCH_IS_SKEY
-Compares the existance of the second ticket.
-.El
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_cc_retrieve_cred 3 ,
-.Xr krb5_creds 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3
deleted file mode 100644
index 9c302ae..0000000
--- a/crypto/heimdal/lib/krb5/krb5_config.3
+++ /dev/null
@@ -1,307 +0,0 @@
-.\" Copyright (c) 2000 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"
-.\" $Id: krb5_config.3 21905 2007-08-10 10:16:45Z lha $
-.\"
-.Dd August 10, 2007
-.Dt KRB5_CONFIG_GET 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_config_file_free ,
-.Nm krb5_config_free_strings ,
-.Nm krb5_config_get ,
-.Nm krb5_config_get_bool ,
-.Nm krb5_config_get_bool_default ,
-.Nm krb5_config_get_int ,
-.Nm krb5_config_get_int_default ,
-.Nm krb5_config_get_list ,
-.Nm krb5_config_get_next ,
-.Nm krb5_config_get_string ,
-.Nm krb5_config_get_string_default ,
-.Nm krb5_config_get_strings ,
-.Nm krb5_config_get_time ,
-.Nm krb5_config_get_time_default ,
-.Nm krb5_config_parse_file ,
-.Nm krb5_config_parse_file_multi ,
-.Nm krb5_config_vget ,
-.Nm krb5_config_vget_bool ,
-.Nm krb5_config_vget_bool_default ,
-.Nm krb5_config_vget_int ,
-.Nm krb5_config_vget_int_default ,
-.Nm krb5_config_vget_list ,
-.Nm krb5_config_vget_next ,
-.Nm krb5_config_vget_string ,
-.Nm krb5_config_vget_string_default ,
-.Nm krb5_config_vget_strings ,
-.Nm krb5_config_vget_time ,
-.Nm krb5_config_vget_time_default
-.Nd get configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_config_file_free
-.Fa "krb5_context context"
-.Fa "krb5_config_section *s"
-.Fc
-.Ft void
-.Fo krb5_config_free_strings
-.Fa "char **strings"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_get
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int type"
-.Fa "..."
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_get_bool
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_get_bool_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "krb5_boolean def_value"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_int
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_int_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "int def_value"
-.Fa "..."
-.Fc
-.Ft const char*
-.Fo krb5_config_get_string
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft const char*
-.Fo krb5_config_get_string_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "const char *def_value"
-.Fa "..."
-.Fc
-.Ft "char**"
-.Fo krb5_config_get_strings
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_time
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_time_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "int def_value"
-.Fa "..."
-.Fc
-.Ft krb5_error_code
-.Fo krb5_config_parse_file
-.Fa "krb5_context context"
-.Fa "const char *fname"
-.Fa "krb5_config_section **res"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_config_parse_file_multi
-.Fa "krb5_context context"
-.Fa "const char *fname"
-.Fa "krb5_config_section **res"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_vget
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int type"
-.Fa "va_list args"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_vget_bool
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_vget_bool_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "krb5_boolean def_value"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_int
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_int_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int def_value"
-.Fa "va_list args"
-.Fc
-.Ft "const krb5_config_binding *"
-.Fo krb5_config_vget_list
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_vget_next
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "const krb5_config_binding **pointer"
-.Fa "int type"
-.Fa "va_list args"
-.Fc
-.Ft "const char *"
-.Fo krb5_config_vget_string
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft "const char *"
-.Fo krb5_config_vget_string_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "const char *def_value"
-.Fa "va_list args"
-.Fc
-.Ft char **
-.Fo krb5_config_vget_strings
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_time
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_time_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int def_value"
-.Fa "va_list args"
-.Fc
-.Sh DESCRIPTION
-These functions get values from the
-.Xr krb5.conf 5
-configuration file, or another configuration database specified by the
-.Fa c
-parameter.
-.Pp
-The variable arguments should be a list of strings naming each
-subsection to look for. For example:
-.Bd -literal -offset indent
-krb5_config_get_bool_default(context, NULL, FALSE, 
-     "libdefaults", "log_utc", NULL);
-.Ed
-.Pp
-gets the boolean value for the
-.Dv log_utc
-option, defaulting to
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_bool_default
-will convert the option value to a boolean value, where
-.Sq yes ,
-.Sq true ,
-and any non-zero number means
-.Dv TRUE ,
-and any other value
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_int_default
-will convert the value to an integer.
-.Pp
-.Fn krb5_config_get_time_default
-will convert the value to a period of time (not a time stamp) in
-seconds, so the string
-.Sq 2 weeks
-will be converted to
-1209600 (2 * 7 * 24 * 60 * 60).
-.Pp
-.Fn krb5_config_get_string
-returns a
-.Ft "const char *"
-to a string in the configuration database.  The string not be valid
-after reload of the configuration database
-.\" or a call to .Fn krb5_config_set_string ,
-so a caller should make a local copy if its need to keep the database.
-.Pp
-.Fn krb5_config_free_strings
-free
-.Fa strings
-as returned by
-.Fn krb5_config_get_strings
-and
-.Fn krb5_config_vget_strings .
-If the argument
-.Fa strings
-is a 
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn krb5_config_file_free
-free the result of
-.Fn krb5_config_parse_file
-and
-.Fn krb5_config_parse_file_multi .
-.Sh SEE ALSO
-.Xr krb5_appdefault 3 ,
-.Xr krb5_init_context 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-For the default functions, other than for the string case, there's no
-way to tell whether there was a value specified or not.
diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3
deleted file mode 100644
index 5bfcc26..0000000
--- a/crypto/heimdal/lib/krb5/krb5_context.3
+++ /dev/null
@@ -1,56 +0,0 @@
-.\" Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_context.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd January 21, 2001
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_context
-.Nd krb5 state structure
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-The
-.Nm
-structure is designed to hold all per thread state. All global
-variables that are context specific are stored in this structure,
-including default encryption types, credentials-cache (ticket file), and
-default realms.
-.Pp
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Sh SEE ALSO
-.Xr krb5_init_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3
deleted file mode 100644
index 43d5b4e..0000000
--- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3
+++ /dev/null
@@ -1,226 +0,0 @@
-.\" Copyright (c) 1999-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_create_checksum.3 15921 2005-08-12 09:01:22Z lha $
-.\"
-.Dd August 12, 2005
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_checksum ,
-.Nm krb5_checksum_disable ,
-.Nm krb5_checksum_is_collision_proof ,
-.Nm krb5_checksum_is_keyed ,
-.Nm krb5_checksumsize ,
-.Nm krb5_cksumtype_valid ,
-.Nm krb5_copy_checksum ,
-.Nm krb5_create_checksum ,
-.Nm krb5_crypto_get_checksum_type
-.Nm krb5_free_checksum ,
-.Nm krb5_free_checksum_contents ,
-.Nm krb5_hmac ,
-.Nm krb5_verify_checksum
-.Nd creates, handles and verifies checksums
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "typedef Checksum krb5_checksum;"
-.Ft void
-.Fo krb5_checksum_disable
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_checksum_is_collision_proof
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_checksum_is_keyed
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cksumtype_valid
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_checksumsize
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fa "size_t *size"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_create_checksum
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_key_usage usage"
-.Fa "int type"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "Checksum *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_checksum
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_key_usage usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "Checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_get_checksum_type
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_cksumtype *type"
-.Fc
-.Ft void
-.Fo krb5_free_checksum
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft void
-.Fo krb5_free_checksum_contents
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_hmac
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cktype"
-.Fa "const void *data"
-.Fa "size_t len"
-.Fa "unsigned usage"
-.Fa "krb5_keyblock *key"
-.Fa "Checksum *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_checksum
-.Fa "krb5_context context"
-.Fa "const krb5_checksum *old"
-.Fa "krb5_checksum **new"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_checksum
-structure holds a Kerberos checksum.
-There is no component inside
-.Li krb5_checksum
-that is directly referable.
-.Pp
-The functions are used to create and verify checksums.
-.Fn krb5_create_checksum
-creates a checksum of the specified data, and puts it in
-.Fa result .
-If
-.Fa crypto
-is
-.Dv NULL ,
-.Fa usage_or_type
-specifies the checksum type to use; it must not be keyed. Otherwise
-.Fa crypto
-is an encryption context created by
-.Fn krb5_crypto_init ,
-and
-.Fa usage_or_type
-specifies a key-usage.
-.Pp
-.Fn krb5_verify_checksum
-verifies the
-.Fa checksum
-against the provided data.
-.Pp
-.Fn krb5_checksum_is_collision_proof
-returns true is the specified checksum is collision proof (that it's
-very unlikely that two strings has the same hash value, and that it's
-hard to find two strings that has the same hash). Examples of
-collision proof checksums are MD5, and SHA1, while CRC32 is not.
-.Pp
-.Fn krb5_checksum_is_keyed
-returns true if the specified checksum type is keyed (that the hash
-value is a function of both the data, and a separate key). Examples of
-keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
-.Dq plain
-hash functions MD5, and SHA1 are not keyed.
-.Pp
-.Fn krb5_crypto_get_checksum_type
-returns the checksum type that will be used when creating a checksum for the given
-.Fa crypto
-context.
-This function is useful in combination with
-.Fn krb5_checksumsize
-when you want to know the size a checksum will
-use when you create it.
-.Pp
-.Fn krb5_cksumtype_valid
-returns 0 or an error if the checksumtype is implemented and not
-currently disabled in this kerberos library.
-.Pp
-.Fn krb5_checksumsize
-returns the size of the outdata of checksum function.
-.Pp
-.Fn krb5_copy_checksum
-returns a copy of the checksum
-.Fn krb5_free_checksum
-should use used to free the
-.Fa new
-checksum.
-.Pp
-.Fn krb5_free_checksum
-free the checksum and the content of the checksum.
-.Pp
-.Fn krb5_free_checksum_contents
-frees the content of checksum in
-.Fa cksum .
-.Pp
-.Fn krb5_hmac
-calculates the HMAC over
-.Fa data
-(with length
-.Fa len )
-using the keyusage
-.Fa usage
-and keyblock
-.Fa key .
-Note that keyusage is not always used in checksums.
-.Pp
-.Nm krb5_checksum_disable
-globally disables the checksum type. 
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_crypto_init 3 ,
-.Xr krb5_c_encrypt 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_creds.3 b/crypto/heimdal/lib/krb5/krb5_creds.3
deleted file mode 100644
index 9eb9a2b..0000000
--- a/crypto/heimdal/lib/krb5/krb5_creds.3
+++ /dev/null
@@ -1,119 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_creds.3 17383 2006-05-01 07:13:03Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_creds ,
-.Nm krb5_copy_creds ,
-.Nm krb5_copy_creds_contents ,
-.Nm krb5_free_creds ,
-.Nm krb5_free_cred_contents
-.Nd Kerberos 5 credential handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_copy_creds
-.Fa "krb5_context context"
-.Fa "const krb5_creds *incred"
-.Fa "krb5_creds **outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_creds_contents
-.Fa "krb5_context context"
-.Fa "const krb5_creds *incred"
-.Fa "krb5_creds *outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_cred_contents
-.Fa "krb5_context context"
-.Fa "krb5_creds *cred"
-.Fc
-.Sh DESCRIPTION
-.Vt krb5_creds
-holds Kerberos credentials:
-.Bd -literal -offset
-typedef struct krb5_creds {
-    krb5_principal	client;
-    krb5_principal	server;
-    krb5_keyblock	session;
-    krb5_times		times;
-    krb5_data		ticket;
-    krb5_data		second_ticket;
-    krb5_authdata	authdata;
-    krb5_addresses	addresses;
-    krb5_ticket_flags	flags;
-} krb5_creds;
-.Ed
-.Pp
-.Fn krb5_copy_creds
-makes a copy of
-.Fa incred
-to
-.Fa outcred .
-.Fa outcred
-should be freed with
-.Fn krb5_free_creds
-by the caller.
-.Pp
-.Fn krb5_copy_creds_contents
-makes a copy of the content of
-.Fa incred
-to
-.Fa outcreds .
-.Fa outcreds
-should be freed by the called with
-.Fn krb5_free_creds_contents .
-.Pp
-.Fn krb5_free_creds
-frees the content of the 
-.Fa cred
-structure and the structure itself.
-.Pp
-.Fn krb5_free_cred_contents
-frees the content of the
-.Fa cred
-structure.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_compare_creds 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3
deleted file mode 100644
index 822006e..0000000
--- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_crypto_init.3 13563 2004-03-20 12:00:01Z lha $
-.\"
-.Dd April  7, 1999
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_crypto_destroy ,
-.Nm krb5_crypto_init
-.Nd encryption support in krb5
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto"
-.Ft krb5_error_code
-.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto"
-.Sh DESCRIPTION
-Heimdal exports parts of the Kerberos crypto interface for applications.
-.Pp
-Each kerberos encrytion/checksum function takes a crypto context.
-.Pp
-To setup and destroy crypto contextes there are two functions
-.Fn krb5_crypto_init
-and
-.Fn krb5_crypto_destroy .
-The encryption type to use is taken from the key, but can be overridden
-with the
-.Fa enctype parameter .
-This can be useful for encryptions types which is compatiable (DES for
-example).
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3
deleted file mode 100644
index 2ccff19..0000000
--- a/crypto/heimdal/lib/krb5/krb5_data.3
+++ /dev/null
@@ -1,159 +0,0 @@
-.\" Copyright (c) 2003 - 2005, 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_data.3 20040 2007-01-23 20:35:12Z lha $
-.\"
-.Dd Jan 23, 2007
-.Dt KRB5_DATA 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_data ,
-.Nm krb5_data_zero ,
-.Nm krb5_data_free ,
-.Nm krb5_free_data_contents ,
-.Nm krb5_free_data ,
-.Nm krb5_data_alloc ,
-.Nm krb5_data_realloc ,
-.Nm krb5_data_copy ,
-.Nm krb5_copy_data ,
-.Nm krb5_data_cmp
-.Nd operates on the Kerberos datatype krb5_data
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_data;"
-.Ft void
-.Fn krb5_data_zero "krb5_data *p"
-.Ft void
-.Fn krb5_data_free "krb5_data *p"
-.Ft void
-.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p"
-.Ft void
-.Fn krb5_free_data "krb5_context context" "krb5_data *p"
-.Ft krb5_error_code
-.Fn krb5_data_alloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_realloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata"
-.Ft krb5_error_code
-.Fn krb5_data_cmp "const krb5_data *data1" "const krb5_data *data2"
-.Sh DESCRIPTION
-The
-.Li krb5_data
-structure holds a data element.
-The structure contains two public accessible elements
-.Fa length
-(the length of data)
-and
-.Fa data
-(the data itself).
-The structure must always be initiated and freed by the functions
-documented in this manual.
-.Pp
-.Fn krb5_data_zero
-resets the content of
-.Fa p .
-.Pp
-.Fn krb5_data_free
-free the data in
-.Fa p
-and reset the content of the structure with
-.Fn krb5_data_zero .
-.Pp
-.Fn krb5_free_data_contents
-works the same way as
-.Fa krb5_data_free .
-The diffrence is that krb5_free_data_contents is more portable (exists
-in MIT api).
-.Pp
-.Fn krb5_free_data
-frees the data in
-.Fa p
-and
-.Fa p
-itself.
-.Pp
-.Fn krb5_data_alloc
-allocates
-.Fa len
-bytes in
-.Fa p .
-Returns 0 or an error.
-.Pp
-.Fn  krb5_data_realloc
-reallocates the length of
-.Fa p
-to the length in
-.Fa len .
-Returns 0 or an error.
-.Pp
-.Fn krb5_data_copy
-copies the
-.Fa data
-that have the length
-.Fa len
-into
-.Fa p .
-.Fa p
-is not freed so the calling function should make sure the
-.Fa p
-doesn't contain anything needs to be freed.
-Returns 0 or an error.
-.Pp
-.Fn krb5_copy_data
-copies the
-.Li krb5_data
-in
-.Fa indata
-to
-.Fa outdata .
-.Fa outdata
-is not freed so the calling function should make sure the
-.Fa outdata
-doesn't contain anything needs to be freed.
-.Fa outdata
-should be freed using
-.Fn krb5_free_data .
-Returns 0 or an error.
-.Pp
-.Fn krb5_data_cmp
-will compare two data object and check if they are the same in a
-simular way as memcmp does it.  The return value can be used for
-sorting.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_storage 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_digest.3 b/crypto/heimdal/lib/krb5/krb5_digest.3
deleted file mode 100644
index f9d7571..0000000
--- a/crypto/heimdal/lib/krb5/krb5_digest.3
+++ /dev/null
@@ -1,260 +0,0 @@
-.\" Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_digest.3 20259 2007-02-17 23:49:54Z lha $
-.\"
-.Dd February  18, 2007
-.Dt KRB5_DIGEST 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_digest ,
-.Nm krb5_digest_alloc ,
-.Nm krb5_digest_free ,
-.Nm krb5_digest_set_server_cb ,
-.Nm krb5_digest_set_type ,
-.Nm krb5_digest_set_hostname ,
-.Nm krb5_digest_get_server_nonce ,
-.Nm krb5_digest_set_server_nonce ,
-.Nm krb5_digest_get_opaque ,
-.Nm krb5_digest_set_opaque ,
-.Nm krb5_digest_get_identifier ,
-.Nm krb5_digest_set_identifier ,
-.Nm krb5_digest_init_request ,
-.Nm krb5_digest_set_client_nonce ,
-.Nm krb5_digest_set_digest ,
-.Nm krb5_digest_set_username ,
-.Nm krb5_digest_set_authid ,
-.Nm krb5_digest_set_authentication_user ,
-.Nm krb5_digest_set_realm ,
-.Nm krb5_digest_set_method ,
-.Nm krb5_digest_set_uri ,
-.Nm krb5_digest_set_nonceCount ,
-.Nm krb5_digest_set_qop ,
-.Nm krb5_digest_request ,
-.Nm krb5_digest_get_responseData ,
-.Nm krb5_digest_get_rsp ,
-.Nm krb5_digest_get_tickets ,
-.Nm krb5_digest_get_client_binding ,
-.Nm krb5_digest_get_a1_hash
-.Nd remote digest (HTTP-DIGEST, SASL, CHAP) suppport
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "typedef struct krb5_digest *krb5_digest;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_digest_alloc
-.Fa "krb5_context context"
-.Fa "krb5_digest *digest"
-.Fc
-.Ft void
-.Fo krb5_digest_free
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_type
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_server_cb
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *type"
-.Fa "const char *binding"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_hostname
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *hostname"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_server_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_server_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_opaque
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_opaque
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *opaque"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_identifier
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_identifier
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_init_request
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_realm realm"
-.Fa "krb5_ccache ccache"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_client_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_digest
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *dgst"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_username
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *username"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_authid
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *authid"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_authentication_user
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_principal authentication_user"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_realm
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_method
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *method"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_uri
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *uri"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_nonceCount
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce_count"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_qop
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *qop"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_request
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_realm realm"
-.Fa "krb5_ccache ccache"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_responseData
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_rsp
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_tickets
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "Ticket **tickets"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_client_binding
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "char **type"
-.Fa "char **binding"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_a1_hash
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_data *data"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn krb5_digest_alloc
-function allocatates the
-.Fa digest
-structure.  The structure should be freed with
-.Fn krb5_digest_free
-when it is no longer being used.
-.Pp
-.Fn krb5_digest_alloc
-returns 0 to indicate success.
-Otherwise an kerberos code is returned and the pointer that
-.Fa digest
-points to is set to
-.Dv NULL .
-.Pp
-.Fn krb5_digest_free
-free the structure
-.Fa digest .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 b/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3
deleted file mode 100644
index fcada92..0000000
--- a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_eai_to_heim_errno.3 14086 2004-08-03 11:13:46Z lha $
-.\"
-.Dd April 13, 2004
-.Dt KRB5_EAI_TO_HEIM_ERRNO 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_eai_to_heim_errno ,
-.Nm krb5_h_errno_to_heim_errno
-.Nd convert resolver error code to com_err error codes
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_eai_to_heim_errno
-.Fa "int eai_errno"
-.Fa "int system_error"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_errno_to_heim_errno
-.Fa "int eai_errno"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_eai_to_heim_errno
-and
-.Fn krb5_h_errno_to_heim_errno
-convert
-.Xr getaddrinfo 3 ,
-.Xr getnameinfo 3 ,
-and
-.Xr h_errno 3
-to com_err error code that are used by Heimdal, this is useful for for
-function returning kerberos errors and needs to communicate failures
-from resolver function.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3
deleted file mode 100644
index 76cb4c7..0000000
--- a/crypto/heimdal/lib/krb5/krb5_encrypt.3
+++ /dev/null
@@ -1,278 +0,0 @@
-.\" Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_encrypt.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd March 20, 2004
-.Dt KRB5_ENCRYPT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_crypto_getblocksize ,
-.Nm krb5_crypto_getconfoundersize
-.Nm krb5_crypto_getenctype ,
-.Nm krb5_crypto_getpadsize ,
-.Nm krb5_crypto_overhead ,
-.Nm krb5_decrypt ,
-.Nm krb5_decrypt_EncryptedData ,
-.Nm krb5_decrypt_ivec ,
-.Nm krb5_decrypt_ticket ,
-.Nm krb5_encrypt ,
-.Nm krb5_encrypt_EncryptedData ,
-.Nm krb5_encrypt_ivec ,
-.Nm krb5_enctype_disable ,
-.Nm krb5_enctype_keysize ,
-.Nm krb5_enctype_to_string ,
-.Nm krb5_enctype_valid ,
-.Nm krb5_get_wrapped_length ,
-.Nm krb5_string_to_enctype
-.Nd "encrypt and decrypt data, set and get encryption type parameters"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_encrypt
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_encrypt_EncryptedData
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "int kvno"
-.Fa "EncryptedData *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_encrypt_ivec
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fa "void *ivec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_EncryptedData
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "EncryptedData *e"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_ivec
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fa "void *ivec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_ticket
-.Fa "krb5_context context"
-.Fa "Ticket *ticket"
-.Fa "krb5_keyblock *key"
-.Fa "EncTicketPart *out"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getblocksize
-.Fa "krb5_context context"
-.Fa "size_t *blocksize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getenctype
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_enctype *enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getpadsize
-.Fa "krb5_context context"
-.Fa size_t *padsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getconfoundersize
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto
-.Fa size_t *confoundersize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_keysize
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "size_t *keysize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_overhead
-.Fa "krb5_context context"
-.Fa size_t *padsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_enctype
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "krb5_enctype *etype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_to_string
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fa "char **string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_valid
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fc
-.Ft void
-.Fo krb5_enctype_disable
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fc
-.Ft size_t
-.Fo krb5_get_wrapped_length
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "size_t data_len"
-.Fc
-.Sh DESCRIPTION
-These functions are used to encrypt and decrypt data.
-.Pp
-.Fn krb5_encrypt_ivec
-puts the encrypted version of
-.Fa data
-(of size
-.Fa len )
-in
-.Fa result .
-If the encryption type supports using derived keys,
-.Fa usage
-should be the appropriate key-usage.
-.Fa ivec
-is a pointer to a initial IV, it is modified to the end IV at the end of
-the round.
-Ivec should be the size of 
-If
-.Dv NULL
-is passed in, the default IV is used.
-.Fn krb5_encrypt
-does the same as
-.Fn krb5_encrypt_ivec
-but with
-.Fa ivec
-being
-.Dv NULL .
-.Fn krb5_encrypt_EncryptedData
-does the same as
-.Fn krb5_encrypt ,
-but it puts the encrypted data in a
-.Fa EncryptedData
-structure instead. If
-.Fa kvno
-is not zero, it will be put in the (optional)
-.Fa kvno
-field in the
-.Fa EncryptedData .
-.Pp
-.Fn krb5_decrypt_ivec ,
-.Fn krb5_decrypt ,
-and
-.Fn krb5_decrypt_EncryptedData
-works similarly.
-.Pp
-.Fn krb5_decrypt_ticket
-decrypts the encrypted part of 
-.Fa ticket
-with
-.Fa key .
-.Fn krb5_decrypt_ticket
-also verifies the timestamp in the ticket, invalid flag and if the KDC
-haven't verified the transited path, the transit path.
-.Pp
-.Fn krb5_enctype_keysize ,
-.Fn krb5_crypto_getconfoundersize ,
-.Fn krb5_crypto_getblocksize ,
-.Fn krb5_crypto_getenctype ,
-.Fn krb5_crypto_getpadsize ,
-.Fn krb5_crypto_overhead
-all returns various (sometimes) useful information from a crypto context.
-.Fn krb5_crypto_overhead
-is the combination of krb5_crypto_getconfoundersize,
-krb5_crypto_getblocksize and krb5_crypto_getpadsize and return the
-maximum overhead size.
-.Pp
-.Fn krb5_enctype_to_string
-converts a encryption type number to a string that can be printable
-and stored. The strings returned should be freed with
-.Xr free 3 .
-.Pp
-.Fn krb5_string_to_enctype
-converts a encryption type strings to a encryption type number that
-can use used for other Kerberos crypto functions.
-.Pp
-.Fn krb5_enctype_valid
-returns 0 if the encrypt is supported and not disabled, otherwise and
-error code is returned.
-.Pp
-.Fn krb5_enctype_disable
-(globally, for all contextes) disables the
-.Fa enctype .
-.Pp
-.Fn krb5_get_wrapped_length
-returns the size of an encrypted packet by
-.Fa crypto
-of length
-.Fa data_len .
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_crypto_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et
deleted file mode 100644
index 6714401..0000000
--- a/crypto/heimdal/lib/krb5/krb5_err.et
+++ /dev/null
@@ -1,266 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $"
-
-error_table krb5
-
-prefix KRB5KDC_ERR
-error_code NONE,		"No error"
-error_code NAME_EXP,		"Client's entry in database has expired"
-error_code SERVICE_EXP,		"Server's entry in database has expired"
-error_code BAD_PVNO,		"Requested protocol version not supported"
-error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
-error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
-error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
-error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
-error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
-error_code NULL_KEY,		"Client or server has a null key"
-error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
-error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
-error_code POLICY,		"KDC policy rejects request"
-error_code BADOPTION,		"KDC can't fulfill requested option"
-error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
-error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
-error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
-error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
-error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
-error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
-error_code TGT_REVOKED,		"TGT has been revoked"
-error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
-error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
-error_code KEY_EXPIRED,		"Password has expired"
-error_code PREAUTH_FAILED,	"Preauthentication failed"
-error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
-error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
-error_code KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only"
-error_code PATH_NOT_ACCEPTED,   "KDC Policy rejects transited path"
-error_code SVC_UNAVAILABLE, 	"A service is not available"
-
-index 31
-prefix KRB5KRB_AP
-error_code ERR_BAD_INTEGRITY,	"Decrypt integrity check failed"
-error_code ERR_TKT_EXPIRED,	"Ticket expired"
-error_code ERR_TKT_NYV,		"Ticket not yet valid"
-error_code ERR_REPEAT,		"Request is a replay"
-error_code ERR_NOT_US,		"The ticket isn't for us"
-error_code ERR_BADMATCH,	"Ticket/authenticator don't match"
-error_code ERR_SKEW,		"Clock skew too great"
-error_code ERR_BADADDR,		"Incorrect net address"
-error_code ERR_BADVERSION,	"Protocol version mismatch"
-error_code ERR_MSG_TYPE,	"Invalid message type"
-error_code ERR_MODIFIED,	"Message stream modified"
-error_code ERR_BADORDER,	"Message out of order"
-error_code ERR_ILL_CR_TKT,	"Invalid cross-realm ticket"
-error_code ERR_BADKEYVER,	"Key version is not available"
-error_code ERR_NOKEY,		"Service key not available"
-error_code ERR_MUT_FAIL,	"Mutual authentication failed"
-error_code ERR_BADDIRECTION,	"Incorrect message direction"
-error_code ERR_METHOD,		"Alternative authentication method required"
-error_code ERR_BADSEQ,		"Incorrect sequence number in message"
-error_code ERR_INAPP_CKSUM,	"Inappropriate type of checksum in message"
-error_code PATH_NOT_ACCEPTED,	"Policy rejects transited path"
-
-prefix KRB5KRB_ERR
-error_code RESPONSE_TOO_BIG,	"Response too big for UDP, retry with TCP"
-# 53-59 are reserved
-index 60
-error_code GENERIC,		"Generic error (see e-text)"
-error_code FIELD_TOOLONG,	"Field is too long for this implementation"
-
-# pkinit
-index 62
-prefix KRB5_KDC_ERR
-error_code CLIENT_NOT_TRUSTED,	"Client not trusted"
-error_code KDC_NOT_TRUSTED,	"KDC not trusted"
-error_code INVALID_SIG,		"Invalid signature"
-error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted"
-
-index 68
-prefix KRB5_KDC_ERR
-error_code WRONG_REALM,		"Wrong realm"
-
-index 69
-prefix KRB5_AP_ERR
-error_code USER_TO_USER_REQUIRED, "User to user required"
-
-index 70
-prefix KRB5_KDC_ERR
-error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
-error_code INVALID_CERTIFICATE, "Certificate invalid"
-error_code REVOKED_CERTIFICATE, "Certificate revoked"
-error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
-error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavaible"
-error_code CLIENT_NAME_MISMATCH, "Client name mismatch in certificate"
-error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose"
-error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted"
-error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included"
-error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted"
-error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported"
-
-## these are never used
-#index 80
-#prefix KRB5_IAKERB
-#error_code ERR_KDC_NOT_FOUND,	"IAKERB proxy could not find a KDC"
-#error_code ERR_KDC_NO_RESPONSE,	"IAKERB proxy never reeived a response from a KDC"
-
-# 82-127 are reserved
-
-index 128
-prefix
-error_code KRB5_ERR_RCSID,	"$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $"
-
-error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
-error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
-error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
-error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
-
-error_code KRB5_PARSE_ILLCHAR,		"Invalid character in component name"
-error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
-
-error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
-error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
-error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
-
-error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
-
-error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
-error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
-error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
-error_code KRB5_CC_END,			"End of credential cache reached"
-
-error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
-
-error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
-error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
-
-error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
-error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
-error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
-error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
-
-error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
-error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
-error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
-error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
-
-error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
-error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
-error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
-error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
-
-error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
-
-# some of these should be combined/supplanted by system codes
-
-error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
-error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
-error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
-error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
-error_code KRB5_RC_REPLAY,		"Message is a replay"
-error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
-error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
-error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
-
-error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
-error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
-error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
-error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
-error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
-error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
-
-error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
-error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
-
-error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
-error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
-error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
-
-error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
-
-error_code KRB5_KT_BADNAME,		"Key table name malformed"
-error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
-error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
-error_code KRB5_KT_END,			"End of key table reached"
-error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
-error_code KRB5_KT_IOERR,		"Error writing to key table"
-
-error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
-error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
-error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
-
-error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
-error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
-error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
-
-error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
-error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
-
-error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
-error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
-error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
-error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
-error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
-error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
-error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
-error_code KRB5_CC_NOT_KTYPE,		"No credentials found with supported encryption types"
-
-# errors for dual tgt library calls
-error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
-error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
-
-error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
-
-# errors for sendauth (and recvauth)
-
-error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
-error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
-error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
-error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
-
-# errors for preauthentication
-
-error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
-error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
-error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
-
-# version number errors
-
-error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
-error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
-error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
-
-#
-#
-
-error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
-error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
-error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
-error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
-error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
-
-error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4"
-error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
-error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
-error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
-
-error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
-error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
-
-error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
-error_code KRB5_SAM_INVALID_ETYPE,  "Invalid encryption type in SAM challenge"
-error_code KRB5_SAM_NO_CHECKSUM,  "Missing checksum in SAM challenge"
-error_code KRB5_SAM_BAD_CHECKSUM,  "Bad checksum in SAM challenge"
-
-index 238
-error_code KRB5_OBSOLETE_FN,	"Program called an obsolete, deleted function"
-
-index 245
-error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
-error_code KRB5_ERR_NO_SERVICE,	"Service not available"
-error_code KRB5_CC_NOSUPP,      "Credential cache function not supported"
-error_code KRB5_DELTAT_BADFORMAT,	"Invalid format of Kerberos lifetime or clock skew string"
-
-end
diff --git a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3 b/crypto/heimdal/lib/krb5/krb5_expand_hostname.3
deleted file mode 100644
index ffd98da..0000000
--- a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3
+++ /dev/null
@@ -1,93 +0,0 @@
-.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_expand_hostname.3 17461 2006-05-05 13:13:18Z lha $
-.\"
-.Dd May  5, 2006
-.Dt KRB5_EXPAND_HOSTNAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_expand_hostname ,
-.Nm krb5_expand_hostname_realms
-.Nd Kerberos 5 host name canonicalization functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_expand_hostname
-.Fa "krb5_context context"
-.Fa "const char *orig_hostname"
-.Fa "char **new_hostname"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_expand_hostname_realms
-.Fa "krb5_context context"
-.Fa "const char *orig_hostname"
-.Fa "char **new_hostname"
-.Fa "char ***realms"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_expand_hostname
-tries to make
-.Fa orig_hostname
-into a more canonical one in the newly allocated space returned in
-.Fa new_hostname .
-Caller must free the hostname with
-.Xr free 3 .
-.Pp
-.Fn krb5_expand_hostname_realms
-expands
-.Fa orig_hostname
-to a name we believe to be a hostname in newly
-allocated space in
-.Fa new_hostname
-and return the realms
-.Fa new_hostname
-is belive to belong to in
-.Fa realms .
-.Fa Realms
-is a array terminated with
-.Dv NULL .
-Caller must free the
-.Fa realms
-with
-.Fn krb5_free_host_realm 
-and
-.Fa new_hostname
-with
-.Xr free 3 .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_free_host_realm 3 ,
-.Xr krb5_get_host_realm 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_find_padata.3 b/crypto/heimdal/lib/krb5/krb5_find_padata.3
deleted file mode 100644
index b726784..0000000
--- a/crypto/heimdal/lib/krb5/krb5_find_padata.3
+++ /dev/null
@@ -1,87 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_find_padata.3 13595 2004-03-21 13:17:41Z lha $
-.\"
-.Dd March 21, 2004
-.Dt KRB5_FIND_PADATA 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_find_padata ,
-.Nm krb5_padata_add
-.Nd Kerberos 5 pre-authentication data handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft "PA_DATA *"
-.Fo krb5_find_padata
-.Fa "PA_DATA *val"
-.Fa "unsigned len"
-.Fa "int type"
-.Fa "int *index"
-.Fc
-.Ft int
-.Fo krb5_padata_add
-.Fa "krb5_context context"
-.Fa "METHOD_DATA *md"
-.Fa "int type"
-.Fa "void *buf"
-.Fa "size_t len"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_find_padata
-tries to find the pre-authentication data entry of type
-.Fa type
-in the array
-.Fa val
-of length
-.Fa len .
-The search is started at entry pointed out by
-.Fa *index
-(zero based indexing).
-If the type isn't found,
-.Dv NULL
-is returned.
-.Pp
-.Fn krb5_padata_add
-adds a pre-authentication data entry of type
-.Fa type
-pointed out by
-.Fa buf
-and
-.Fa len
-to
-.Fa md .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3
deleted file mode 100644
index 6ac46d4..0000000
--- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd November 20, 2001
-.Dt KRB5_FREE_ADDRESSES 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_addresses
-.Nd free list of addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_addresses
-will free a list of addresses that has been created with
-.Fn krb5_get_all_client_addrs
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_get_all_client_addrs 3
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
deleted file mode 100644
index e9900a7..0000000
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
-.Dd August 8, 1997
-.Dt KRB5_FREE_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_principal
-.Nd principal free function
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_principal
-will free a principal that has been created with
-.Fn krb5_build_principal ,
-.Fn krb5_parse_name ,
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 b/crypto/heimdal/lib/krb5/krb5_generate_random_block.3
deleted file mode 100644
index 4b46954..0000000
--- a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3
+++ /dev/null
@@ -1,57 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_generate_random_block.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd March 21, 2004
-.Dt KRB5_GENERATE_RANDOM_BLOCK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_generate_random_block
-.Nd Kerberos 5 random functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fo krb5_generate_random_block
-.Fa "void *buf"
-.Fa "size_t len"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_generate_random_block
-generates a cryptographically strong pseudo-random block into the buffer
-.Fa buf
-of length
-.Fa len .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
deleted file mode 100644
index f6f4c85..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
+++ /dev/null
@@ -1,74 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_all_client_addrs.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd July  1, 2001
-.Dt KRB5_GET_ADDRS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_all_client_addrs ,
-.Nm krb5_get_all_server_addrs
-.Nd return local addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "krb5_error_code"
-.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
-.Ft "krb5_error_code"
-.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
-.Sh DESCRIPTION
-These functions return in
-.Fa addrs
-a list of addresses associated with the local
-host.
-.Pp
-The server variant returns all configured interface addresses (if
-possible), including loop-back addresses. This is useful if you want
-to create sockets to listen to.
-.Pp
-The client version will also scan local interfaces (can be turned off
-by setting
-.Li libdefaults/scan_interfaces
-to false in
-.Pa krb5.conf ) ,
-but will not include loop-back addresses, unless there are no other
-addresses found. It will remove all addresses included in
-.Li libdefaults/ignore_addresses
-but will unconditionally include addresses in
-.Li libdefaults/extra_addresses .
-.Pp
-The returned addresses should be freed by calling
-.Fn krb5_free_addresses .
-.\".Sh EXAMPLE
-.Sh SEE ALSO
-.Xr krb5_free_addresses 3
diff --git a/crypto/heimdal/lib/krb5/krb5_get_credentials.3 b/crypto/heimdal/lib/krb5/krb5_get_credentials.3
deleted file mode 100644
index 32e0ffe..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_credentials.3
+++ /dev/null
@@ -1,208 +0,0 @@
-.\" Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_credentials.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_GET_CREDENTIALS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_credentials ,
-.Nm krb5_get_credentials_with_flags ,
-.Nm krb5_get_cred_from_kdc ,
-.Nm krb5_get_cred_from_kdc_opt ,
-.Nm krb5_get_kdc_cred ,
-.Nm krb5_get_renewed_creds
-.Nd get credentials from the KDC using krbtgt
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_credentials
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_credentials_with_flags
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_kdc_flags flags"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_cred_from_kdc
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fa "krb5_creds ***ret_tgts"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_cred_from_kdc_opt
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fa "krb5_creds ***ret_tgts"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_kdc_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_kdc_flags flags"
-.Fa "krb5_addresses *addresses"
-.Fa "Ticket  *second_ticket"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_renewed_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_const_principal client"
-.Fa "krb5_ccache ccache"
-.Fa "const char *in_tkt_service"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_credentials_with_flags
-get credentials specified by
-.Fa in_creds->server
-and
-.Fa in_creds->client
-(the rest of the
-.Fa in_creds
-structure is ignored)
-by first looking in the
-.Fa ccache
-and if doesn't exists or is expired, fetch the credential from the KDC
-using the krbtgt in
-.Fa ccache .
-The credential is returned in
-.Fa out_creds
-and should be freed using the function
-.Fn krb5_free_creds .
-.Pp
-Valid flags to pass into
-.Fa options
-argument are:
-.Pp
-.Bl -tag -width "KRB5_GC_USER_USER" -compact
-.It KRB5_GC_CACHED
-Only check the
-.Fa ccache ,
-don't got out on network to fetch credential.
-.It KRB5_GC_USER_USER
-Request a user to user ticket.
-This option doesn't store the resulting user to user credential in
-the
-.Fa ccache .
-.It KRB5_GC_EXPIRED_OK
-returns the credential even if it is expired, default behavior is trying
-to refetch the credential from the KDC.
-.El
-.Pp
-.Fa Flags
-are KDCOptions, note the caller must fill in the bit-field and not
-use the integer associated structure.
-.Pp
-.Fn krb5_get_credentials
-works the same way as
-.Fn krb5_get_credentials_with_flags
-except that the
-.Fa flags
-field is missing.
-.Pp
-.Fn krb5_get_cred_from_kdc
-and
-.Fn krb5_get_cred_from_kdc_opt
-fetches the credential from the KDC very much like
-.Fn krb5_get_credentials, but doesn't look in the
-.Fa ccache
-if the credential exists there first.
-.Pp
-.Fn krb5_get_kdc_cred
-does the same as the functions above, but the caller must fill in all
-the information andits closer to the wire protocol.
-.Pp
-.Fn krb5_get_renewed_creds
-renews a credential given by
-.Fa in_tkt_service
-(if
-.Dv NULL
-the default
-.Li krbtgt )
-using the credential cache
-.Fa ccache .
-The result is stored in
-.Fa creds
-and should be freed using
-.Fa krb5_free_creds .
-.Sh EXAMPLES
-Here is a example function that get a credential from a credential cache
-.Fa id
-or the KDC and returns it to the caller.
-.Bd -literal
-#include <krb5.h>
-
-int
-getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
-{
-    krb5_error_code ret;
-    krb5_creds in;
-
-    ret = krb5_parse_name(context, "client@EXAMPLE.COM", 
-			  &in.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM",
-			  &in.server);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_get_credentials(context, 0, id, &in, creds);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_credentials");
-
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_forwarded_creds 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_creds.3
deleted file mode 100644
index 189c93f..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_creds.3
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" Copyright (c) 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd June 15, 2006
-.Dt KRB5_GET_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_creds ,
-.Nm krb5_get_creds_opt_add_options ,
-.Nm krb5_get_creds_opt_alloc ,
-.Nm krb5_get_creds_opt_free ,
-.Nm krb5_get_creds_opt_set_enctype ,
-.Nm krb5_get_creds_opt_set_impersonate ,
-.Nm krb5_get_creds_opt_set_options ,
-.Nm krb5_get_creds_opt_set_ticket
-.Nd get credentials from the KDC
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_creds
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_const_principal inprinc"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_add_options
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_flags options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_alloc
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_free
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_set_enctype
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_enctype enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_set_impersonate
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_const_principal self"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_set_options
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_flags options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_set_ticket
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "const Ticket *ticket"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_creds
-fetches credentials specified by
-.Fa opt
-by first looking in the
-.Fa ccache ,
-and then it doesn't exists, fetch the credential from the KDC
-using the krbtgts in
-.Fa ccache .
-The credential is returned in
-.Fa out_creds
-and should be freed using the function
-.Fn krb5_free_creds .
-.Pp
-The structure
-.Li krb5_get_creds_opt
-controls the behavior of
-.Fn krb5_get_creds .
-The structure is opaque to consumers that can set the content of the
-structure with accessors functions. All accessor functions make copies
-of the data that is passed into accessor functions, so external
-consumers free the memory before calling
-.Fn krb5_get_creds .
-.Pp
-The structure
-.Li krb5_get_creds_opt
-is allocated with
-.Fn krb5_get_creds_opt_alloc
-and freed with
-.Fn krb5_get_creds_opt_free .
-The free function also frees the content of the structure set by the
-accessor functions.
-.Pp
-.Fn krb5_get_creds_opt_add_options
-and
-.Fn krb5_get_creds_opt_set_options
-adds and sets options to the
-.Fi krb5_get_creds_opt
-structure .
-The possible options to set are
-.Bl -tag -width "KRB5_GC_USER_USER" -compact
-.It KRB5_GC_CACHED
-Only check the
-.Fa ccache ,
-don't got out on network to fetch credential.
-.It KRB5_GC_USER_USER
-request a user to user ticket.
-This options doesn't store the resulting user to user credential in
-the
-.Fa ccache .
-.It KRB5_GC_EXPIRED_OK
-returns the credential even if it is expired, default behavior is trying
-to refetch the credential from the KDC.
-.It KRB5_GC_NO_STORE
-Do not store the resulting credentials in the
-.Fa ccache .
-.El
-.Pp
-.Fn krb5_get_creds_opt_set_enctype
-sets the preferred encryption type of the application. Don't set this
-unless you have to since if there is no match in the KDC, the function
-call will fail.
-.Pp
-.Fn krb5_get_creds_opt_set_impersonate
-sets the principal to impersonate., Returns a ticket that have the
-impersonation principal as a client and the requestor as the
-service. Note that the requested principal have to be the same as the
-client principal in the krbtgt.
-.Pp
-.Fn krb5_get_creds_opt_set_ticket
-sets the extra ticket used in user-to-user or contrained delegation use case.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_credentials 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3
deleted file mode 100644
index bbe46ec..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3
+++ /dev/null
@@ -1,79 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_forwarded_creds.3 14068 2004-07-26 13:34:33Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_GET_FORWARDED_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_forwarded_creds ,
-.Nm krb5_fwd_tgt_creds
-.Nd get forwarded credentials from the KDC
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_forwarded_creds
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_flags flags"
-.Fa "const char *hostname"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_data *out_data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_fwd_tgt_creds
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "const char *hostname"
-.Fa "krb5_principal client"
-.Fa "krb5_principal server"
-.Fa "krb5_ccache ccache"
-.Fa "int forwardable"
-.Fa "krb5_data *out_data"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_forwarded_creds
-and
-.Fn krb5_fwd_tgt_creds
-get tickets forwarded to
-.Fa hostname.
-If the tickets that are forwarded are address-less, the forwarded
-tickets will also be address-less, otherwise
-.Fa hostname
-will be used for figure out the address to forward the ticket too.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_credentials 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 b/crypto/heimdal/lib/krb5/krb5_get_in_cred.3
deleted file mode 100644
index 290e3c5..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3
+++ /dev/null
@@ -1,274 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $
-.\"
-.Dd May 31, 2003
-.Dt KRB5_GET_IN_TKT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_in_tkt ,
-.Nm krb5_get_in_cred ,
-.Nm krb5_get_in_tkt_with_password ,
-.Nm krb5_get_in_tkt_with_keytab ,
-.Nm krb5_get_in_tkt_with_skey ,
-.Nm krb5_free_kdc_rep ,
-.Nm krb5_password_key_proc
-.Nd deprecated initial authentication functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "const krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *ptypes"
-.Fa "krb5_key_proc key_proc"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_decrypt_proc decrypt_proc"
-.Fa "krb5_const_pointer decryptarg"
-.Fa "krb5_creds *creds"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_cred
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "const krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *ptypes"
-.Fa "const krb5_preauthdata *preauth"
-.Fa "krb5_key_proc key_proc"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_decrypt_proc decrypt_proc"
-.Fa "krb5_const_pointer decryptarg"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_password
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "const char *password"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_keytab
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_skey
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_kdc_rep
-.Fa "krb5_context context"
-.Fa "krb5_kdc_rep *rep"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_password_key_proc
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "krb5_salt salt"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_keyblock **key"
-.Fc
-.Sh DESCRIPTION
-.Bf Em
-All the functions in this manual page are deprecated in the MIT
-implementation, and will soon be deprecated in Heimdal too, don't use them.
-.Ef
-.Pp
-Getting initial credential ticket for a principal.
-.Nm krb5_get_in_cred
-is the function all other krb5_get_in function uses to fetch tickets.
-The other krb5_get_in function are more specialized and therefor
-somewhat easier to use.
-.Pp
-If your need is only to verify a user and password, consider using
-.Xr krb5_verify_user 3
-instead, it have a much simpler interface.
-.Pp
-.Nm krb5_get_in_tkt
-and
-.Nm krb5_get_in_cred
-fetches initial credential, queries after key using the
-.Fa key_proc
-argument.
-The differences between the two function is that
-.Nm krb5_get_in_tkt
-stores the credential in a
-.Li krb5_creds
-while
-.Nm krb5_get_in_cred
-stores the credential in a
-.Li krb5_ccache .
-.Pp
-.Nm krb5_get_in_tkt_with_password ,
-.Nm krb5_get_in_tkt_with_keytab ,
-and
-.Nm krb5_get_in_tkt_with_skey
-does the same work as
-.Nm krb5_get_in_cred
-but are more specialized.
-.Pp
-.Nm krb5_get_in_tkt_with_password
-uses the clients password to authenticate.
-If the password argument is
-.DV NULL
-the user user queried with the default password query function.
-.Pp
-.Nm krb5_get_in_tkt_with_keytab
-searches the given keytab for a service entry for the client principal.
-If the keytab is
-.Dv NULL
-the default keytab is used.
-.Pp
-.Nm krb5_get_in_tkt_with_skey
-uses a key to get the initial credential.
-.Pp
-There are some common arguments to the krb5_get_in functions, these are:
-.Pp
-.Fa options
-are the
-.Dv KDC_OPT
-flags.
-.Pp
-.Fa etypes
-is a
-.Dv NULL
-terminated array of encryption types that the client approves.
-.Pp
-.Fa addrs
-a list of the addresses that the initial ticket.
-If it is
-.Dv NULL
-the list will be generated by the library.
-.Pp
-.Fa pre_auth_types
-a
-.Dv NULL
-terminated array of pre-authentication types.
-If
-.Fa pre_auth_types
-is
-.Dv NULL
-the function will try without pre-authentication and return those
-pre-authentication that the KDC returned.
-.Pp
-.Fa ret_as_reply
-will (if not
-.Dv NULL )
-be filled in with the response of the KDC and should be free with
-.Fn krb5_free_kdc_rep .
-.Pp
-.Fa key_proc
-is a pointer to a function that should return a key salted appropriately.
-Using
-.Dv NULL
-will use the default password query function.
-.Pp
-.Fa decrypt_proc
-Using
-.Dv NULL
-will use the default decryption function.
-.Pp
-.Fa decryptarg
-will be passed to the decryption function
-.Fa decrypt_proc .
-.Pp
-.Fa creds
-creds should be filled in with the template for a credential that
-should be requested.
-The client and server elements of the creds structure must be filled in.
-Upon return of the function it will be contain the content of the
-requested credential
-.Fa ( krb5_get_in_cred ) ,
-or it will be freed with
-.Xr krb5_free_creds 3
-(all the other krb5_get_in functions).
-.Pp
-.Fa ccache
-will store the credential in the credential cache
-.Fa ccache .
-The credential cache will not be initialized, thats up the the caller.
-.Pp
-.Nm krb5_password_key_proc
-is a library function that is suitable using as the
-.Fa krb5_key_proc
-argument to
-.Nm krb5_get_in_cred
-or
-.Nm krb5_get_in_tkt .
-.Fa keyseed
-should be a pointer to a
-.Dv NUL
-terminated string or
-.Dv NULL .
-.Nm krb5_password_key_proc
-will query the user for the pass on the console if the password isn't
-given as the argument
-.Fa keyseed .
-.Pp
-.Fn krb5_free_kdc_rep
-frees the content of
-.Fa rep .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3
deleted file mode 100644
index 3838c14..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3
+++ /dev/null
@@ -1,398 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_init_creds.3 20266 2007-02-18 10:41:10Z lha $
-.\"
-.Dd Sep  16, 2006
-.Dt KRB5_GET_INIT_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_init_creds ,
-.Nm krb5_get_init_creds_keytab ,
-.Nm krb5_get_init_creds_opt ,
-.Nm krb5_get_init_creds_opt_alloc ,
-.Nm krb5_get_init_creds_opt_free ,
-.Nm krb5_get_init_creds_opt_init ,
-.Nm krb5_get_init_creds_opt_set_address_list ,
-.Nm krb5_get_init_creds_opt_set_addressless ,
-.Nm krb5_get_init_creds_opt_set_anonymous ,
-.Nm krb5_get_init_creds_opt_set_default_flags ,
-.Nm krb5_get_init_creds_opt_set_etype_list ,
-.Nm krb5_get_init_creds_opt_set_forwardable ,
-.Nm krb5_get_init_creds_opt_set_pa_password ,
-.Nm krb5_get_init_creds_opt_set_paq_request ,
-.Nm krb5_get_init_creds_opt_set_preauth_list ,
-.Nm krb5_get_init_creds_opt_set_proxiable ,
-.Nm krb5_get_init_creds_opt_set_renew_life ,
-.Nm krb5_get_init_creds_opt_set_salt ,
-.Nm krb5_get_init_creds_opt_set_tkt_life ,
-.Nm krb5_get_init_creds_opt_set_canonicalize ,
-.Nm krb5_get_init_creds_opt_set_win2k ,
-.Nm krb5_get_init_creds_password ,
-.Nm krb5_prompt ,
-.Nm krb5_prompter_posix
-.Nd Kerberos 5 initial authentication functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_get_init_creds_opt;
-.Pp
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_alloc
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt **opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_free
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_init
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_address_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_addressless
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean addressless"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_anonymous
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int anonymous"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_default_flags
-.Fa "krb5_context context"
-.Fa "const char *appname"
-.Fa "krb5_const_realm realm"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_etype_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_enctype *etype_list"
-.Fa "int etype_list_length"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_forwardable
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int forwardable"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_pa_password
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "const char *password"
-.Fa "krb5_s2k_proc key_proc"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_paq_request
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req_pac"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_pkinit
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "const char *cert_file"
-.Fa "const char *key_file"
-.Fa "const char *x509_anchors"
-.Fa "int flags"
-.Fa "char *password"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_preauth_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_preauthtype *preauth_list"
-.Fa "int preauth_list_length"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_proxiable
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int proxiable"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_renew_life
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_deltat renew_life"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_salt
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_data *salt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_tkt_life
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_deltat tkt_life"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_canonicalize
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_win2k
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "krb5_prompter_fct prompter"
-.Fa "void *prompter_data"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "const char *password"
-.Fa "krb5_prompter_fct prompter"
-.Fa "void *prompter_data"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *in_options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_keytab
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *options"
-.Fc
-.Ft int
-.Fo krb5_prompter_posix
-.Fa "krb5_context context"
-.Fa "void *data"
-.Fa "const char *name"
-.Fa "const char *banner"
-.Fa "int num_prompts"
-.Fa "krb5_prompt prompts[]"
-.Fc
-.Sh DESCRIPTION
-Getting initial credential ticket for a principal.
-That may include changing an expired password, and doing preauthentication.
-This interface that replaces the deprecated
-.Fa krb5_in_tkt
-and 
-.Fa krb5_in_cred
-functions.
-.Pp
-If you only want to verify a username and password, consider using
-.Xr krb5_verify_user 3
-instead, since it also verifies that initial credentials with using a
-keytab to make sure the response was from the KDC.
-.Pp
-First a
-.Li krb5_get_init_creds_opt
-structure is initialized
-with
-.Fn krb5_get_init_creds_opt_alloc
-or
-.Fn krb5_get_init_creds_opt_init .
-.Fn krb5_get_init_creds_opt_alloc
-allocates a extendible structures that needs to be freed with
-.Fn krb5_get_init_creds_opt_free .
-The structure may be modified by any of the
-.Fn krb5_get_init_creds_opt_set
-functions to change request parameters and authentication information.
-.Pp
-If the caller want to use the default options,
-.Dv NULL
-can be passed instead.
-.Pp
-The the actual request to the KDC is done by any of the
-.Fn krb5_get_init_creds ,
-.Fn krb5_get_init_creds_password ,
-or
-.Fn krb5_get_init_creds_keytab
-functions.
-.Fn krb5_get_init_creds
-is the least specialized function and can, with the right in data,
-behave like the latter two.
-The latter two are there for compatibility with older releases and
-they are slightly easier to use.
-.Pp
-.Li krb5_prompt
-is a structure containing the following elements:
-.Bd -literal
-typedef struct {
-    const char *prompt;
-    int hidden;
-    krb5_data *reply;
-    krb5_prompt_type type
-} krb5_prompt;
-.Ed
-.Pp
-.Fa prompt
-is the prompt that should shown to the user
-If
-.Fa hidden
-is set, the prompter function shouldn't echo the output to the display
-device.
-.Fa reply
-must be preallocated; it will not be allocated by the prompter
-function.
-Possible values for the
-.Fa type
-element are:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It KRB5_PROMPT_TYPE_PASSWORD
-.It KRB5_PROMPT_TYPE_NEW_PASSWORD
-.It KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
-.It KRB5_PROMPT_TYPE_PREAUTH
-.It KRB5_PROMPT_TYPE_INFO
-.El
-.Pp
-.Fn krb5_prompter_posix
-is the default prompter function in a POSIX environment.
-It matches the
-.Fa krb5_prompter_fct
-and can be used in the
-.Fa krb5_get_init_creds
-functions.
-.Fn krb5_prompter_posix
-doesn't require
-.Fa prompter_data.
-.Pp
-If the
-.Fa start_time
-is zero, then the requested ticket will be valid
-beginning immediately.
-Otherwise, the
-.Fa start_time
-indicates how far in the future the ticket should be postdated.
-.Pp
-If the
-.Fa in_tkt_service
-name is
-.Dv non-NULL ,
-that principal name will be
-used as the server name for the initial ticket request.
-The realm of the name specified will be ignored and will be set to the
-realm of the client name.
-If no in_tkt_service name is specified,
-krbtgt/CLIENT-REALM@CLIENT-REALM will be used.
-.Pp
-For the rest of arguments, a configuration or library default will be
-used if no value is specified in the options structure.
-.Pp
-.Fn krb5_get_init_creds_opt_set_address_list
-sets the list of
-.Fa addresses
-that is should be stored in the ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_addressless
-controls if the ticket is requested with addresses or not,
-.Fn krb5_get_init_creds_opt_set_address_list
-overrides this option.
-.Pp
-.Fn krb5_get_init_creds_opt_set_anonymous
-make the request anonymous if the
-.Fa anonymous
-parameter is non-zero.
-.Pp
-.Fn krb5_get_init_creds_opt_set_default_flags
-sets the default flags using the configuration file.
-.Pp
-.Fn krb5_get_init_creds_opt_set_etype_list
-set a list of enctypes that the client is willing to support in the
-request.
-.Pp
-.Fn krb5_get_init_creds_opt_set_forwardable
-request a forwardable ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_pa_password
-set the
-.Fa password
-and
-.Fa key_proc
-that is going to be used to get a new ticket.
-.Fa password
-or
-.Fa key_proc
-can be
-.Dv NULL
-if the caller wants to use the default values.
-If the
-.Fa password
-is unset and needed, the user will be prompted for it.
-.Pp
-.Fn krb5_get_init_creds_opt_set_paq_request
-sets the password that is going to be used to get a new ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_preauth_list
-sets the list of client-supported preauth types.
-.Pp
-.Fn krb5_get_init_creds_opt_set_proxiable
-makes the request proxiable.
-.Pp
-.Fn krb5_get_init_creds_opt_set_renew_life
-sets the requested renewable lifetime.
-.Pp
-.Fn krb5_get_init_creds_opt_set_salt
-sets the salt that is going to be used in the request.
-.Pp
-.Fn krb5_get_init_creds_opt_set_tkt_life
-sets requested ticket lifetime.
-.Pp
-.Fn krb5_get_init_creds_opt_set_canonicalize
-requests that the KDC canonicalize the client pricipal if possible.
-.Pp
-.Fn krb5_get_init_creds_opt_set_win2k
-turns on compatibility with Windows 2000.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_creds 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
deleted file mode 100644
index d613a0d..0000000
--- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_krbhst.3 14905 2005-04-24 07:46:59Z lha $
-.\"
-.Dd April 24, 2005
-.Dt KRB5_GET_KRBHST 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_krbhst ,
-.Nm krb5_get_krb_admin_hst ,
-.Nm krb5_get_krb_changepw_hst ,
-.Nm krb5_get_krb524hst ,
-.Nm krb5_free_krbhst
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_admin_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_changepw_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb524hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_free_krbhst "krb5_context context" "char **hostlist"
-.Sh DESCRIPTION
-These functions implement the old API to get a list of Kerberos hosts,
-and are thus similar to the
-.Fn krb5_krbhst_init
-functions. However, since these functions returns
-.Em all
-hosts in one go, they potentially have to do more lookups than
-necessary. These functions remain for compatibility reasons.
-.Pp
-After a call to one of these functions,
-.Fa hostlist
-is a
-.Dv NULL
-terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
-.Fn krb5_free_krbhst
-when done with.
-.Sh EXAMPLES
-The following code will print the KDCs of the realm
-.Dq MY.REALM .
-.Bd -literal -offset indent
-char **hosts, **p;
-krb5_get_krbhst(context, "MY.REALM", &hosts);
-for(p = hosts; *p; p++)
-    printf("%s\\n", *p);
-krb5_free_krbhst(context, hosts);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_krbhst_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_getportbyname.3 b/crypto/heimdal/lib/krb5/krb5_getportbyname.3
deleted file mode 100644
index 1436060..0000000
--- a/crypto/heimdal/lib/krb5/krb5_getportbyname.3
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_getportbyname.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd August 15, 2004
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_getportbyname
-.Nd get port number by name
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft int
-.Fo krb5_getportbyname
-.Fa "krb5_context context"
-.Fa "const char *service"
-.Fa "const char *proto"
-.Fa "int default_port"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_getportbyname
-gets the port number for
-.Fa service /
-.Fa proto
-pair from the global service table for and returns it in network order.
-If it isn't found in the global table, the
-.Fa default_port
-(given in host order)
-is returned.
-.Sh EXAMPLE
-.Bd -literal
-int port = krb5_getportbyname(context, "kerberos", "tcp", 88);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3
deleted file mode 100644
index cf9d696..0000000
--- a/crypto/heimdal/lib/krb5/krb5_init_context.3
+++ /dev/null
@@ -1,308 +0,0 @@
-.\" Copyright (c) 2001 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_init_context.3 19980 2007-01-17 18:06:33Z lha $
-.\"
-.Dd December  8, 2004
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_add_et_list ,
-.Nm krb5_add_extra_addresses ,
-.Nm krb5_add_ignore_addresses ,
-.Nm krb5_context ,
-.Nm krb5_free_config_files ,
-.Nm krb5_free_context ,
-.Nm krb5_get_default_config_files ,
-.Nm krb5_get_dns_canonize_hostname ,
-.Nm krb5_get_extra_addresses ,
-.Nm krb5_get_fcache_version ,
-.Nm krb5_get_ignore_addresses ,
-.Nm krb5_get_kdc_sec_offset ,
-.Nm krb5_get_max_time_skew ,
-.Nm krb5_get_use_admin_kdc
-.Nm krb5_init_context ,
-.Nm krb5_init_ets ,
-.Nm krb5_prepend_config_files ,
-.Nm krb5_prepend_config_files_default ,
-.Nm krb5_set_config_files ,
-.Nm krb5_set_dns_canonize_hostname ,
-.Nm krb5_set_extra_addresses ,
-.Nm krb5_set_fcache_version ,
-.Nm krb5_set_ignore_addresses ,
-.Nm krb5_set_max_time_skew ,
-.Nm krb5_set_use_admin_kdc ,
-.Nd create, modify and delete krb5_context structures
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_context;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_init_context
-.Fa "krb5_context *context"
-.Fc
-.Ft void
-.Fo krb5_free_context
-.Fa "krb5_context context"
-.Fc
-.Ft void
-.Fo krb5_init_ets
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_et_list
-.Fa "krb5_context context"
-.Fa "void (*func)(struct et_list **)"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_extra_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_extra_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_extra_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_ignore_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_ignore_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_ignore_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_fcache_version
-.Fa "krb5_context context"
-.Fa "int version"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_fcache_version
-.Fa "krb5_context context"
-.Fa "int *version"
-.Fc
-.Ft void
-.Fo krb5_set_dns_canonize_hostname
-.Fa "krb5_context context"
-.Fa "krb5_boolean flag"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_get_dns_canonize_hostname
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_kdc_sec_offset
-.Fa "krb5_context context"
-.Fa "int32_t *sec"
-.Fa "int32_t *usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_config_files
-.Fa "krb5_context context"
-.Fa "char **filenames"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_prepend_config_files
-.Fa "const char *filelist"
-.Fa "char **pq"
-.Fa "char ***ret_pp"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_prepend_config_files_default
-.Fa "const char *filelist"
-.Fa "char ***pfilenames"
-.Fc
-.Ft krb5_error_code 
-.Fo krb5_get_default_config_files
-.Fa "char ***pfilenames"
-.Fc
-.Ft void
-.Fo krb5_free_config_files
-.Fa "char **filenames"
-.Fc
-.Ft void
-.Fo krb5_set_use_admin_kdc
-.Fa "krb5_context context"
-.Fa "krb5_boolean flag"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_get_use_admin_kdc
-.Fa "krb5_context context"
-.Fc
-.Ft time_t
-.Fo krb5_get_max_time_skew
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_max_time_skew
-.Fa "krb5_context context"
-.Fa "time_t time"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn krb5_init_context
-function initializes the
-.Fa context
-structure and reads the configuration file
-.Pa /etc/krb5.conf .
-.Pp
-The structure should be freed by calling
-.Fn krb5_free_context
-when it is no longer being used.
-.Pp
-.Fn krb5_init_context
-returns 0 to indicate success.
-Otherwise an errno code is returned.
-Failure means either that something bad happened during initialization
-(typically
-.Bq ENOMEM )
-or that Kerberos should not be used
-.Bq ENXIO .
-.Pp
-.Fn krb5_init_ets
-adds all
-.Xr com_err 3
-libs to
-.Fa context .
-This is done by
-.Fn krb5_init_context .
-.Pp
-.Fn krb5_add_et_list 
-adds a
-.Xr com_err 3
-error-code handler
-.Fa func
-to the specified
-.Fa context .
-The error handler must generated by the the re-rentrant version of the
-.Xr compile_et 3
-program.
-.Fn krb5_add_extra_addresses
-add a list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_add_ignore_addresses
-add a list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_get_extra_addresses
-get the list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_get_ignore_addresses
-get the list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_set_ignore_addresses
-set the list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_set_extra_addresses
-set the list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_set_fcache_version
-sets the version of file credentials caches that should be used.
-.Pp
-.Fn krb5_get_fcache_version
-gets the version of file credentials caches that should be used.
-.Pp
-.Fn krb5_set_dns_canonize_hostname
-sets if the context is configured to canonicalize hostnames using DNS.
-.Pp
-.Fn krb5_get_dns_canonize_hostname
-returns if the context is configured to canonicalize hostnames using DNS.
-.Pp
-.Fn krb5_get_kdc_sec_offset
-returns the offset between the localtime and the KDC's time.
-.Fa sec
-and
-.Fa usec
-are both optional argument and
-.Dv NULL
-can be passed in.
-.Pp
-.Fn krb5_set_config_files
-set the list of configuration files to use and re-initialize the
-configuration from the files.
-.Pp
-.Fn krb5_prepend_config_files
-parse the 
-.Fa filelist
-and prepend the result to the already existing list
-.Fa pq
-The result is returned in
-.Fa ret_pp
-and should be freed with
-.Fn krb5_free_config_files .
-.Pp
-.Fn krb5_prepend_config_files_default
-parse the 
-.Fa filelist
-and append that to the default
-list of configuration files.
-.Pp
-.Fn krb5_get_default_config_files
-get a list of default configuration files.
-.Pp
-.Fn krb5_free_config_files
-free a list of configuration files returned by
-.Fn krb5_get_default_config_files ,
-.Fn krb5_prepend_config_files_default ,
-or
-.Fn krb5_prepend_config_files .
-.Pp
-.Fn krb5_set_use_admin_kdc
-sets if all KDC requests should go admin KDC.
-.Pp
-.Fn krb5_get_use_admin_kdc
-gets if all KDC requests should go admin KDC.
-.Pp
-.Fn krb5_get_max_time_skew
-and
-.Fn krb5_set_max_time_skew
-get and sets the maximum allowed time skew between client and server.
-.Sh SEE ALSO
-.Xr errno 2 ,
-.Xr krb5 3 ,
-.Xr krb5_config 3 ,
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 b/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3
deleted file mode 100644
index 9f0a919..0000000
--- a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_is_thread_safe.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd May  5, 2006
-.Dt KRB5_IS_THREAD_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_is_thread_safe
-.Nd "is the Kerberos library compiled with multithread support"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fn krb5_is_thread_safe "void"
-.Sh DESCRIPTION
-.Nm
-returns
-.Dv TRUE
-if the library was compiled with with multithread support.
-If the library isn't compiled, the consumer have to use a global lock
-to make sure Kerboros functions are not called at the same time by
-diffrent threads.
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_keyblock.3 b/crypto/heimdal/lib/krb5/krb5_keyblock.3
deleted file mode 100644
index 9fabd32..0000000
--- a/crypto/heimdal/lib/krb5/krb5_keyblock.3
+++ /dev/null
@@ -1,218 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_keyblock.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_KEYBLOCK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_keyblock ,
-.Nm krb5_keyblock_get_enctype ,
-.Nm krb5_copy_keyblock ,
-.Nm krb5_copy_keyblock_contents ,
-.Nm krb5_free_keyblock ,
-.Nm krb5_free_keyblock_contents ,
-.Nm krb5_generate_random_keyblock ,
-.Nm krb5_generate_subkey ,
-.Nm krb5_generate_subkey_extended ,
-.Nm krb5_keyblock_init ,
-.Nm krb5_keyblock_zero ,
-.Nm krb5_random_to_key
-.Nd Kerberos 5 key handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_keyblock ;
-.Ft krb5_enctype
-.Fo krb5_keyblock_get_enctype
-.Fa "const krb5_keyblock *block"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_keyblock **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_keyblock_contents
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *inblock"
-.Fa "krb5_keyblock *to"
-.Fc
-.Ft void
-.Fo krb5_free_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft void
-.Fo krb5_free_keyblock_contents
-.Fa "krb5_context context"
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_random_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_subkey
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyblock **subkey"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_subkey_extended
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock **subkey"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_keyblock_init
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "const void *data"
-.Fa "size_t size"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft void
-.Fo krb5_keyblock_zero
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_random_to_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "const void *data"
-.Fa "size_t size"
-.Fa "krb5_keyblock *key"
-.Fc
-.Sh DESCRIPTION
-.Li krb5_keyblock
-holds the encryption key for a specific encryption type.
-There is no component inside
-.Li krb5_keyblock
-that is directly referable.
-.Pp
-.Fn krb5_keyblock_get_enctype
-returns the encryption type of the keyblock.
-.Pp
-.Fn krb5_copy_keyblock
-makes a copy the keyblock
-.Fa inblock
-to the
-output
-.Fa out .
-.Fa out
-should be freed by the caller with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_copy_keyblock_contents
-copies the contents of
-.Fa inblock
-to the
-.Fa to
-keyblock.
-The destination keyblock is overritten.
-.Pp
-.Fn krb5_free_keyblock
-zeros out and frees the content and the keyblock itself.
-.Pp
-.Fn krb5_free_keyblock_contents
-zeros out and frees the content of the keyblock.
-.Pp
-.Fn krb5_generate_random_keyblock
-creates a new content of the keyblock
-.Fa key
-of type encrytion type
-.Fa type .
-The content of
-.Fa key
-is overwritten and not freed, so the caller should be sure it is
-freed before calling the function.
-.Pp
-.Fn krb5_generate_subkey
-generates a
-.Fa subkey
-of the same type as
-.Fa key .
-The caller must free the subkey with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_generate_subkey_extended
-generates a
-.Fa subkey
-of the specified encryption type
-.Fa type .
-If
-.Fa type
-is
-.Dv ETYPE_NULL ,
-of the same type as
-.Fa key .
-The caller must free the subkey with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_keyblock_init
-Fill in
-.Fa key
-with key data of type
-.Fa enctype
-from 
-.Fa data
-of length
-.Fa size .
-Key should be freed using
-.Fn krb5_free_keyblock_contents .
-.Pp
-.Fn krb5_keyblock_zero
-zeros out the keyblock to to make sure no keymaterial is in
-memory.
-Note that
-.Fn krb5_free_keyblock_contents
-also zeros out the memory.
-.Pp
-.Fn krb5_random_to_key
-converts the random bytestring to a protocol key according to Kerberos
-crypto frame work.
-It the resulting key will be of type
-.Fa enctype .
-It may be assumed that all the bits of the input string are equally
-random, even though the entropy present in the random source may be
-limited
-.\" .Sh EXAMPLES
-.Sh SEE ALSO
-.Xr krb5_crypto_init 3 ,
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3
deleted file mode 100644
index b6cb1a2..0000000
--- a/crypto/heimdal/lib/krb5/krb5_keytab.3
+++ /dev/null
@@ -1,482 +0,0 @@
-.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd August 12, 2005
-.Dt KRB5_KEYTAB 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kt_ops ,
-.Nm krb5_keytab_entry ,
-.Nm krb5_kt_cursor ,
-.Nm krb5_kt_add_entry ,
-.Nm krb5_kt_close ,
-.Nm krb5_kt_compare ,
-.Nm krb5_kt_copy_entry_contents ,
-.Nm krb5_kt_default ,
-.Nm krb5_kt_default_modify_name ,
-.Nm krb5_kt_default_name ,
-.Nm krb5_kt_end_seq_get ,
-.Nm krb5_kt_free_entry ,
-.Nm krb5_kt_get_entry ,
-.Nm krb5_kt_get_name ,
-.Nm krb5_kt_get_type ,
-.Nm krb5_kt_next_entry ,
-.Nm krb5_kt_read_service_key ,
-.Nm krb5_kt_register ,
-.Nm krb5_kt_remove_entry ,
-.Nm krb5_kt_resolve ,
-.Nm krb5_kt_start_seq_get
-.Nd manage keytab (key storage) files
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_kt_add_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_close
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_kt_compare
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_copy_entry_contents
-.Fa "krb5_context context"
-.Fa "const krb5_keytab_entry *in"
-.Fa "krb5_keytab_entry *out"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default
-.Fa "krb5_context context"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default_modify_name
-.Fa "krb5_context context"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default_name
-.Fa "krb5_context context"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_end_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_free_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno kvno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_name
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_type
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *prefix"
-.Fa "size_t prefixsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_next_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_read_service_key
-.Fa "krb5_context context"
-.Fa "krb5_pointer keyprocarg"
-.Fa "krb5_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock **key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_register
-.Fa "krb5_context context"
-.Fa "const krb5_kt_ops *ops"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_remove_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_resolve
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_start_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Sh DESCRIPTION
-A keytab name is on the form
-.Li type:residual .
-The
-.Li residual
-part is specific to each keytab-type.
-.Pp
-When a keytab-name is resolved, the type is matched with an internal
-list of keytab types. If there is no matching keytab type,
-the default keytab is used. The current default type is
-.Nm file .
-The default value can be changed in the configuration file
-.Pa /etc/krb5.conf
-by setting the variable
-.Li [defaults]default_keytab_name .
-.Pp
-The keytab types that are implemented in Heimdal
-are:
-.Bl -tag -width Ds
-.It Nm file
-store the keytab in a file, the type's name is
-.Li FILE .
-The residual part is a filename.
-For compatibility with other Kerberos implemtation
-.Li WRFILE
-and
-.LI JAVA14
-is also accepted.
-.Li WRFILE
-has the same format as
-.Li FILE .
-.Li JAVA14
-have a format that is compatible with older versions of MIT kerberos
-and SUN's Java based installation.  They store a truncted kvno, so
-when the knvo excess 255, they are truncted in this format.
-.It Nm keyfile
-store the keytab in a
-.Li AFS
-keyfile (usually
-.Pa /usr/afs/etc/KeyFile ) ,
-the type's name is
-.Li AFSKEYFILE .
-The residual part is a filename.
-.It Nm krb4
-the keytab is a Kerberos 4
-.Pa srvtab
-that is on-the-fly converted to a keytab. The type's name is
-.Li krb4 .
-The residual part is a filename.
-.It Nm memory
-The keytab is stored in a memory segment. This allows sensitive and/or
-temporary data not to be stored on disk. The type's name is
-.Li MEMORY .
-Each
-.Li MEMORY
-keytab is referenced counted by and opened by the residual name, so two
-handles can point to the same memory area.
-When the last user closes the entry, it disappears.
-.El
-.Pp
-.Nm krb5_keytab_entry
-holds all data for an entry in a keytab file, like principal name,
-key-type, key, key-version number, etc.
-.Nm krb5_kt_cursor
-holds the current position that is used when iterating through a
-keytab entry with
-.Fn krb5_kt_start_seq_get ,
-.Fn krb5_kt_next_entry ,
-and
-.Fn krb5_kt_end_seq_get .
-.Pp
-.Nm krb5_kt_ops
-contains the different operations that can be done to a keytab. This
-structure is normally only used when doing a new keytab-type
-implementation.
-.Pp
-.Fn krb5_kt_resolve
-is the equivalent of an
-.Xr open 2
-on keytab. Resolve the keytab name in
-.Fa name
-into a keytab in
-.Fa id .
-Returns 0 or an error. The opposite of
-.Fn krb5_kt_resolve
-is
-.Fn krb5_kt_close .
-.Pp
-.Fn krb5_kt_close
-frees all resources allocated to the keytab, even on failure.
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_default
-sets the argument
-.Fa id
-to the default keytab.
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_default_modify_name
-copies the name of the default modify keytab into
-.Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if
-.Fa namesize
-is too short.
-.Pp
-.Fn krb5_kt_default_name
-copies the name of the default keytab into
-.Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if
-.Fa namesize
-is too short.
-.Pp
-.Fn krb5_kt_add_entry
-adds a new
-.Fa entry
-to the keytab
-.Fa id .
-.Li KRB5_KT_NOWRITE
-is returned if the keytab is a readonly keytab.
-.Pp
-.Fn krb5_kt_compare
-compares the passed in
-.Fa entry
-against
-.Fa principal ,
-.Fa vno ,
-and
-.Fa enctype .
-Any of
-.Fa principal ,
-.Fa vno
-or
-.Fa enctype
-might be 0 which acts as a wildcard. Return TRUE if they compare the
-same, FALSE otherwise.
-.Pp
-.Fn krb5_kt_copy_entry_contents
-copies the contents of
-.Fa in
-into
-.Fa out .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_name
-retrieves the name of the keytab
-.Fa keytab
-into
-.Fa name ,
-.Fa namesize .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_type
-retrieves the type of the keytab
-.Fa keytab
-and store the prefix/name for type of the keytab into
-.Fa prefix ,
-.Fa prefixsize .
-The prefix will have the maximum length of
-.Dv KRB5_KT_PREFIX_MAX_LEN
-(including terminating
-.Dv NUL ) .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_free_entry
-frees the contents of
-.Fa entry .
-.Pp
-.Fn krb5_kt_start_seq_get
-sets
-.Fa cursor
-to point at the beginning of
-.Fa id .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_next_entry
-gets the next entry from
-.Fa id
-pointed to by
-.Fa cursor
-and advance the
-.Fa cursor .
-On success the returne entry must be freed with
-.Fn krb5_kt_free_entry .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_end_seq_get
-releases all resources associated with
-.Fa cursor .
-.Pp
-.Fn krb5_kt_get_entry
-retrieves the keytab entry for
-.Fa principal ,
-.Fa kvno ,
-.Fa enctype
-into
-.Fa entry
-from the keytab
-.Fa id .
-When comparing an entry in the keytab to determine a match, the
-function
-.Fn krb5_kt_compare
-is used, so the wildcard rules applies to the argument of
-.F krb5_kt_get_entry
-too.
-On success the returne entry must be freed with
-.Fn krb5_kt_free_entry .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_read_service_key
-reads the key identified by
-.Fa ( principal ,
-.Fa vno ,
-.Fa enctype )
-from the keytab in
-.Fa keyprocarg
-(the system default keytab if 
-.Dv NULL
-is used) into
-.Fa *key .
-.Fa keyprocarg
-is the same argument as to
-.Fa name
-argument to
-.Fn krb5_kt_resolve .
-Internal
-.Fn krb5_kt_compare
-will be used, so the same wildcard rules applies
-to
-.Fn krb5_kt_read_service_key .
-On success the returned key must be freed with
-.Fa krb5_free_keyblock .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_remove_entry
-removes the entry
-.Fa entry
-from the keytab
-.Fa id .
-When comparing an entry in the keytab to determine a match, the
-function
-.Fn krb5_kt_compare
-is use, so the wildcard rules applies to the argument of
-.Fn krb5_kt_remove_entry .
-Returns 0, 
-.Dv KRB5_KT_NOTFOUND
-if not entry matched or another error.
-.Pp
-.Fn krb5_kt_register
-registers a new keytab type
-.Fa ops .
-Returns 0 or an error.
-.Sh EXAMPLES
-This is a minimalistic version of
-.Nm ktutil .
-.Pp
-.Bd -literal
-int
-main (int argc, char **argv)
-{
-    krb5_context context;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    char *principal;
-
-    if (krb5_init_context (&context) != 0)
-	errx(1, "krb5_context");
-
-    ret = krb5_kt_default (context, &keytab);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_default");
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-	krb5_unparse_name_short(context, entry.principal, &principal);
-	printf("principal: %s\\n", principal);
-	free(principal);
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
-    ret = krb5_kt_close(context, keytab);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-    krb5_free_context(context);
-    return 0;
-}
-.Ed
-.Sh COMPATIBILITY
-Heimdal stored the ticket flags in machine bit-field order before
-Heimdal 0.7.  The behavior is possible to change in with the option
-.Li [libdefaults]fcc-mit-ticketflags .
-Heimdal 0.7 also code to detech that ticket flags was in the wrong
-order and correct them.  This matters when doing delegation in GSS-API
-because the client code looks at the flag to determin if it is possible
-to do delegation if the user requested it.
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
deleted file mode 100644
index 1d906bf..0000000
--- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
+++ /dev/null
@@ -1,174 +0,0 @@
-.\" Copyright (c) 2001-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_krbhst_init.3 15110 2005-05-10 09:21:06Z lha $
-.\"
-.Dd May 10, 2005
-.Dt KRB5_KRBHST_INIT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_krbhst_init ,
-.Nm krb5_krbhst_init_flags ,
-.Nm krb5_krbhst_next ,
-.Nm krb5_krbhst_next_as_string ,
-.Nm krb5_krbhst_reset ,
-.Nm krb5_krbhst_free ,
-.Nm krb5_krbhst_format_string ,
-.Nm krb5_krbhst_get_addrinfo
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle"
-.Ft krb5_error_code
-.Fn krb5_krbhst_init_flags "krb5_context context" "const char *realm" "unsigned int type" "int flags" "krb5_krbhst_handle *handle"
-.Ft krb5_error_code
-.Fn "krb5_krbhst_next" "krb5_context context" "krb5_krbhst_handle handle" "krb5_krbhst_info **host"
-.Ft krb5_error_code
-.Fn krb5_krbhst_next_as_string "krb5_context context" "krb5_krbhst_handle handle" "char *hostname" "size_t hostlen"
-.Ft void
-.Fn krb5_krbhst_reset "krb5_context context" "krb5_krbhst_handle handle"
-.Ft void
-.Fn krb5_krbhst_free "krb5_context context" "krb5_krbhst_handle handle"
-.Ft krb5_error_code
-.Fn krb5_krbhst_format_string "krb5_context context" "const krb5_krbhst_info *host" "char *hostname" "size_t hostlen"
-.Ft krb5_error_code
-.Fn krb5_krbhst_get_addrinfo "krb5_context context" "krb5_krbhst_info *host" "struct addrinfo **ai"
-.Sh DESCRIPTION
-These functions are used to sequence through all Kerberos hosts of a
-particular realm and service. The service type can be the KDCs, the
-administrative servers, the password changing servers, or the servers
-for Kerberos 4 ticket conversion.
-.Pp
-First a handle to a particular service is obtained by calling
-.Fn krb5_krbhst_init
-(or
-.Fn krb5_krbhst_init_flags )
-with the
-.Fa realm
-of interest and the type of service to lookup. The
-.Fa type
-can be one of:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It KRB5_KRBHST_KDC
-.It KRB5_KRBHST_ADMIN
-.It KRB5_KRBHST_CHANGEPW
-.It KRB5_KRBHST_KRB524
-.El
-.Pp
-The
-.Fa handle
-is returned to the caller, and should be passed to the other
-functions.
-.Pp
-The
-.Fa flag
-argument to
-.Nm krb5_krbhst_init_flags
-is the same flags as
-.Fn krb5_send_to_kdc_flags
-uses.
-Possible values are:
-.Pp
-.Bl -tag -width KRB5_KRBHST_FLAGS_LARGE_MSG -compact -offset indent
-.It KRB5_KRBHST_FLAGS_MASTER
-only talk to master (readwrite) KDC
-.It KRB5_KRBHST_FLAGS_LARGE_MSG
-this is a large message, so use transport that can handle that.
-.El
-.Pp
-For each call to
-.Fn krb5_krbhst_next
-information on a new host is returned. The former function returns in
-.Fa host
-a pointer to a structure containing information about the host, such
-as protocol, hostname, and port:
-.Bd -literal -offset indent
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1];
-} krb5_krbhst_info;
-.Ed
-.Pp
-The related function,
-.Fn krb5_krbhst_next_as_string ,
-return the same information as a URL-like string.
-.Pp
-When there are no more hosts, these functions return
-.Dv KRB5_KDC_UNREACH .
-.Pp
-To re-iterate over all hosts, call
-.Fn krb5_krbhst_reset
-and the next call to
-.Fn krb5_krbhst_next
-will return the first host.
-.Pp
-When done with the handle,
-.Fn krb5_krbhst_free
-should be called.
-.Pp
-To use a
-.Va krb5_krbhst_info ,
-there are two functions:
-.Fn krb5_krbhst_format_string
-that will return a printable representation of that struct
-and
-.Fn krb5_krbhst_get_addrinfo
-that will return a
-.Va struct addrinfo
-that can then be used for communicating with the server mentioned.
-.Sh EXAMPLES
-The following code will print the KDCs of the realm
-.Dq MY.REALM :
-.Bd -literal -offset indent
-krb5_krbhst_handle handle;
-char host[MAXHOSTNAMELEN];
-krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
-while(krb5_krbhst_next_as_string(context, handle,
-				 host, sizeof(host)) == 0)
-    printf("%s\\n", host);
-krb5_krbhst_free(context, handle);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr getaddrinfo 3 ,
-.Xr krb5_get_krbhst 3 ,
-.Xr krb5_send_to_kdc_flags 3
-.Sh HISTORY
-These functions first appeared in Heimdal 0.3g.
diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3
deleted file mode 100644
index e5e5c99..0000000
--- a/crypto/heimdal/lib/krb5/krb5_kuserok.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_kuserok.3 15083 2005-05-04 12:11:22Z joda $
-.\"
-.Dd May 4, 2005
-.Dt KRB5_KUSEROK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kuserok
-.Nd "checks if a principal is permitted to login as a user"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_kuserok
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *user"
-.Fc
-.Sh DESCRIPTION
-This function takes the name of a local
-.Fa user
-and checks if
-.Fa principal
-is allowed to log in as that user.
-.Pp
-The
-.Fa user
-may have a
-.Pa ~/.k5login
-file listing principals that are allowed to login as that user. If
-that file does not exist, all principals with a first component
-identical to the username, and a realm considered local, are allowed
-access.
-.Pp
-The
-.Pa .k5login
-file must contain one principal per line, be owned by
-.Fa user ,
-and not be writable by group or other (but must be readable by
-anyone).
-.Pp
-Note that if the file exists, no implicit access rights are given to
-.Fa user Ns @ Ns Aq localrealm .
-.Pp
-Optionally, a set of files may be put in 
-.Pa ~/.k5login.d ( Ns
-a directory), in which case they will all be checked in the same
-manner as
-.Pa .k5login .
-The files may be called anything, but files starting with a hash
-.Dq ( # ) ,
-or ending with a tilde
-.Dq ( ~ )
-are ignored. Subdirectories are not traversed. Note that this
-directory may not be checked by other implementations.
-.Sh RETURN VALUES
-.Nm
-returns
-.Dv TRUE
-if access should be granted,
-.Dv FALSE
-otherwise.
-.Sh HISTORY
-The
-.Pa ~/.k5login.d
-feature appeared in Heimdal 0.7.
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5_verify_user_lrealm 3 ,
-.Xr krb5_verify_user_opt 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
deleted file mode 100644
index 8b7c41c..0000000
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */
-
-#ifndef __KRB5_LOCL_H__
-#define __KRB5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <errno.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <limits.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_PWD_H
-#undef _POSIX_PTHREAD_SEMANTICS
-/* This gets us the 5-arg getpwnam_r on Solaris 9.  */
-#define _POSIX_PTHREAD_SEMANTICS
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <time.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef _AIX
-struct ether_addr;
-struct mbuf;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-
-#ifdef HAVE_CRYPT_H
-#undef des_encrypt
-#define des_encrypt wingless_pigs_mostly_fail_to_fly
-#include <crypt.h>
-#undef des_encrypt
-#endif
-
-#ifdef HAVE_DOOR_CREATE
-#include <door.h>
-#endif
-
-#include <roken.h>
-#include <parse_time.h>
-#include <base64.h>
-
-#include "crypto-headers.h"
-
-
-#include <krb5_asn1.h>
-
-struct send_to_kdc;
-
-/* XXX glue for pkinit */
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-struct ContentInfo;
-typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
-struct krb5_dh_moduli;
-
-/* v4 glue */
-struct _krb5_krb_auth_data;
-
-#include <der.h>
-
-#include <krb5.h>
-#include <krb5_err.h>
-#include <asn1_err.h>
-#ifdef PKINIT
-#include <hx509_err.h>
-#endif
-#include <krb5-private.h>
-
-#include "heim_threads.h"
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
-
-/* should this be public? */
-#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
-#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
-
-#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#define KRB5_BUFSIZ 1024
-
-typedef enum {
-    KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
-    KRB5_INIT_CREDS_TRISTATE_TRUE,
-    KRB5_INIT_CREDS_TRISTATE_FALSE
-} krb5_get_init_creds_tristate;
-
-struct _krb5_get_init_creds_opt_private {
-    int refcount;
-    /* ENC_TIMESTAMP */
-    const char *password;
-    krb5_s2k_proc key_proc;
-    /* PA_PAC_REQUEST */
-    krb5_get_init_creds_tristate req_pac;
-    /* PKINIT */
-    krb5_pk_init_ctx pk_init_ctx;
-    KRB_ERROR *error;
-    krb5_get_init_creds_tristate addressless;
-    int flags;
-#define KRB5_INIT_CREDS_CANONICALIZE		1
-#define KRB5_INIT_CREDS_NO_C_CANON_CHECK	2
-};
-
-typedef struct krb5_context_data {
-    krb5_enctype *etypes;
-    krb5_enctype *etypes_des;
-    char **default_realms;
-    time_t max_skew;
-    time_t kdc_timeout;
-    unsigned max_retries;
-    int32_t kdc_sec_offset;
-    int32_t kdc_usec_offset;
-    krb5_config_section *cf;
-    struct et_list *et_list;
-    struct krb5_log_facility *warn_dest;
-    krb5_cc_ops *cc_ops;
-    int num_cc_ops;
-    const char *http_proxy;
-    const char *time_fmt;
-    krb5_boolean log_utc;
-    const char *default_keytab;
-    const char *default_keytab_modify;
-    krb5_boolean use_admin_kdc;
-    krb5_addresses *extra_addresses;
-    krb5_boolean scan_interfaces;	/* `ifconfig -a' */
-    krb5_boolean srv_lookup;		/* do SRV lookups */
-    krb5_boolean srv_try_txt;		/* try TXT records also */
-    int32_t fcache_vno;			/* create cache files w/ this
-                                           version */
-    int num_kt_types;			/* # of registered keytab types */
-    struct krb5_keytab_data *kt_types;  /* registered keytab types */
-    const char *date_fmt;
-    char *error_string;
-    char error_buf[256];
-    krb5_addresses *ignore_addresses;
-    char *default_cc_name;
-    char *default_cc_name_env;
-    int default_cc_name_set;
-    void *mutex;			/* protects error_string/error_buf */
-    int large_msg_size;
-    int flags;
-#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME	1
-#define KRB5_CTX_F_CHECK_PAC			2
-    struct send_to_kdc *send_to_kdc;
-} krb5_context_data;
-
-#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
-#define KRB5_DEFAULT_CCNAME_API "API:"
-#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
-
-#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH		1
-#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH		2
-#define EXTRACT_TICKET_MATCH_REALM			4
-
-/*
- * Configurable options
- */
-
-#ifndef KRB5_DEFAULT_CCTYPE
-#ifdef __APPLE__
-#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
-#else
-#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
-#endif
-#endif
-
-#ifndef KRB5_ADDRESSLESS_DEFAULT
-#define KRB5_ADDRESSLESS_DEFAULT TRUE
-#endif
-
-#endif /* __KRB5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5_mk_req.3 b/crypto/heimdal/lib/krb5/krb5_mk_req.3
deleted file mode 100644
index e37d8e7..0000000
--- a/crypto/heimdal/lib/krb5/krb5_mk_req.3
+++ /dev/null
@@ -1,187 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_mk_req.3 16100 2005-09-26 05:38:55Z lha $
-.\"
-.Dd August 27, 2005
-.Dt KRB5_MK_REQ 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_mk_req ,
-.Nm krb5_mk_req_exact ,
-.Nm krb5_mk_req_extended ,
-.Nm krb5_rd_req ,
-.Nm krb5_rd_req_with_keyblock ,
-.Nm krb5_mk_rep ,
-.Nm krb5_mk_rep_exact ,
-.Nm krb5_mk_rep_extended ,
-.Nm krb5_rd_rep ,
-.Nm krb5_build_ap_req ,
-.Nm krb5_verify_ap_req
-.Nd create and read application authentication request
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_mk_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_flags ap_req_options"
-.Fa "const char *service"
-.Fa "const char *hostname"
-.Fa "krb5_data *in_data"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_data *outbuf"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_mk_req_extended
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_flags ap_req_options"
-.Fa "krb5_data *in_data"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_data *outbuf"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rd_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_data *inbuf"
-.Fa "krb5_const_principal server"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_flags *ap_req_options"
-.Fa "krb5_ticket **ticket"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_build_ap_req
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_creds *cred"
-.Fa "krb5_flags ap_options"
-.Fa "krb5_data authenticator"
-.Fa "krb5_data *retdata"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_ap_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "krb5_ap_req *ap_req"
-.Fa "krb5_const_principal server"
-.Fa "krb5_keyblock *keyblock"
-.Fa "krb5_flags flags"
-.Fa "krb5_flags *ap_req_options"
-.Fa "krb5_ticket **ticket"
-.Fc
-.Sh DESCRIPTION
-The functions documented in this manual page document the functions
-that facilitates the exchange between a Kerberos client and server.
-They are the core functions used in the authentication exchange
-between the client and the server.
-.Pp
-The
-.Nm krb5_mk_req
-and
-.Nm krb5_mk_req_extended
-creates the Kerberos message
-.Dv KRB_AP_REQ
-that is sent from the client to the server as the first packet in a client/server exchange.  The result that should be sent to server is stored in
-.Fa outbuf .
-.Pp
-.Fa auth_context
-should be allocated with
-.Fn krb5_auth_con_init
-or
-.Dv NULL
-passed in, in that case, it will be allocated and freed internally.
-.Pp
-The input data 
-.Fa in_data
-will have a checksum calculated over it and checksum will be
-transported in the message to the server.
-.Pp
-.Fa ap_req_options
-can be set to one or more of the following flags:
-.Pp
-.Bl -tag -width indent
-.It Dv AP_OPTS_USE_SESSION_KEY
-Use the session key when creating the request, used for user to user
-authentication.
-.It Dv AP_OPTS_MUTUAL_REQUIRED
-Mark the request as mutual authenticate required so that the receiver
-returns a mutual authentication packet.
-.El
-.Pp
-The
-.Nm krb5_rd_req
-read the AP_REQ in
-.Fa inbuf
-and verify and extract the content.
-If
-.Fa server
-is specified, that server will be fetched from the
-.Fa keytab
-and used unconditionally.
-If
-.Fa server
-is
-.Dv NULL ,
-the
-.Fa keytab
-will be search for a matching principal.
-.Pp
-The
-.Fa keytab
-argument specifies what keytab to search for receiving principals.
-The arguments
-.Fa ap_req_options
-and
-.Fa ticket
-returns the content.
-.Pp
-When the AS-REQ is a user to user request, neither of
-.Fa keytab
-or
-.Fa principal
-are used, instead
-.Fn krb5_rd_req
-expects the session key to be set in
-.Fa auth_context .
-.Pp
-The
-.Nm krb5_verify_ap_req
-and
-.Nm krb5_build_ap_req
-both constructs and verify the AP_REQ message, should not be used by
-external code.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_mk_safe.3 b/crypto/heimdal/lib/krb5/krb5_mk_safe.3
deleted file mode 100644
index 25b6541..0000000
--- a/crypto/heimdal/lib/krb5/krb5_mk_safe.3
+++ /dev/null
@@ -1,82 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_mk_safe.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_MK_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_mk_safe ,
-.Nm krb5_mk_priv
-.Nd generates integrity protected and/or encrypted messages
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fn krb5_mk_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Ft krb5_error_code
-.Fn krb5_mk_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Sh DESCRIPTION
-.Fn krb5_mk_safe
-and
-.Fn krb5_mk_priv
-formats
-.Li KRB-SAFE
-(integrity protected)
-and
-.Li KRB-PRIV
-(also encrypted)
-messages into
-.Fa outbuf .
-The actual message data is taken from
-.Fa userdata .
-If the
-.Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_DO_TIME
-flags are set in the
-.Fa auth_context ,
-sequence numbers and time stamps are generated.
-If the
-.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_RET_TIME
-flags are set
-they are also returned in the
-.Fa outdata
-parameter.
-.Sh SEE ALSO
-.Xr krb5_auth_con_init 3 ,
-.Xr krb5_rd_priv 3 ,
-.Xr krb5_rd_safe 3
diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3
deleted file mode 100644
index 4acad41..0000000
--- a/crypto/heimdal/lib/krb5/krb5_openlog.3
+++ /dev/null
@@ -1,242 +0,0 @@
-.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_openlog.3 12329 2003-05-26 14:09:04Z lha $
-.Dd August 6, 1997
-.Dt KRB5_OPENLOG 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_initlog ,
-.Nm krb5_openlog ,
-.Nm krb5_closelog ,
-.Nm krb5_addlog_dest ,
-.Nm krb5_addlog_func ,
-.Nm krb5_log ,
-.Nm krb5_vlog ,
-.Nm krb5_log_msg ,
-.Nm krb5_vlog_msg
-.Nd Heimdal logging functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
-.Ft krb5_error_code
-.Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
-.Ft krb5_error_code
-.Fn krb5_addlog_func "krb5_context context" "krb5_log_facility *facility" "int min" "int max" "krb5_log_log_func_t log" "krb5_log_close_func_t close" "void *data"
-.Ft krb5_error_code
-.Fn krb5_closelog "krb5_context context" "krb5_log_facility *facility"
-.Ft krb5_error_code
-.Fn krb5_initlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_log "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_log_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_openlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_vlog "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "va_list arglist"
-.Ft krb5_error_code
-.Fn krb5_vlog_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "va_list arglist"
-.Sh DESCRIPTION
-These functions logs messages to one or more destinations.
-.Pp
-The
-.Fn krb5_openlog
-function creates a logging
-.Fa facility ,
-that is used to log messages. A facility consists of one or more
-destinations (which can be files or syslog or some other device). The
-.Fa program
-parameter should be the generic name of the program that is doing the
-logging. This name is used to lookup which destinations to use. This
-information is contained in the
-.Li logging
-section of the
-.Pa krb5.conf
-configuration file.  If no entry is found for
-.Fa program ,
-the entry for
-.Li default
-is used, or if that is missing too,
-.Li SYSLOG
-will be used as destination.
-.Pp
-To close a logging facility, use the
-.Fn krb5_closelog
-function.
-.Pp
-To log a message to a facility use one of the functions
-.Fn krb5_log ,
-.Fn krb5_log_msg ,
-.Fn krb5_vlog ,
-or
-.Fn krb5_vlog_msg .
-The functions ending in
-.Li _msg
-return in
-.Fa reply
-a pointer to the message that just got logged. This string is allocated,
-and should be freed with
-.Fn free .
-The
-.Fa format
-is a standard
-.Fn printf
-style format string (but see the BUGS section).
-.Pp
-If you want better control of where things gets logged, you can instead of using
-.Fn krb5_openlog
-call
-.Fn krb5_initlog ,
-which just initializes a facility, but doesn't define any actual logging
-destinations. You can then add destinations with the
-.Fn krb5_addlog_dest
-and
-.Fn krb5_addlog_func
-functions.  The first of these takes a string specifying a logging
-destination, and adds this to the facility. If you want to do some
-non-standard logging you can use the
-.Fn krb5_addlog_func
-function, which takes a function to use when logging.
-The
-.Fa log
-function is called for each message with
-.Fa time
-being a string specifying the current time, and
-.Fa message
-the message to log.
-.Fa close
-is called when the facility is closed. You can pass application specific data in the
-.Fa data
-parameter. The
-.Fa min
-and
-.Fa max
-parameter are the same as in a destination (defined below). To specify a
-max of infinity, pass -1.
-.Pp
-.Fn krb5_openlog
-calls
-.Fn krb5_initlog
-and then calls
-.Fn krb5_addlog_dest
-for each destination found.
-.Ss Destinations
-The defined destinations (as specified in
-.Pa krb5.conf )
-follows:
-.Bl -tag -width "xxx" -offset indent
-.It Li STDERR
-This logs to the program's stderr.
-.It Li FILE: Ns Pa /file
-.It Li FILE= Ns Pa /file
-Log to the specified file. The form using a colon appends to the file, the
-form with an equal truncates the file. The truncating form keeps the file
-open, while the appending form closes it after each log message (which
-makes it possible to rotate logs). The truncating form is mainly for
-compatibility with the MIT libkrb5.
-.It Li DEVICE= Ns Pa /device
-This logs to the specified device, at present this is the same as
-.Li FILE:/device .
-.It Li CONSOLE
-Log to the console, this is the same as
-.Li DEVICE=/dev/console .
-.It Li SYSLOG Ns Op :priority Ns Op :facility
-Send messages to the syslog system, using priority, and facility. To
-get the name for one of these, you take the name of the macro passed
-to
-.Xr syslog 3 ,
-and remove the leading
-.Li LOG_
-.No ( Li LOG_NOTICE
-becomes
-.Li NOTICE ) .
-The default values (as well as the values used for unrecognised
-values), are
-.Li ERR ,
-and
-.Li AUTH ,
-respectively.  See
-.Xr syslog 3
-for a list of priorities and facilities.
-.El
-.Pp
-Each destination may optionally be prepended with a range of logging
-levels, specified as
-.Li min-max/ .
-If the
-.Fa level
-parameter to
-.Fn krb5_log
-is within this range (inclusive) the message gets logged to this
-destination, otherwise not. Either of the min and max valued may be
-omitted, in this case min is assumed to be zero, and max is assumed to be
-infinity.  If you don't include a dash, both min and max gets set to the
-specified value. If no range is specified, all messages gets logged.
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[logging]
-	kdc = 0/FILE:/var/log/kdc.log
-	kdc = 1-/SYSLOG:INFO:USER
-	default = STDERR
-.Ed
-.Pp
-This will log all messages from the
-.Nm kdc
-program with level 0 to
-.Pa /var/log/kdc.log ,
-other messages will be logged to syslog with priority
-.Li LOG_INFO ,
-and facility
-.Li LOG_USER .
-All other programs will log all messages to their stderr.
-.Sh SEE ALSO
-.Xr syslog 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-These functions use
-.Fn asprintf
-to format the message. If your operating system does not have a working
-.Fn asprintf ,
-a replacement will be used. At present this replacement does not handle
-some correct conversion specifications (like floating point numbers). Until
-this is fixed, the use of these conversions should be avoided.
-.Pp
-If logging is done to the syslog facility, these functions might not be
-thread-safe, depending on the implementation of
-.Fn openlog ,
-and
-.Fn syslog .
diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3
deleted file mode 100644
index e876ee3..0000000
--- a/crypto/heimdal/lib/krb5/krb5_parse_name.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_parse_name.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_PARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_parse_name
-.Nd string to principal conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-.Sh DESCRIPTION
-.Fn krb5_parse_name
-converts a string representation of a principal name to
-.Nm krb5_principal .
-The
-.Fa principal
-will point to allocated data that should be freed with
-.Fn krb5_free_principal .
-.Pp
-The string should consist of one or more name components separated with slashes
-.Pq Dq / ,
-optionally followed with an
-.Dq @
-and a realm name. A slash or @ may be contained in a name component by
-quoting it with a backslash
-.Pq Dq \e .
-A realm should not contain slashes or colons.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_principal.3 b/crypto/heimdal/lib/krb5/krb5_principal.3
deleted file mode 100644
index 1b0c2da..0000000
--- a/crypto/heimdal/lib/krb5/krb5_principal.3
+++ /dev/null
@@ -1,384 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_principal.3 21255 2007-06-21 04:36:31Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_default_principal ,
-.Nm krb5_principal ,
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_copy_principal ,
-.Nm krb5_free_principal ,
-.Nm krb5_make_principal ,
-.Nm krb5_parse_name ,
-.Nm krb5_parse_name_flags ,
-.Nm krb5_parse_nametype ,
-.Nm krb5_princ_realm ,
-.Nm krb5_princ_set_realm ,
-.Nm krb5_principal_compare ,
-.Nm krb5_principal_compare_any_realm ,
-.Nm krb5_principal_get_comp_string ,
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_type ,
-.Nm krb5_principal_match ,
-.Nm krb5_principal_set_type ,
-.Nm krb5_realm_compare ,
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal ,
-.Nm krb5_unparse_name ,
-.Nm krb5_unparse_name_flags ,
-.Nm krb5_unparse_name_fixed ,
-.Nm krb5_unparse_name_fixed_flags ,
-.Nm krb5_unparse_name_fixed_short ,
-.Nm krb5_unparse_name_short
-.Nd Kerberos 5 principal handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_principal ;
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Ft krb5_error_code
-.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_parse_name_flags "krb5_context context" "const char *name" "int flags" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name" "krb5_context context" "krb5_const_principal principal" "char **name"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name_flags" "krb5_context context" "krb5_const_principal principal" "int flags" "char **name"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed_flags "krb5_context context" "krb5_const_principal principal" "int flags" "char *name" "size_t len"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name_short" "krb5_context context" "krb5_const_principal principal" "char **name"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed_short "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
-.Ft krb5_realm *
-.Fn krb5_princ_realm "krb5_context context" "krb5_principal principal"
-.Ft void
-.Fn krb5_princ_set_realm "krb5_context context" "krb5_principal principal" "krb5_realm *realm"
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn "krb5_build_principal_ext" "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_copy_principal "krb5_context context" "krb5_const_principal inprinc" "krb5_principal *outprinc"
-.Ft krb5_boolean
-.Fn krb5_principal_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft krb5_boolean
-.Fn krb5_principal_compare_any_realm "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_const_principal principal" "unsigned int component"
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_const_principal principal"
-.Ft int
-.Fn krb5_principal_get_type "krb5_context context" "krb5_const_principal principal"
-.Ft krb5_boolean
-.Fn krb5_principal_match "krb5_context context" "krb5_const_principal principal" "krb5_const_principal pattern"
-.Ft void
-.Fn krb5_principal_set_type "krb5_context context" "krb5_principal principal" "int type"
-.Ft krb5_boolean
-.Fn krb5_realm_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal  "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *ret_princ"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_get_default_principal "krb5_context context" "krb5_principal *princ"
-.Ft krb5_error_code
-.Fn krb5_parse_nametype "krb5_context context" "const char *str" "int32_t *type"
-.Sh DESCRIPTION
-.Li krb5_principal
-holds the name of a user or service in Kerberos.
-.Pp
-A principal has two parts, a
-.Li PrincipalName
-and a
-.Li realm .
-The PrincipalName consists of one or more components. In printed form,
-the components are separated by /.
-The PrincipalName also has a name-type.
-.Pp
-Examples of a principal are
-.Li nisse/root@EXAMPLE.COM
-and
-.Li host/datan.kth.se@KTH.SE .
-.Fn krb5_parse_name
-and
-.Fn krb5_parse_name_flags
-passes a principal name in
-.Fa name
-to the kerberos principal structure.
-.Fn krb5_parse_name_flags
-takes an extra
-.Fa flags
-argument the following flags can be passed in
-.Bl -tag -width Ds
-.It Dv KRB5_PRINCIPAL_PARSE_NO_REALM
-requries the input string to be without a realm, and no realm is
-stored in the
-.Fa principal
-return argument.
-.It Dv KRB5_PRINCIPAL_PARSE_MUST_REALM
-requries the input string to with a realm.
-.El
-.Pp
-.Fn krb5_unparse_name
-and
-.Fn krb5_unparse_name_flags
-prints the principal
-.Fa princ
-to the string
-.Fa name .
-.Fa name
-should be freed with
-.Xr free 3 .
-To the 
-.Fa flags
-argument the following flags can be passed in
-.Bl -tag -width Ds
-.It Dv KRB5_PRINCIPAL_UNPARSE_SHORT
-no realm if the realm is one of the local realms.
-.It Dv KRB5_PRINCIPAL_UNPARSE_NO_REALM
-never include any realm in the principal name.
-.It Dv KRB5_PRINCIPAL_UNPARSE_DISPLAY
-don't quote
-.El
-On failure
-.Fa name
-is set to
-.Dv NULL .
-.Fn krb5_unparse_name_fixed
-and
-.Fn krb5_unparse_name_fixed_flags
-behaves just like
-.Fn krb5_unparse ,
-but instead unparses the principal into a fixed size buffer.
-.Pp
-.Fn krb5_unparse_name_short
-just returns the principal without the realm if the principal is
-in the default realm. If the principal isn't, the full name is
-returned.
-.Fn krb5_unparse_name_fixed_short
-works just like
-.Fn krb5_unparse_name_short
-but on a fixed size buffer.
-.Pp
-.Fn krb5_build_principal
-builds a principal from the realm
-.Fa realm
-that has the length
-.Fa rlen .
-The following arguments form the components of the principal.
-The list of components is terminated with
-.Dv NULL .
-.Pp
-.Fn krb5_build_principal_va
-works like
-.Fn krb5_build_principal
-using vargs.
-.Pp
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-take a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-.Fn krb5_make_principal
-works the same way as
-.Fn krb5_build_principal ,
-except it figures out the length of the realm itself.
-.Pp
-.Fn krb5_copy_principal
-makes a copy of a principal.
-The copy needs to be freed with
-.Fn krb5_free_principal .
-.Pp
-.Fn krb5_principal_compare
-compares the two principals, including realm of the principals and returns
-.Dv TRUE
-if they are the same and
-.Dv FALSE
-if not.
-.Pp
-.Fn krb5_principal_compare_any_realm
-works the same way as
-.Fn krb5_principal_compare
-but doesn't compare the realm component of the principal.
-.Pp
-.Fn krb5_realm_compare
-compares the realms of the two principals and returns
-.Dv TRUE
-is they are the same, and
-.Dv FALSE
-if not.
-.Pp
-.Fn krb5_principal_match
-matches a
-.Fa principal
-against a
-.Fa pattern .
-The pattern is a globbing expression, where each component (separated
-by /) is matched against the corresponding component of the principal.
-.Pp
-The
-.Fn krb5_principal_get_realm
-and
-.Fn krb5_principal_get_comp_string
-functions return parts of the
-.Fa principal ,
-either the realm or a specific component.
-Both functions return string pointers to data inside the principal, so
-they are valid only as long as the principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the index of the component to return, from zero to the total number of
-components minus one. If the index is out of range
-.Dv NULL
-is returned.
-.Pp
-.Fn krb5_principal_get_realm
-and
-.Fn krb5_principal_get_comp_string
-are replacements for
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as internal in the MIT API
-specification.
-Unlike the macros, these functions return strings, not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Pp
-.Fn krb5_principal_get_type
-and
-.Fn krb5_principal_set_type
-get and sets the name type for a principal.
-Name type handling is tricky and not often needed,
-don't use this unless you know what you do.
-.Pp
-.Fn krb5_princ_realm
-returns the realm component of the principal.
-The caller must not free realm unless
-.Fn krb5_princ_set_realm
-is called to set a new realm after freeing the realm.
-.Fn krb5_princ_set_realm
-sets the realm component of a principal. The old realm is not freed.
-.Pp
-.Fn krb5_sname_to_principal
-and
-.Fn krb5_sock_to_principal
-are for easy creation of
-.Dq service
-principals that can, for instance, be used to lookup a key in a keytab.
-For both functions the
-.Fa sname
-parameter will be used for the first component of the created principal.
-If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Pp
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component.
-If
-.Fa type
-is
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname
-is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-or
-.Dv AF_INET6
-socket.
-There must be a mapping between the address and
-.Dq sockname .
-The function may try to resolve the name in DNS.
-.Pp
-.Fn krb5_get_default_principal
-tries to find out what's a reasonable default principal by looking at
-the environment it is running in.
-.Pp
-.Fn krb5_parse_nametype
-parses and returns the name type integer value in
-.Fa type .
-On failure the function returns an error code and set the error
-string.
-.\" .Sh EXAMPLES
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_config 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-You can not have a NUL in a component in some of the variable argument
-functions above.
-Until someone can give a good example of where it would be a good idea
-to have NUL's in a component, this will not be fixed.
diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
deleted file mode 100644
index 1ece798..0000000
--- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd June 20, 2001
-.Dt KRB5_PRINCIPAL_GET_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_comp_string
-.Nd decompose a principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
-.Sh DESCRIPTION
-These functions return parts of the
-.Fa principal ,
-either the realm or a specific component. The returned string points
-to data inside the principal, so they are valid only as long as the
-principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range,
-.Dv NULL
-is returned.
-.Pp
-These functions can be seen as a replacement for the
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as intermal in the MIT API
-specification. A difference is that these functions return strings,
-not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Sh SEE ALSO
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_rcache.3 b/crypto/heimdal/lib/krb5/krb5_rcache.3
deleted file mode 100644
index 0b7e83a..0000000
--- a/crypto/heimdal/lib/krb5/krb5_rcache.3
+++ /dev/null
@@ -1,163 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rcache.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_RCACHE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rcache ,
-.Nm krb5_rc_close ,
-.Nm krb5_rc_default ,
-.Nm krb5_rc_default_name ,
-.Nm krb5_rc_default_type ,
-.Nm krb5_rc_destroy ,
-.Nm krb5_rc_expunge ,
-.Nm krb5_rc_get_lifespan ,
-.Nm krb5_rc_get_name ,
-.Nm krb5_rc_get_type ,
-.Nm krb5_rc_initialize ,
-.Nm krb5_rc_recover ,
-.Nm krb5_rc_resolve ,
-.Nm krb5_rc_resolve_full ,
-.Nm krb5_rc_resolve_type ,
-.Nm krb5_rc_store ,
-.Nm krb5_get_server_rcache
-.Nd Kerberos 5 replay cache
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_rcache;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_rc_close
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_default
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_rc_default_name
-.Fa "krb5_context context"
-.Fc
-.Ft "const char *"
-.Fo krb5_rc_default_type
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_destroy
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_expunge
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_get_lifespan
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_deltat *auth_lifespan"
-.Fc
-.Ft "const char*"
-.Fo krb5_rc_get_name
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft "const char*"
-.Fo "krb5_rc_get_type"
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_initialize
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_deltat auth_lifespan"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_recover
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "const char *name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve_full
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fa "const char *string_name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve_type
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fa "const char *type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_store
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_donot_replay *rep"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_server_rcache
-.Fa "krb5_context context"
-.Fa "const krb5_data *piece"
-.Fa "krb5_rcache *id"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_rcache
-structure holds a storage element that is used for data manipulation.
-The structure contains no public accessible elements.
-.Pp
-.Fn krb5_rc_initialize
-Creates the reply cache
-.Fa id
-and sets it lifespan to
-.Fa auth_lifespan .
-If the cache already exists, the content is destroyed.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_rd_error.3 b/crypto/heimdal/lib/krb5/krb5_rd_error.3
deleted file mode 100644
index 00203cd..0000000
--- a/crypto/heimdal/lib/krb5/krb5_rd_error.3
+++ /dev/null
@@ -1,98 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rd_error.3 21059 2007-06-12 17:52:46Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_RD_ERROR 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rd_error ,
-.Nm krb5_free_error ,
-.Nm krb5_free_error_contents ,
-.Nm krb5_error_from_rd_error
-.Nd parse, free and read error from KRB-ERROR message
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_rd_error
-.Fa "krb5_context context"
-.Fa "const krb5_data *msg"
-.Fa "KRB_ERROR *result"
-.Fc
-.Ft void
-.Fo krb5_free_error
-.Fa "krb5_context context"
-.Fa "krb5_error *error"
-.Fc
-.Ft void
-.Fo krb5_free_error_contents
-.Fa "krb5_context context"
-.Fa "krb5_error *error"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_error_from_rd_error
-.Fa "krb5_context context"
-.Fa "const krb5_error *error"
-.Fa "const krb5_creds *creds"
-.Fc
-.Sh DESCRIPTION
-Usually applications never needs to parse and understand Kerberos
-error messages since higher level functions will parse and push up the
-error in the krb5_context.
-These functions are described for completeness.
-.Pp
-.Fn krb5_rd_error
-parses and returns the kerboeros error message, the structure should be freed with
-.Fn krb5_free_error_contents
-when the caller is done with the structure.
-.Pp
-.Fn krb5_free_error
-frees the content and the memory region holding the structure iself.
-.Pp
-.Fn krb5_free_error_contents
-free the content of the KRB-ERROR message.
-.Pp
-.Fn krb5_error_from_rd_error
-will parse the error message and set the error buffer in krb5_context
-to the error string passed back or the matching error code in the
-KRB-ERROR message.
-Caller should pick up the message with
-.Fn krb5_get_error_string 3
-(don't forget to free the returned string with
-.Fn krb5_free_error_string ) .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_set_error_string 3 ,
-.Xr krb5_get_error_string 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_rd_safe.3 b/crypto/heimdal/lib/krb5/krb5_rd_safe.3
deleted file mode 100644
index d024ae4..0000000
--- a/crypto/heimdal/lib/krb5/krb5_rd_safe.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rd_safe.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_RD_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rd_safe ,
-.Nm krb5_rd_priv
-.Nd verifies authenticity of messages
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fn krb5_rd_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Ft krb5_error_code
-.Fn krb5_rd_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Sh DESCRIPTION
-.Fn krb5_rd_safe
-and
-.Fn krb5_rd_priv
-parses
-.Li KRB-SAFE
-and
-.Li KRB-PRIV
-messages (as generated by
-.Xr krb5_mk_safe 3
-and
-.Xr krb5_mk_priv 3 )
-from
-.Fa inbuf
-and verifies its integrity. The user data part of the message in put
-in
-.Fa outbuf .
-The encryption state, including keyblocks and addresses, is taken from
-.Fa auth_context .
-If the
-.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_RET_TIME
-flags are set in the
-.Fa auth_context
-the sequence number and time are returned in the
-.Fa outdata
-parameter.
-.Sh SEE ALSO
-.Xr krb5_auth_con_init 3 ,
-.Xr krb5_mk_priv 3 ,
-.Xr krb5_mk_safe 3
diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
deleted file mode 100644
index 27467d8..0000000
--- a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
+++ /dev/null
@@ -1,164 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_set_default_realm.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd April 24, 2005
-.Dt KRB5_SET_DEFAULT_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_copy_host_realm ,
-.Nm krb5_free_host_realm ,
-.Nm krb5_get_default_realm ,
-.Nm krb5_get_default_realms ,
-.Nm krb5_get_host_realm ,
-.Nm krb5_set_default_realm
-.Nd default and host realm read and manipulation routines
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_copy_host_realm
-.Fa "krb5_context context"
-.Fa "const krb5_realm *from"
-.Fa "krb5_realm **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_host_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realmlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realms
-.Fa "krb5_context context"
-.Fa "krb5_realm **realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_host_realm
-.Fa "krb5_context context"
-.Fa "const char *host"
-.Fa "krb5_realm **realms"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_default_realm
-.Fa "krb5_context context"
-.Fa "const char *realm"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_copy_host_realm
-copies the list of realms from
-.Fa from
-to
-.Fa to .
-.Fa to
-should be freed by the caller using
-.Fa krb5_free_host_realm .
-.Pp
-.Fn krb5_free_host_realm
-frees all memory allocated by
-.Fa realmlist .
-.Pp
-.Fn krb5_get_default_realm
-returns the first default realm for this host.
-The realm returned should be freed with
-.Fn free .
-.Pp
-.Fn krb5_get_default_realms
-returns a
-.Dv NULL
-terminated list of default realms for this context.
-Realms returned by
-.Fn krb5_get_default_realms
-should be freed with
-.Fn krb5_free_host_realm .
-.Pp
-.Fn krb5_get_host_realm
-returns a
-.Dv NULL
-terminated list of realms for
-.Fa host
-by looking up the information in the
-.Li [domain_realm]
-in
-.Pa krb5.conf
-or in
-.Li DNS .
-If the mapping in
-.Li [domain_realm]
-results in the string
-.Li dns_locate ,
-DNS is used to lookup the realm.
-.Pp
-When using
-.Li DNS
-to a resolve the domain for the host a.b.c,
-.Fn krb5_get_host_realm
-looks for a
-.Dv TXT
-resource record named
-.Li _kerberos.a.b.c ,
-and if not found, it strips off the first component and tries a again
-(_kerberos.b.c) until it reaches the root.
-.Pp
-If there is no configuration or DNS information found,
-.Fn krb5_get_host_realm
-assumes it can use the domain part of the
-.Fa host
-to form a realm.
-Caller must free
-.Fa realmlist
-with
-.Fn krb5_free_host_realm .
-.Pp
-.Fn krb5_set_default_realm
-sets the default realm for the
-.Fa context .
-If
-.Dv NULL
-is used as a
-.Fa realm ,
-the
-.Li [libdefaults]default_realm
-stanza in
-.Pa krb5.conf
-is used.
-If there is no such stanza in the configuration file, the
-.Fn krb5_get_host_realm
-function is used to form a default realm.
-.Sh SEE ALSO
-.Xr free 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_set_password.3 b/crypto/heimdal/lib/krb5/krb5_set_password.3
deleted file mode 100644
index 45ed41d..0000000
--- a/crypto/heimdal/lib/krb5/krb5_set_password.3
+++ /dev/null
@@ -1,143 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_set_password.3 14052 2004-07-15 14:39:06Z lha $
-.\"
-.Dd July 15, 2004
-.Dt KRB5_SET_PASSWORD 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_change_password ,
-.Nm krb5_set_password ,
-.Nm krb5_set_password_using_ccache ,
-.Nm krb5_passwd_result_to_string
-.Nd change password functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_change_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "char *newpw"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "char *newpw"
-.Fa "krb5_principal targprinc"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_password_using_ccache
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "char *newpw"
-.Fa "krb5_principal targprinc"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft "const char *"
-.Fo krb5_passwd_result_to_string
-.Fa "krb5_context context"
-.Fa "int result"
-.Fc
-.Sh DESCRIPTION
-These functions change the password for a given principal.
-.Pp
-.Fn krb5_set_password
-and
-.Fn krb5_set_password_using_ccache
-are the newer of the three functions, and use a newer version of the
-protocol (and also fall back to the older set-password protocol if the
-newer protocol doesn't work).
-.Pp
-.Fn krb5_change_password
-sets the password
-.Fa newpasswd
-for the client principal in
-.Fa creds .
-The server principal of creds must be
-.Li kadmin/changepw .
-.Pp
-.Fn krb5_set_password
-and
-.Fn krb5_set_password_using_ccache
-change the password for the principal
-.Fa targprinc .
-.Pp
-.Fn krb5_set_password
-requires that the credential for
-.Li kadmin/changepw@REALM
-is in
-.Fa creds .
-If the user caller isn't an administrator, this credential
-needs to be an initial credential, see
-.Xr krb5_get_init_creds 3
-how to get such credentials.
-.Pp
-.Fn krb5_set_password_using_ccache
-will get the credential from
-.Fa ccache .
-.Pp
-If
-.Fa targprinc
-is
-.Dv NULL ,
-.Fn krb5_set_password_using_ccache
-uses the the default principal in
-.Fa ccache
-and
-.Fn krb5_set_password
-uses the global the default principal.
-.Pp
-All three functions return an error in
-.Fa result_code
-and maybe an error string to print in
-.Fa result_string .
-.Pp
-.Fn krb5_passwd_result_to_string
-returns an human readable string describing the error code in
-.Fa result_code
-from the
-.Fn krb5_set_password
-functions.
-.Sh SEE ALSO
-.Xr krb5_ccache 3 ,
-.Xr krb5_init_context 3
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
deleted file mode 100644
index 5724ce1..0000000
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal
-.Nd create a service principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Sh DESCRIPTION
-These functions create a
-.Dq service
-principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname
-parameter will be used for the first component of the created principal. If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component. If type
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-socket.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_storage.3 b/crypto/heimdal/lib/krb5/krb5_storage.3
deleted file mode 100644
index cc03c5b..0000000
--- a/crypto/heimdal/lib/krb5/krb5_storage.3
+++ /dev/null
@@ -1,427 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_storage.3 17884 2006-08-18 08:41:09Z lha $
-.\"
-.Dd Aug 18, 2006
-.Dt KRB5_STORAGE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_storage ,
-.Nm krb5_storage_emem ,
-.Nm krb5_storage_from_data ,
-.Nm krb5_storage_from_fd ,
-.Nm krb5_storage_from_mem ,
-.Nm krb5_storage_set_flags ,
-.Nm krb5_storage_clear_flags ,
-.Nm krb5_storage_is_flags ,
-.Nm krb5_storage_set_byteorder ,
-.Nm krb5_storage_get_byteorder ,
-.Nm krb5_storage_set_eof_code ,
-.Nm krb5_storage_seek ,
-.Nm krb5_storage_read ,
-.Nm krb5_storage_write ,
-.Nm krb5_storage_free ,
-.Nm krb5_storage_to_data ,
-.Nm krb5_store_int32 ,
-.Nm krb5_ret_int32 ,
-.Nm krb5_store_uint32 ,
-.Nm krb5_ret_uint32 ,
-.Nm krb5_store_int16 ,
-.Nm krb5_ret_int16 ,
-.Nm krb5_store_uint16 ,
-.Nm krb5_ret_uint16 ,
-.Nm krb5_store_int8 ,
-.Nm krb5_ret_int8 ,
-.Nm krb5_store_uint8 ,
-.Nm krb5_ret_uint8 ,
-.Nm krb5_store_data ,
-.Nm krb5_ret_data ,
-.Nm krb5_store_string ,
-.Nm krb5_ret_string ,
-.Nm krb5_store_stringnl ,
-.Nm krb5_ret_stringnl ,
-.Nm krb5_store_stringz ,
-.Nm krb5_ret_stringz ,
-.Nm krb5_store_principal ,
-.Nm krb5_ret_principal ,
-.Nm krb5_store_keyblock ,
-.Nm krb5_ret_keyblock ,
-.Nm krb5_store_times ,
-.Nm krb5_ret_times ,
-.Nm krb5_store_address ,
-.Nm krb5_ret_address ,
-.Nm krb5_store_addrs ,
-.Nm krb5_ret_addrs ,
-.Nm krb5_store_authdata ,
-.Nm krb5_ret_authdata ,
-.Nm krb5_store_creds ,
-.Nm krb5_ret_creds
-.Nd operates on the Kerberos datatype krb5_storage
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_storage;"
-.Pp
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_fd "int fd"
-.Ft "krb5_storage *"
-.Fn krb5_storage_emem "void"
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_mem "void *buf" "size_t len"
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_data "krb5_data *data"
-.Ft void
-.Fn krb5_storage_set_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft void
-.Fn krb5_storage_clear_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft krb5_boolean
-.Fn krb5_storage_is_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft void
-.Fn krb5_storage_set_byteorder "krb5_storage *sp" "krb5_flags byteorder"
-.Ft krb5_flags
-.Fn krb5_storage_get_byteorder "krb5_storage *sp" "krb5_flags byteorder"
-.Ft void
-.Fn krb5_storage_set_eof_code "krb5_storage *sp" "int code"
-.Ft off_t
-.Fn krb5_storage_seek "krb5_storage *sp" "off_t offset" "int whence"
-.Ft krb5_ssize_t
-.Fn krb5_storage_read "krb5_storage *sp" "void *buf" "size_t len"
-.Ft krb5_ssize_t
-.Fn krb5_storage_write "krb5_storage *sp" "const void *buf" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_storage_free "krb5_storage *sp"
-.Ft krb5_error_code
-.Fn krb5_storage_to_data "krb5_storage *sp" "krb5_data *data"
-.Ft krb5_error_code
-.Fn krb5_store_int32 "krb5_storage *sp" "int32_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int32 "krb5_storage *sp" "int32_t *value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint32 "krb5_storage *sp" "uint32_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint32 "krb5_storage *sp" "uint32_t value"
-.Ft krb5_error_code
-.Fn krb5_store_int16 "krb5_storage *sp" "int16_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int16 "krb5_storage *sp" "int16_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint16 "krb5_storage *sp" "uint16_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint16 "krb5_storage *sp" "u_int16_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_int8 "krb5_storage *sp" "int8_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int8 "krb5_storage *sp" "int8_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint8 "krb5_storage *sp" "u_int8_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint8 "krb5_storage *sp" "u_int8_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_data "krb5_storage *sp" "krb5_data data"
-.Ft krb5_error_code
-.Fn krb5_ret_data "krb5_storage *sp" "krb5_data *data"
-.Ft krb5_error_code
-.Fn krb5_store_string "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_string "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_stringnl "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_stringnl "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_stringz "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_stringz "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_principal "krb5_storage *sp" "krb5_const_principal p"
-.Ft krb5_error_code
-.Fn krb5_ret_principal "krb5_storage *sp" "krb5_principal *princ"
-.Ft krb5_error_code
-.Fn krb5_store_keyblock "krb5_storage *sp" "krb5_keyblock p"
-.Ft krb5_error_code
-.Fn krb5_ret_keyblock "krb5_storage *sp" "krb5_keyblock *p"
-.Ft krb5_error_code
-.Fn krb5_store_times "krb5_storage *sp" "krb5_times times"
-.Ft krb5_error_code
-.Fn krb5_ret_times "krb5_storage *sp" "krb5_times *times"
-.Ft krb5_error_code
-.Fn krb5_store_address "krb5_storage *sp" "krb5_address p"
-.Ft krb5_error_code
-.Fn krb5_ret_address "krb5_storage *sp" "krb5_address *adr"
-.Ft krb5_error_code
-.Fn krb5_store_addrs "krb5_storage *sp" "krb5_addresses p"
-.Ft krb5_error_code
-.Fn krb5_ret_addrs "krb5_storage *sp" "krb5_addresses *adr"
-.Ft krb5_error_code
-.Fn krb5_store_authdata "krb5_storage *sp" "krb5_authdata auth"
-.Ft krb5_error_code
-.Fn krb5_ret_authdata "krb5_storage *sp" "krb5_authdata *auth"
-.Ft krb5_error_code
-.Fn krb5_store_creds "krb5_storage *sp" "krb5_creds *creds"
-.Ft krb5_error_code
-.Fn krb5_ret_creds "krb5_storage *sp" "krb5_creds *creds"
-.Sh DESCRIPTION
-The
-.Li krb5_storage
-structure holds a storage element that is used for data manipulation.
-The structure contains no public accessible elements.
-.Pp
-.Fn krb5_storage_emem
-create a memory based krb5 storage unit that dynamicly resized to the
-ammount of data stored in.
-The storage never returns errors, on memory allocation errors
-.Xr exit 3
-will be called.
-.Pp
-.Fn krb5_storage_from_data
-create a krb5 storage unit that will read is data from a
-.Li krb5_data .
-There is no copy made of the
-.Fa data ,
-so the caller must not free
-.Fa data
-until the storage is freed.
-.Pp
-.Fn krb5_storage_from_fd
-create a krb5 storage unit that will read is data from a
-file descriptor.
-The descriptor must be seekable if
-.Fn krb5_storage_seek
-is used.
-Caller must not free the file descriptor before the storage is freed.
-.Pp
-.Fn krb5_storage_from_mem
-create a krb5 storage unit that will read is data from a
-memory region.
-There is no copy made of the
-.Fa data ,
-so the caller must not free
-.Fa data
-until the storage is freed.
-.Pp
-.Fn krb5_storage_set_flags
-and
-.Fn krb5_storage_clear_flags
-modifies the behavior of the storage functions.
-.Fn krb5_storage_is_flags
-tests if the
-.Fa flags
-are set on the
-.Li krb5_storage .
-Valid flags to set, is and clear is are:
-.Pp
-.Bl -tag -width "Fan vet..." -compact -offset indent
-.It KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS
-Stores the number of principal componets one too many when storing
-principal namees, used for compatibility with version 1 of file
-keytabs and version 1 of file credential caches.
-.It KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE
-Doesn't store the name type in when storing a principal name, used for
-compatibility with version 1 of file keytabs and version 1 of file
-credential caches.
-.It KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE
-Stores the keyblock type twice storing a keyblock, used for
-compatibility version 3 of file credential caches.
-.It KRB5_STORAGE_BYTEORDER_MASK
-bitmask that can be used to and out what type of byte order order is used.
-.It KRB5_STORAGE_BYTEORDER_BE
-Store integers in in big endian byte order, this is the default mode.
-.It KRB5_STORAGE_BYTEORDER_LE
-Store integers in in little endian byte order.
-.It KRB5_STORAGE_BYTEORDER_HOST
-Stores the integers in host byte order, used for compatibility with
-version 1 of file keytabs and version 1 and 2 of file credential
-caches.
-.It KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
-Store the credential flags in a krb5_creds in the reverse bit order.
-.El
-.Pp
-.Fn krb5_storage_set_byteorder
-and
-.Fn krb5_storage_get_byteorder
-modifies the byte order used in the storage for integers.
-The flags used is same as above.
-The valid flags are
-.Dv KRB5_STORAGE_BYTEORDER_BE ,
-.Dv KRB5_STORAGE_BYTEORDER_LE
-and
-.Dv KRB5_STORAGE_BYTEORDER_HOST .
-.Pp
-.Fn krb5_storage_set_eof_code
-sets the error code that will be returned on end of file condition to
-.Fa code .
-.Pp
-.Fn krb5_storage_seek
-seeks
-.Fa offset
-bytes in the storage
-.Fa sp .
-The
-.Fa whence
-argument is one of
-.Bl -tag -width SEEK_SET -compact -offset indent
-.It SEEK_SET
-offset is from begining of storage.
-.It SEEK_CUR
-offset is relative from current offset.
-.It SEEK_END
-offset is from end of storage.
-.El
-.Pp
-.Fn krb5_storage_read
-reads
-.Fa len
-(or less bytes in case of end of file) into
-.Fa buf
-from the current offset in the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_write
-writes
-.Fa len
-or (less bytes in case of end of file) from
-.Fa buf
-from the current offset in the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_free
-frees the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_to_data
-converts the data in storage
-.Fa sp
-into a
-.Li krb5_data
-structure.
-.Fa data
-must be freed with
-.Fn krb5_data_free
-by the caller when done with the
-.Fa data .
-.Pp
-All
-.Li krb5_store
-and
-.Li krb5_ret
-functions move the current offset forward when the functions returns.
-.Pp
-.Fn krb5_store_int32 ,
-.Fn krb5_ret_int32 ,
-.Fn krb5_store_uint32 ,
-.Fn krb5_ret_uint32 ,
-.Fn krb5_store_int16 ,
-.Fn krb5_ret_int16 ,
-.Fn krb5_store_uint16 ,
-.Fn krb5_ret_uint16 ,
-.Fn krb5_store_int8 ,
-.Fn krb5_ret_int8 
-.Fn krb5_store_uint8 ,
-and
-.Fn krb5_ret_uint8 
-stores and reads an integer from
-.Fa sp
-in the byte order specified by the flags set on the
-.Fa sp .
-.Pp
-.Fn krb5_store_data
-and
-.Fn krb5_ret_data
-store and reads a krb5_data.
-The length of the data is stored with
-.Fn krb5_store_int32 .
-.Pp
-.Fn krb5_store_string
-and
-.Fn krb5_ret_string
-store and reads a string by storing the length of the string with
-.Fn krb5_store_int32
-followed by the string itself.
-.Pp
-.Fn krb5_store_stringnl
-and 
-.Fn krb5_ret_stringnl
-store and reads a string by storing string followed by a
-.Dv '\n' .
-.Pp
-.Fn krb5_store_stringz
-and 
-.Fn krb5_ret_stringz
-store and reads a string by storing string followed by a
-.Dv NUL .
-.Pp
-.Fn krb5_store_principal
-and
-.Fn krb5_ret_principal
-store and reads a principal.
-.Pp
-.Fn krb5_store_keyblock
-and
-.Fn krb5_ret_keyblock
-store and reads a
-.Li krb5_keyblock .
-.Pp
-.Fn krb5_store_times
-.Fn krb5_ret_times
-store and reads
-.Li krb5_times 
-structure .
-.Pp
-.Fn krb5_store_address
-and
-.Fn krb5_ret_address
-store and reads a 
-.Li krb5_address .
-.Pp
-.Fn krb5_store_addrs
-and
-.Fn krb5_ret_addrs
-store and reads a 
-.Li krb5_addresses .
-.Pp
-.Fn krb5_store_authdata
-and
-.Fn krb5_ret_authdata
-store and reads a
-.Li krb5_authdata .
-.Pp
-.Fn krb5_store_creds
-and
-.Fn krb5_ret_creds
-store and reads a
-.Li krb5_creds .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_string_to_key.3 b/crypto/heimdal/lib/krb5/krb5_string_to_key.3
deleted file mode 100644
index cf96f4e..0000000
--- a/crypto/heimdal/lib/krb5/krb5_string_to_key.3
+++ /dev/null
@@ -1,156 +0,0 @@
-.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_string_to_key.3 17820 2006-07-10 14:28:01Z lha $
-.\"
-.Dd July 10, 2006
-.Dt KRB5_STRING_TO_KEY 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_string_to_key ,
-.Nm krb5_string_to_key_data ,
-.Nm krb5_string_to_key_data_salt ,
-.Nm krb5_string_to_key_data_salt_opaque ,
-.Nm krb5_string_to_key_salt ,
-.Nm krb5_string_to_key_salt_opaque ,
-.Nm krb5_get_pw_salt ,
-.Nm krb5_free_salt
-.Nd turns a string to a Kerberos key
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_string_to_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_principal principal"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_principal principal"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data_salt
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_salt salt"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data_salt_opaque
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_salt salt"
-.Fa "krb5_data opaque"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_salt
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_salt salt"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_salt_opaque
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_salt salt"
-.Fa "krb5_data opaque"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_pw_salt
-.Fa "krb5_context context"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_salt *salt"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_salt
-.Fa "krb5_context context"
-.Fa "krb5_salt salt"
-.Fc
-.Sh DESCRIPTION
-The string to key functions convert a string to a kerberos key.
-.Pp
-.Fn krb5_string_to_key_data_salt_opaque
-is the function that does all the work, the rest of the functions are
-just wrapers around
-.Fn krb5_string_to_key_data_salt_opaque
-that calls it with default values.
-.Pp
-.Fn krb5_string_to_key_data_salt_opaque
-transforms the
-.Fa password
-with the given salt-string
-.Fa salt
-and the opaque, encryption type specific parameter
-.Fa opaque
-to a encryption key
-.Fa key
-according to the string to key function associated with
-.Fa enctype .
-.Pp
-The
-.Fa key
-should be freed with
-.Fn krb5_free_keyblock_contents .
-.Pp
-If one of the functions that doesn't take a
-.Li krb5_salt
-as it argument
-.Fn krb5_get_pw_salt
-is used to get the salt value.
-.Pp
-.Fn krb5_get_pw_salt
-get the default password salt for a principal, use
-.Fn krb5_free_salt
-to free the salt when done.
-.Pp
-.Fn krb5_free_salt
-frees the content of
-.Fa salt .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr krb5_keyblock 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ticket.3 b/crypto/heimdal/lib/krb5/krb5_ticket.3
deleted file mode 100644
index 4f6d45b..0000000
--- a/crypto/heimdal/lib/krb5/krb5_ticket.3
+++ /dev/null
@@ -1,137 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_ticket.3 19543 2006-12-28 20:48:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_TICKET 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_ticket ,
-.Nm krb5_free_ticket ,
-.Nm krb5_copy_ticket ,
-.Nm krb5_ticket_get_authorization_data_type ,
-.Nm krb5_ticket_get_client ,
-.Nm krb5_ticket_get_server ,
-.Nm krb5_ticket_get_endtime
-.Nd Kerberos 5 ticket access and handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_ticket ;
-.Pp
-.Ft krb5_error_code
-.Fo krb5_free_ticket
-.Fa "krb5_context context"
-.Fa "krb5_ticket *ticket"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_ticket
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *from"
-.Fa "krb5_ticket **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_authorization_data_type
-.Fa "krb5_context context"
-.Fa "krb5_ticket *ticket"
-.Fa "int type"
-.Fa "krb5_data *data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_client
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fa "krb5_principal *client"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_server
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fa "krb5_principal *server"
-.Fc
-.Ft time_t
-.Fo krb5_ticket_get_endtime
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fc
-.Sh DESCRIPTION
-.Li krb5_ticket
-holds a kerberos ticket.
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Pp
-.Fn krb5_free_ticket
-frees the
-.Fa ticket
-and its content.
-Used to free the result of
-.Fn krb5_copy_ticket
-and
-.Fn krb5_recvauth .
-.Pp
-.Fn krb5_copy_ticket
-copies the content of the ticket
-.Fa from
-to the ticket
-.Fa to .
-The result
-.Fa to
-should be freed with
-.Fn krb5_free_ticket .
-.Pp
-.Fn krb5_ticket_get_authorization_data_type
-fetches the authorization data of the type
-.Fa type
-from the
-.Fa ticket .
-If there isn't any authorization data of type
-.Fa type ,
-.Dv ENOENT
-is returned.
-.Fa data
-needs to be freed with
-.Fn krb5_data_free
-on success.
-.Pp
-.Fn krb5_ticket_get_client
-and
-.Fn krb5_ticket_get_server
-returns a copy of the client/server principal from the ticket.
-The principal returned should be free using
-.Xr krb5_free_principal 3 .
-.Pp
-.Fn krb5_ticket_get_endtime
-return the end time of the ticket.
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3
deleted file mode 100644
index 4163cc1..0000000
--- a/crypto/heimdal/lib/krb5/krb5_timeofday.3
+++ /dev/null
@@ -1,118 +0,0 @@
-.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $
-.\"
-.\" Copyright (c) 2001, 2003, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $
-.\"
-.Dd Sepember  16, 2006
-.Dt KRB5_TIMEOFDAY 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_timeofday ,
-.Nm krb5_set_real_time ,
-.Nm krb5_us_timeofday ,
-.Nm krb5_format_time ,
-.Nm krb5_string_to_deltat
-.Nd Kerberos 5 time handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_timestamp ;
-.Pp
-.Li krb5_deltat ;
-.Ft krb5_error_code
-.Fo krb5_set_real_time
-.Fa "krb5_context context"
-.Fa "krb5_timestamp sec"
-.Fa "int32_t usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_timeofday
-.Fa "krb5_context context"
-.Fa "krb5_timestamp *timeret"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_us_timeofday
-.Fa "krb5_context context"
-.Fa "krb5_timestamp *sec"
-.Fa "int32_t *usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_format_time
-.Fa "krb5_context context"
-.Fa "time_t t"
-.Fa "char *s"
-.Fa "size_t len"
-.Fa "krb5_boolean include_time"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_deltat
-.Fa "const char *string"
-.Fa "krb5_deltat *deltat"
-.Fc
-.Sh DESCRIPTION
-.Nm krb5_set_real_time
-sets the absolute time that the caller knows the KDC has.
-With this the Kerberos library can calculate the relative
-difference between the KDC time and the local system time and store it
-in the
-.Fa context .
-With this information the Kerberos library can adjust all time stamps
-in Kerberos packages.
-.Pp
-.Fn krb5_timeofday
-returns the current time, but adjusted with the time difference
-between the local host and the KDC.
-.Fn krb5_us_timeofday
-also returns microseconds.
-.Pp
-.Nm krb5_format_time
-formats the time
-.Fa t
-into the string
-.Fa s
-of length
-.Fa len .
-If
-.Fa include_time
-is set, the time is set include_time.
-.Pp
-.Nm krb5_string_to_deltat
-parses delta time
-.Fa string
-into
-.Fa deltat .
-.Sh SEE ALSO
-.Xr gettimeofday 2 ,
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
deleted file mode 100644
index 274d638..0000000
--- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_unparse_name.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_UNPARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_unparse_name
-.\" .Nm krb5_unparse_name_ext
-.Nd principal to string conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name"
-.\" .Ft krb5_error_code
-.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size"
-.Sh DESCRIPTION
-This function takes a
-.Fa principal ,
-and will convert in to a printable representation with the same syntax
-as described in
-.Xr krb5_parse_name 3 .
-.Fa *name
-will point to allocated data and should be freed by the caller.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3
diff --git a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3
deleted file mode 100644
index 9a34648..0000000
--- a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_verify_init_creds.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_VERIFY_INIT_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_verify_init_creds_opt_init ,
-.Nm krb5_verify_init_creds_opt_set_ap_req_nofail ,
-.Nm krb5_verify_init_creds
-.Nd "verifies a credential cache is correct by using a local keytab"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_verify_init_creds_opt;"
-.Ft void
-.Fo krb5_verify_init_creds_opt_init
-.Fa "krb5_verify_init_creds_opt *options"
-.Fc
-.Ft void
-.Fo krb5_verify_init_creds_opt_set_ap_req_nofail
-.Fa "krb5_verify_init_creds_opt *options"
-.Fa "int ap_req_nofail"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_init_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal ap_req_server"
-.Fa "krb5_ccache *ccache"
-.Fa "krb5_verify_init_creds_opt *options"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_verify_init_creds
-function verifies the initial tickets with the local keytab to make
-sure the response of the KDC was spoof-ed.
-.Pp
-.Nm krb5_verify_init_creds
-will use principal
-.Fa ap_req_server
-from the local keytab, if
-.Dv NULL
-is passed in, the code will guess the local hostname and use that to
-form host/hostname/GUESSED-REALM-FOR-HOSTNAME.
-.Fa creds
-is the credential that
-.Nm krb5_verify_init_creds
-should verify.
-If
-.Fa ccache
-is given
-.Fn krb5_verify_init_creds
-stores all credentials it fetched from the KDC there, otherwise it
-will use a memory credential cache that is destroyed when done.
-.Pp
-.Fn krb5_verify_init_creds_opt_init
-cleans the the structure, must be used before trying to pass it in to
-.Fn krb5_verify_init_creds .
-.Pp
-.Fn krb5_verify_init_creds_opt_set_ap_req_nofail
-controls controls the behavior if
-.Fa ap_req_server
-doesn't exists in the local keytab or in the KDC's database, if it's
-true, the error will be ignored.  Note that this use is possible
-insecure.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3
deleted file mode 100644
index 8086bc0..0000000
--- a/crypto/heimdal/lib/krb5/krb5_verify_user.3
+++ /dev/null
@@ -1,241 +0,0 @@
-.\" Copyright (c) 2001 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_verify_user.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_VERIFY_USER 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_verify_user ,
-.Nm krb5_verify_user_lrealm ,
-.Nm krb5_verify_user_opt ,
-.Nm krb5_verify_opt_init ,
-.Nm krb5_verify_opt_alloc ,
-.Nm krb5_verify_opt_free ,
-.Nm krb5_verify_opt_set_ccache ,
-.Nm krb5_verify_opt_set_flags ,
-.Nm krb5_verify_opt_set_service ,
-.Nm krb5_verify_opt_set_secure ,
-.Nm krb5_verify_opt_set_keytab
-.Nd Heimdal password verifying functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft krb5_error_code
-.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_init "krb5_verify_opt *opt"
-.Ft void
-.Fn krb5_verify_opt_alloc "krb5_verify_opt **opt"
-.Ft void
-.Fn krb5_verify_opt_free "krb5_verify_opt *opt"
-.Ft void
-.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
-.Ft void
-.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
-.Ft void
-.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
-.Ft void
-.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
-.Ft krb5_error_code
-.Fo krb5_verify_user_opt
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *password"
-.Fa "krb5_verify_opt *opt"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_verify_user
-function verifies the password supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-New tickets will be obtained as a side-effect and stored in
-.Fa ccache
-(if
-.Dv NULL ,
-the default ccache is used).
-.Fn krb5_verify_user
-will call
-.Fn krb5_cc_initialize
-on the given
-.Fa ccache ,
-so
-.Fa ccache
-must only initialized with
-.Fn krb5_cc_resolve
-or
-.Fn krb5_cc_gen_new .
-If the password is not supplied in
-.Fa password
-(and is given as
-.Dv NULL )
-the user will be prompted for it.
-If
-.Fa secure
-the ticket will be verified against the locally stored service key
-.Fa service
-(by default
-.Ql host
-if given as
-.Dv NULL
-).
-.Pp
-The
-.Fn krb5_verify_user_lrealm
-function does the same, except that it ignores the realm in
-.Fa principal
-and tries all the local realms (see
-.Xr krb5.conf 5 ) .
-After a successful return, the principal is set to the authenticated
-realm. If the call fails, the principal will not be meaningful, and
-should only be freed with
-.Xr krb5_free_principal 3 .
-.Pp
-.Fn krb5_verify_opt_alloc
-and
-.Fn krb5_verify_opt_free
-allocates and frees a
-.Li krb5_verify_opt .
-You should use the the alloc and free function instead of allocation
-the structure yourself, this is because in a future release the
-structure wont be exported.
-.Pp
-.Fn krb5_verify_opt_init
-resets all opt to default values.
-.Pp
-None of the krb5_verify_opt_set function makes a copy of the data
-structure that they are called with. It's up the caller to free them
-after the
-.Fn krb5_verify_user_opt
-is called.
-.Pp
-.Fn krb5_verify_opt_set_ccache
-sets the
-.Fa ccache
-that user of
-.Fa opt
-will use. If not set, the default credential cache will be used.
-.Pp
-.Fn krb5_verify_opt_set_keytab
-sets the
-.Fa keytab
-that user of
-.Fa opt
-will use. If not set, the default keytab will be used.
-.Pp
-.Fn krb5_verify_opt_set_secure
-if
-.Fa secure
-if true, the password verification will require that the ticket will
-be verified against the locally stored service key. If not set,
-default value is true.
-.Pp
-.Fn krb5_verify_opt_set_service
-sets the
-.Fa service
-principal that user of
-.Fa opt
-will use. If not set, the
-.Ql host
-service will be used.
-.Pp
-.Fn krb5_verify_opt_set_flags
-sets
-.Fa flags
-that user of
-.Fa opt
-will use.
-If the flag
-.Dv KRB5_VERIFY_LREALMS
-is used, the
-.Fa principal
-will be modified like
-.Fn krb5_verify_user_lrealm
-modifies it.
-.Pp
-.Fn krb5_verify_user_opt
-function verifies the
-.Fa password
-supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-Options the to the verification process is pass in in
-.Fa opt .
-.Sh EXAMPLES
-Here is a example program that verifies a password. it uses the
-.Ql host/`hostname`
-service principal in
-.Pa krb5.keytab .
-.Bd -literal
-#include <krb5.h>
-
-int
-main(int argc, char **argv)
-{
-    char *user;
-    krb5_error_code error;
-    krb5_principal princ;
-    krb5_context context;
-
-    if (argc != 2)
-	errx(1, "usage: verify_passwd <principal-name>");
-
-    user = argv[1];
-
-    if (krb5_init_context(&context) < 0)
-	errx(1, "krb5_init_context");
-
-    if ((error = krb5_parse_name(context, user, &princ)) != 0)
-	krb5_err(context, 1, error, "krb5_parse_name");
-
-    error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
-    if (error)
-        krb5_err(context, 1, error, "krb5_verify_user");
-
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5_cc_gen_new 3 ,
-.Xr krb5_cc_initialize 3 ,
-.Xr krb5_cc_resolve 3 ,
-.Xr krb5_err 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_init_context 3 ,
-.Xr krb5_kt_default 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3
deleted file mode 100644
index 5610cd8..0000000
--- a/crypto/heimdal/lib/krb5/krb5_warn.3
+++ /dev/null
@@ -1,233 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_warn.3 19085 2006-11-21 07:55:20Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_WARN 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_abort ,
-.Nm krb5_abortx ,
-.Nm krb5_clear_error_string ,
-.Nm krb5_err ,
-.Nm krb5_errx ,
-.Nm krb5_free_error_string ,
-.Nm krb5_get_err_text ,
-.Nm krb5_get_error_message ,
-.Nm krb5_get_error_string ,
-.Nm krb5_have_error_string ,
-.Nm krb5_set_error_string ,
-.Nm krb5_set_warn_dest ,
-.Nm krb5_get_warn_dest ,
-.Nm krb5_vabort ,
-.Nm krb5_vabortx ,
-.Nm krb5_verr ,
-.Nm krb5_verrx ,
-.Nm krb5_vset_error_string ,
-.Nm krb5_vwarn ,
-.Nm krb5_vwarnx ,
-.Nm krb5_warn ,
-.Nm krb5_warnx
-.Nd Heimdal warning and error functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_abort "krb5_context context" "krb5_error_code code" "const char *fmt"  "..."
-.Ft krb5_error_code
-.Fn krb5_abortx "krb5_context context" "krb5_error_code code" "const char *fmt"  "..."
-.Ft void
-.Fn krb5_clear_error_string "krb5_context context"
-.Ft krb5_error_code
-.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..."
-.Ft void
-.Fn krb5_free_error_string "krb5_context context" "char *str"
-.Ft krb5_error_code
-.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vset_error_string "krb5_context context" "const char *fmt" "va_list args"
-.Ft krb5_error_code
-.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_warnx "krb5_context context" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_set_error_string "krb5_context context" "const char *fmt" "..."
-.Ft krb5_error_code
-.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility"
-.Ft "char *"
-.Ft krb5_log_facility *
-.Fo krb5_get_warn_dest
-.Fa "krb5_context context"
-.Fc
-.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code"
-.Ft char*
-.Fn krb5_get_error_string "krb5_context context"
-.Ft char*
-.Fn krb5_get_error_message "krb5_context context, krb5_error_code code"
-.Ft krb5_boolean
-.Fn krb5_have_error_string "krb5_context context"
-.Ft krb5_error_code
-.Fn krb5_vabortx "krb5_context context" "const char *fmt" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vabort "krb5_context context" "const char *fmt" "va_list ap"
-.Sh DESCRIPTION
-These functions print a warning message to some destination.
-.Fa format
-is a printf style format specifying the message to print. The forms not ending in an
-.Dq x
-print the error string associated with
-.Fa code
-along with the message.
-The
-.Dq err
-functions exit with exit status
-.Fa eval
-after printing the message.
-.Pp
-Applications that want to get the error message to report it to a user
-or store it in a log want to use
-.Fn krb5_get_error_message .
-.Pp
-The
-.Fn krb5_set_warn_func
-function sets the destination for warning messages to the specified
-.Fa facility .
-Messages logged with the
-.Dq warn
-functions have a log level of 1, while the
-.Dq err
-functions log with level 0.
-.Pp
-.Fn krb5_get_err_text
-fetches the human readable strings describing the error-code.
-.Pp
-.Fn krb5_abort
-and 
-.Nm krb5_abortx
-behaves like
-.Nm krb5_err
-and
-.Nm krb5_errx
-but instead of exiting using the
-.Xr exit 3
-call,
-.Xr abort 3
-is used.
-.Pp
-.Fn krb5_free_error_string
-frees the error string
-.Fa str
-returned by
-.Fn krb5_get_error_string .
-.Pp
-.Fn krb5_clear_error_string
-clears the error string from the
-.Fa context .
-.Pp
-.Fn krb5_set_error_string
-and
-.Fn krb5_vset_error_string
-sets an verbose error string in
-.Fa context .
-.Pp
-.Fn krb5_get_error_string
-fetches the error string from
-.Fa context .
-The error message in the context is consumed and must be freed using
-.Fn krb5_free_error_string
-by the caller.
-See also
-.Fn krb5_get_error_message ,
-what is usually less verbose to use.
-.Pp
-.Fn krb5_have_error_string
-returns
-.Dv TRUE
-if there is a verbose error message in the
-.Fa context .
-.Pp
-.Fn krb5_get_error_message
-fetches the error string from the context, or if there
-is no customized error string in
-.Fa context ,
-uses
-.Fa code
-to return a error string.
-In either case, the error message in the context is consumed and must
-be freed using
-.Fn krb5_free_error_string
-by the caller.
-.Pp
-.Fn krb5_set_warn_dest
-and
-.Fn krb5_get_warn_dest
-sets and get the log context that is used by
-.Fn krb5_warn
-and friends.  By using this the application can control where the
-output should go.  For example, this is imperative to inetd servers
-where logging status and error message will end up on the output
-stream to the client.
-.Sh EXAMPLES
-Below is a simple example how to report error messages from the
-Kerberos library in an application.
-.Bd -literal
-#include <krb5.h>
-
-krb5_error_code
-function (krb5_context context)
-{
-    krb5_error_code ret;
-
-    ret = krb5_function (context, arg1, arg2);
-    if (ret) {
-	char *s = krb5_get_error_message(context, ret);
-	if (s == NULL)
-	     errx(1, "kerberos error: %d (and out of memory)", ret);
-	application_logger("krb5_function failed: %s", s);
-	krb5_free_error_string(context, s);
-	return ret;
-    }
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_openlog 3
diff --git a/crypto/heimdal/lib/krb5/krb_err.et b/crypto/heimdal/lib/krb5/krb_err.et
deleted file mode 100644
index f7dbb6c..0000000
--- a/crypto/heimdal/lib/krb5/krb_err.et
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# Error messages for the krb4 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
-
-error_table krb
-
-prefix KRB4ET
-ec KSUCCESS,		"Kerberos 4 successful"
-ec KDC_NAME_EXP,	"Kerberos 4 principal expired"
-ec KDC_SERVICE_EXP,	"Kerberos 4 service expired"
-ec KDC_AUTH_EXP,	"Kerberos 4 auth expired"
-ec KDC_PKT_VER,		"Incorrect Kerberos 4 master key version"
-ec KDC_P_MKEY_VER,	"Incorrect Kerberos 4 master key version"
-ec KDC_S_MKEY_VER,	"Incorrect Kerberos 4 master key version"
-ec KDC_BYTE_ORDER,	"Kerberos 4 byte order unknown"
-ec KDC_PR_UNKNOWN,	"Kerberos 4 principal unknown"
-ec KDC_PR_N_UNIQUE,	"Kerberos 4 principal not unique"
-ec KDC_NULL_KEY,	"Kerberos 4 principal has null key"
-index 20
-ec KDC_GEN_ERR,		"Generic error from KDC (Kerberos 4)"
-ec GC_TKFIL,		"Can't read Kerberos 4 ticket file"
-ec GC_NOTKT,		"Can't find Kerberos 4 ticket or TGT"
-index 26
-ec MK_AP_TGTEXP,	"Kerberos 4 TGT Expired"
-index 31
-ec RD_AP_UNDEC,		"Kerberos 4: Can't decode authenticator"
-ec RD_AP_EXP,		"Kerberos 4 ticket expired"
-ec RD_AP_NYV,		"Kerberos 4 ticket not yet valid"
-ec RD_AP_REPEAT,	"Kerberos 4: Repeated request"
-ec RD_AP_NOT_US,	"The Kerberos 4 ticket isn't for us"
-ec RD_AP_INCON,		"Kerberos 4 request inconsistent"
-ec RD_AP_TIME,		"Kerberos 4: delta_t too big"
-ec RD_AP_BADD,		"Kerberos 4: incorrect net address"
-ec RD_AP_VERSION,	"Kerberos protocol not version 4"
-ec RD_AP_MSG_TYPE,	"Kerberos 4: invalid msg type"
-ec RD_AP_MODIFIED,	"Kerberos 4: message stream modified"
-ec RD_AP_ORDER,		"Kerberos 4: message out of order"
-ec RD_AP_UNAUTHOR,	"Kerberos 4: unauthorized request"
-index 51
-ec GT_PW_NULL,		"Kerberos 4: current PW is null"
-ec GT_PW_BADPW,		"Kerberos 4: Incorrect current password"
-ec GT_PW_PROT,		"Kerberos 4 protocol error"
-ec GT_PW_KDCERR,	"Error returned by KDC (Kerberos 4)"
-ec GT_PW_NULLTKT,	"Null Kerberos 4 ticket returned by KDC"
-ec SKDC_RETRY,		"Kerberos 4: Retry count exceeded"
-ec SKDC_CANT,		"Kerberos 4: Can't send request"
-index 61
-ec INTK_W_NOTALL,	"Kerberos 4: not all tickets returned"
-ec INTK_BADPW,		"Kerberos 4: incorrect password"
-ec INTK_PROT,		"Kerberos 4: Protocol Error"
-index 70
-ec INTK_ERR,		"Other error in Kerberos 4"
-ec AD_NOTGT,		"Don't have Kerberos 4 ticket-granting ticket"
-index 76
-ec NO_TKT_FIL,		"No Kerberos 4 ticket file found"
-ec TKT_FIL_ACC,		"Couldn't access Kerberos 4 ticket file"
-ec TKT_FIL_LCK,		"Couldn't lock Kerberos 4 ticket file"
-ec TKT_FIL_FMT,		"Bad Kerberos 4 ticket file format"
-ec TKT_FIL_INI,		"Kerberos 4: tf_init not called first"
-ec KNAME_FMT,		"Bad Kerberos 4 name format"
diff --git a/crypto/heimdal/lib/krb5/krbhst-test.c b/crypto/heimdal/lib/krb5/krbhst-test.c
deleted file mode 100644
index 38b0b6a..0000000
--- a/crypto/heimdal/lib/krb5/krbhst-test.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: krbhst-test.c 15466 2005-06-17 04:21:47Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[realms ...]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    krb5_context context;
-    int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
-		   KRB5_KRBHST_KRB524};
-    const char *type_str[] = {"kdc", "admin", "changepw", "krb524"};
-    int optidx = 0;
-    
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    krb5_init_context (&context);
-    for(i = 0; i < argc; i++) {
-	krb5_krbhst_handle handle;
-	char host[MAXHOSTNAMELEN];
-
-	for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
-	    printf ("%s for %s:\n", type_str[j], argv[i]);
-
-	    krb5_krbhst_init(context, argv[i], types[j], &handle);
-	    while(krb5_krbhst_next_as_string(context, handle,
-					     host, sizeof(host)) == 0)
-		printf("%s\n", host);
-	    krb5_krbhst_reset(context, handle);
-	    printf ("\n");
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c
deleted file mode 100644
index 094fd4f..0000000
--- a/crypto/heimdal/lib/krb5/krbhst.c
+++ /dev/null
@@ -1,1010 +0,0 @@
-/*
- * Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-#include "locate_plugin.h"
-
-RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $");
-
-static int
-string_to_proto(const char *string)
-{
-    if(strcasecmp(string, "udp") == 0)
-	return KRB5_KRBHST_UDP;
-    else if(strcasecmp(string, "tcp") == 0) 
-	return KRB5_KRBHST_TCP;
-    else if(strcasecmp(string, "http") == 0) 
-	return KRB5_KRBHST_HTTP;
-    return -1;
-}
-
-/*
- * set `res' and `count' to the result of looking up SRV RR in DNS for
- * `proto', `proto', `realm' using `dns_type'.
- * if `port' != 0, force that port number
- */
-
-static krb5_error_code
-srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, 
-	       const char *realm, const char *dns_type,
-	       const char *proto, const char *service, int port)
-{
-    char domain[1024];
-    struct dns_reply *r;
-    struct resource_record *rr;
-    int num_srv;
-    int proto_num;
-    int def_port;
-
-    *res = NULL;
-    *count = 0;
-
-    proto_num = string_to_proto(proto);
-    if(proto_num < 0) {
-	krb5_set_error_string(context, "unknown protocol `%s'", proto);
-	return EINVAL;
-    }
-
-    if(proto_num == KRB5_KRBHST_HTTP)
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    else if(port == 0)
-	def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
-    else
-	def_port = port;
-
-    snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
-
-    r = dns_lookup(domain, dns_type);
-    if(r == NULL)
-	return KRB5_KDC_UNREACH;
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV)
-	    num_srv++;
-
-    *res = malloc(num_srv * sizeof(**res));
-    if(*res == NULL) {
-	dns_free_data(r);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    dns_srv_order(r);
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV) {
-	    krb5_krbhst_info *hi;
-	    size_t len = strlen(rr->u.srv->target);
-
-	    hi = calloc(1, sizeof(*hi) + len);
-	    if(hi == NULL) {
-		dns_free_data(r);
-		while(--num_srv >= 0)
-		    free((*res)[num_srv]);
-		free(*res);
-		*res = NULL;
-		return ENOMEM;
-	    }
-	    (*res)[num_srv++] = hi;
-
-	    hi->proto = proto_num;
-	    
-	    hi->def_port = def_port;
-	    if (port != 0)
-		hi->port = port;
-	    else
-		hi->port = rr->u.srv->port;
-
-	    strlcpy(hi->hostname, rr->u.srv->target, len + 1);
-	}
-
-    *count = num_srv;
-	    
-    dns_free_data(r);
-    return 0;
-}
-
-
-struct krb5_krbhst_data {
-    char *realm;
-    unsigned int flags;
-    int def_port;
-    int port;			/* hardwired port number if != 0 */
-#define KD_CONFIG		 1
-#define KD_SRV_UDP		 2
-#define KD_SRV_TCP		 4
-#define KD_SRV_HTTP		 8
-#define KD_FALLBACK		16
-#define KD_CONFIG_EXISTS	32
-#define KD_LARGE_MSG		64
-#define KD_PLUGIN	       128
-    krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, 
-				krb5_krbhst_info**);
-
-    unsigned int fallback_count;
-
-    struct krb5_krbhst_info *hosts, **index, **end;
-};
-
-static krb5_boolean
-krbhst_empty(const struct krb5_krbhst_data *kd)
-{
-    return kd->index == &kd->hosts;
-}
-
-/*
- * Return the default protocol for the `kd' (either TCP or UDP)
- */
-
-static int
-krbhst_get_default_proto(struct krb5_krbhst_data *kd)
-{
-    if (kd->flags & KD_LARGE_MSG)
-	return KRB5_KRBHST_TCP;
-    return KRB5_KRBHST_UDP;
-}
-
-
-/*
- * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
- * and forcing it to `port' if port != 0
- */
-
-static struct krb5_krbhst_info*
-parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
-	       const char *spec, int def_port, int port)
-{
-    const char *p = spec;
-    struct krb5_krbhst_info *hi;
-    
-    hi = calloc(1, sizeof(*hi) + strlen(spec));
-    if(hi == NULL)
-	return NULL;
-       
-    hi->proto = krbhst_get_default_proto(kd);
-
-    if(strncmp(p, "http://", 7) == 0){
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 7;
-    } else if(strncmp(p, "http/", 5) == 0) {
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 5;
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    }else if(strncmp(p, "tcp/", 4) == 0){
-	hi->proto = KRB5_KRBHST_TCP;
-	p += 4;
-    } else if(strncmp(p, "udp/", 4) == 0) {
-	p += 4;
-    }
-
-    if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
-	free(hi);
-	return NULL;
-    }
-    /* get rid of trailing /, and convert to lower case */
-    hi->hostname[strcspn(hi->hostname, "/")] = '\0';
-    strlwr(hi->hostname);
-
-    hi->port = hi->def_port = def_port;
-    if(p != NULL) {
-	char *end;
-	hi->port = strtol(p, &end, 0);
-	if(end == p) {
-	    free(hi);
-	    return NULL;
-	}
-    }
-    if (port)
-	hi->port = port;
-    return hi;
-}
-
-void
-_krb5_free_krbhst_info(krb5_krbhst_info *hi)
-{
-    if (hi->ai != NULL)
-	freeaddrinfo(hi->ai);
-    free(hi);
-}
-
-krb5_error_code
-_krb5_krbhost_info_move(krb5_context context,
-			krb5_krbhst_info *from,
-			krb5_krbhst_info **to)
-{
-    size_t hostnamelen = strlen(from->hostname);
-    /* trailing NUL is included in structure */
-    *to = calloc(1, sizeof(**to) + hostnamelen); 
-    if(*to == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    (*to)->proto = from->proto;
-    (*to)->port = from->port;
-    (*to)->def_port = from->def_port;
-    (*to)->ai = from->ai;
-    from->ai = NULL;
-    (*to)->next = NULL;
-    memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
-    return 0;
-}
-
-
-static void
-append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
-{
-    struct krb5_krbhst_info *h;
-
-    for(h = kd->hosts; h; h = h->next)
-	if(h->proto == host->proto && 
-	   h->port == host->port && 
-	   strcmp(h->hostname, host->hostname) == 0) {
-	    _krb5_free_krbhst_info(host);
-	    return;
-	}
-    *kd->end = host;
-    kd->end = &host->next;
-}
-
-static krb5_error_code
-append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
-		   const char *host, int def_port, int port)
-{
-    struct krb5_krbhst_info *hi;
-
-    hi = parse_hostspec(context, kd, host, def_port, port);
-    if(hi == NULL)
-	return ENOMEM;
-    
-    append_host_hostinfo(kd, hi);
-    return 0;
-}
-
-/*
- * return a readable representation of `host' in `hostname, hostlen'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, 
-			  char *hostname, size_t hostlen)
-{
-    const char *proto = "";
-    char portstr[7] = "";
-    if(host->proto == KRB5_KRBHST_TCP)
-	proto = "tcp/";
-    else if(host->proto == KRB5_KRBHST_HTTP)
-	proto = "http://";
-    if(host->port != host->def_port)
-	snprintf(portstr, sizeof(portstr), ":%d", host->port);
-    snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr);
-    return 0;
-}
-
-/*
- * create a getaddrinfo `hints' based on `proto'
- */
-
-static void
-make_hints(struct addrinfo *hints, int proto)
-{
-    memset(hints, 0, sizeof(*hints));
-    hints->ai_family = AF_UNSPEC;
-    switch(proto) {
-    case KRB5_KRBHST_UDP :
-	hints->ai_socktype = SOCK_DGRAM;
-	break;
-    case KRB5_KRBHST_HTTP :
-    case KRB5_KRBHST_TCP :
-	hints->ai_socktype = SOCK_STREAM;
-	break;
-    }
-}
-
-/*
- * return an `struct addrinfo *' in `ai' corresponding to the information
- * in `host'.  free:ing is handled by krb5_krbhst_free.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
-			 struct addrinfo **ai)
-{
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-    int ret;
-
-    if (host->ai == NULL) {
-	make_hints(&hints, host->proto);
-	snprintf (portstr, sizeof(portstr), "%d", host->port);
-	ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
-	if (ret)
-	    return krb5_eai_to_heim_errno(ret, errno);
-    }
-    *ai = host->ai;
-    return 0;
-}
-
-static krb5_boolean
-get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
-{
-    struct krb5_krbhst_info *hi = *kd->index;
-    if(hi != NULL) {
-	*host = hi;
-	kd->index = &(*kd->index)->next;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static void
-srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-	      const char *proto, const char *service)
-{
-    krb5_krbhst_info **res;
-    int count, i;
-
-    if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
-		       kd->port))
-	return;
-    for(i = 0; i < count; i++)
-	append_host_hostinfo(kd, res[i]);
-    free(res);
-}
-
-/*
- * read the configuration for `conf_string', defaulting to kd->def_port and
- * forcing it to `kd->port' if kd->port != 0
- */
-
-static void
-config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		 const char *conf_string)
-{
-    int i;
-	
-    char **hostlist;
-    hostlist = krb5_config_get_strings(context, NULL, 
-				       "realms", kd->realm, conf_string, NULL);
-
-    if(hostlist == NULL)
-	return;
-    kd->flags |= KD_CONFIG_EXISTS;
-    for(i = 0; hostlist && hostlist[i] != NULL; i++)
-	append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
-
-    krb5_config_free_strings(hostlist);
-}
-
-/*
- * as a fallback, look for `serv_string.kd->realm' (typically
- * kerberos.REALM, kerberos-1.REALM, ...
- * `port' is the default port for the service, and `proto' the 
- * protocol
- */
-
-static krb5_error_code
-fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		   const char *serv_string, int port, int proto)
-{
-    char *host;
-    int ret;
-    struct addrinfo *ai;
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-
-    /* 
-     * Don't try forever in case the DNS server keep returning us
-     * entries (like wildcard entries or the .nu TLD)
-     */
-    if(kd->fallback_count >= 5) {
-	kd->flags |= KD_FALLBACK;
-	return 0;
-    }
-
-    if(kd->fallback_count == 0)
-	asprintf(&host, "%s.%s.", serv_string, kd->realm);
-    else
-	asprintf(&host, "%s-%d.%s.", 
-		 serv_string, kd->fallback_count, kd->realm);	    
-
-    if (host == NULL)
-	return ENOMEM;
-    
-    make_hints(&hints, proto);
-    snprintf(portstr, sizeof(portstr), "%d", port);
-    ret = getaddrinfo(host, portstr, &hints, &ai);
-    if (ret) {
-	/* no more hosts, so we're done here */
-	free(host);
-	kd->flags |= KD_FALLBACK;
-    } else {
-	struct krb5_krbhst_info *hi;
-	size_t hostlen = strlen(host);
-
-	hi = calloc(1, sizeof(*hi) + hostlen);
-	if(hi == NULL) {
-	    free(host);
-	    return ENOMEM;
-	}
-
-	hi->proto = proto;
-	hi->port  = hi->def_port = port;
-	hi->ai    = ai;
-	memmove(hi->hostname, host, hostlen);
-	hi->hostname[hostlen] = '\0';
-	free(host);
-	append_host_hostinfo(kd, hi);
-	kd->fallback_count++;
-    }
-    return 0;
-}
-
-/*
- * Fetch hosts from plugin
- */
-
-static krb5_error_code 
-add_locate(void *ctx, int type, struct sockaddr *addr)
-{
-    struct krb5_krbhst_info *hi;
-    struct krb5_krbhst_data *kd = ctx;
-    char host[NI_MAXHOST], port[NI_MAXSERV];
-    struct addrinfo hints, *ai;
-    socklen_t socklen;
-    size_t hostlen;
-    int ret;
-
-    socklen = socket_sockaddr_size(addr);
-
-    ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
-		      NI_NUMERICHOST|NI_NUMERICSERV);
-    if (ret != 0)
-	return 0;
-
-    make_hints(&hints, krbhst_get_default_proto(kd));
-    ret = getaddrinfo(host, port, &hints, &ai);
-    if (ret)
-	return 0;
-
-    hostlen = strlen(host);
-
-    hi = calloc(1, sizeof(*hi) + hostlen);
-    if(hi == NULL)
-	return ENOMEM;
-    
-    hi->proto = krbhst_get_default_proto(kd);
-    hi->port  = hi->def_port = socket_get_port(addr);
-    hi->ai    = ai;
-    memmove(hi->hostname, host, hostlen);
-    hi->hostname[hostlen] = '\0';
-    append_host_hostinfo(kd, hi);
-
-    return 0;
-}
-
-static void
-plugin_get_hosts(krb5_context context,
-		 struct krb5_krbhst_data *kd,
-		 enum locate_service_type type)
-{
-    struct krb5_plugin *list = NULL, *e;
-    krb5_error_code ret;
-
-    ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list);
-    if(ret != 0 || list == NULL)
-	return;
-
-    kd->flags |= KD_CONFIG_EXISTS;
-
-    for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
-	krb5plugin_service_locate_ftable *service;
-	void *ctx;
-
-	service = _krb5_plugin_get_symbol(e);
-	if (service->minor_version != 0)
-	    continue;
-	
-	(*service->init)(context, &ctx);
-	ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
-	(*service->fini)(ctx);
-	if (ret) {
-	    krb5_set_error_string(context, "Plugin failed to lookup");
-	    break;
-	}
-    }
-    _krb5_plugin_free(list);
-}
-
-/*
- *
- */
-
-static krb5_error_code
-kdc_get_next(krb5_context context,
-	     struct krb5_krbhst_data *kd,
-	     krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kdc);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kdc");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kerberos");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-	if((kd->flags & KD_SRV_HTTP) == 0) {
-	    srv_get_hosts(context, kd, "http", "kerberos");
-	    kd->flags |= KD_SRV_HTTP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    while((kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port, 
-				 krbhst_get_default_proto(kd));
-	if(ret)
-	    return ret;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-admin_get_next(krb5_context context,
-	       struct krb5_krbhst_data *kd,
-	       krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kadmin);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "admin_server");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos-adm");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    if (krbhst_empty(kd)
-	&& (kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port,
-				 krbhst_get_default_proto(kd));
-	if(ret)
-	    return ret;
-	kd->flags |= KD_FALLBACK;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH;	/* XXX */
-}
-
-static krb5_error_code
-kpasswd_get_next(krb5_context context,
-		 struct krb5_krbhst_data *kd,
-		 krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kpasswd);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kpasswd_server");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kpasswd");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kpasswd");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try admin */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = admin_get_next;
-	ret = (*kd->get_next)(context, kd, host);
-	if (ret == 0)
-	    (*host)->proto = krbhst_get_default_proto(kd);
-	return ret;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-krb524_get_next(krb5_context context,
-		struct krb5_krbhst_data *kd,
-		krb5_krbhst_info **host)
-{
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_krb524);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "krb524_server");
-	if(get_next(kd, host))
-	    return 0;
-	kd->flags |= KD_CONFIG;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "krb524");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "krb524");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try kdc */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = kdc_get_next;
-	return (*kd->get_next)(context, kd, host);
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static struct krb5_krbhst_data*
-common_init(krb5_context context,
-	    const char *realm,
-	    int flags)
-{
-    struct krb5_krbhst_data *kd;
-
-    if((kd = calloc(1, sizeof(*kd))) == NULL)
-	return NULL;
-
-    if((kd->realm = strdup(realm)) == NULL) {
-	free(kd);
-	return NULL;
-    }
-
-    /* For 'realms' without a . do not even think of going to DNS */
-    if (!strchr(realm, '.'))
-	kd->flags |= KD_CONFIG_EXISTS;
-
-    if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
-	kd->flags |= KD_LARGE_MSG;
-    kd->end = kd->index = &kd->hosts;
-    return kd;
-}
-
-/*
- * initialize `handle' to look for hosts of type `type' in realm `realm'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init(krb5_context context,
-		 const char *realm,
-		 unsigned int type,
-		 krb5_krbhst_handle *handle)
-{
-    return krb5_krbhst_init_flags(context, realm, type, 0, handle);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init_flags(krb5_context context,
-		       const char *realm,
-		       unsigned int type,
-		       int flags,
-		       krb5_krbhst_handle *handle)
-{
-    struct krb5_krbhst_data *kd;
-    krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, 
-			    krb5_krbhst_info **);
-    int def_port;
-
-    switch(type) {
-    case KRB5_KRBHST_KDC:
-	next = kdc_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
-	break;
-    case KRB5_KRBHST_ADMIN:
-	next = admin_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
-					     "tcp", 749));
-	break;
-    case KRB5_KRBHST_CHANGEPW:
-	next = kpasswd_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
-					     KPASSWD_PORT));
-	break;
-    case KRB5_KRBHST_KRB524:
-	next = krb524_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
-	break;
-    default:
-	krb5_set_error_string(context, "unknown krbhst type (%u)", type);
-	return ENOTTY;
-    }
-    if((kd = common_init(context, realm, flags)) == NULL)
-	return ENOMEM;
-    kd->get_next = next;
-    kd->def_port = def_port;
-    *handle = kd;
-    return 0;
-}
-
-/*
- * return the next host information from `handle' in `host'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next(krb5_context context,
-		 krb5_krbhst_handle handle,
-		 krb5_krbhst_info **host)
-{
-    if(get_next(handle, host))
-	return 0;
-
-    return (*handle->get_next)(context, handle, host);
-}
-
-/*
- * return the next host information from `handle' as a host name
- * in `hostname' (or length `hostlen)
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next_as_string(krb5_context context,
-			   krb5_krbhst_handle handle,
-			   char *hostname,
-			   size_t hostlen)
-{
-    krb5_error_code ret;
-    krb5_krbhst_info *host;
-    ret = krb5_krbhst_next(context, handle, &host);
-    if(ret)
-	return ret;
-    return krb5_krbhst_format_string(context, host, hostname, hostlen);
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
-{
-    handle->index = &handle->hosts;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
-{
-    krb5_krbhst_info *h, *next;
-
-    if (handle == NULL)
-	return;
-
-    for (h = handle->hosts; h != NULL; h = next) {
-	next = h->next;
-	_krb5_free_krbhst_info(h);
-    }
-
-    free(handle->realm);
-    free(handle);
-}
-
-/* backwards compatibility ahead */
-
-static krb5_error_code
-gethostlist(krb5_context context, const char *realm, 
-	    unsigned int type, char ***hostlist)
-{
-    krb5_error_code ret;
-    int nhost = 0;
-    krb5_krbhst_handle handle;
-    char host[MAXHOSTNAMELEN];
-    krb5_krbhst_info *hostinfo;
-
-    ret = krb5_krbhst_init(context, realm, type, &handle);
-    if (ret)
-	return ret;
-
-    while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
-	nhost++;
-    if(nhost == 0) {
-	krb5_set_error_string(context, "No KDC found for realm %s", realm);
-	return KRB5_KDC_UNREACH;
-    }
-    *hostlist = calloc(nhost + 1, sizeof(**hostlist));
-    if(*hostlist == NULL) {
-	krb5_krbhst_free(context, handle);
-	return ENOMEM;
-    }
-
-    krb5_krbhst_reset(context, handle);
-    nhost = 0;
-    while(krb5_krbhst_next_as_string(context, handle, 
-				     host, sizeof(host)) == 0) {
-	if(((*hostlist)[nhost++] = strdup(host)) == NULL) {
-	    krb5_free_krbhst(context, *hostlist);
-	    krb5_krbhst_free(context, handle);
-	    return ENOMEM;
-	}
-    }
-    (*hostlist)[nhost++] = NULL;
-    krb5_krbhst_free(context, handle);
-    return 0;
-}
-
-/*
- * return an malloced list of kadmin-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_admin_hst (krb5_context context,
-			const krb5_realm *realm,
-			char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
-}
-
-/*
- * return an malloced list of changepw-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_changepw_hst (krb5_context context,
-			   const krb5_realm *realm,
-			   char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
-}
-
-/*
- * return an malloced list of 524-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb524hst (krb5_context context,
-		    const krb5_realm *realm,
-		    char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
-}
-
-
-/*
- * return an malloced list of KDC's for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krbhst (krb5_context context,
-		 const krb5_realm *realm,
-		 char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
-}
-
-/*
- * free all the memory allocated in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_krbhst (krb5_context context,
-		  char **hostlist)
-{
-    char **p;
-
-    for (p = hostlist; *p; ++p)
-	free (*p);
-    free (hostlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c
deleted file mode 100644
index 8f0ff99..0000000
--- a/crypto/heimdal/lib/krb5/kuserok.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <dirent.h>
-
-RCSID("$Id: kuserok.c 16048 2005-09-09 10:33:33Z lha $");
-
-/* see if principal is mentioned in the filename access file, return
-   TRUE (in result) if so, FALSE otherwise */
-
-static krb5_error_code
-check_one_file(krb5_context context, 
-	       const char *filename, 
-	       struct passwd *pwd,
-	       krb5_principal principal, 
-	       krb5_boolean *result)
-{
-    FILE *f;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-    struct stat st;
-    
-    *result = FALSE;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	return errno;
-    
-    /* check type and mode of file */
-    if (fstat(fileno(f), &st) != 0) {
-	fclose (f);
-	return errno;
-    }
-    if (S_ISDIR(st.st_mode)) {
-	fclose (f);
-	return EISDIR;
-    }
-    if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
-	fclose (f);
-	return EACCES;
-    }
-    if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
-	fclose (f);
-	return EACCES;
-    }
-
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	krb5_principal tmp;
-	char *newline = buf + strcspn(buf, "\n");
-
-	if(*newline != '\n') {
-	    int c;
-	    c = fgetc(f);
-	    if(c != EOF) {
-		while(c != EOF && c != '\n')
-		    c = fgetc(f);
-		/* line was too long, so ignore it */
-		continue;
-	    }
-	}
-	*newline = '\0';
-	ret = krb5_parse_name (context, buf, &tmp);
-	if (ret)
-	    continue;
-	*result = krb5_principal_compare (context, principal, tmp);
-	krb5_free_principal (context, tmp);
-	if (*result) {
-	    fclose (f);
-	    return 0;
-	}
-    }
-    fclose (f);
-    return 0;
-}
-
-static krb5_error_code
-check_directory(krb5_context context, 
-		const char *dirname, 
-		struct passwd *pwd,
-		krb5_principal principal, 
-		krb5_boolean *result)
-{
-    DIR *d;
-    struct dirent *dent;
-    char filename[MAXPATHLEN];
-    krb5_error_code ret = 0;
-    struct stat st;
-
-    *result = FALSE;
-
-    if(lstat(dirname, &st) < 0)
-	return errno;
-
-    if (!S_ISDIR(st.st_mode))
-	return ENOTDIR;
-    
-    if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
-	return EACCES;
-    if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
-	return EACCES;
-
-    if((d = opendir(dirname)) == NULL) 
-	return errno;
-
-#ifdef HAVE_DIRFD
-    {
-	int fd;
-	struct stat st2;
-
-	fd = dirfd(d);
-	if(fstat(fd, &st2) < 0) {
-	    closedir(d);
-	    return errno;
-	}
-	if(st.st_dev != st2.st_dev || st.st_ino != st2.st_ino) {
-	    closedir(d);
-	    return EACCES;
-	}
-    }
-#endif
-
-    while((dent = readdir(d)) != NULL) {
-	if(strcmp(dent->d_name, ".") == 0 ||
-	   strcmp(dent->d_name, "..") == 0 ||
-	   dent->d_name[0] == '#' ||			  /* emacs autosave */
-	   dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */
-	    continue;
-	snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name);
-	ret = check_one_file(context, filename, pwd, principal, result);
-	if(ret == 0 && *result == TRUE)
-	    break;
-	ret = 0; /* don't propagate errors upstream */
-    }
-    closedir(d);
-    return ret;
-}
-
-static krb5_boolean
-match_local_principals(krb5_context context,
-		       krb5_principal principal,
-		       const char *luser)
-{
-    krb5_error_code ret;
-    krb5_realm *realms, *r;
-    krb5_boolean result = FALSE;
-    
-    /* multi-component principals can never match */
-    if(krb5_principal_get_comp_string(context, principal, 1) != NULL)
-	return FALSE;
-
-    ret = krb5_get_default_realms (context, &realms);
-    if (ret)
-	return FALSE;
-	
-    for (r = realms; *r != NULL; ++r) {
-	if(strcmp(krb5_principal_get_realm(context, principal),
-		  *r) != 0)
-	    continue;
-	if(strcmp(krb5_principal_get_comp_string(context, principal, 0),
-		  luser) == 0) {
-	    result = TRUE;
-	    break;
-	}
-    }
-    krb5_free_host_realm (context, realms);
-    return result;
-}
-
-/**
- * Return TRUE iff `principal' is allowed to login as `luser'.
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kuserok (krb5_context context,
-	      krb5_principal principal,
-	      const char *luser)
-{
-    char *buf;
-    size_t buflen;
-    struct passwd *pwd;
-    krb5_error_code ret;
-    krb5_boolean result = FALSE;
-
-    krb5_boolean found_file = FALSE;
-
-#ifdef POSIX_GETPWNAM_R
-    char pwbuf[2048];
-    struct passwd pw;
-
-    if(getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
-	return FALSE;
-#else
-    pwd = getpwnam (luser);
-#endif
-    if (pwd == NULL)
-	return FALSE;
-
-#define KLOGIN "/.k5login"
-    buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
-    buf = malloc(buflen);
-    if(buf == NULL)
-	return FALSE;
-    /* check user's ~/.k5login */
-    strlcpy(buf, pwd->pw_dir, buflen);
-    strlcat(buf, KLOGIN, buflen);
-    ret = check_one_file(context, buf, pwd, principal, &result);
-
-    if(ret == 0 && result == TRUE) {
-	free(buf);
-	return TRUE;
-    }
-
-    if(ret != ENOENT) 
-	found_file = TRUE;
-
-    strlcat(buf, ".d", buflen);
-    ret = check_directory(context, buf, pwd, principal, &result);
-    free(buf);
-    if(ret == 0 && result == TRUE)
-	return TRUE;
-
-    if(ret != ENOENT && ret != ENOTDIR) 
-	found_file = TRUE;
-
-    /* finally if no files exist, allow all principals matching
-       <localuser>@<LOCALREALM> */
-    if(found_file == FALSE)
-	return match_local_principals(context, principal, luser);
-
-    return FALSE;
-}
diff --git a/crypto/heimdal/lib/krb5/locate_plugin.h b/crypto/heimdal/lib/krb5/locate_plugin.h
deleted file mode 100644
index 251712c..0000000
--- a/crypto/heimdal/lib/krb5/locate_plugin.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: locate_plugin.h 18998 2006-11-12 19:00:03Z lha $ */
-
-#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H
-#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1
-
-#include <krb5.h>
-
-enum locate_service_type {
-    locate_service_kdc = 1,
-    locate_service_master_kdc,
-    locate_service_kadmin,
-    locate_service_krb524,
-    locate_service_kpasswd
-};
-
-typedef krb5_error_code 
-(*krb5plugin_service_locate_lookup) (void *, enum locate_service_type,
-				     const char *, int, int, 
-				     int (*)(void *,int,struct sockaddr *),
-				     void *);
-
-
-typedef struct krb5plugin_service_locate_ftable {
-    int			minor_version;
-    krb5_error_code	(*init)(krb5_context, void **);
-    void		(*fini)(void *);
-    krb5plugin_service_locate_lookup lookup;
-} krb5plugin_service_locate_ftable;
-
-#endif /* HEIMDAL_KRB5_LOCATE_PLUGIN_H */
-
diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c
deleted file mode 100644
index c04f50f..0000000
--- a/crypto/heimdal/lib/krb5/log.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: log.c 19088 2006-11-21 08:08:46Z lha $");
-
-struct facility {
-    int min;
-    int max;
-    krb5_log_log_func_t log_func;
-    krb5_log_close_func_t close_func;
-    void *data;
-};
-
-static struct facility*
-log_realloc(krb5_log_facility *f)
-{
-    struct facility *fp;
-    fp = realloc(f->val, (f->len + 1) * sizeof(*f->val));
-    if(fp == NULL)
-	return NULL;
-    f->len++;
-    f->val = fp;
-    fp += f->len - 1;
-    return fp;
-}
-
-struct s2i {
-    const char *s;
-    int val;
-};
-
-#define L(X) { #X, LOG_ ## X }
-
-static struct s2i syslogvals[] = {
-    L(EMERG),
-    L(ALERT),
-    L(CRIT),
-    L(ERR),
-    L(WARNING),
-    L(NOTICE),
-    L(INFO),
-    L(DEBUG),
-
-    L(AUTH),
-#ifdef LOG_AUTHPRIV
-    L(AUTHPRIV),
-#endif
-#ifdef LOG_CRON
-    L(CRON),
-#endif
-    L(DAEMON),
-#ifdef LOG_FTP
-    L(FTP),
-#endif
-    L(KERN),
-    L(LPR),
-    L(MAIL),
-#ifdef LOG_NEWS
-    L(NEWS),
-#endif
-    L(SYSLOG),
-    L(USER),
-#ifdef LOG_UUCP
-    L(UUCP),
-#endif
-    L(LOCAL0),
-    L(LOCAL1),
-    L(LOCAL2),
-    L(LOCAL3),
-    L(LOCAL4),
-    L(LOCAL5),
-    L(LOCAL6),
-    L(LOCAL7),
-    { NULL, -1 }
-};
-
-static int
-find_value(const char *s, struct s2i *table)
-{
-    while(table->s && strcasecmp(table->s, s))
-	table++;
-    return table->val;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_initlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_log_facility *f = calloc(1, sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    f->program = strdup(program);
-    if(f->program == NULL){
-	free(f);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *fac = f;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_func(krb5_context context,
-		 krb5_log_facility *fac,
-		 int min,
-		 int max,
-		 krb5_log_log_func_t log_func,
-		 krb5_log_close_func_t close_func,
-		 void *data)
-{
-    struct facility *fp = log_realloc(fac);
-    if(fp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fp->min = min;
-    fp->max = max;
-    fp->log_func = log_func;
-    fp->close_func = close_func;
-    fp->data = data;
-    return 0;
-}
-
-
-struct _heimdal_syslog_data{
-    int priority;
-};
-
-static void
-log_syslog(const char *timestr,
-	   const char *msg,
-	   void *data)
-     
-{
-    struct _heimdal_syslog_data *s = data;
-    syslog(s->priority, "%s", msg);
-}
-
-static void
-close_syslog(void *data)
-{
-    free(data);
-    closelog();
-}
-
-static krb5_error_code
-open_syslog(krb5_context context,
-	    krb5_log_facility *facility, int min, int max,
-	    const char *sev, const char *fac)
-{
-    struct _heimdal_syslog_data *sd = malloc(sizeof(*sd));
-    int i;
-
-    if(sd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    i = find_value(sev, syslogvals);
-    if(i == -1)
-	i = LOG_ERR;
-    sd->priority = i;
-    i = find_value(fac, syslogvals);
-    if(i == -1)
-	i = LOG_AUTH;
-    sd->priority |= i;
-    roken_openlog(facility->program, LOG_PID | LOG_NDELAY, i);
-    return krb5_addlog_func(context, facility, min, max,
-			    log_syslog, close_syslog, sd);
-}
-
-struct file_data{
-    const char *filename;
-    const char *mode;
-    FILE *fd;
-    int keep_open;
-};
-
-static void
-log_file(const char *timestr,
-	 const char *msg,
-	 void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open == 0)
-	f->fd = fopen(f->filename, f->mode);
-    if(f->fd == NULL)
-	return;
-    fprintf(f->fd, "%s %s\n", timestr, msg);
-    if(f->keep_open == 0) {
-	fclose(f->fd);
-	f->fd = NULL;
-    }
-}
-
-static void
-close_file(void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open && f->filename)
-	fclose(f->fd);
-    free(data);
-}
-
-static krb5_error_code
-open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
-	  const char *filename, const char *mode, FILE *f, int keep_open)
-{
-    struct file_data *fd = malloc(sizeof(*fd));
-    if(fd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fd->filename = filename;
-    fd->mode = mode;
-    fd->fd = f;
-    fd->keep_open = keep_open;
-
-    return krb5_addlog_func(context, fac, min, max, log_file, close_file, fd);
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
-{
-    krb5_error_code ret = 0;
-    int min = 0, max = -1, n;
-    char c;
-    const char *p = orig;
-
-    n = sscanf(p, "%d%c%d/", &min, &c, &max);
-    if(n == 2){
-	if(c == '/') {
-	    if(min < 0){
-		max = -min;
-		min = 0;
-	    }else{
-		max = min;
-	    }
-	}
-    }
-    if(n){
-	p = strchr(p, '/');
-	if(p == NULL) {
-	    krb5_set_error_string (context, "failed to parse \"%s\"", orig);
-	    return HEIM_ERR_LOG_PARSE;
-	}
-	p++;
-    }
-    if(strcmp(p, "STDERR") == 0){
-	ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
-    }else if(strcmp(p, "CONSOLE") == 0){
-	ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
-    }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){
-	char *fn;
-	FILE *file = NULL;
-	int keep_open = 0;
-	fn = strdup(p + 5);
-	if(fn == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	if(p[4] == '='){
-	    int i = open(fn, O_WRONLY | O_CREAT | 
-			 O_TRUNC | O_APPEND, 0666);
-	    if(i < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "open(%s): %s", fn,
-				       strerror(ret));
-		free(fn);
-		return ret;
-	    }
-	    file = fdopen(i, "a");
-	    if(file == NULL){
-		ret = errno;
-		close(i);
-		krb5_set_error_string (context, "fdopen(%s): %s", fn,
-				       strerror(ret));
-		free(fn);
-		return ret;
-	    }
-	    keep_open = 1;
-	}
-	ret = open_file(context, f, min, max, fn, "a", file, keep_open);
-    }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){
-	ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
-    }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
-	char severity[128] = "";
-	char facility[128] = "";
-	p += 6;
-	if(*p != '\0')
-	    p++;
-	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
-	    strsep_copy(&p, ":", facility, sizeof(facility));
-	if(*severity == '\0')
-	    strlcpy(severity, "ERR", sizeof(severity));
- 	if(*facility == '\0')
-	    strlcpy(facility, "AUTH", sizeof(facility));
-	ret = open_syslog(context, f, min, max, severity, facility);
-    }else{
-	krb5_set_error_string (context, "unknown log type: %s", p);
-	ret = HEIM_ERR_LOG_PARSE; /* XXX */
-    }
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_openlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_error_code ret;
-    char **p, **q;
-
-    ret = krb5_initlog(context, program, fac);
-    if(ret)
-	return ret;
-
-    p = krb5_config_get_strings(context, NULL, "logging", program, NULL);
-    if(p == NULL)
-	p = krb5_config_get_strings(context, NULL, "logging", "default", NULL);
-    if(p){
-	for(q = p; *q; q++)
-	    ret = krb5_addlog_dest(context, *fac, *q);
-	krb5_config_free_strings(p);
-    }else
-	ret = krb5_addlog_dest(context, *fac, "SYSLOG");
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_closelog(krb5_context context,
-	      krb5_log_facility *fac)
-{
-    int i;
-    for(i = 0; i < fac->len; i++)
-	(*fac->val[i].close_func)(fac->val[i].data);
-    free(fac->val);
-    free(fac->program);
-    fac->val = NULL;
-    fac->len = 0;
-    fac->program = NULL;
-    free(fac);
-    return 0;
-}
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog_msg(krb5_context context,
-	      krb5_log_facility *fac,
-	      char **reply,
-	      int level,
-	      const char *fmt,
-	      va_list ap)
-     __attribute__((format (printf, 5, 0)))
-{
-    
-    char *msg = NULL;
-    const char *actual = NULL;
-    char buf[64];
-    time_t t = 0;
-    int i;
-
-    for(i = 0; fac && i < fac->len; i++)
-	if(fac->val[i].min <= level && 
-	   (fac->val[i].max < 0 || fac->val[i].max >= level)) {
-	    if(t == 0) {
-		t = time(NULL);
-		krb5_format_time(context, t, buf, sizeof(buf), TRUE);
-	    }
-	    if(actual == NULL) {
-		vasprintf(&msg, fmt, ap);
-		if(msg == NULL)
-		    actual = fmt;
-		else
-		    actual = msg;
-	    }
-	    (*fac->val[i].log_func)(buf, actual, fac->val[i].data);
-	}
-    if(reply == NULL)
-	free(msg);
-    else
-	*reply = msg;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog(krb5_context context,
-	  krb5_log_facility *fac,
-	  int level,
-	  const char *fmt,
-	  va_list ap)
-     __attribute__((format (printf, 4, 0)))
-{
-    return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log_msg(krb5_context context,
-	     krb5_log_facility *fac,
-	     int level,
-	     char **reply,
-	     const char *fmt,
-	     ...)
-     __attribute__((format (printf, 5, 6)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog_msg(context, fac, reply, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log(krb5_context context,
-	 krb5_log_facility *fac,
-	 int level,
-	 const char *fmt,
-	 ...)
-     __attribute__((format (printf, 4, 5)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog(context, fac, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c
deleted file mode 100644
index 01bcb09..0000000
--- a/crypto/heimdal/lib/krb5/mcache.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mcache.c 22107 2007-12-03 17:22:51Z lha $");
-
-typedef struct krb5_mcache {
-    char *name;
-    unsigned int refcnt;
-    int dead;
-    krb5_principal primary_principal;
-    struct link {
-	krb5_creds cred;
-	struct link *next;
-    } *creds;
-    struct krb5_mcache *next;
-} krb5_mcache;
-
-static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct krb5_mcache *mcc_head;
-
-#define	MCACHE(X)	((krb5_mcache *)(X)->data.data)
-
-#define MISDEAD(X)	((X)->dead)
-
-static const char*
-mcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return MCACHE(id)->name;
-}
-
-static krb5_mcache *
-mcc_alloc(const char *name)
-{
-    krb5_mcache *m, *m_c;
-
-    ALLOC(m, 1);
-    if(m == NULL)
-	return NULL;
-    if(name == NULL)
-	asprintf(&m->name, "%p", m);
-    else
-	m->name = strdup(name);
-    if(m->name == NULL) {
-	free(m);
-	return NULL;
-    }
-    /* check for dups first */
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    for (m_c = mcc_head; m_c != NULL; m_c = m_c->next)
-	if (strcmp(m->name, m_c->name) == 0)
-	    break;
-    if (m_c) {
-	free(m->name);
-	free(m);
-	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	return NULL;
-    }
-
-    m->dead = 0;
-    m->refcnt = 1;
-    m->primary_principal = NULL;
-    m->creds = NULL;
-    m->next = mcc_head;
-    mcc_head = m;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-    return m;
-}
-
-static krb5_error_code
-mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_mcache *m;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    for (m = mcc_head; m != NULL; m = m->next)
-	if (strcmp(m->name, res) == 0)
-	    break;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    if (m != NULL) {
-	m->refcnt++;
-	(*id)->data.data = m;
-	(*id)->data.length = sizeof(*m);
-	return 0;
-    }
-
-    m = mcc_alloc(res);
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-
-static krb5_error_code
-mcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_mcache *m;
-
-    m = mcc_alloc(NULL);
-
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_mcache *m = MCACHE(id);
-    m->dead = 0;
-    return krb5_copy_principal (context,
-				primary_principal,
-				&m->primary_principal);
-}
-
-static int
-mcc_close_internal(krb5_mcache *m)
-{
-    if (--m->refcnt != 0)
-	return 0;
-
-    if (MISDEAD(m)) {
-	free (m->name);
-	return 1;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    if (mcc_close_internal(MCACHE(id)))
-	krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-mcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
-
-    if (m->refcnt == 0)
-	krb5_abortx(context, "mcc_destroy: refcnt already 0");
-
-    if (!MISDEAD(m)) {
-	/* if this is an active mcache, remove it from the linked
-           list, and free all data */
-	HEIMDAL_MUTEX_lock(&mcc_mutex);
-	for(n = &mcc_head; n && *n; n = &(*n)->next) {
-	    if(m == *n) {
-		*n = m->next;
-		break;
-	    }
-	}
-	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	if (m->primary_principal != NULL) {
-	    krb5_free_principal (context, m->primary_principal);
-	    m->primary_principal = NULL;
-	}
-	m->dead = 1;
-
-	l = m->creds;
-	while (l != NULL) {
-	    struct link *old;
-	    
-	    krb5_free_cred_contents (context, &l->cred);
-	    old = l;
-	    l = l->next;
-	    free (old);
-	}
-	m->creds = NULL;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    krb5_error_code ret;
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = malloc (sizeof(*l));
-    if (l == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    l->next = m->creds;
-    m->creds = l;
-    memset (&l->cred, 0, sizeof(l->cred));
-    ret = krb5_copy_creds_contents (context, creds, &l->cred);
-    if (ret) {
-	m->creds = l->next;
-	free (l);
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m) || m->primary_principal == NULL)
-	return ENOENT;
-    return krb5_copy_principal (context,
-				m->primary_principal,
-				principal);
-}
-
-static krb5_error_code
-mcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    *cursor = m->creds;
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = *cursor;
-    if (l != NULL) {
-	*cursor = l->next;
-	return krb5_copy_creds_contents (context,
-					 &l->cred,
-					 creds);
-    } else
-	return KRB5_CC_END;
-}
-
-static krb5_error_code
-mcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *mcreds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link **q, *p;
-    for(q = &m->creds, p = *q; p; p = *q) {
-	if(krb5_compare_creds(context, which, mcreds, &p->cred)) {
-	    *q = p->next;
-	    krb5_free_cred_contents(context, &p->cred);
-	    free(p);
-	} else
-	    q = &p->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-		    
-struct mcache_iter {
-    krb5_mcache *cache;
-};
-
-static krb5_error_code
-mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct mcache_iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }    
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    iter->cache = mcc_head;
-    if (iter->cache)
-	iter->cache->refcnt++;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct mcache_iter *iter = cursor;
-    krb5_error_code ret;
-    krb5_mcache *m;
-
-    if (iter->cache == NULL)
-	return KRB5_CC_END;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    m = iter->cache;
-    if (m->next)
-	m->next->refcnt++;
-    iter->cache = m->next;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    ret = _krb5_cc_allocate(context, &krb5_mcc_ops, id);
-    if (ret)
-	return ret;
-
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct mcache_iter *iter = cursor;
-
-    if (iter->cache)
-	mcc_close_internal(iter->cache);
-    iter->cache = NULL;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to);
-    struct link *creds;
-    krb5_principal principal;
-    krb5_mcache **n;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-
-    /* drop the from cache from the linked list to avoid lookups */
-    for(n = &mcc_head; n && *n; n = &(*n)->next) {
-	if(mfrom == *n) {
-	    *n = mfrom->next;
-	    break;
-	}
-    }
-
-    /* swap creds */
-    creds = mto->creds;
-    mto->creds = mfrom->creds;
-    mfrom->creds = creds;
-    /* swap principal */
-    principal = mto->primary_principal;
-    mto->primary_principal = mfrom->primary_principal;
-    mfrom->primary_principal = principal;
-
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-    mcc_destroy(context, from);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_default_name(krb5_context context, char **str)
-{
-    *str = strdup("MEMORY:");
-    if (*str == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-/**
- * Variable containing the MEMORY based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_mcc_ops = {
-    "MEMORY",
-    mcc_get_name,
-    mcc_resolve,
-    mcc_gen_new,
-    mcc_initialize,
-    mcc_destroy,
-    mcc_close,
-    mcc_store_cred,
-    NULL, /* mcc_retrieve */
-    mcc_get_principal,
-    mcc_get_first,
-    mcc_get_next,
-    mcc_end_get,
-    mcc_remove_cred,
-    mcc_set_flags,
-    NULL,
-    mcc_get_cache_first,
-    mcc_get_cache_next,
-    mcc_end_cache_get,
-    mcc_move,
-    mcc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/misc.c b/crypto/heimdal/lib/krb5/misc.c
deleted file mode 100644
index 8050bdb..0000000
--- a/crypto/heimdal/lib/krb5/misc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_s4u2self_to_checksumdata(krb5_context context, 
-			       const PA_S4U2Self *self, 
-			       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_ssize_t ssize;
-    krb5_storage *sp;
-    size_t size;
-    int i;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-    ret = krb5_store_int32(sp, self->name.name_type);
-    if (ret)
-	goto out;
-    for (i = 0; i < self->name.name_string.len; i++) {
-	size = strlen(self->name.name_string.val[i]);
-	ssize = krb5_storage_write(sp, self->name.name_string.val[i], size);
-	if (ssize != size) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-    }
-    size = strlen(self->realm);
-    ssize = krb5_storage_write(sp, self->realm, size);
-    if (ssize != size) {
-	ret = ENOMEM;
-	goto out;
-    }
-    size = strlen(self->auth);
-    ssize = krb5_storage_write(sp, self->auth, size);
-    if (ssize != size) {
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_storage_to_data(sp, data);
-    krb5_storage_free(sp);
-    return ret;
-
-out:
-    krb5_clear_error_string(context);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mit_glue.c b/crypto/heimdal/lib/krb5/mit_glue.c
deleted file mode 100644
index 7440d54..0000000
--- a/crypto/heimdal/lib/krb5/mit_glue.c
+++ /dev/null
@@ -1,369 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $");
-
-/*
- * Glue for MIT API
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_checksum(krb5_context context, 
-		     krb5_cksumtype cksumtype, 
-		     const krb5_keyblock *key, 
-		     krb5_keyusage usage,
-		     const krb5_data *input, 
-		     krb5_checksum *cksum)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_create_checksum(context, crypto,  usage, cksumtype,
-			       input->data, input->length, cksum);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
-{
-    krb5_error_code ret;
-    krb5_checksum data_cksum;
-
-    *valid = 0;
-
-    ret = krb5_c_make_checksum(context, cksum->cksumtype,
-			       key, usage, data, &data_cksum);
-    if (ret)
-	return ret;
-
-    if (data_cksum.cksumtype == cksum->cksumtype
-	&& data_cksum.checksum.length == cksum->checksum.length
-	&& memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
-	*valid = 1;
-
-    krb5_free_checksum_contents(context, &data_cksum);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
-		    krb5_cksumtype *type, krb5_data **data)
-{
-    krb5_error_code ret;
-
-    if (type)
-	*type = cksum->cksumtype;
-    if (data) {
-	*data = malloc(sizeof(**data));
-	if (*data == NULL)
-	    return ENOMEM;
-
-	ret = der_copy_octet_string(&cksum->checksum, *data);
-	if (ret) {
-	    free(*data);
-	    *data = NULL;
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
-		    krb5_cksumtype type, const krb5_data *data)
-{
-    cksum->cksumtype = type;
-    return der_copy_octet_string(data, &cksum->checksum);
-}
-
-void KRB5_LIB_FUNCTION 
-krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
-{
-    krb5_checksum_free(context, cksum);
-    free(cksum);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
-{
-    krb5_checksum_free(context, cksum);
-    memset(cksum, 0, sizeof(*cksum));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
-{
-    free_Checksum(cksum);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_enctype (krb5_enctype etype)
-{
-    return krb5_enctype_valid(NULL, etype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_cksumtype(krb5_cksumtype ctype)
-{
-    return krb5_cksumtype_valid(NULL, ctype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
-{
-    return krb5_checksum_is_collision_proof(NULL, ctype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
-{
-    return krb5_checksum_is_keyed(NULL, ctype);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_checksum (krb5_context context,
-		    const krb5_checksum *old,
-		    krb5_checksum **new)
-{
-    *new = malloc(sizeof(**new));
-    if (*new == NULL)
-	return ENOMEM;
-    return copy_Checksum(old, *new);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
-			size_t *length)
-{
-    return krb5_checksumsize(context, cksumtype, length);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_block_size(krb5_context context, 
-		  krb5_enctype enctype, 
-		  size_t *blocksize)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock key;
-
-    ret = krb5_generate_random_keyblock(context, enctype, &key);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    krb5_free_keyblock_contents(context, &key);
-    if (ret)
-	return ret;
-    ret = krb5_crypto_getblocksize(context, crypto, blocksize);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_decrypt(krb5_context context, 
-	       const krb5_keyblock key, 
-	       krb5_keyusage usage, 
-	       const krb5_data *ivec, 
-	       krb5_enc_data *input, 
-	       krb5_data *output)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, &key, input->enctype, &crypto);
-    if (ret)
-	return ret;
-
-    if (ivec) {
-	size_t blocksize;
-
-	ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
-	if (ret) {
-	krb5_crypto_destroy(context, crypto);
-	return ret;
-	}
-	
-	if (blocksize > ivec->length) {
-	    krb5_crypto_destroy(context, crypto);
-	    return KRB5_BAD_MSIZE;
-	}
-    }
-
-    ret = krb5_decrypt_ivec(context, crypto, usage, 
-			    input->ciphertext.data, input->ciphertext.length, 
-			    output, 
-			    ivec ? ivec->data : NULL);
-
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt(krb5_context context, 
-	       const krb5_keyblock *key, 
-	       krb5_keyusage usage,
-	       const krb5_data *ivec, 
-	       const krb5_data *input,
-	       krb5_enc_data *output)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    if (ivec) {
-	size_t blocksize;
-
-	ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
-	if (ret) {
-	    krb5_crypto_destroy(context, crypto);
-	    return ret;
-	}
-
-	if (blocksize > ivec->length) {
-	    krb5_crypto_destroy(context, crypto);
-	    return KRB5_BAD_MSIZE;
-	}
-    }
-
-    ret = krb5_encrypt_ivec(context, crypto, usage, 
-			    input->data, input->length, 
-			    &output->ciphertext, 
-			    ivec ? ivec->data : NULL);
-    output->kvno = 0;
-    krb5_crypto_getenctype(context, crypto, &output->enctype);
-
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt_length(krb5_context context, 
-		      krb5_enctype enctype, 
-		      size_t inputlen,
-		      size_t *length)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock key;
-
-    ret = krb5_generate_random_keyblock(context, enctype, &key);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    krb5_free_keyblock_contents(context, &key);
-    if (ret)
-	return ret;
-
-    *length = krb5_get_wrapped_length(context, crypto, inputlen);
-    krb5_crypto_destroy(context, crypto);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_enctype_compare(krb5_context context, 
-		       krb5_enctype e1,
-		       krb5_enctype e2, 
-		       krb5_boolean *similar)
-{
-    *similar = krb5_enctypes_compatible_keys(context, e1, e2);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_random_key(krb5_context context,
-		       krb5_enctype enctype, 
-		       krb5_keyblock *random_key)
-{
-    return krb5_generate_random_keyblock(context, enctype, random_key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_keylengths(krb5_context context,
-		  krb5_enctype enctype,
-		  size_t *ilen,
-		  size_t *keylen)
-{
-    krb5_error_code ret;
-
-    ret = krb5_enctype_keybits(context, enctype, ilen);
-    if (ret)
-	return ret;
-    *ilen = (*ilen + 7) / 8;
-    return krb5_enctype_keysize(context, enctype, keylen);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf_length(krb5_context context,
-		  krb5_enctype type,
-		  size_t *length)
-{
-    return krb5_crypto_prf_length(context, type, length);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf(krb5_context context,
-	   const krb5_keyblock *key,
-	   const krb5_data *input, 
-	   krb5_data *output)
-{
-    krb5_crypto crypto;
-    krb5_error_code ret;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_prf(context, crypto, input, output);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c
deleted file mode 100644
index 7046649..0000000
--- a/crypto/heimdal/lib/krb5/mk_error.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_error(krb5_context context,
-	      krb5_error_code error_code,
-	      const char *e_text,
-	      const krb5_data *e_data,
-	      const krb5_principal client,
-	      const krb5_principal server,
-	      time_t *client_time,
-	      int *client_usec,
-	      krb5_data *reply)
-{
-    KRB_ERROR msg;
-    krb5_timestamp sec;
-    int32_t usec;
-    size_t len;
-    krb5_error_code ret = 0;
-
-    krb5_us_timeofday (context, &sec, &usec);
-
-    memset(&msg, 0, sizeof(msg));
-    msg.pvno     = 5;
-    msg.msg_type = krb_error;
-    msg.stime    = sec;
-    msg.susec    = usec;
-    msg.ctime    = client_time;
-    msg.cusec    = client_usec;
-    /* Make sure we only send `protocol' error codes */
-    if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
-	if(e_text == NULL)
-	    e_text = krb5_get_err_text(context, error_code);
-	error_code = KRB5KRB_ERR_GENERIC;
-    }
-    msg.error_code = error_code - KRB5KDC_ERR_NONE;
-    if (e_text)
-	msg.e_text = rk_UNCONST(&e_text);
-    if (e_data)
-	msg.e_data = rk_UNCONST(e_data);
-    if(server){
-	msg.realm = server->realm;
-	msg.sname = server->name;
-    }else{
-	msg.realm = "<unspecified realm>";
-    }
-    if(client){
-	msg.crealm = &client->realm;
-	msg.cname = &client->name;
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
-    if (ret)
-	return ret;
-    if(reply->length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c
deleted file mode 100644
index 87e429a..0000000
--- a/crypto/heimdal/lib/krb5/mk_priv.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_priv.c 16680 2006-02-01 12:39:26Z lha $");
-
-      
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_PRIV s;
-    EncKrbPrivPart part;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-    krb5_replay_data rdata;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else
-	key = auth_context->keyblock;
-
-    memset(&rdata, 0, sizeof(rdata));
-
-    part.user_data = *userdata;
-
-    krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	part.timestamp = &rdata.timestamp;
-	part.usec      = &rdata.usec;
-    } else {
-	part.timestamp = NULL;
-	part.usec      = NULL;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-	outdata->timestamp = rdata.timestamp;
-	outdata->usec = rdata.usec;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	rdata.seq = auth_context->local_seqnumber;
-	part.seq_number = &rdata.seq;
-    } else
-	part.seq_number = NULL;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-	outdata->seq = auth_context->local_seqnumber;
-    
-    part.s_address = auth_context->local_address;
-    part.r_address = auth_context->remote_address;
-
-    krb5_data_zero (&s.enc_part.cipher);
-
-    ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
-    if (ret)
-	goto fail;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    s.pvno = 5;
-    s.msg_type = krb_priv;
-    s.enc_part.etype = key->keytype;
-    s.enc_part.kvno = NULL;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_encrypt (context, 
-			crypto,
-			KRB5_KU_KRB_PRIV,
-			buf + buf_size - len, 
-			len,
-			&s.enc_part.cipher);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    free(buf);
-
-
-    ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
-    if (ret)
-	goto fail;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    krb5_data_free (&s.enc_part.cipher);
-
-    ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
-    if (ret) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	free(buf);
-	return ENOMEM;
-    }
-    free (buf);
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-	auth_context->local_seqnumber =
-	    (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-    return 0;
-
-  fail:
-    free (buf);
-    krb5_data_free (&s.enc_part.cipher);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c
deleted file mode 100644
index 570a837..0000000
--- a/crypto/heimdal/lib/krb5/mk_rep.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    AP_REP ap;
-    EncAPRepPart body;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-
-    ap.pvno = 5;
-    ap.msg_type = krb_ap_rep;
-
-    memset (&body, 0, sizeof(body));
-
-    body.ctime = auth_context->authenticator->ctime;
-    body.cusec = auth_context->authenticator->cusec;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
-	if (auth_context->local_subkey == NULL) {
-	    ret = krb5_auth_con_generatelocalsubkey(context,
-						    auth_context,
-						    auth_context->keyblock);
-	    if(ret) {
-		krb5_set_error_string (context,
-				       "krb5_mk_rep: generating subkey");
-		free_EncAPRepPart(&body);
-		return ret;
-	    }
-	}
-	ret = krb5_copy_keyblock(context, auth_context->local_subkey,
-				 &body.subkey);
-	if (ret) {
-	    krb5_set_error_string (context,
-				   "krb5_copy_keyblock: out of memory");
-	    free_EncAPRepPart(&body);
-	    return ENOMEM;
-	}
-    } else
-	body.subkey = NULL;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if(auth_context->local_seqnumber == 0) 
-	    krb5_generate_seq_number (context,
-				      auth_context->keyblock,
-				      &auth_context->local_seqnumber);
-	ALLOC(body.seq_number, 1);
-	if (body.seq_number == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    free_EncAPRepPart(&body);
-	    return ENOMEM;
-	}
-	*(body.seq_number) = auth_context->local_seqnumber;
-    } else
-	body.seq_number = NULL;
-
-    ap.enc_part.etype = auth_context->keyblock->keytype;
-    ap.enc_part.kvno  = NULL;
-
-    ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
-    free_EncAPRepPart (&body);
-    if(ret)
-	return ret;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, auth_context->keyblock, 
-			   0 /* ap.enc_part.etype */, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_encrypt (context,
-			crypto,
-			KRB5_KU_AP_REQ_ENC_PART,
-			buf + buf_size - len, 
-			len,
-			&ap.enc_part.cipher);
-    krb5_crypto_destroy(context, crypto);
-    free(buf);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
-    if (ret == 0 && outbuf->length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_AP_REP (&ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c
deleted file mode 100644
index 5f64f01..0000000
--- a/crypto/heimdal/lib/krb5/mk_req.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_exact(krb5_context context,
-		  krb5_auth_context *auth_context,
-		  const krb5_flags ap_req_options,
-		  const krb5_principal server,
-		  krb5_data *in_data,
-		  krb5_ccache ccache,
-		  krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    krb5_creds this_cred, *cred;
-
-    memset(&this_cred, 0, sizeof(this_cred));
-
-    ret = krb5_cc_get_principal(context, ccache, &this_cred.client);
-  
-    if(ret)
-	return ret;
-
-    ret = krb5_copy_principal (context, server, &this_cred.server);
-    if (ret) {
-	krb5_free_cred_contents (context, &this_cred);
-	return ret;
-    }
-
-    this_cred.times.endtime = 0;
-    if (auth_context && *auth_context && (*auth_context)->keytype)
-	this_cred.session.keytype = (*auth_context)->keytype;
-
-    ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
-    krb5_free_cred_contents(context, &this_cred);
-    if (ret)
-	return ret;
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				cred,
-				outbuf);
-    krb5_free_creds(context, cred);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_flags ap_req_options,
-	    const char *service,
-	    const char *hostname,
-	    krb5_data *in_data,
-	    krb5_ccache ccache,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    char **realms;
-    char *real_hostname;
-    krb5_principal server;
-
-    ret = krb5_expand_hostname_realms (context, hostname,
-				       &real_hostname, &realms);
-    if (ret)
-	return ret;
-
-    ret = krb5_build_principal (context, &server,
-				strlen(*realms),
-				*realms,
-				service,
-				real_hostname,
-				NULL);
-    free (real_hostname);
-    krb5_free_host_realm (context, realms);
-    if (ret)
-	return ret;
-    ret = krb5_mk_req_exact (context, auth_context, ap_req_options,
-			     server, in_data, ccache, outbuf);
-    krb5_free_principal (context, server);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c
deleted file mode 100644
index b6d55c8..0000000
--- a/crypto/heimdal/lib/krb5/mk_req_ext.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $");
-
-krb5_error_code
-_krb5_mk_req_internal(krb5_context context,
-		      krb5_auth_context *auth_context,
-		      const krb5_flags ap_req_options,
-		      krb5_data *in_data,
-		      krb5_creds *in_creds,
-		      krb5_data *outbuf,
-		      krb5_key_usage checksum_usage,
-		      krb5_key_usage encrypt_usage)
-{
-    krb5_error_code ret;
-    krb5_data authenticator;
-    Checksum c;
-    Checksum *c_opt;
-    krb5_auth_context ac;
-
-    if(auth_context) {
-	if(*auth_context == NULL)
-	    ret = krb5_auth_con_init(context, auth_context);
-	else
-	    ret = 0;
-	ac = *auth_context;
-    } else
-	ret = krb5_auth_con_init(context, &ac);
-    if(ret)
-	return ret;
-      
-    if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-	ret = krb5_auth_con_generatelocalsubkey(context,
-						ac, 
-						&in_creds->session);
-	if(ret)
-	    goto out;
-    }
-
-    krb5_free_keyblock(context, ac->keyblock);
-    ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
-    if (ret)
-	goto out;
-  
-    /* it's unclear what type of checksum we can use.  try the best one, except:
-     * a) if it's configured differently for the current realm, or
-     * b) if the session key is des-cbc-crc
-     */
-
-    if (in_data) {
-	if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
-	    /* this is to make DCE secd (and older MIT kdcs?) happy */
-	    ret = krb5_create_checksum(context, 
-				       NULL,
-				       0,
-				       CKSUMTYPE_RSA_MD4,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	} else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
-		  ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 ||
-		  ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
-		  ac->keyblock->keytype == ETYPE_DES_CBC_MD5) {
-	    /* this is to make MS kdc happy */ 
-	    ret = krb5_create_checksum(context, 
-				       NULL,
-				       0,
-				       CKSUMTYPE_RSA_MD5,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	} else {
-	    krb5_crypto crypto;
-
-	    ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
-	    if (ret)
-		goto out;
-	    ret = krb5_create_checksum(context, 
-				       crypto,
-				       checksum_usage,
-				       0,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	    krb5_crypto_destroy(context, crypto);
-	}
-	c_opt = &c;
-    } else {
-	c_opt = NULL;
-    }
-
-    if (ret)
-	goto out;
-  
-    ret = krb5_build_authenticator (context,
-				    ac,
-				    ac->keyblock->keytype,
-				    in_creds,
-				    c_opt,
-				    NULL,
-				    &authenticator,
-				    encrypt_usage);
-    if (c_opt)
-	free_Checksum (c_opt);
-    if (ret)
-	goto out;
-
-    ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
-			     in_creds, ap_req_options, authenticator, outbuf);
-out:
-    if(auth_context == NULL)
-	krb5_auth_con_free(context, ac);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_extended(krb5_context context,
-		     krb5_auth_context *auth_context,
-		     const krb5_flags ap_req_options,
-		     krb5_data *in_data,
-		     krb5_creds *in_creds,
-		     krb5_data *outbuf)
-{
-    return _krb5_mk_req_internal (context,
-				 auth_context,
-				 ap_req_options,
-				 in_data,
-				 in_creds,
-				 outbuf,
-				 KRB5_KU_AP_REQ_AUTH_CKSUM,
-				 KRB5_KU_AP_REQ_AUTH);
-}
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
deleted file mode 100644
index 0b75759..0000000
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_safe.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_SAFE s;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-    krb5_replay_data rdata;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else
-	key = auth_context->keyblock;
-
-    s.pvno = 5;
-    s.msg_type = krb_safe;
-
-    memset(&rdata, 0, sizeof(rdata));
-
-    s.safe_body.user_data = *userdata;
-
-    krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	s.safe_body.timestamp  = &rdata.timestamp;
-	s.safe_body.usec       = &rdata.usec;
-    } else {
-	s.safe_body.timestamp  = NULL;
-	s.safe_body.usec       = NULL;
-    }
-    
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-	outdata->timestamp = rdata.timestamp;
-	outdata->usec = rdata.usec;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	rdata.seq = auth_context->local_seqnumber;
-	s.safe_body.seq_number = &rdata.seq;
-    } else 
-	s.safe_body.seq_number = NULL;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-	outdata->seq = auth_context->local_seqnumber;
-    
-    s.safe_body.s_address = auth_context->local_address;
-    s.safe_body.r_address = auth_context->remote_address;
-
-    s.cksum.cksumtype       = 0;
-    s.cksum.checksum.data   = NULL;
-    s.cksum.checksum.length = 0;
-
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_create_checksum(context, 
-			       crypto,
-			       KRB5_KU_KRB_SAFE_CKSUM,
-			       0,
-			       buf,
-			       len,
-			       &s.cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-
-    free(buf);
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-    free_Checksum (&s.cksum);
-    if(ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    outbuf->length = len;
-    outbuf->data   = buf;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-	auth_context->local_seqnumber =
-	    (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c
deleted file mode 100644
index 248e232..0000000
--- a/crypto/heimdal/lib/krb5/n-fold-test.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold-test.c 21745 2007-07-31 16:11:25Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *str;
-    unsigned n;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"012345",		8,
-     {0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55}
-    },
-    {"basch",		24,
-     {0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde,
-      0x2d, 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31,
-      0x64, 0x3f}
-    },
-    {"eichin",		24,
-     {0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b,
-      0x1b, 0x43, 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0,
-      0xd2, 0xdc, 0xca}
-    },
-    {"sommerfeld",	24,
-     {0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4,
-      0xe7, 0x11, 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5,
-      0xde, 0xf7, 0x5c}
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82,
-      0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9,
-      0x54, 0x0c, 0x1b}
-    },
-    {"assar@NADA.KTH.SE", 24,
-     {0x5c, 0x06, 0xc3, 0x4d, 0x2c, 0x89, 0x05, 0xbe, 0x7a, 0x51,
-      0x83, 0x6c, 0xd6, 0xf8, 0x1c, 0x4b, 0x7a, 0x93, 0x49, 0x16, 0x5a,
-      0xb3, 0xfa, 0xa9}
-    },
-    {"testKRBTEST.MIT.EDUtestkey", 24,
-     {0x50, 0x2c, 0xf8, 0x29, 0x78, 0xe5, 0xfb, 0x1a, 0x29, 0x06,
-      0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6,
-      0xc2, 0xda, 0x6c}
-    },
-    {"password", 7,
-     {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa}
-    },
-    {"Rough Consensus, and Running Code", 8,
-     {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0},
-    },
-    {"password", 21,
-     {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f,
-      0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e},
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3,
-      0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54,
-      0x0c, 0x1b}
-    },
-    {NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    unsigned char data[MAXSIZE];
-    struct testcase *t;
-    int ret = 0;
-
-    for (t = tests; t->str; ++t) {
-	int i;
-
-	ret = _krb5_n_fold (t->str, strlen(t->str), data, t->n);
-	if (ret)
-	    errx(1, "out of memory");
-	if (memcmp (data, t->res, t->n) != 0) {
-	    printf ("n-fold(\"%s\", %d) failed\n", t->str, t->n);
-	    printf ("should be: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", data[i]);
-	    printf ("\n");
-	    ret = 1;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold.c b/crypto/heimdal/lib/krb5/n-fold.c
deleted file mode 100644
index 53528cf..0000000
--- a/crypto/heimdal/lib/krb5/n-fold.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold.c 22190 2007-12-06 16:24:22Z lha $");
-
-static krb5_error_code
-rr13(unsigned char *buf, size_t len)
-{
-    unsigned char *tmp;
-    int bytes = (len + 7) / 8;
-    int i;
-    if(len == 0)
-	return 0;
-    {
-	const int bits = 13 % len;
-	const int lbit = len % 8;
-    
-	tmp = malloc(bytes);
-	if (tmp == NULL)
-	    return ENOMEM;
-	memcpy(tmp, buf, bytes);
-	if(lbit) {
-	    /* pad final byte with inital bits */
-	    tmp[bytes - 1] &= 0xff << (8 - lbit);
-	    for(i = lbit; i < 8; i += len)
-		tmp[bytes - 1] |= buf[0] >> i;
-	}
-	for(i = 0; i < bytes; i++) {
-	    int bb;
-	    int b1, s1, b2, s2;
-	    /* calculate first bit position of this byte */
-	    bb = 8 * i - bits;
-	    while(bb < 0)
-		bb += len;
-	    /* byte offset and shift count */
-	    b1 = bb / 8;
-	    s1 = bb % 8;
-	
-	    if(bb + 8 > bytes * 8) 
-		/* watch for wraparound */
-		s2 = (len + 8 - s1) % 8;
-	    else 
-		s2 = 8 - s1;
-	    b2 = (b1 + 1) % bytes;
-	    buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2);
-	}
-	free(tmp);
-    }
-    return 0;
-}
-
-/* Add `b' to `a', both being one's complement numbers. */
-static void
-add1(unsigned char *a, unsigned char *b, size_t len)
-{
-    int i;
-    int carry = 0;
-    for(i = len - 1; i >= 0; i--){
-	int x = a[i] + b[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-    for(i = len - 1; carry && i >= 0; i--){
-	int x = a[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
-{
-    /* if len < size we need at most N * len bytes, ie < 2 * size;
-       if len > size we need at most 2 * len */
-    krb5_error_code ret = 0;
-    size_t maxlen = 2 * max(size, len);
-    size_t l = 0;
-    unsigned char *tmp = malloc(maxlen);
-    unsigned char *buf = malloc(len);
-    
-    if (tmp == NULL || buf == NULL) 
-	return ENOMEM;
-
-    memcpy(buf, str, len);
-    memset(key, 0, size);
-    do {
-	memcpy(tmp + l, buf, len);
-	l += len;
-	ret = rr13(buf, len * 8);
-	if (ret)
-	    goto out;
-	while(l >= size) {
-	    add1(key, tmp, size);
-	    l -= size;
-	    if(l == 0)
-		break;
-	    memmove(tmp, tmp + size, l);
-	}
-    } while(l != 0);
-out:
-    memset(buf, 0, len);
-    free(buf);
-    memset(tmp, 0, maxlen);
-    free(tmp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c
deleted file mode 100644
index 0bb05f5..0000000
--- a/crypto/heimdal/lib/krb5/name-45-test.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: name-45-test.c 19763 2007-01-08 13:35:49Z lha $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *v4_name;
-    const char *v4_inst;
-    const char *v4_realm;
-
-    krb5_realm v5_realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-
-    const char *config_file;
-    krb5_error_code ret;	/* expected error code from 524 */
-
-    krb5_error_code ret2;	/* expected error code from 425 */
-} tests[] = {
-    {"", "", "", "", 1, {""}, NULL, 0, 0},
-    {"a", "", "", "", 1, {"a"}, NULL, 0, 0},
-    {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
-    {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
-
-    {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
-     {"krbtgt", "FOO.SE"}, NULL, 0, 0},
-
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo", "bar2"}, NULL, 0, 0},
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo", "bar2"},
-     "[libdefaults]\n"
-     "	v4_name_convert = {\n"
-     "		host = {\n"
-     "			foo = foo5\n"
-     "		}\n"
-     "}\n",
-    HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo5", "bar2.baz"},
-     "[realms]\n"
-     "  BAZ = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				foo = foo5\n"
-     "			}\n"
-     "		}\n"
-     "		v4_instance_convert = {\n"
-     "			bar2 = bar2.baz\n"
-     "		}\n"
-     "  }\n",
-     0, 0},
-
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
-     "[realms]\n"
-     "	realm = {\n"
-     "		v4_instance_convert = {\n"
-     "			foo = foo.realm\n"
-     "		}\n"
-     "	}\n",
-     0, 0},
-
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		default_domain = nada.kth.se\n"
-     "	}\n",
-     0, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n",
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n"
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				rcmd = host\n"
-     "			}\n"
-     "		}\n"
-     "		default_domain = pdc.kth.se\n"
-     "	}\n",
-     0, 0},
-
-    {"0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     2, {"0123456789012345678901234567890123456789",
-	 "0123456789012345678901234567890123456789"}, NULL,
-     0, KRB5_PARSE_MALFORMED},
-
-    {"012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     2, {"012345678901234567890123456789012345678",
-	 "012345678901234567890123456789012345678"}, NULL,
-     0, 0},
-
-    {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    char hostname[1024];
-    int val = 0;
-
-    setprogname(argv[0]);
-
-    gethostname(hostname, sizeof(hostname));
-    if (!(strstr(hostname, "kth.se") != NULL || strstr(hostname, "su.se") != NULL))
-	return 0;
-
-    for (t = tests; t->v4_name; ++t) {
-	krb5_principal princ;
-	int i;
-	char name[40], inst[40], realm[40];
-	char printable_princ[256];
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-
-	if (t->config_file != NULL) {
-	    char template[] = "/tmp/krb5-conf-XXXXXX";
-	    int fd = mkstemp(template);
-	    char *files[2];
-
-	    if (fd < 0)
-		krb5_err (context, 1, errno, "mkstemp %s", template);
-
-	    if (write (fd, t->config_file, strlen(t->config_file))
-		!= strlen(t->config_file))
-		krb5_err (context, 1, errno, "write %s", template);
-	    close (fd);
-	    files[0] = template;
-	    files[1] = NULL;
-
-	    ret = krb5_set_config_files (context, files);
-	    unlink (template);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_set_config_files");
-	}
-
-	ret = krb5_425_conv_principal (context,
-				       t->v4_name,
-				       t->v4_inst,
-				       t->v4_realm,
-				       &princ);
-	if (ret) {
-	    if (ret != t->ret) {
-		krb5_warn (context, ret,
-			   "krb5_425_conv_principal %s.%s@%s",
-			   t->v4_name, t->v4_inst, t->v4_realm);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret) {
-		char *s;
-		krb5_unparse_name(context, princ, &s);
-		krb5_warnx (context,
-			    "krb5_425_conv_principal %s.%s@%s "
-			    "passed unexpected: %s",
-			    t->v4_name, t->v4_inst, t->v4_realm, s);
-		free(s);
-		val = 1;
-		krb5_free_context(context);
-		continue;
-	    }
-	}
-
-	if (ret) {
-	    krb5_free_context(context);
-	    continue;
-	}
-
-	if (strcmp (t->v5_realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s.%s@%s\"\n",
-		    princ->realm, t->v5_realm,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s.%s@%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s.%s@%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->v4_name,
-			    t->v4_inst,
-			    t->v4_realm);
-		    val = 1;
-		}
-	    }
-	}
-	ret = krb5_524_conv_principal (context, princ,
-				       name, inst, realm);
-	if (krb5_unparse_name_fixed(context, princ,
-				    printable_princ, sizeof(printable_princ)))
-	    strlcpy(printable_princ, "unknown principal",
-		    sizeof(printable_princ));
-	if (ret) {
-	    if (ret != t->ret2) {
-		krb5_warn (context, ret,
-			   "krb5_524_conv_principal %s", printable_princ);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret2) {
-		krb5_warnx (context,
-			    "krb5_524_conv_principal %s "
-			    "passed unexpected", printable_princ);
-		val = 1;
-		krb5_free_context(context);
-		continue;
-	    }
-	}
-	if (ret) {
-	    krb5_free_principal (context, princ);
-	    krb5_free_context(context);
-	    continue;
-	}
-
-	krb5_free_principal (context, princ);
-	krb5_free_context(context);
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/net_read.c b/crypto/heimdal/lib/krb5/net_read.c
deleted file mode 100644
index f0fa2ce..0000000
--- a/crypto/heimdal/lib/krb5/net_read.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_read.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_read (krb5_context context,
-	       void *p_fd,
-	       void *buf,
-	       size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_read (fd, buf, len);
-}
diff --git a/crypto/heimdal/lib/krb5/net_write.c b/crypto/heimdal/lib/krb5/net_write.c
deleted file mode 100644
index 868015f..0000000
--- a/crypto/heimdal/lib/krb5/net_write.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_write.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write (krb5_context context,
-		void *p_fd,
-		const void *buf,
-		size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_write (fd, buf, len);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write_block(krb5_context context,
-		     void *p_fd,
-		     const void *buf,
-		     size_t len,
-		     time_t timeout)
-{
-  int fd = *((int *)p_fd);
-  int ret;
-  struct timeval tv, *tvp;
-  const char *cbuf = (const char *)buf;
-  size_t rem = len;
-  ssize_t count;
-  fd_set wfds;
-
-  do {
-      FD_ZERO(&wfds);
-      FD_SET(fd, &wfds);
-      
-      if (timeout != 0) {
-	  tv.tv_sec = timeout;
-	  tv.tv_usec = 0;
-	  tvp = &tv;
-      } else
-	  tvp = NULL;
-
-      ret = select(fd + 1, NULL, &wfds, NULL, tvp);
-      if (ret < 0) {
-	  if (errno == EINTR)
-	      continue;
-	  return -1;
-      } else if (ret == 0)
-	  return 0;
-      
-      if (!FD_ISSET(fd, &wfds)) {
-	  errno = ETIMEDOUT;
-	  return -1;
-      }
-
-#ifdef WIN32
-      count = send (fd, cbuf, rem, 0);
-#else
-      count = write (fd, cbuf, rem);
-#endif
-      if (count < 0) {
-	  if (errno == EINTR)
-	      continue;
-	  else
-	      return count;
-      }
-      cbuf += count;
-      rem -= count;
-
-  } while (rem > 0);
-
-  return len;
-}
diff --git a/crypto/heimdal/lib/krb5/pac.c b/crypto/heimdal/lib/krb5/pac.c
deleted file mode 100644
index 1b21750..0000000
--- a/crypto/heimdal/lib/krb5/pac.c
+++ /dev/null
@@ -1,1041 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: pac.c 21934 2007-08-27 14:21:04Z lha $");
-
-struct PAC_INFO_BUFFER {
-    uint32_t type;
-    uint32_t buffersize;
-    uint32_t offset_hi;
-    uint32_t offset_lo;
-};
-
-struct PACTYPE {
-    uint32_t numbuffers;
-    uint32_t version;                         
-    struct PAC_INFO_BUFFER buffers[1];
-};
-
-struct krb5_pac_data {
-    struct PACTYPE *pac;
-    krb5_data data;
-    struct PAC_INFO_BUFFER *server_checksum;
-    struct PAC_INFO_BUFFER *privsvr_checksum;
-    struct PAC_INFO_BUFFER *logon_name;
-};
-
-#define PAC_ALIGNMENT			8
-
-#define PACTYPE_SIZE			8
-#define PAC_INFO_BUFFER_SIZE		16
-
-#define PAC_SERVER_CHECKSUM		6
-#define PAC_PRIVSVR_CHECKSUM		7
-#define PAC_LOGON_NAME			10
-#define PAC_CONSTRAINED_DELEGATION	11
-
-#define CHECK(r,f,l)						\
-	do {							\
-		if (((r) = f ) != 0) {				\
-			krb5_clear_error_string(context);	\
-			goto l;					\
-		}						\
-	} while(0)
-
-static const char zeros[PAC_ALIGNMENT] = { 0 };
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
-	       krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_pac p;
-    krb5_storage *sp = NULL;
-    uint32_t i, tmp, tmp2, header_end;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-
-    sp = krb5_storage_from_readonly_mem(ptr, len);
-    if (sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
-    CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
-    if (tmp < 1) {
-	krb5_set_error_string(context, "PAC have too few buffer");
-	ret = EINVAL; /* Too few buffers */
-	goto out;
-    }
-    if (tmp2 != 0) {
-	krb5_set_error_string(context, "PAC have wrong version");
-	ret = EINVAL; /* Wrong version */
-	goto out;
-    }
-
-    p->pac = calloc(1, 
-		    sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
-    if (p->pac == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    p->pac->numbuffers = tmp;
-    p->pac->version = tmp2;
-
-    header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-    if (header_end > len) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
-
-	/* consistency checks */
-	if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
-	    krb5_set_error_string(context, "PAC out of allignment");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_hi) {
-	    krb5_set_error_string(context, "PAC high offset set");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_lo > len) {
-	    krb5_set_error_string(context, "PAC offset off end");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_lo < header_end) {
-	    krb5_set_error_string(context, "PAC offset inside header: %d %d",
-				  p->pac->buffers[i].offset_lo, header_end);
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
-	    krb5_set_error_string(context, "PAC length off end");
-	    ret = EINVAL;
-	    goto out;
-	}
-
-	/* let save pointer to data we need later */
-	if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
-	    if (p->server_checksum) {
-		krb5_set_error_string(context, "PAC have two server checksums");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->server_checksum = &p->pac->buffers[i];
-	} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
-	    if (p->privsvr_checksum) {
-		krb5_set_error_string(context, "PAC have two KDC checksums");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->privsvr_checksum = &p->pac->buffers[i];
-	} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
-	    if (p->logon_name) {
-		krb5_set_error_string(context, "PAC have two logon names");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->logon_name = &p->pac->buffers[i];
-	}
-    }
-
-    ret = krb5_data_copy(&p->data, ptr, len);
-    if (ret)
-	goto out;
-
-    krb5_storage_free(sp);
-
-    *pac = p;
-    return 0;
-
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    if (p) {
-	if (p->pac)
-	    free(p->pac);
-	free(p);
-    }
-    *pac = NULL;
-
-    return ret;
-}
-
-krb5_error_code
-krb5_pac_init(krb5_context context, krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_pac p;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    p->pac = calloc(1, sizeof(*p->pac));
-    if (p->pac == NULL) {
-	free(p);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
-    if (ret) {
-	free (p->pac);
-	free(p);
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-
-
-    *pac = p;
-    return 0;
-}
-
-krb5_error_code
-krb5_pac_add_buffer(krb5_context context, krb5_pac p,
-		    uint32_t type, const krb5_data *data)
-{
-    krb5_error_code ret;
-    void *ptr;
-    size_t len, offset, header_end, old_end;
-    uint32_t i;
-
-    len = p->pac->numbuffers;
-
-    ptr = realloc(p->pac,
-		  sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
-    if (ptr == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    p->pac = ptr;
-
-    for (i = 0; i < len; i++)
-	p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
-
-    offset = p->data.length + PAC_INFO_BUFFER_SIZE;
-
-    p->pac->buffers[len].type = type;
-    p->pac->buffers[len].buffersize = data->length;
-    p->pac->buffers[len].offset_lo = offset;
-    p->pac->buffers[len].offset_hi = 0;
-
-    old_end = p->data.length;
-    len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
-    if (len < p->data.length) {
-	krb5_set_error_string(context, "integer overrun");
-	return EINVAL;
-    }
-    
-    /* align to PAC_ALIGNMENT */
-    len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
-
-    ret = krb5_data_realloc(&p->data, len);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-
-    /* 
-     * make place for new PAC INFO BUFFER header
-     */
-    header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-    memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
-	    (unsigned char *)p->data.data + header_end ,
-	    old_end - header_end);
-    memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
-
-    /*
-     * copy in new data part
-     */
-
-    memcpy((unsigned char *)p->data.data + offset,
-	   data->data, data->length);
-    memset((unsigned char *)p->data.data + offset + data->length,
-	   0, p->data.length - offset - data->length);
-
-    p->pac->numbuffers += 1;
-
-    return 0;
-}
-
-krb5_error_code
-krb5_pac_get_buffer(krb5_context context, krb5_pac p,
-		    uint32_t type, krb5_data *data)
-{
-    krb5_error_code ret;
-    uint32_t i;
-
-    /*
-     * Hide the checksums from external consumers
-     */
-
-    if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
-	ret = krb5_data_alloc(data, 16);
-	if (ret) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	memset(data->data, 0, data->length);
-	return 0;
-    }
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	size_t len = p->pac->buffers[i].buffersize;
-	size_t offset = p->pac->buffers[i].offset_lo;
-
-	if (p->pac->buffers[i].type != type)
-	    continue;
-
-	ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
-	if (ret) {
-	    krb5_set_error_string(context, "Out of memory");
-	    return ret;
-	}
-	return 0;
-    }
-    krb5_set_error_string(context, "No PAC buffer of type %lu was found",
-			  (unsigned long)type);
-    return ENOENT;
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_get_types(krb5_context context,
-		   krb5_pac p,
-		   size_t *len,
-		   uint32_t **types)
-{
-    size_t i;
-
-    *types = calloc(p->pac->numbuffers, sizeof(*types));
-    if (*types == NULL) {
-	*len = 0;
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < p->pac->numbuffers; i++)
-	(*types)[i] = p->pac->buffers[i].type;
-    *len = p->pac->numbuffers;
-
-    return 0;
-}
-
-/*
- *
- */
-
-void
-krb5_pac_free(krb5_context context, krb5_pac pac)
-{
-    krb5_data_free(&pac->data);
-    free(pac->pac);
-    free(pac);
-}
-
-/*
- *
- */
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		const struct PAC_INFO_BUFFER *sig,
-		const krb5_data *data,
-		void *ptr, size_t len,
-		const krb5_keyblock *key)
-{
-    krb5_crypto crypto = NULL;
-    krb5_storage *sp = NULL;
-    uint32_t type;
-    krb5_error_code ret;
-    Checksum cksum;
-
-    memset(&cksum, 0, sizeof(cksum));
-
-    sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
-			       sig->buffersize);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &type), out);
-    cksum.cksumtype = type;
-    cksum.checksum.length = 
-	sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
-    cksum.checksum.data = malloc(cksum.checksum.length);
-    if (cksum.checksum.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
-    if (ret != cksum.checksum.length) {
-	krb5_set_error_string(context, "PAC checksum missing checksum");
-	ret = EINVAL;
-	goto out;
-    }
-
-    if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
-	krb5_set_error_string (context, "Checksum type %d not keyed",
-			       cksum.cksumtype);
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto out;
-
-    ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
-			       ptr, len, &cksum);
-    free(cksum.checksum.data);
-    krb5_crypto_destroy(context, crypto);
-    krb5_storage_free(sp);
-
-    return ret;
-
-out:
-    if (cksum.checksum.data)
-	free(cksum.checksum.data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (crypto)
-	krb5_crypto_destroy(context, crypto);
-    return ret;
-}
-
-static krb5_error_code
-create_checksum(krb5_context context,
-		const krb5_keyblock *key,
-		void *data, size_t datalen,
-		void *sig, size_t siglen)
-{
-    krb5_crypto crypto = NULL;
-    krb5_error_code ret;
-    Checksum cksum;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
-			       data, datalen, &cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    if (cksum.checksum.length != siglen) {
-	krb5_set_error_string(context, "pac checksum wrong length");
-	free_Checksum(&cksum);
-	return EINVAL;
-    }
-
-    memcpy(sig, cksum.checksum.data, siglen);
-    free_Checksum(&cksum);
-
-    return 0;
-}
-
-
-/*
- *
- */
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static uint64_t
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
-    return wt;
-}
-
-static krb5_error_code
-verify_logonname(krb5_context context,
-		 const struct PAC_INFO_BUFFER *logon_name,
-		 const krb5_data *data,
-		 time_t authtime,
-		 krb5_const_principal principal)
-{
-    krb5_error_code ret;
-    krb5_principal p2;
-    uint32_t time1, time2;
-    krb5_storage *sp;
-    uint16_t len;
-    char *s;
-
-    sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
-					logon_name->buffersize);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &time1), out);
-    CHECK(ret, krb5_ret_uint32(sp, &time2), out);
-
-    {
-	uint64_t t1, t2;
-	t1 = unix2nttime(authtime);
-	t2 = ((uint64_t)time2 << 32) | time1;
-	if (t1 != t2) {
-	    krb5_storage_free(sp);
-	    krb5_set_error_string(context, "PAC timestamp mismatch");
-	    return EINVAL;
-	}
-    }
-    CHECK(ret, krb5_ret_uint16(sp, &len), out);
-    if (len == 0) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "PAC logon name length missing");
-	return EINVAL;
-    }
-
-    s = malloc(len);
-    if (s == NULL) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, s, len);
-    if (ret != len) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "Failed to read pac logon name");
-	return EINVAL;
-    }
-    krb5_storage_free(sp);
-#if 1 /* cheat for now */
-    {
-	size_t i;
-
-	if (len & 1) {
-	    krb5_set_error_string(context, "PAC logon name malformed");
-	    return EINVAL;
-	}
-
-	for (i = 0; i < len / 2; i++) {
-	    if (s[(i * 2) + 1]) {
-		krb5_set_error_string(context, "PAC logon name not ASCII");
-		return EINVAL;
-	    }
-	    s[i] = s[i * 2];
-	}
-	s[i] = '\0';
-    }
-#else
-    {
-	uint16_t *ucs2;
-	ssize_t ucs2len;
-	size_t u8len;
-
-	ucs2 = malloc(sizeof(ucs2[0]) * len / 2);
-	if (ucs2)
-	    abort();
-	ucs2len = wind_ucs2read(s, len / 2, ucs2);
-	free(s);
-	if (len < 0)
-	    return -1;
-	ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len);
-	if (ret < 0)
-	    abort();
-	s = malloc(u8len + 1);
-	if (s == NULL)
-	    abort();
-	wind_ucs2toutf8(ucs2, ucs2len, s, &u8len);
-	free(ucs2);
-    }
-#endif
-    ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
-    free(s);
-    if (ret)
-	return ret;
-    
-    if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
-	krb5_set_error_string(context, "PAC logon name mismatch");
-	ret = EINVAL;
-    }
-    krb5_free_principal(context, p2);
-    return ret;
-out:
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-build_logon_name(krb5_context context, 
-		 time_t authtime,
-		 krb5_const_principal principal, 
-		 krb5_data *logon)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    uint64_t t;
-    char *s, *s2;
-    size_t i, len;
-
-    t = unix2nttime(authtime);
-
-    krb5_data_zero(logon);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
-    CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
-
-    ret = krb5_unparse_name_flags(context, principal,
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
-    if (ret)
-	goto out;
-
-    len = strlen(s);
-    
-    CHECK(ret, krb5_store_uint16(sp, len * 2), out);
-
-#if 1 /* cheat for now */
-    s2 = malloc(len * 2);
-    if (s2 == NULL) {
-	ret = ENOMEM;
-	free(s);
-	goto out;
-    }
-    for (i = 0; i < len; i++) {
-	s2[i * 2] = s[i];
-	s2[i * 2 + 1] = 0;
-    }
-    free(s);
-#else
-    /* write libwind code here */
-#endif
-
-    ret = krb5_storage_write(sp, s2, len * 2);
-    free(s2);
-    if (ret != len * 2) {
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = krb5_storage_to_data(sp, logon);
-    if (ret)
-	goto out;
-    krb5_storage_free(sp);
-
-    return 0;
-out:
-    krb5_storage_free(sp);
-    return ret;
-}
-
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_verify(krb5_context context, 
-		const krb5_pac pac,
-		time_t authtime,
-		krb5_const_principal principal,
-		const krb5_keyblock *server,
-		const krb5_keyblock *privsvr)
-{
-    krb5_error_code ret;
-
-    if (pac->server_checksum == NULL) {
-	krb5_set_error_string(context, "PAC missing server checksum");
-	return EINVAL;
-    }
-    if (pac->privsvr_checksum == NULL) {
-	krb5_set_error_string(context, "PAC missing kdc checksum");
-	return EINVAL;
-    }
-    if (pac->logon_name == NULL) {
-	krb5_set_error_string(context, "PAC missing logon name");
-	return EINVAL;
-    }
-
-    ret = verify_logonname(context, 
-			   pac->logon_name,
-			   &pac->data,
-			   authtime,
-			   principal);
-    if (ret)
-	return ret;
-
-    /* 
-     * in the service case, clean out data option of the privsvr and
-     * server checksum before checking the checksum.
-     */
-    {
-	krb5_data *copy;
-
-	ret = krb5_copy_data(context, &pac->data, &copy);
-	if (ret)
-	    return ret;
-
-	if (pac->server_checksum->buffersize < 4)
-	    return EINVAL;
-	if (pac->privsvr_checksum->buffersize < 4)
-	    return EINVAL;
-
-	memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
-	       0,
-	       pac->server_checksum->buffersize - 4);
-
-	memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
-	       0,
-	       pac->privsvr_checksum->buffersize - 4);
-
-	ret = verify_checksum(context,
-			      pac->server_checksum,
-			      &pac->data,
-			      copy->data,
-			      copy->length,
-			      server);
-	krb5_free_data(context, copy);
-	if (ret)
-	    return ret;
-    }
-    if (privsvr) {
-	ret = verify_checksum(context,
-			      pac->privsvr_checksum,
-			      &pac->data,
-			      (char *)pac->data.data
-			      + pac->server_checksum->offset_lo + 4,
-			      pac->server_checksum->buffersize - 4,
-			      privsvr);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
-{
-    ssize_t sret;
-    size_t l;
-
-    while (len) {
-	l = len;
-	if (l > sizeof(zeros))
-	    l = sizeof(zeros);
-	sret = krb5_storage_write(sp, zeros, l);
-	if (sret <= 0) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-	len -= sret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-pac_checksum(krb5_context context, 
-	     const krb5_keyblock *key,
-	     uint32_t *cksumtype,
-	     size_t *cksumsize)
-{
-    krb5_cksumtype cktype;
-    krb5_error_code ret;
-    krb5_crypto crypto = NULL;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
-    ret = krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
-	krb5_set_error_string(context, "PAC checksum type is not keyed");
-	return EINVAL;
-    }
-
-    ret = krb5_checksumsize(context, cktype, cksumsize);
-    if (ret)
-	return ret;
-    
-    *cksumtype = (uint32_t)cktype;
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_pac_sign(krb5_context context,
-	       krb5_pac p,
-	       time_t authtime,
-	       krb5_principal principal,
-	       const krb5_keyblock *server_key,
-	       const krb5_keyblock *priv_key,
-	       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp = NULL, *spdata = NULL;
-    uint32_t end;
-    size_t server_size, priv_size;
-    uint32_t server_offset = 0, priv_offset = 0;
-    uint32_t server_cksumtype = 0, priv_cksumtype = 0;
-    int i, num = 0;
-    krb5_data logon, d;
-
-    krb5_data_zero(&logon);
-
-    if (p->logon_name == NULL)
-	num++;
-    if (p->server_checksum == NULL)
-	num++;
-    if (p->privsvr_checksum == NULL)
-	num++;
-
-    if (num) {
-	void *ptr;
-
-	ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
-	if (ptr == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-	p->pac = ptr;
-
-	if (p->logon_name == NULL) {
-	    p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->logon_name, 0, sizeof(*p->logon_name));
-	    p->logon_name->type = PAC_LOGON_NAME;
-	}
-	if (p->server_checksum == NULL) {
-	    p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->server_checksum, 0, sizeof(*p->server_checksum));
-	    p->server_checksum->type = PAC_SERVER_CHECKSUM;
-	}
-	if (p->privsvr_checksum == NULL) {
-	    p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
-	    p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
-	}
-    }
-
-    /* Calculate LOGON NAME */
-    ret = build_logon_name(context, authtime, principal, &logon);
-    if (ret)
-	goto out;
-
-    /* Set lengths for checksum */
-    ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
-    if (ret)
-	goto out;
-    ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
-    if (ret)
-	goto out;
-
-    /* Encode PAC */
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    spdata = krb5_storage_emem();
-    if (spdata == NULL) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
-    CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
-
-    end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	uint32_t len;
-	size_t sret;
-	void *ptr = NULL;
-
-	/* store data */
-
-	if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
-	    len = server_size + 4;
-	    server_offset = end + 4;
-	    CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
-	    CHECK(ret, fill_zeros(context, spdata, server_size), out);
-	} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
-	    len = priv_size + 4;
-	    priv_offset = end + 4;
-	    CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
-	    CHECK(ret, fill_zeros(context, spdata, priv_size), out);
-	} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
-	    len = krb5_storage_write(spdata, logon.data, logon.length);
-	    if (logon.length != len) {
-		ret = EINVAL;
-		goto out;
-	    }
-	} else {
-	    len = p->pac->buffers[i].buffersize;
-	    ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
-
-	    sret = krb5_storage_write(spdata, ptr, len);
-	    if (sret != len) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    /* XXX if not aligned, fill_zeros */
-	}
-
-	/* write header */
-	CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
-	CHECK(ret, krb5_store_uint32(sp, len), out);
-	CHECK(ret, krb5_store_uint32(sp, end), out);
-	CHECK(ret, krb5_store_uint32(sp, 0), out);
-
-	/* advance data endpointer and align */
-	{
-	    int32_t e;
-
-	    end += len;
-	    e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
-	    if (end != e) {
-		CHECK(ret, fill_zeros(context, spdata, e - end), out);
-	    }
-	    end = e;
-	}
-
-    }
-
-    /* assert (server_offset != 0 && priv_offset != 0); */
-
-    /* export PAC */
-    ret = krb5_storage_to_data(spdata, &d);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-    ret = krb5_storage_write(sp, d.data, d.length);
-    if (ret != d.length) {
-	krb5_data_free(&d);
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    krb5_data_free(&d);
-
-    ret = krb5_storage_to_data(sp, &d);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-
-    /* sign */
-
-    ret = create_checksum(context, server_key,
-			  d.data, d.length,
-			  (char *)d.data + server_offset, server_size);
-    if (ret) {
-	krb5_data_free(&d);
-	goto out;
-    }
-
-    ret = create_checksum(context, priv_key,
-			  (char *)d.data + server_offset, server_size,
-			  (char *)d.data + priv_offset, priv_size);
-    if (ret) {
-	krb5_data_free(&d);
-	goto out;
-    }
-
-    /* done */
-    *data = d;
-
-    krb5_data_free(&logon);
-    krb5_storage_free(sp);
-    krb5_storage_free(spdata);
-
-    return 0;
-out:
-    krb5_data_free(&logon);
-    if (sp)
-	krb5_storage_free(sp);
-    if (spdata)
-	krb5_storage_free(spdata);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/padata.c b/crypto/heimdal/lib/krb5/padata.c
deleted file mode 100644
index b2b70f5..0000000
--- a/crypto/heimdal/lib/krb5/padata.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: padata.c 15469 2005-06-17 04:28:35Z lha $");
-
-PA_DATA *
-krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
-{
-    for(; *idx < len; (*idx)++)
-	if(val[*idx].padata_type == type)
-	    return val + *idx;
-    return NULL;    
-}
-
-int KRB5_LIB_FUNCTION
-krb5_padata_add(krb5_context context, METHOD_DATA *md,
-		int type, void *buf, size_t len)
-{
-    PA_DATA *pa;
-
-    pa = realloc (md->val, (md->len + 1) * sizeof(*md->val));
-    if (pa == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    md->val = pa;
-
-    pa[md->len].padata_type = type;
-    pa[md->len].padata_value.length = len;
-    pa[md->len].padata_value.data = buf;
-    md->len++;    
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/parse-name-test.c b/crypto/heimdal/lib/krb5/parse-name-test.c
deleted file mode 100644
index 7e60705..0000000
--- a/crypto/heimdal/lib/krb5/parse-name-test.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: parse-name-test.c 16342 2005-12-02 14:14:43Z lha $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *input_string;
-    const char *output_string;
-    krb5_realm realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-    int realmp;
-} tests[] = {
-    {"", "@", "", 1, {""}, FALSE},
-    {"a", "a@", "", 1, {"a"}, FALSE},
-    {"\\n", "\\n@", "", 1, {"\n"}, FALSE},
-    {"\\ ", "\\ @", "", 1, {" "}, FALSE},
-    {"\\t", "\\t@", "", 1, {"\t"}, FALSE},
-    {"\\b", "\\b@", "", 1, {"\b"}, FALSE},
-    {"\\\\", "\\\\@", "", 1, {"\\"}, FALSE},
-    {"\\/", "\\/@", "", 1, {"/"}, FALSE},
-    {"\\@", "\\@@", "", 1, {"@"}, FALSE},
-    {"@", "@", "", 1, {""}, TRUE},
-    {"a/b", "a/b@", "", 2, {"a", "b"}, FALSE},
-    {"a/", "a/@", "", 2, {"a", ""}, FALSE},
-    {"a\\//\\/", "a\\//\\/@", "", 2, {"a/", "/"}, FALSE},
-    {"/a", "/a@", "", 2, {"", "a"}, FALSE},
-    {"\\@@\\@", "\\@@\\@", "@", 1, {"@"}, TRUE},
-    {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE},
-    {NULL, NULL, "", 0, { NULL }, FALSE}};
-
-int KRB5_LIB_FUNCTION
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->input_string; ++t) {
-	krb5_principal princ;
-	int i, j;
-	char name_buf[1024];
-	char *s;
-
-	ret = krb5_parse_name(context, t->input_string, &princ);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->input_string);
-	if (strcmp (t->realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s\"\n",
-		    princ->realm, t->realm,
-		    t->input_string);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->input_string);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->input_string);
-		    val = 1;
-		}
-	    }
-	}
-	for (j = 0; j < strlen(t->output_string); ++j) {
-	    ret = krb5_unparse_name_fixed(context, princ,
-					  name_buf, j);
-	    if (ret != ERANGE) {
-		printf ("unparse_name %s with length %d should have failed\n",
-			t->input_string, j);
-		val = 1;
-		break;
-	    }
-	}
-	ret = krb5_unparse_name_fixed(context, princ,
-				      name_buf, sizeof(name_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	if (strcmp (t->output_string, name_buf) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\")\n",
-		    name_buf, t->output_string);
-	    val = 1;
-	}
-
-	ret = krb5_unparse_name(context, princ, &s);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name");
-
-	if (strcmp (t->output_string, s) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\"\n",
-		    s, t->output_string);
-	    val = 1;
-	}
-	free(s);
-
-	if (!t->realmp) {
-	    for (j = 0; j < strlen(t->input_string); ++j) {
-		ret = krb5_unparse_name_fixed_short(context, princ,
-						    name_buf, j);
-		if (ret != ERANGE) {
-		    printf ("unparse_name_short %s with length %d"
-			    " should have failed\n",
-			    t->input_string, j);
-		    val = 1;
-		    break;
-		}
-	    }
-	    ret = krb5_unparse_name_fixed_short(context, princ,
-						name_buf, sizeof(name_buf));
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	    if (strcmp (t->input_string, name_buf) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\")\n",
-			name_buf, t->input_string);
-		val = 1;
-	    }
-
-	    ret = krb5_unparse_name_short(context, princ, &s);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_short");
-
-	    if (strcmp (t->input_string, s) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\"\n",
-			s, t->input_string);
-		val = 1;
-	    }
-	    free(s);
-	}
-	krb5_free_principal (context, princ);
-    }
-    krb5_free_context(context);
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/pkinit.c b/crypto/heimdal/lib/krb5/pkinit.c
deleted file mode 100644
index a0b6a4e..0000000
--- a/crypto/heimdal/lib/krb5/pkinit.c
+++ /dev/null
@@ -1,2070 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: pkinit.c 22433 2008-01-13 14:11:46Z lha $");
-
-struct krb5_dh_moduli {
-    char *name;
-    unsigned long bits;
-    heim_integer p;
-    heim_integer g;
-    heim_integer q;
-};
-
-#ifdef PKINIT
-
-#include <heim_asn1.h>
-#include <rfc2459_asn1.h>
-#include <cms_asn1.h>
-#include <pkcs8_asn1.h>
-#include <pkcs9_asn1.h>
-#include <pkcs12_asn1.h>
-#include <pkinit_asn1.h>
-#include <asn1_err.h>
-
-#include <der.h>
-
-#include <hx509.h>
-
-enum {
-    COMPAT_WIN2K = 1,
-    COMPAT_IETF = 2
-};
-
-struct krb5_pk_identity {
-    hx509_context hx509ctx;
-    hx509_verify_ctx verify_ctx;
-    hx509_certs certs;
-    hx509_certs anchors;
-    hx509_certs certpool;
-    hx509_revoke_ctx revokectx;
-};
-
-struct krb5_pk_cert {
-    hx509_cert cert;
-};
-
-struct krb5_pk_init_ctx_data {
-    struct krb5_pk_identity *id;
-    DH *dh;
-    krb5_data *clientDHNonce;
-    struct krb5_dh_moduli **m;
-    hx509_peer_info peer;
-    int type;
-    unsigned int require_binding:1;
-    unsigned int require_eku:1;
-    unsigned int require_krbtgt_otherName:1;
-    unsigned int require_hostname_match:1;
-    unsigned int trustedCertifiers:1;
-};
-
-static void
-_krb5_pk_copy_error(krb5_context context,
-		    hx509_context hx509ctx,
-		    int hxret,
-		    const char *fmt,
-		    ...)
-    __attribute__ ((format (printf, 4, 5)));
-
-/*
- *
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_cert_free(struct krb5_pk_cert *cert)
-{
-    if (cert->cert) {
-	hx509_cert_free(cert->cert);
-    }
-    free(cert);
-}
-
-static krb5_error_code
-BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
-{
-    integer->length = BN_num_bytes(bn);
-    integer->data = malloc(integer->length);
-    if (integer->data == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    BN_bn2bin(bn, integer->data);
-    integer->negative = BN_is_negative(bn);
-    return 0;
-}
-
-static BIGNUM *
-integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
-{
-    BIGNUM *bn;
-
-    bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
-    if (bn == NULL) {
-	krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
-	return NULL;
-    }
-    BN_set_negative(bn, f->negative);
-    return bn;
-}
-
-
-static krb5_error_code
-_krb5_pk_create_sign(krb5_context context,
-		     const heim_oid *eContentType,
-		     krb5_data *eContent,
-		     struct krb5_pk_identity *id,
-		     hx509_peer_info peer,
-		     krb5_data *sd_data)
-{
-    hx509_cert cert;
-    hx509_query *q;
-    int ret;
-
-    ret = hx509_query_alloc(id->hx509ctx, &q);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Allocate query to find signing certificate");
-	return ret;
-    }
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-
-    ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert);
-    hx509_query_free(id->hx509ctx, q);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Find certificate to signed CMS data");
-	return ret;
-    }
-
-    ret = hx509_cms_create_signed_1(id->hx509ctx,
-				    0,
-				    eContentType,
-				    eContent->data,
-				    eContent->length,
-				    NULL,
-				    cert,
-				    peer,
-				    NULL,
-				    id->certs,
-				    sd_data);
-    if (ret)
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData");
-    hx509_cert_free(cert);
-
-    return ret;
-}
-
-static int
-cert2epi(hx509_context context, void *ctx, hx509_cert c)
-{
-    ExternalPrincipalIdentifiers *ids = ctx;
-    ExternalPrincipalIdentifier id;
-    hx509_name subject = NULL;
-    void *p;
-    int ret;
-
-    memset(&id, 0, sizeof(id));
-
-    ret = hx509_cert_get_subject(c, &subject);
-    if (ret)
-	return ret;
-
-    if (hx509_name_is_null_p(subject) != 0) {
-
-	id.subjectName = calloc(1, sizeof(*id.subjectName));
-	if (id.subjectName == NULL) {
-	    hx509_name_free(&subject);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ENOMEM;
-	}
-    
-	ret = hx509_name_binary(subject, id.subjectName);
-	if (ret) {
-	    hx509_name_free(&subject);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-    }
-    hx509_name_free(&subject);
-
-
-    id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber));
-    if (id.issuerAndSerialNumber == NULL) {
-	free_ExternalPrincipalIdentifier(&id);
-	return ENOMEM;
-    }
-
-    {
-	IssuerAndSerialNumber iasn;
-	hx509_name issuer;
-	size_t size;
-	
-	memset(&iasn, 0, sizeof(iasn));
-
-	ret = hx509_cert_get_issuer(c, &issuer);
-	if (ret) {
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-
-	ret = hx509_name_to_Name(issuer, &iasn.issuer);
-	hx509_name_free(&issuer);
-	if (ret) {
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-	
-	ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
-	if (ret) {
-	    free_IssuerAndSerialNumber(&iasn);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-
-	ASN1_MALLOC_ENCODE(IssuerAndSerialNumber,
-			   id.issuerAndSerialNumber->data, 
-			   id.issuerAndSerialNumber->length,
-			   &iasn, &size, ret);
-	free_IssuerAndSerialNumber(&iasn);
-	if (ret)
-	    return ret;
-	if (id.issuerAndSerialNumber->length != size)
-	    abort();
-    }
-
-    id.subjectKeyIdentifier = NULL;
-
-    p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); 
-    if (p == NULL) {
-	free_ExternalPrincipalIdentifier(&id);
-	return ENOMEM;
-    }
-
-    ids->val = p;
-    ids->val[ids->len] = id;
-    ids->len++;
-
-    return 0;
-}
-
-static krb5_error_code
-build_edi(krb5_context context,
-	  hx509_context hx509ctx,
-	  hx509_certs certs,
-	  ExternalPrincipalIdentifiers *ids)
-{
-    return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
-}
-
-static krb5_error_code
-build_auth_pack(krb5_context context,
-		unsigned nonce,
-		krb5_pk_init_ctx ctx,
-		DH *dh,
-		const KDC_REQ_BODY *body,
-		AuthPack *a)
-{
-    size_t buf_size, len;
-    krb5_error_code ret;
-    void *buf;
-    krb5_timestamp sec;
-    int32_t usec;
-    Checksum checksum;
-
-    krb5_clear_error_string(context);
-
-    memset(&checksum, 0, sizeof(checksum));
-
-    krb5_us_timeofday(context, &sec, &usec);
-    a->pkAuthenticator.ctime = sec;
-    a->pkAuthenticator.nonce = nonce;
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
-    if (ret)
-	return ret;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_create_checksum(context,
-			       NULL,
-			       0,
-			       CKSUMTYPE_SHA1,
-			       buf,
-			       len,
-			       &checksum);
-    free(buf);
-    if (ret) 
-	return ret;
-
-    ALLOC(a->pkAuthenticator.paChecksum, 1);
-    if (a->pkAuthenticator.paChecksum == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
-			 checksum.checksum.data, checksum.checksum.length);
-    free_Checksum(&checksum);
-    if (ret)
-	return ret;
-
-    if (dh) {
-	DomainParameters dp;
-	heim_integer dh_pub_key;
-	krb5_data dhbuf;
-	size_t size;
-
-	if (1 /* support_cached_dh */) {
-	    ALLOC(a->clientDHNonce, 1);
-	    if (a->clientDHNonce == NULL) {
-		krb5_clear_error_string(context);
-		return ENOMEM;
-	    }
-	    ret = krb5_data_alloc(a->clientDHNonce, 40);
-	    if (a->clientDHNonce == NULL) {
-		krb5_clear_error_string(context);
-		return ENOMEM;
-	    }
-	    memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
-	    ret = krb5_copy_data(context, a->clientDHNonce, 
-				 &ctx->clientDHNonce);
-	    if (ret)
-		return ret;
-	}
-
-	ALLOC(a->clientPublicValue, 1);
-	if (a->clientPublicValue == NULL)
-	    return ENOMEM;
-	ret = der_copy_oid(oid_id_dhpublicnumber(),
-			   &a->clientPublicValue->algorithm.algorithm);
-	if (ret)
-	    return ret;
-	
-	memset(&dp, 0, sizeof(dp));
-
-	ret = BN_to_integer(context, dh->p, &dp.p);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	ret = BN_to_integer(context, dh->g, &dp.g);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	ret = BN_to_integer(context, dh->q, &dp.q);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	dp.j = NULL;
-	dp.validationParms = NULL;
-
-	a->clientPublicValue->algorithm.parameters = 
-	    malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
-	if (a->clientPublicValue->algorithm.parameters == NULL) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-
-	ASN1_MALLOC_ENCODE(DomainParameters,
-			   a->clientPublicValue->algorithm.parameters->data,
-			   a->clientPublicValue->algorithm.parameters->length,
-			   &dp, &size, ret);
-	free_DomainParameters(&dp);
-	if (ret)
-	    return ret;
-	if (size != a->clientPublicValue->algorithm.parameters->length)
-	    krb5_abortx(context, "Internal ASN1 encoder error");
-
-	ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
-	if (ret)
-	    return ret;
-
-	ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
-			   &dh_pub_key, &size, ret);
-	der_free_heim_integer(&dh_pub_key);
-	if (ret)
-	    return ret;
-	if (size != dhbuf.length)
-	    krb5_abortx(context, "asn1 internal error");
-
-	a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
-	a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
-    }
-
-    {
-	a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
-	if (a->supportedCMSTypes == NULL)
-	    return ENOMEM;
-
-	ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL,
-				     &a->supportedCMSTypes->val,
-				     &a->supportedCMSTypes->len);
-	if (ret)
-	    return ret;
-    }
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_ContentInfo(krb5_context context,
-			const krb5_data *buf, 
-			const heim_oid *oid,
-			struct ContentInfo *content_info)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_oid(oid, &content_info->contentType);
-    if (ret)
-	return ret;
-    ALLOC(content_info->content, 1);
-    if (content_info->content == NULL)
-	return ENOMEM;
-    content_info->content->data = malloc(buf->length);
-    if (content_info->content->data == NULL)
-	return ENOMEM;
-    memcpy(content_info->content->data, buf->data, buf->length);
-    content_info->content->length = buf->length;
-    return 0;
-}
-
-static krb5_error_code
-pk_mk_padata(krb5_context context,
-	     krb5_pk_init_ctx ctx,
-	     const KDC_REQ_BODY *req_body,
-	     unsigned nonce,
-	     METHOD_DATA *md)
-{
-    struct ContentInfo content_info;
-    krb5_error_code ret;
-    const heim_oid *oid;
-    size_t size;
-    krb5_data buf, sd_buf;
-    int pa_type;
-
-    krb5_data_zero(&buf);
-    krb5_data_zero(&sd_buf);
-    memset(&content_info, 0, sizeof(content_info));
-
-    if (ctx->type == COMPAT_WIN2K) {
-	AuthPack_Win2k ap;
-	krb5_timestamp sec;
-	int32_t usec;
-
-	memset(&ap, 0, sizeof(ap));
-
-	/* fill in PKAuthenticator */
-	ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
-	if (ret) {
-	    free_AuthPack_Win2k(&ap);
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-	ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
-	if (ret) {
-	    free_AuthPack_Win2k(&ap);
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	krb5_us_timeofday(context, &sec, &usec);
-	ap.pkAuthenticator.ctime = sec;
-	ap.pkAuthenticator.cusec = usec;
-	ap.pkAuthenticator.nonce = nonce;
-
-	ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length,
-			   &ap, &size, ret);
-	free_AuthPack_Win2k(&ap);
-	if (ret) {
-	    krb5_set_error_string(context, "AuthPack_Win2k: %d", ret);
-	    goto out;
-	}
-	if (buf.length != size)
-	    krb5_abortx(context, "internal ASN1 encoder error");
-
-	oid = oid_id_pkcs7_data();
-    } else if (ctx->type == COMPAT_IETF) {
-	AuthPack ap;
-	
-	memset(&ap, 0, sizeof(ap));
-
-	ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap);
-	if (ret) {
-	    free_AuthPack(&ap);
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
-	free_AuthPack(&ap);
-	if (ret) {
-	    krb5_set_error_string(context, "AuthPack: %d", ret);
-	    goto out;
-	}
-	if (buf.length != size)
-	    krb5_abortx(context, "internal ASN1 encoder error");
-
-	oid = oid_id_pkauthdata();
-    } else
-	krb5_abortx(context, "internal pkinit error");
-
-    ret = _krb5_pk_create_sign(context,
-			       oid,
-			       &buf,
-			       ctx->id,
-			       ctx->peer,
-			       &sd_buf);
-    krb5_data_free(&buf);
-    if (ret)
-	goto out;
-
-    ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
-    krb5_data_free(&sd_buf);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "ContentInfo wrapping of signedData failed");
-	goto out;
-    }
-
-    if (ctx->type == COMPAT_WIN2K) {
-	PA_PK_AS_REQ_Win2k winreq;
-
-	pa_type = KRB5_PADATA_PK_AS_REQ_WIN;
-
-	memset(&winreq, 0, sizeof(winreq));
-
-	winreq.signed_auth_pack = buf;
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length,
-			   &winreq, &size, ret);
-	free_PA_PK_AS_REQ_Win2k(&winreq);
-
-    } else if (ctx->type == COMPAT_IETF) {
-	PA_PK_AS_REQ req;
-
-	pa_type = KRB5_PADATA_PK_AS_REQ;
-
-	memset(&req, 0, sizeof(req));
-	req.signedAuthPack = buf;	
-
-	if (ctx->trustedCertifiers) {
-
-	    req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers));
-	    if (req.trustedCertifiers == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		free_PA_PK_AS_REQ(&req);
-		goto out;
-	    }
-	    ret = build_edi(context, ctx->id->hx509ctx, 
-			    ctx->id->anchors, req.trustedCertifiers);
-	    if (ret) {
-		krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers");
-		free_PA_PK_AS_REQ(&req);
-		goto out;
-	    }
-	}
-	req.kdcPkId = NULL;
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length,
-			   &req, &size, ret);
-
-	free_PA_PK_AS_REQ(&req);
-
-    } else
-	krb5_abortx(context, "internal pkinit error");
-    if (ret) {
-	krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret);
-	goto out;
-    }
-    if (buf.length != size)
-	krb5_abortx(context, "Internal ASN1 encoder error");
-
-    ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
-    if (ret)
-	free(buf.data);
-
-    if (ret == 0 && ctx->type == COMPAT_WIN2K)
-	krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
-
-out:
-    free_ContentInfo(&content_info);
-
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION 
-_krb5_pk_mk_padata(krb5_context context,
-		   void *c,
-		   const KDC_REQ_BODY *req_body,
-		   unsigned nonce,
-		   METHOD_DATA *md)
-{
-    krb5_pk_init_ctx ctx = c;
-    int win2k_compat;
-
-    win2k_compat = krb5_config_get_bool_default(context, NULL,
-						FALSE,
-						"realms",
-						req_body->realm,
-						"pkinit_win2k",
-						NULL);
-
-    if (win2k_compat) {
-	ctx->require_binding = 
-	    krb5_config_get_bool_default(context, NULL,
-					 FALSE,
-					 "realms",
-					 req_body->realm,
-					 "pkinit_win2k_require_binding",
-					 NULL);
-	ctx->type = COMPAT_WIN2K;
-    } else
-	ctx->type = COMPAT_IETF;
-
-    ctx->require_eku = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_eku",
-				     NULL);
-    ctx->require_krbtgt_otherName = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_krbtgt_otherName",
-				     NULL);
-
-    ctx->require_hostname_match = 
-	krb5_config_get_bool_default(context, NULL,
-				     FALSE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_hostname_match",
-				     NULL);
-
-    ctx->trustedCertifiers = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_trustedCertifiers",
-				     NULL);
-
-    return pk_mk_padata(context, ctx, req_body, nonce, md);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_verify_sign(krb5_context context,
-		     const void *data,
-		     size_t length,
-		     struct krb5_pk_identity *id,
-		     heim_oid *contentType,
-		     krb5_data *content,
-		     struct krb5_pk_cert **signer)
-{
-    hx509_certs signer_certs;
-    int ret;
-
-    *signer = NULL;
-
-    ret = hx509_cms_verify_signed(id->hx509ctx,
-				  id->verify_ctx,
-				  data,
-				  length,
-				  NULL,
-				  id->certpool,
-				  contentType,
-				  content,
-				  &signer_certs);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "CMS verify signed failed");
-	return ret;
-    }
-
-    *signer = calloc(1, sizeof(**signer));
-    if (*signer == NULL) {
-	krb5_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-	
-    ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to get on of the signer certs");
-	goto out;
-    }
-
-out:
-    hx509_certs_free(&signer_certs);
-    if (ret) {
-	if (*signer) {
-	    hx509_cert_free((*signer)->cert);
-	    free(*signer);
-	    *signer = NULL;
-	}
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-get_reply_key_win(krb5_context context,
-		  const krb5_data *content,
-		  unsigned nonce,
-		  krb5_keyblock **key)
-{
-    ReplyKeyPack_Win2k key_pack;
-    krb5_error_code ret;
-    size_t size;
-
-    ret = decode_ReplyKeyPack_Win2k(content->data,
-				    content->length,
-				    &key_pack,
-				    &size);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT decoding reply key failed");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	return ret;
-    }
-     
-    if (key_pack.nonce != nonce) {
-	krb5_set_error_string(context, "PKINIT enckey nonce is wrong");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	return KRB5KRB_AP_ERR_MODIFIED;
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "PKINIT failed allocating reply key");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = copy_EncryptionKey(&key_pack.replyKey, *key);
-    free_ReplyKeyPack_Win2k(&key_pack);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT failed copying reply key");
-	free(*key);
-	*key = NULL;
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-get_reply_key(krb5_context context,
-	      const krb5_data *content,
-	      const krb5_data *req_buffer,
-	      krb5_keyblock **key)
-{
-    ReplyKeyPack key_pack;
-    krb5_error_code ret;
-    size_t size;
-
-    ret = decode_ReplyKeyPack(content->data,
-			      content->length,
-			      &key_pack,
-			      &size);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT decoding reply key failed");
-	free_ReplyKeyPack(&key_pack);
-	return ret;
-    }
-    
-    {
-	krb5_crypto crypto;
-
-	/* 
-	 * XXX Verify kp.replyKey is a allowed enctype in the
-	 * configuration file
-	 */
-
-	ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
-	if (ret) {
-	    free_ReplyKeyPack(&key_pack);
-	    return ret;
-	}
-
-	ret = krb5_verify_checksum(context, crypto, 6,
-				   req_buffer->data, req_buffer->length,
-				   &key_pack.asChecksum);
-	krb5_crypto_destroy(context, crypto);
-	if (ret) {
-	    free_ReplyKeyPack(&key_pack);
-	    return ret;
-	}
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "PKINIT failed allocating reply key");
-	free_ReplyKeyPack(&key_pack);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = copy_EncryptionKey(&key_pack.replyKey, *key);
-    free_ReplyKeyPack(&key_pack);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT failed copying reply key");
-	free(*key);
-	*key = NULL;
-    }
-
-    return ret;
-}
-
-
-static krb5_error_code
-pk_verify_host(krb5_context context,
-	       const char *realm,
-	       const krb5_krbhst_info *hi,
-	       struct krb5_pk_init_ctx_data *ctx,
-	       struct krb5_pk_cert *host)
-{
-    krb5_error_code ret = 0;
-
-    if (ctx->require_eku) {
-	ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
-				   oid_id_pkkdcekuoid(), 0);
-	if (ret) {
-	    krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate");
-	    return ret;
-	}
-    }
-    if (ctx->require_krbtgt_otherName) {
-	hx509_octet_string_list list;
-	int i;
-
-	ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx,
-						       host->cert,
-						       oid_id_pkinit_san(),
-						       &list);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to find the PK-INIT "
-				  "subjectAltName in the KDC certificate");
-
-	    return ret;
-	}
-
-	for (i = 0; i < list.len; i++) {
-	    KRB5PrincipalName r;
-
-	    ret = decode_KRB5PrincipalName(list.val[i].data,
-					   list.val[i].length,
-					   &r,
-					   NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode the PK-INIT "
-				      "subjectAltName in the KDC certificate");
-
-		break;
-	    }
-
-	    if (r.principalName.name_string.len != 2 ||
-		strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
-		strcmp(r.principalName.name_string.val[1], realm) != 0 ||
-		strcmp(r.realm, realm) != 0)
-	    {
-		krb5_set_error_string(context, "KDC have wrong realm name in "
-				      "the certificate");
-		ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
-	    }
-
-	    free_KRB5PrincipalName(&r);
-	    if (ret)
-		break;
-	}
-	hx509_free_octet_string_list(&list);
-    }
-    if (ret)
-	return ret;
-    
-    if (hi) {
-	ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, 
-				    ctx->require_hostname_match,
-				    HX509_HN_HOSTNAME,
-				    hi->hostname,
-				    hi->ai->ai_addr, hi->ai->ai_addrlen);
-
-	if (ret)
-	    krb5_set_error_string(context, "Address mismatch in "
-				  "the KDC certificate");
-    }
-    return ret;
-}
-
-static krb5_error_code
-pk_rd_pa_reply_enckey(krb5_context context,
-		      int type,
-		      const heim_octet_string *indata,
-		      const heim_oid *dataType,
-		      const char *realm,
-		      krb5_pk_init_ctx ctx,
-		      krb5_enctype etype,
-		      const krb5_krbhst_info *hi,
-	       	      unsigned nonce,
-		      const krb5_data *req_buffer,
-	       	      PA_DATA *pa,
-	       	      krb5_keyblock **key) 
-{
-    krb5_error_code ret;
-    struct krb5_pk_cert *host = NULL;
-    krb5_data content;
-    heim_oid contentType = { 0, NULL };
-
-    if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
-	krb5_set_error_string(context, "PKINIT: Invalid content type");
-	return EINVAL;
-    }
-
-    ret = hx509_cms_unenvelope(ctx->id->hx509ctx,
-			       ctx->id->certs,
-			       HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT,
-			       indata->data,
-			       indata->length,
-			       NULL,
-			       &contentType,
-			       &content);
-    if (ret) {
-	_krb5_pk_copy_error(context, ctx->id->hx509ctx, ret,
-			    "Failed to unenvelope CMS data in PK-INIT reply");
-	return ret;
-    }
-    der_free_oid(&contentType);
-
-#if 0 /* windows LH with interesting CMS packets, leaks memory */
-    {
-	size_t ph = 1 + der_length_len (length);
-	unsigned char *ptr = malloc(length + ph);
-	size_t l;
-
-	memcpy(ptr + ph, p, length);
-
-	ret = der_put_length_and_tag (ptr + ph - 1, ph, length,
-				      ASN1_C_UNIV, CONS, UT_Sequence, &l);
-	if (ret)
-	    return ret;
-	ptr += ph - l;
-	length += l;
-	p = ptr;
-    }
-#endif
-
-    /* win2k uses ContentInfo */
-    if (type == COMPAT_WIN2K) {
-	heim_oid type;
-	heim_octet_string out;
-
-	ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
-	if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
-	    ret = EINVAL; /* XXX */
-	    krb5_set_error_string(context, "PKINIT: Invalid content type");
-	    der_free_oid(&type);
-	    der_free_octet_string(&out);
-	    goto out;
-	}
-	der_free_oid(&type);
-	krb5_data_free(&content);
-	ret = krb5_data_copy(&content, out.data, out.length);
-	der_free_octet_string(&out);
-	if (ret) {
-	    krb5_set_error_string(context, "PKINIT: out of memory");
-	    goto out;
-	}
-    }
-
-    ret = _krb5_pk_verify_sign(context, 
-			       content.data,
-			       content.length,
-			       ctx->id,
-			       &contentType,
-			       &content,
-			       &host);
-    if (ret)
-	goto out;
-
-    /* make sure that it is the kdc's certificate */
-    ret = pk_verify_host(context, realm, hi, ctx, host);
-    if (ret) {
-	goto out;
-    }
-
-#if 0
-    if (type == COMPAT_WIN2K) {
-	if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
-	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
-	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto out;
-	}
-    } else {
-	if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
-	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
-	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto out;
-	}
-    }
-#endif
-
-    switch(type) {
-    case COMPAT_WIN2K:
-	ret = get_reply_key(context, &content, req_buffer, key);
-	if (ret != 0 && ctx->require_binding == 0)
-	    ret = get_reply_key_win(context, &content, nonce, key);
-	break;
-    case COMPAT_IETF:
-	ret = get_reply_key(context, &content, req_buffer, key);
-	break;
-    }
-    if (ret)
-	goto out;
-
-    /* XXX compare given etype with key->etype */
-
- out:
-    if (host)
-	_krb5_pk_cert_free(host);
-    der_free_oid(&contentType);
-    krb5_data_free(&content);
-
-    return ret;
-}
-
-static krb5_error_code
-pk_rd_pa_reply_dh(krb5_context context,
-		  const heim_octet_string *indata,
-		  const heim_oid *dataType,
-		  const char *realm,
-		  krb5_pk_init_ctx ctx,
-		  krb5_enctype etype,
-		  const krb5_krbhst_info *hi,
-		  const DHNonce *c_n,
-		  const DHNonce *k_n,
-                  unsigned nonce,
-                  PA_DATA *pa,
-                  krb5_keyblock **key)
-{
-    unsigned char *p, *dh_gen_key = NULL;
-    struct krb5_pk_cert *host = NULL;
-    BIGNUM *kdc_dh_pubkey = NULL;
-    KDCDHKeyInfo kdc_dh_info;
-    heim_oid contentType = { 0, NULL };
-    krb5_data content;
-    krb5_error_code ret;
-    int dh_gen_keylen;
-    size_t size;
-
-    krb5_data_zero(&content);
-    memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
-
-    if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
-	krb5_set_error_string(context, "PKINIT: Invalid content type");
-	return EINVAL;
-    }
-
-    ret = _krb5_pk_verify_sign(context, 
-			       indata->data,
-			       indata->length,
-			       ctx->id,
-			       &contentType,
-			       &content,
-			       &host);
-    if (ret)
-	goto out;
-
-    /* make sure that it is the kdc's certificate */
-    ret = pk_verify_host(context, realm, hi, ctx, host);
-    if (ret)
-	goto out;
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
-	krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	goto out;
-    }
-
-    ret = decode_KDCDHKeyInfo(content.data,
-			      content.length,
-			      &kdc_dh_info,
-			      &size);
-
-    if (ret) {
-	krb5_set_error_string(context, "pkinit - "
-			      "failed to decode KDC DH Key Info");
-	goto out;
-    }
-
-    if (kdc_dh_info.nonce != nonce) {
-	krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    if (kdc_dh_info.dhKeyExpiration) {
-	if (k_n == NULL) {
-	    krb5_set_error_string(context, "pkinit; got key expiration "
-				  "without server nonce");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	if (c_n == NULL) {
-	    krb5_set_error_string(context, "pkinit; got DH reuse but no "
-				  "client nonce");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-    } else {
-	if (k_n) {
-	    krb5_set_error_string(context, "pkinit: got server nonce "
-				  "without key expiration");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	c_n = NULL;
-    }
-
-
-    p = kdc_dh_info.subjectPublicKey.data;
-    size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
-
-    {
-	DHPublicKey k;
-	ret = decode_DHPublicKey(p, size, &k, NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "pkinit: can't decode "
-				  "without key expiration");
-	    goto out;
-	}
-
-	kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
-	free_DHPublicKey(&k);
-	if (kdc_dh_pubkey == NULL) {
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-    }
-    
-    dh_gen_keylen = DH_size(ctx->dh);
-    size = BN_num_bytes(ctx->dh->p);
-    if (size < dh_gen_keylen)
-	size = dh_gen_keylen;
-
-    dh_gen_key = malloc(size);
-    if (dh_gen_key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    memset(dh_gen_key, 0, size - dh_gen_keylen);
-
-    dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
-				   kdc_dh_pubkey, ctx->dh);
-    if (dh_gen_keylen == -1) {
-	krb5_set_error_string(context, 
-			      "PKINIT: Can't compute Diffie-Hellman key");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = _krb5_pk_octetstring2key(context,
-				   etype,
-				   dh_gen_key, dh_gen_keylen,
-				   c_n, k_n,
-				   *key);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "PKINIT: can't create key from DH key");
-	free(*key);
-	*key = NULL;
-	goto out;
-    }
-
- out:
-    if (kdc_dh_pubkey)
-	BN_free(kdc_dh_pubkey);
-    if (dh_gen_key) {
-	memset(dh_gen_key, 0, DH_size(ctx->dh));
-	free(dh_gen_key);
-    }
-    if (host)
-	_krb5_pk_cert_free(host);
-    if (content.data)
-	krb5_data_free(&content);
-    der_free_oid(&contentType);
-    free_KDCDHKeyInfo(&kdc_dh_info);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_rd_pa_reply(krb5_context context,
-		     const char *realm,
-		     void *c,
-		     krb5_enctype etype,
-		     const krb5_krbhst_info *hi,
-		     unsigned nonce,
-		     const krb5_data *req_buffer,
-		     PA_DATA *pa,
-		     krb5_keyblock **key)
-{
-    krb5_pk_init_ctx ctx = c;
-    krb5_error_code ret;
-    size_t size;
-
-    /* Check for IETF PK-INIT first */
-    if (ctx->type == COMPAT_IETF) {
-	PA_PK_AS_REP rep;
-	heim_octet_string os, data;
-	heim_oid oid;
-	
-	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
-	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
-	    return EINVAL;
-	}
-
-	ret = decode_PA_PK_AS_REP(pa->padata_value.data,
-				  pa->padata_value.length,
-				  &rep,
-				  &size);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode pkinit AS rep");
-	    return ret;
-	}
-
-	switch (rep.element) {
-	case choice_PA_PK_AS_REP_dhInfo:
-	    os = rep.u.dhInfo.dhSignedData;
-	    break;
-	case choice_PA_PK_AS_REP_encKeyPack:
-	    os = rep.u.encKeyPack;
-	    break;
-	default:
-	    free_PA_PK_AS_REP(&rep);
-	    krb5_set_error_string(context, "PKINIT: -27 reply "
-				  "invalid content type");
-	    return EINVAL;
-	}
-
-	ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
-	if (ret) {
-	    free_PA_PK_AS_REP(&rep);
-	    krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
-	    return ret;
-	}
-
-	switch (rep.element) {
-	case choice_PA_PK_AS_REP_dhInfo:
-	    ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
-				    ctx->clientDHNonce,
-				    rep.u.dhInfo.serverDHNonce,
-				    nonce, pa, key);
-	    break;
-	case choice_PA_PK_AS_REP_encKeyPack:
-	    ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm, 
-					ctx, etype, hi, nonce, req_buffer, pa, key);
-	    break;
-	default:
-	    krb5_abortx(context, "pk-init as-rep case not possible to happen");
-	}
-	der_free_octet_string(&data);
-	der_free_oid(&oid);
-	free_PA_PK_AS_REP(&rep);
-
-    } else if (ctx->type == COMPAT_WIN2K) {
-	PA_PK_AS_REP_Win2k w2krep;
-
-	/* Check for Windows encoding of the AS-REP pa data */ 
-
-#if 0 /* should this be ? */
-	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
-	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
-	    return EINVAL;
-	}
-#endif
-
-	memset(&w2krep, 0, sizeof(w2krep));
-	
-	ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
-					pa->padata_value.length,
-					&w2krep,
-					&size);
-	if (ret) {
-	    krb5_set_error_string(context, "PKINIT: Failed decoding windows "
-				  "pkinit reply %d", ret);
-	    return ret;
-	}
-
-	krb5_clear_error_string(context);
-	
-	switch (w2krep.element) {
-	case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
-	    heim_octet_string data;
-	    heim_oid oid;
-	    
-	    ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, 
-					       &oid, &data, NULL);
-	    free_PA_PK_AS_REP_Win2k(&w2krep);
-	    if (ret) {
-		krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
-		return ret;
-	    }
-
-	    ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm,
-					ctx, etype, hi, nonce, req_buffer, pa, key);
-	    der_free_octet_string(&data);
-	    der_free_oid(&oid);
-
-	    break;
-	}
-	default:
-	    free_PA_PK_AS_REP_Win2k(&w2krep);
-	    krb5_set_error_string(context, "PKINIT: win2k reply invalid "
-				  "content type");
-	    ret = EINVAL;
-	    break;
-	}
-    
-    } else {
-	krb5_set_error_string(context, "PKINIT: unknown reply type");
-	ret = EINVAL;
-    }
-
-    return ret;
-}
-
-struct prompter {
-    krb5_context context;
-    krb5_prompter_fct prompter;
-    void *prompter_data;
-};
-
-static int 
-hx_pass_prompter(void *data, const hx509_prompt *prompter)
-{
-    krb5_error_code ret;
-    krb5_prompt prompt;
-    krb5_data password_data;
-    struct prompter *p = data;
-   
-    password_data.data   = prompter->reply.data;
-    password_data.length = prompter->reply.length;
-
-    prompt.prompt = prompter->prompt;
-    prompt.hidden = hx509_prompt_hidden(prompter->type);
-    prompt.reply  = &password_data;
-
-    switch (prompter->type) {
-    case HX509_PROMPT_TYPE_INFO:
-	prompt.type   = KRB5_PROMPT_TYPE_INFO;
-	break;
-    case HX509_PROMPT_TYPE_PASSWORD:
-    case HX509_PROMPT_TYPE_QUESTION:
-    default:
-	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
-	break;
-    }	
-   
-    ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
-    if (ret) {
-	memset (prompter->reply.data, 0, prompter->reply.length);
-	return 1;
-    }
-    return 0;
-}
-
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id,
-				 int boolean)
-{
-    hx509_verify_set_proxy_certificate(id->verify_ctx, boolean);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_id(krb5_context context,
-		 struct krb5_pk_identity **ret_id,
-		 const char *user_id,
-		 const char *anchor_id,
-		 char * const *chain_list,
-		 char * const *revoke_list,
-		 krb5_prompter_fct prompter,
-		 void *prompter_data,
-		 char *password)
-{
-    struct krb5_pk_identity *id = NULL;
-    hx509_lock lock = NULL;
-    struct prompter p;
-    int ret;
-
-    *ret_id = NULL;
-
-    if (anchor_id == NULL) {
-	krb5_set_error_string(context, "PKINIT: No anchor given");
-	return HEIM_PKINIT_NO_VALID_CA;
-    }
-
-    if (user_id == NULL) {
-	krb5_set_error_string(context,
-			      "PKINIT: No user certificate given");
-	return HEIM_PKINIT_NO_PRIVATE_KEY;
-    }
-
-    /* load cert */
-
-    id = calloc(1, sizeof(*id));
-    if (id == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }	
-
-    ret = hx509_context_init(&id->hx509ctx);
-    if (ret)
-	goto out;
-
-    ret = hx509_lock_init(id->hx509ctx, &lock);
-    if (password && password[0])
-	hx509_lock_add_password(lock, password);
-
-    if (prompter) {
-	p.context = context;
-	p.prompter = prompter;
-	p.prompter_data = prompter_data;
-
-	ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
-	if (ret)
-	    goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init cert certs");
-	goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init anchors");
-	goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", 
-			   0, NULL, &id->certpool);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init chain");
-	goto out;
-    }
-
-    while (chain_list && *chain_list) {
-	ret = hx509_certs_append(id->hx509ctx, id->certpool,
-				 NULL, *chain_list);
-	if (ret) {
-	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
-				"Failed to laod chain %s",
-				*chain_list);
-	    goto out;
-	}
-	chain_list++;
-    }
-
-    if (revoke_list) {
-	ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
-	if (ret) {
-	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
-				"Failed init revoke list");
-	    goto out;
-	}
-
-	while (*revoke_list) {
-	    ret = hx509_revoke_add_crl(id->hx509ctx, 
-				       id->revokectx,
-				       *revoke_list);
-	    if (ret) {
-		_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-				    "Failed load revoke list");
-		goto out;
-	    }
-	    revoke_list++;
-	}
-    } else
-	hx509_context_set_missing_revoke(id->hx509ctx, 1);
-
-    ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Failed init verify context");
-	goto out;
-    }
-
-    hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
-    hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
-
-out:
-    if (ret) {
-	hx509_verify_destroy_ctx(id->verify_ctx);
-	hx509_certs_free(&id->certs);
-	hx509_certs_free(&id->anchors);
-	hx509_certs_free(&id->certpool);
-	hx509_revoke_free(&id->revokectx);
-	hx509_context_free(&id->hx509ctx);
-	free(id);
-    } else
-	*ret_id = id;
-
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-static krb5_error_code
-select_dh_group(krb5_context context, DH *dh, unsigned long bits, 
-		struct krb5_dh_moduli **moduli)
-{
-    const struct krb5_dh_moduli *m;
-
-    if (bits == 0) {
-	m = moduli[1]; /* XXX */
-	if (m == NULL)
-	    m = moduli[0]; /* XXX */
-    } else {
-	int i;
-	for (i = 0; moduli[i] != NULL; i++) {
-	    if (bits < moduli[i]->bits)
-		break;
-	}
-	if (moduli[i] == NULL) {
-	    krb5_set_error_string(context, 
-				  "Did not find a DH group parameter "
-				  "matching requirement of %lu bits",
-				  bits);
-	    return EINVAL;
-	}
-	m = moduli[i];
-    }
-
-    dh->p = integer_to_BN(context, "p", &m->p);
-    if (dh->p == NULL)
-	return ENOMEM;
-    dh->g = integer_to_BN(context, "g", &m->g);
-    if (dh->g == NULL)
-	return ENOMEM;
-    dh->q = integer_to_BN(context, "q", &m->q);
-    if (dh->q == NULL)
-	return ENOMEM;
-
-    return 0;
-}
-
-#endif /* PKINIT */
-
-static int
-parse_integer(krb5_context context, char **p, const char *file, int lineno, 
-	      const char *name, heim_integer *integer)
-{
-    int ret;
-    char *p1;
-    p1 = strsep(p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing %s on line %d",
-			      file, name, lineno);
-	return EINVAL;
-    }
-    ret = der_parse_hex_heim_integer(p1, integer);
-    if (ret) {
-	krb5_set_error_string(context, "moduli file %s failed parsing %s "
-			      "on line %d",
-			      file, name, lineno);
-	return ret;
-    }
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_parse_moduli_line(krb5_context context, 
-			const char *file,
-			int lineno,
-			char *p,
-			struct krb5_dh_moduli **m)
-{
-    struct krb5_dh_moduli *m1;
-    char *p1;
-    int ret;
-
-    *m = NULL;
-
-    m1 = calloc(1, sizeof(*m1));
-    if (m1 == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    while (isspace((unsigned char)*p))
-	p++;
-    if (*p  == '#')
-	return 0;
-    ret = EINVAL;
-
-    p1 = strsep(&p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing name "
-			      "on line %d", file, lineno);
-	goto out;
-    }
-    m1->name = strdup(p1);
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "malloc - out of memeory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    p1 = strsep(&p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing bits on line %d",
-			      file, lineno);
-	goto out;
-    }
-
-    m1->bits = atoi(p1);
-    if (m1->bits == 0) {
-	krb5_set_error_string(context, "moduli file %s have un-parsable "
-			      "bits on line %d", file, lineno);
-	goto out;
-    }
-	
-    ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
-    if (ret)
-	goto out;
-    ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
-    if (ret)
-	goto out;
-    ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
-    if (ret)
-	goto out;
-
-    *m = m1;
-
-    return 0;
-out:
-    free(m1->name);
-    der_free_heim_integer(&m1->p);
-    der_free_heim_integer(&m1->g);
-    der_free_heim_integer(&m1->q);
-    free(m1);
-    return ret;
-}
-
-void
-_krb5_free_moduli(struct krb5_dh_moduli **moduli)
-{
-    int i;
-    for (i = 0; moduli[i] != NULL; i++) {
-	free(moduli[i]->name);
-	der_free_heim_integer(&moduli[i]->p);
-	der_free_heim_integer(&moduli[i]->g);
-	der_free_heim_integer(&moduli[i]->q);
-	free(moduli[i]);
-    }
-    free(moduli);
-}
-
-static const char *default_moduli_RFC2412_MODP_group2 =
-    /* name */
-    "RFC2412-MODP-group2 "
-    /* bits */
-    "1024 "
-    /* p */
-    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-    "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-    "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
-    "FFFFFFFF" "FFFFFFFF "
-    /* g */
-    "02 "
-    /* q */
-    "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
-    "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
-    "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
-    "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
-    "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
-    "FFFFFFFF" "FFFFFFFF";
-
-static const char *default_moduli_rfc3526_MODP_group14 =
-    /* name */
-    "rfc3526-MODP-group14 "
-    /* bits */
-    "1760 "
-    /* p */
-    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-    "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-    "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
-    "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
-    "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
-    "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
-    "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
-    "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
-    "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
-    /* g */
-    "02 "
-    /* q */
-    "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
-    "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
-    "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
-    "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
-    "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
-    "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
-    "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
-    "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
-    "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
-    "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
-    "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
-
-krb5_error_code
-_krb5_parse_moduli(krb5_context context, const char *file,
-		   struct krb5_dh_moduli ***moduli)
-{
-    /* name bits P G Q */
-    krb5_error_code ret;
-    struct krb5_dh_moduli **m = NULL, **m2;
-    char buf[4096];
-    FILE *f;
-    int lineno = 0, n = 0;
-
-    *moduli = NULL;
-
-    m = calloc(1, sizeof(m[0]) * 3);
-    if (m == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
-    ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[0]);
-    if (ret) {
-	_krb5_free_moduli(m);
-	return ret;
-    }
-    n++;
-
-    strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
-    ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[1]);
-    if (ret) {
-	_krb5_free_moduli(m);
-	return ret;
-    }
-    n++;
-
-
-    if (file == NULL)
-	file = MODULI_FILE;
-
-    f = fopen(file, "r");
-    if (f == NULL) {
-	*moduli = m;
-	return 0;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	struct krb5_dh_moduli *element;
-
-	buf[strcspn(buf, "\n")] = '\0';
-	lineno++;
-
-	m2 = realloc(m, (n + 2) * sizeof(m[0]));
-	if (m2 == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    _krb5_free_moduli(m);
-	    return ENOMEM;
-	}
-	m = m2;
-	
-	m[n] = NULL;
-
-	ret = _krb5_parse_moduli_line(context, file, lineno, buf,  &element);
-	if (ret) {
-	    _krb5_free_moduli(m);
-	    return ret;
-	}
-	if (element == NULL)
-	    continue;
-
-	m[n] = element;
-	m[n + 1] = NULL;
-	n++;
-    }
-    *moduli = m;
-    return 0;
-}
-
-krb5_error_code
-_krb5_dh_group_ok(krb5_context context, unsigned long bits,
-		  heim_integer *p, heim_integer *g, heim_integer *q,
-		  struct krb5_dh_moduli **moduli,
-		  char **name)
-{
-    int i;
-
-    if (name)
-	*name = NULL;
-
-    for (i = 0; moduli[i] != NULL; i++) {
-	if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
-	    der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
-	    (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
-	{
-	    if (bits && bits > moduli[i]->bits) {
-		krb5_set_error_string(context, "PKINIT: DH group parameter %s "
-				      "no accepted, not enough bits generated",
-				      moduli[i]->name);
-		return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
-	    }
-	    if (name)
-		*name = strdup(moduli[i]->name);
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "PKINIT: DH group parameter no ok");
-    return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
-{
-#ifdef PKINIT
-    krb5_pk_init_ctx ctx;
-
-    if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
-	return;
-    ctx = opt->opt_private->pk_init_ctx;
-    if (ctx->dh)
-	DH_free(ctx->dh);
-	ctx->dh = NULL;
-    if (ctx->id) {
-	hx509_verify_destroy_ctx(ctx->id->verify_ctx);
-	hx509_certs_free(&ctx->id->certs);
-	hx509_certs_free(&ctx->id->anchors);
-	hx509_certs_free(&ctx->id->certpool);
-	hx509_context_free(&ctx->id->hx509ctx);
-
-	if (ctx->clientDHNonce) {
-	    krb5_free_data(NULL, ctx->clientDHNonce);
-	    ctx->clientDHNonce = NULL;
-	}
-	if (ctx->m)
-	    _krb5_free_moduli(ctx->m);
-	free(ctx->id);
-	ctx->id = NULL;
-    }
-    free(opt->opt_private->pk_init_ctx);
-    opt->opt_private->pk_init_ctx = NULL;
-#endif
-}
-    
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pkinit(krb5_context context,
-				   krb5_get_init_creds_opt *opt,
-				   krb5_principal principal,
-				   const char *user_id,
-				   const char *x509_anchors,
-				   char * const * pool,
-				   char * const * pki_revoke,
-				   int flags,
-				   krb5_prompter_fct prompter,
-				   void *prompter_data,
-				   char *password)
-{
-#ifdef PKINIT
-    krb5_error_code ret;
-    char *anchors = NULL;
-
-    if (opt->opt_private == NULL) {
-	krb5_set_error_string(context, "PKINIT: on non extendable opt");
-	return EINVAL;
-    }
-
-    opt->opt_private->pk_init_ctx = 
-	calloc(1, sizeof(*opt->opt_private->pk_init_ctx));
-    if (opt->opt_private->pk_init_ctx == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    opt->opt_private->pk_init_ctx->dh = NULL;
-    opt->opt_private->pk_init_ctx->id = NULL;
-    opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
-    opt->opt_private->pk_init_ctx->require_binding = 0;
-    opt->opt_private->pk_init_ctx->require_eku = 1;
-    opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
-    opt->opt_private->pk_init_ctx->peer = NULL;
-
-    /* XXX implement krb5_appdefault_strings  */
-    if (pool == NULL)
-	pool = krb5_config_get_strings(context, NULL,
-				       "appdefaults", 
-				       "pkinit_pool", 
-				       NULL);
-
-    if (pki_revoke == NULL)
-	pki_revoke = krb5_config_get_strings(context, NULL,
-					     "appdefaults", 
-					     "pkinit_revoke", 
-					     NULL);
-
-    if (x509_anchors == NULL) {
-	krb5_appdefault_string(context, "kinit",
-			       krb5_principal_get_realm(context, principal), 
-			       "pkinit_anchors", NULL, &anchors);
-	x509_anchors = anchors;
-    }
-
-    ret = _krb5_pk_load_id(context,
-			   &opt->opt_private->pk_init_ctx->id,
-			   user_id,
-			   x509_anchors,
-			   pool,
-			   pki_revoke,
-			   prompter,
-			   prompter_data,
-			   password);
-    if (ret) {
-	free(opt->opt_private->pk_init_ctx);
-	opt->opt_private->pk_init_ctx = NULL;
-	return ret;
-    }
-
-    if ((flags & 2) == 0) {
-	const char *moduli_file;
-	unsigned long dh_min_bits;
-
-	moduli_file = krb5_config_get_string(context, NULL,
-					     "libdefaults",
-					     "moduli",
-					     NULL);
-
-	dh_min_bits =
-	    krb5_config_get_int_default(context, NULL, 0,
-					"libdefaults",
-					"pkinit_dh_min_bits",
-					NULL);
-
-	ret = _krb5_parse_moduli(context, moduli_file, 
-				 &opt->opt_private->pk_init_ctx->m);
-	if (ret) {
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ret;
-	}
-	
-	opt->opt_private->pk_init_ctx->dh = DH_new();
-	if (opt->opt_private->pk_init_ctx->dh == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ENOMEM;
-	}
-
-	ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh,
-			      dh_min_bits, 
-			      opt->opt_private->pk_init_ctx->m);
-	if (ret) {
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ret;
-	}
-
-	if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
-	    krb5_set_error_string(context, "pkinit: failed to generate DH key");
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ENOMEM;
-	}
-    }
-
-    return 0;
-#else
-    krb5_set_error_string(context, "no support for PKINIT compiled in");
-    return EINVAL;
-#endif
-}
-
-/*
- *
- */
-
-static void
-_krb5_pk_copy_error(krb5_context context,
-		    hx509_context hx509ctx,
-		    int hxret,
-		    const char *fmt,
-		    ...)
-{
-    va_list va;
-    char *s, *f;
-
-    va_start(va, fmt);
-    vasprintf(&f, fmt, va);
-    va_end(va);
-    if (f == NULL) {
-	krb5_clear_error_string(context);
-	return;
-    }
-
-    s = hx509_get_error_string(hx509ctx, hxret);
-    if (s == NULL) {
-	krb5_clear_error_string(context);
-	free(f);
-	return;
-    }
-    krb5_set_error_string(context, "%s: %s", f, s);
-    free(s);
-    free(f);
-}
diff --git a/crypto/heimdal/lib/krb5/plugin.c b/crypto/heimdal/lib/krb5/plugin.c
deleted file mode 100644
index bae2849..0000000
--- a/crypto/heimdal/lib/krb5/plugin.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $");
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-#include <dirent.h>
-
-struct krb5_plugin {
-    void *symbol;
-    void *dsohandle;
-    struct krb5_plugin *next;
-};
-
-struct plugin {
-    enum krb5_plugin_type type;
-    void *name;
-    void *symbol;
-    struct plugin *next;
-};
-
-static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct plugin *registered = NULL;
-
-static const char *plugin_dir = LIBDIR "/plugin/krb5";
-
-/*
- *
- */
-
-void *
-_krb5_plugin_get_symbol(struct krb5_plugin *p)
-{
-    return p->symbol;
-}
-
-struct krb5_plugin *
-_krb5_plugin_get_next(struct krb5_plugin *p)
-{
-    return p->next;
-}
-
-/*
- *
- */
-
-#ifdef HAVE_DLOPEN
-
-static krb5_error_code
-loadlib(krb5_context context,
-	enum krb5_plugin_type type,
-	const char *name,
-	const char *lib,
-	struct krb5_plugin **e)
-{
-    *e = calloc(1, sizeof(**e));
-    if (*e == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-#ifndef RTLD_LAZY
-#define RTLD_LAZY 0
-#endif
-
-    (*e)->dsohandle = dlopen(lib, RTLD_LAZY);
-    if ((*e)->dsohandle == NULL) {
-	free(*e);
-	*e = NULL;
-	krb5_set_error_string(context, "Failed to load %s: %s", 
-			      lib, dlerror());
-	return ENOMEM;
-    }
-
-    /* dlsym doesn't care about the type */
-    (*e)->symbol = dlsym((*e)->dsohandle, name);
-    if ((*e)->symbol == NULL) {
-	dlclose((*e)->dsohandle);
-	free(*e);
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-#endif /* HAVE_DLOPEN */
-
-/**
- * Register a plugin symbol name of specific type.
- * @param context a Keberos context
- * @param type type of plugin symbol
- * @param name name of plugin symbol
- * @param symbol a pointer to the named symbol
- * @return In case of error a non zero error com_err error is returned
- * and the Kerberos error string is set.
- *
- * @ingroup krb5_support
- */
-
-krb5_error_code
-krb5_plugin_register(krb5_context context,
-		     enum krb5_plugin_type type,
-		     const char *name, 
-		     void *symbol)
-{
-    struct plugin *e;
-
-    e = calloc(1, sizeof(*e));
-    if (e == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    e->type = type;
-    e->name = strdup(name);
-    if (e->name == NULL) {
-	free(e);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    e->symbol = symbol;
-
-    HEIMDAL_MUTEX_lock(&plugin_mutex);
-    e->next = registered;
-    registered = e;
-    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_plugin_find(krb5_context context,
-		  enum krb5_plugin_type type,
-		  const char *name, 
-		  struct krb5_plugin **list)
-{
-    struct krb5_plugin *e;
-    struct plugin *p;
-    krb5_error_code ret;
-    char *sysdirs[2] = { NULL, NULL };
-    char **dirs = NULL, **di;
-    struct dirent *entry;
-    char *path;
-    DIR *d = NULL;
-
-    *list = NULL;
-
-    HEIMDAL_MUTEX_lock(&plugin_mutex);
-
-    for (p = registered; p != NULL; p = p->next) {
-	if (p->type != type || strcmp(p->name, name) != 0)
-	    continue;
-
-	e = calloc(1, sizeof(*e));
-	if (e == NULL) {
-	    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	e->symbol = p->symbol;
-	e->dsohandle = NULL;
-	e->next = *list;
-	*list = e;
-    }
-    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
-#ifdef HAVE_DLOPEN
-
-    dirs = krb5_config_get_strings(context, NULL, "libdefaults", 
-				   "plugin_dir", NULL);
-    if (dirs == NULL) {
-	sysdirs[0] = rk_UNCONST(plugin_dir);
-	dirs = sysdirs;
-    }
-
-    for (di = dirs; *di != NULL; di++) {
-
-	d = opendir(*di);
-	if (d == NULL)
-	    continue;
-
-	while ((entry = readdir(d)) != NULL) {
-	    asprintf(&path, "%s/%s", *di, entry->d_name);
-	    if (path == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret = loadlib(context, type, name, path, &e);
-	    free(path);
-	    if (ret)
-		continue;
-	    
-	    e->next = *list;
-	    *list = e;
-	}
-	closedir(d);
-    }
-    if (dirs != sysdirs)
-	krb5_config_free_strings(dirs);
-#endif /* HAVE_DLOPEN */
-
-    if (*list == NULL) {
-	krb5_set_error_string(context, "Did not find a plugin for %s", name);
-	return ENOENT;
-    }
-
-    return 0;
-
-out:
-    if (dirs && dirs != sysdirs)
-	krb5_config_free_strings(dirs);
-    if (d)
-	closedir(d);
-    _krb5_plugin_free(*list);
-    *list = NULL;
-
-    return ret;
-}
-
-void
-_krb5_plugin_free(struct krb5_plugin *list)
-{
-    struct krb5_plugin *next;
-    while (list) {
-	next = list->next;
-	if (list->dsohandle)
-	    dlclose(list->dsohandle);
-	free(list);
-	list = next;
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c
deleted file mode 100644
index 8d9c880..0000000
--- a/crypto/heimdal/lib/krb5/principal.c
+++ /dev/null
@@ -1,1254 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#ifdef HAVE_RES_SEARCH
-#define USE_RESOLVER
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#include <fnmatch.h>
-#include "resolve.h"
-
-RCSID("$Id: principal.c 21741 2007-07-31 16:00:37Z lha $");
-
-#define princ_num_comp(P) ((P)->name.name_string.len)
-#define princ_type(P) ((P)->name.name_type)
-#define princ_comp(P) ((P)->name.name_string.val)
-#define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
-#define princ_realm(P) ((P)->realm)
-
-void KRB5_LIB_FUNCTION
-krb5_free_principal(krb5_context context,
-		    krb5_principal p)
-{
-    if(p){
-	free_Principal(p);
-	free(p);
-    }
-}
-
-void KRB5_LIB_FUNCTION
-krb5_principal_set_type(krb5_context context,
-			krb5_principal principal,
-			int type)
-{
-    princ_type(principal) = type;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_principal_get_type(krb5_context context,
-			krb5_const_principal principal)
-{
-    return princ_type(principal);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_realm(krb5_context context,
-			 krb5_const_principal principal)
-{
-    return princ_realm(principal);
-}			 
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_comp_string(krb5_context context,
-			       krb5_const_principal principal,
-			       unsigned int component)
-{
-    if(component >= princ_num_comp(principal))
-       return NULL;
-    return princ_ncomp(principal, component);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name_flags(krb5_context context,
-		      const char *name,
-		      int flags,
-		      krb5_principal *principal)
-{
-    krb5_error_code ret;
-    heim_general_string *comp;
-    heim_general_string realm = NULL;
-    int ncomp;
-
-    const char *p;
-    char *q;
-    char *s;
-    char *start;
-
-    int n;
-    char c;
-    int got_realm = 0;
-    int first_at = 1;
-    int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
-  
-    *principal = NULL;
-
-#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
-
-    if ((flags & RFLAGS) == RFLAGS) {
-	krb5_set_error_string(context, "Can't require both realm and "
-			      "no realm at the same time");
-	return KRB5_ERR_NO_SERVICE;
-    }
-#undef RFLAGS
-
-    /* count number of component,
-     * enterprise names only have one component
-     */
-    ncomp = 1;
-    if (!enterprise) {
-	for(p = name; *p; p++){
-	    if(*p=='\\'){
-		if(!p[1]) {
-		    krb5_set_error_string (context,
-					   "trailing \\ in principal name");
-		    return KRB5_PARSE_MALFORMED;
-		}
-		p++;
-	    } else if(*p == '/')
-		ncomp++;
-	    else if(*p == '@')
-		break;
-	}
-    }
-    comp = calloc(ncomp, sizeof(*comp));
-    if (comp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    n = 0;
-    p = start = q = s = strdup(name);
-    if (start == NULL) {
-	free (comp);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    while(*p){
-	c = *p++;
-	if(c == '\\'){
-	    c = *p++;
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    else if(c == 'b')
-		c = '\b';
-	    else if(c == '0')
-		c = '\0';
-	    else if(c == '\0') {
-		krb5_set_error_string (context,
-				       "trailing \\ in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }
-	}else if(enterprise && first_at) {
-	    if (c == '@')
-		first_at = 0;
-	}else if((c == '/' && !enterprise) || c == '@'){
-	    if(got_realm){
-		krb5_set_error_string (context,
-				       "part after realm in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }else{
-		comp[n] = malloc(q - start + 1);
-		if (comp[n] == NULL) {
-		    krb5_set_error_string (context, "malloc: out of memory");
-		    ret = ENOMEM;
-		    goto exit;
-		}
-		memcpy(comp[n], start, q - start);
-		comp[n][q - start] = 0;
-		n++;
-	    }
-	    if(c == '@')
-		got_realm = 1;
-	    start = q;
-	    continue;
-	}
-	if(got_realm && (c == ':' || c == '/' || c == '\0')) {
-	    krb5_set_error_string (context,
-				   "part after realm in principal name");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	}
-	*q++ = c;
-    }
-    if(got_realm){
-	if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
-	    krb5_set_error_string (context, "realm found in 'short' principal "
-				   "expected to be without one");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	}
-	realm = malloc(q - start + 1);
-	if (realm == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(realm, start, q - start);
-	realm[q - start] = 0;
-    }else{
-	if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
-	    krb5_set_error_string (context, "realm NOT found in principal "
-				   "expected to be with one");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	} else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
-	    realm = NULL;
-	} else {
-	    ret = krb5_get_default_realm (context, &realm);
-	    if (ret)
-		goto exit;
-	}
-
-	comp[n] = malloc(q - start + 1);
-	if (comp[n] == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(comp[n], start, q - start);
-	comp[n][q - start] = 0;
-	n++;
-    }
-    *principal = malloc(sizeof(**principal));
-    if (*principal == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto exit;
-    }
-    if (enterprise)
-	(*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
-    else
-	(*principal)->name.name_type = KRB5_NT_PRINCIPAL;
-    (*principal)->name.name_string.val = comp;
-    princ_num_comp(*principal) = n;
-    (*principal)->realm = realm;
-    free(s);
-    return 0;
-exit:
-    while(n>0){
-	free(comp[--n]);
-    }
-    free(comp);
-    free(realm);
-    free(s);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name(krb5_context context,
-		const char *name,
-		krb5_principal *principal)
-{
-    return krb5_parse_name_flags(context, name, 0, principal);
-}
-
-static const char quotable_chars[] = " \n\t\b\\/@";
-static const char replace_chars[] = " ntb\\/@";
-static const char nq_chars[] = "    \\/@";
-
-#define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
-
-static size_t
-quote_string(const char *s, char *out, size_t idx, size_t len, int display)
-{
-    const char *p, *q;
-    for(p = s; *p && idx < len; p++){
-	q = strchr(quotable_chars, *p);
-	if (q && display) {
-	    add_char(out, idx, len, replace_chars[q - quotable_chars]);
-	} else if (q) {
-	    add_char(out, idx, len, '\\');
-	    add_char(out, idx, len, replace_chars[q - quotable_chars]);
-	}else
-	    add_char(out, idx, len, *p);
-    }
-    if(idx < len)
-	out[idx] = '\0';
-    return idx;
-}
-
-
-static krb5_error_code
-unparse_name_fixed(krb5_context context,
-		   krb5_const_principal principal,
-		   char *name,
-		   size_t len,
-		   int flags)
-{
-    size_t idx = 0;
-    int i;
-    int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
-    int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
-    int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
-
-    if (!no_realm && princ_realm(principal) == NULL) {
-	krb5_set_error_string(context, "Realm missing from principal, "
-			      "can't unparse");
-	return ERANGE;
-    }
-
-    for(i = 0; i < princ_num_comp(principal); i++){
-	if(i)
-	    add_char(name, idx, len, '/');
-	idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
-	if(idx == len) {
-	    krb5_set_error_string(context, "Out of space printing principal");
-	    return ERANGE;
-	}
-    } 
-    /* add realm if different from default realm */
-    if(short_form && !no_realm) {
-	krb5_realm r;
-	krb5_error_code ret;
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	if(strcmp(princ_realm(principal), r) != 0)
-	    short_form = 0;
-	free(r);
-    }
-    if(!short_form && !no_realm) {
-	add_char(name, idx, len, '@');
-	idx = quote_string(princ_realm(principal), name, idx, len, display);
-	if(idx == len) {
-	    krb5_set_error_string(context, 
-				  "Out of space printing realm of principal");
-	    return ERANGE;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed(krb5_context context,
-			krb5_const_principal principal,
-			char *name,
-			size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_short(krb5_context context,
-			      krb5_const_principal principal,
-			      char *name,
-			      size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, 
-			      KRB5_PRINCIPAL_UNPARSE_SHORT);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_flags(krb5_context context,
-			      krb5_const_principal principal,
-			      int flags,
-			      char *name,
-			      size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, flags);
-}
-
-static krb5_error_code
-unparse_name(krb5_context context,
-	     krb5_const_principal principal,
-	     char **name,
-	     int flags)
-{
-    size_t len = 0, plen;
-    int i;
-    krb5_error_code ret;
-    /* count length */
-    if (princ_realm(principal)) {
-	plen = strlen(princ_realm(principal));
-
-	if(strcspn(princ_realm(principal), quotable_chars) == plen)
-	    len += plen;
-	else
-	    len += 2*plen;
-	len++; /* '@' */
-    }
-    for(i = 0; i < princ_num_comp(principal); i++){
-	plen = strlen(princ_ncomp(principal, i));
-	if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
-	    len += plen;
-	else
-	    len += 2*plen;
-	len++;
-    }
-    len++; /* '\0' */
-    *name = malloc(len);
-    if(*name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = unparse_name_fixed(context, principal, *name, len, flags);
-    if(ret) {
-	free(*name);
-	*name = NULL;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name(krb5_context context,
-		  krb5_const_principal principal,
-		  char **name)
-{
-    return unparse_name(context, principal, name, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_flags(krb5_context context,
-			krb5_const_principal principal,
-			int flags,
-			char **name)
-{
-    return unparse_name(context, principal, name, flags);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_short(krb5_context context,
-			krb5_const_principal principal,
-			char **name)
-{
-    return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_ext(krb5_context context,
-		      krb5_const_principal principal,
-		      char **name,
-		      size_t *size)
-{
-    krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
-}
-
-#endif
-
-krb5_realm * KRB5_LIB_FUNCTION
-krb5_princ_realm(krb5_context context,
-		 krb5_principal principal)
-{
-    return &princ_realm(principal);
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_princ_set_realm(krb5_context context,
-		     krb5_principal principal,
-		     krb5_realm *realm)
-{
-    princ_realm(principal) = *realm;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal(krb5_context context,
-		     krb5_principal *principal,
-		     int rlen,
-		     krb5_const_realm realm,
-		     ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-static krb5_error_code
-append_component(krb5_context context, krb5_principal p, 
-		 const char *comp,
-		 size_t comp_len)
-{
-    heim_general_string *tmp;
-    size_t len = princ_num_comp(p);
-
-    tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_comp(p) = tmp;
-    princ_ncomp(p, len) = malloc(comp_len + 1);
-    if (princ_ncomp(p, len) == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy (princ_ncomp(p, len), comp, comp_len);
-    princ_ncomp(p, len)[comp_len] = '\0';
-    princ_num_comp(p)++;
-    return 0;
-}
-
-static void
-va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	int len;
-	len = va_arg(ap, int);
-	if(len == 0)
-	    break;
-	s = va_arg(ap, const char*);
-	append_component(context, p, s, len);
-    }
-}
-
-static void
-va_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	s = va_arg(ap, const char*);
-	if(s == NULL)
-	    break;
-	append_component(context, p, s, strlen(s));
-    }
-}
-
-
-static krb5_error_code
-build_principal(krb5_context context,
-		krb5_principal *principal,
-		int rlen,
-		krb5_const_realm realm,
-		void (*func)(krb5_context, krb5_principal, va_list),
-		va_list ap)
-{
-    krb5_principal p;
-  
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_type(p) = KRB5_NT_PRINCIPAL;
-
-    princ_realm(p) = strdup(realm);
-    if(p->realm == NULL){
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    (*func)(context, p, ap);
-    *principal = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_principal(krb5_context context,
-		    krb5_principal *principal,
-		    krb5_const_realm realm,
-		    ...)
-{
-    krb5_error_code ret;
-    krb5_realm r = NULL;
-    va_list ap;
-    if(realm == NULL) {
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	realm = r;
-    }
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
-    va_end(ap);
-    if(r)
-	free(r);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va(krb5_context context, 
-			krb5_principal *principal, 
-			int rlen,
-			krb5_const_realm realm,
-			va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_princ, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va_ext(krb5_context context, 
-			    krb5_principal *principal, 
-			    int rlen,
-			    krb5_const_realm realm,
-			    va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_ext(krb5_context context,
-			 krb5_principal *principal,
-			 int rlen,
-			 krb5_const_realm realm,
-			 ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_principal(krb5_context context,
-		    krb5_const_principal inprinc,
-		    krb5_principal *outprinc)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(copy_Principal(inprinc, p)) {
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *outprinc = p;
-    return 0;
-}
-
-/*
- * return TRUE iff princ1 == princ2 (without considering the realm)
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare_any_realm(krb5_context context,
-				 krb5_const_principal princ1,
-				 krb5_const_principal princ2)
-{
-    int i;
-    if(princ_num_comp(princ1) != princ_num_comp(princ2))
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ1); i++){
-	if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-/*
- * return TRUE iff princ1 == princ2
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare(krb5_context context,
-		       krb5_const_principal princ1,
-		       krb5_const_principal princ2)
-{
-    if(!krb5_realm_compare(context, princ1, princ2))
-	return FALSE;
-    return krb5_principal_compare_any_realm(context, princ1, princ2);
-}
-
-/*
- * return TRUE iff realm(princ1) == realm(princ2)
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_realm_compare(krb5_context context,
-		   krb5_const_principal princ1,
-		   krb5_const_principal princ2)
-{
-    return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
-}
-
-/*
- * return TRUE iff princ matches pattern
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_match(krb5_context context,
-		     krb5_const_principal princ,
-		     krb5_const_principal pattern)
-{
-    int i;
-    if(princ_num_comp(princ) != princ_num_comp(pattern))
-	return FALSE;
-    if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ); i++){
-	if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-
-static struct v4_name_convert {
-    const char *from;
-    const char *to; 
-} default_v4_name_convert[] = {
-    { "ftp",	"ftp" },
-    { "hprop",	"hprop" },
-    { "pop",	"pop" },
-    { "imap",	"imap" },
-    { "rcmd",	"host" },
-    { "smtp",	"smtp" },
-    { NULL, NULL }
-};
-
-/*
- * return the converted instance name of `name' in `realm'.
- * look in the configuration file and then in the default set above.
- * return NULL if no conversion is appropriate.
- */
-
-static const char*
-get_name_conversion(krb5_context context, const char *realm, const char *name)
-{
-    struct v4_name_convert *q;
-    const char *p;
-
-    p = krb5_config_get_string(context, NULL, "realms", realm,
-			       "v4_name_convert", "host", name, NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL, "libdefaults", 
-				   "v4_name_convert", "host", name, NULL);
-    if(p)
-	return p;
-
-    /* XXX should be possible to override default list */
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    p = krb5_config_get_string(context, NULL,
-			       "libdefaults",
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    for(q = default_v4_name_convert; q->from; q++)
-	if(strcmp(q->from, name) == 0)
-	    return q->to;
-    return NULL;
-}
-
-/*
- * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
- * if `resolve', use DNS.
- * if `func', use that function for validating the conversion
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext2(krb5_context context,
-			     const char *name,
-			     const char *instance,
-			     const char *realm,
-			     krb5_boolean (*func)(krb5_context, 
-						  void *, krb5_principal),
-			     void *funcctx,
-			     krb5_boolean resolve,
-			     krb5_principal *princ)
-{
-    const char *p;
-    krb5_error_code ret;
-    krb5_principal pr;
-    char host[MAXHOSTNAMELEN];
-    char local_hostname[MAXHOSTNAMELEN];
-
-    /* do the following: if the name is found in the
-       `v4_name_convert:host' part, is assumed to be a `host' type
-       principal, and the instance is looked up in the
-       `v4_instance_convert' part. if not found there the name is
-       (optionally) looked up as a hostname, and if that doesn't yield
-       anything, the `default_domain' is appended to the instance
-       */
-
-    if(instance == NULL)
-	goto no_host;
-    if(instance[0] == 0){
-	instance = NULL;
-	goto no_host;
-    }
-    p = get_name_conversion(context, realm, name);
-    if(p == NULL)
-	goto no_host;
-    name = p;
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "v4_instance_convert", instance, NULL);
-    if(p){
-	instance = p;
-	ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-	if(func == NULL || (*func)(context, funcctx, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-	*princ = NULL;
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-    if(resolve){
-	krb5_boolean passed = FALSE;
-	char *inst = NULL;
-#ifdef USE_RESOLVER
-	struct dns_reply *r;
-
-	r = dns_lookup(instance, "aaaa");
-	if (r) {
-	    if (r->head && r->head->type == T_AAAA) {
-		inst = strdup(r->head->domain);
-		passed = TRUE;
-	    }
-	    dns_free_data(r);
-	} else {
-	    r = dns_lookup(instance, "a");
-	    if (r) {
-		if(r->head && r->head->type == T_A) {
-		    inst = strdup(r->head->domain);
-		    passed = TRUE;
-		}
-		dns_free_data(r);
-	    }
-	}
-#else
-	struct addrinfo hints, *ai;
-	
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	ret = getaddrinfo(instance, NULL, &hints, &ai);
-	if (ret == 0) {
-	    const struct addrinfo *a;
-	    for (a = ai; a != NULL; a = a->ai_next) {
-		if (a->ai_canonname != NULL) {
-		    inst = strdup (a->ai_canonname);
-		    passed = TRUE;
-		    break;
-		}
-	    }
-	    freeaddrinfo (ai);
-	}
-#endif
-	if (passed) {
-	    if (inst == NULL) {
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlwr(inst);
-	    ret = krb5_make_principal(context, &pr, realm, name, inst,
-				      NULL);
-	    free (inst);
-	    if(ret == 0) {
-		if(func == NULL || (*func)(context, funcctx, pr)){
-		    *princ = pr;
-		    return 0;
-		}
-		krb5_free_principal(context, pr);
-	    }
-	}
-    }
-    if(func != NULL) {
-	snprintf(host, sizeof(host), "%s.%s", instance, realm);
-	strlwr(host);
-	ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	if((*func)(context, funcctx, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-    }
-
-    /*
-     * if the instance is the first component of the local hostname,
-     * the converted host should be the long hostname.
-     */
-
-    if (func == NULL && 
-        gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
-        strncmp(instance, local_hostname, strlen(instance)) == 0 && 
-	local_hostname[strlen(instance)] == '.') {
-	strlcpy(host, local_hostname, sizeof(host));
-	goto local_host;
-    }
-
-    {
-	char **domains, **d;
-	domains = krb5_config_get_strings(context, NULL, "realms", realm,
-					  "v4_domains", NULL);
-	for(d = domains; d && *d; d++){
-	    snprintf(host, sizeof(host), "%s.%s", instance, *d);
-	    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	    if(func == NULL || (*func)(context, funcctx, pr)){
-		*princ = pr;
-		krb5_config_free_strings(domains);
-		return 0;
-	    }
-	    krb5_free_principal(context, pr);
-	}
-	krb5_config_free_strings(domains);
-    }
-
-    
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "default_domain", NULL);
-    if(p == NULL){
-	/* this should be an error, just faking a name is not good */
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-	
-    if (*p == '.')
-	++p;
-    snprintf(host, sizeof(host), "%s.%s", instance, p);
-local_host:
-    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-    if(func == NULL || (*func)(context, funcctx, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-no_host:
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL,
-				   "libdefaults",
-				   "v4_name_convert",
-				   "plain",
-				   name,
-				   NULL);
-    if(p)
-	name = p;
-    
-    ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-    if(func == NULL || (*func)(context, funcctx, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-}
-
-static krb5_boolean
-convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal)
-{
-    krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx;
-    return (*func)(conxtext, principal);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext(krb5_context context,
-			    const char *name,
-			    const char *instance,
-			    const char *realm,
-			    krb5_boolean (*func)(krb5_context, krb5_principal),
-			    krb5_boolean resolve,
-			    krb5_principal *principal)
-{
-    return krb5_425_conv_principal_ext2(context,
-					name,
-					instance,
-					realm,
-					func ? convert_func : NULL,
-					func,
-					resolve,
-					principal);
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal(krb5_context context,
-			const char *name,
-			const char *instance,
-			const char *realm,
-			krb5_principal *princ)
-{
-    krb5_boolean resolve = krb5_config_get_bool(context,
-						NULL,
-						"libdefaults", 
-						"v4_instance_resolve", 
-						NULL);
-
-    return krb5_425_conv_principal_ext(context, name, instance, realm, 
-				       NULL, resolve, princ);
-}
-
-
-static int
-check_list(const krb5_config_binding *l, const char *name, const char **out)
-{
-    while(l){
-	if (l->type != krb5_config_string)
-	    continue;
-	if(strcmp(name, l->u.string) == 0) {
-	    *out = l->name;
-	    return 1;
-	}
-	l = l->next;
-    }
-    return 0;
-}
-
-static int
-name_convert(krb5_context context, const char *name, const char *realm, 
-	     const char **out)
-{
-    const krb5_config_binding *l;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "plain",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    
-    /* didn't find it in config file, try built-in list */
-    {
-	struct v4_name_convert *q;
-	for(q = default_v4_name_convert; q->from; q++) {
-	    if(strcmp(name, q->to) == 0) {
-		*out = q->from;
-		return KRB5_NT_SRV_HST;
-	    }
-	}
-    }
-    return -1;
-}
-
-/*
- * convert the v5 principal in `principal' into a v4 corresponding one
- * in `name, instance, realm'
- * this is limited interface since there's no length given for these
- * three parameters.  They have to be 40 bytes each (ANAME_SZ).
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_524_conv_principal(krb5_context context,
-			const krb5_principal principal,
-			char *name, 
-			char *instance,
-			char *realm)
-{
-    const char *n, *i, *r;
-    char tmpinst[40];
-    int type = princ_type(principal);
-    const int aname_sz = 40;
-
-    r = principal->realm;
-
-    switch(principal->name.name_string.len){
-    case 1:
-	n = principal->name.name_string.val[0];
-	i = "";
-	break;
-    case 2:
-	n = principal->name.name_string.val[0];
-	i = principal->name.name_string.val[1];
-	break;
-    default:
-	krb5_set_error_string (context,
-			       "cannot convert a %d component principal",
-			       principal->name.name_string.len);
-	return KRB5_PARSE_MALFORMED;
-    }
-
-    {
-	const char *tmp;
-	int t = name_convert(context, n, r, &tmp);
-	if(t >= 0) {
-	    type = t;
-	    n = tmp;
-	}
-    }
-
-    if(type == KRB5_NT_SRV_HST){
-	char *p;
-
-	strlcpy (tmpinst, i, sizeof(tmpinst));
-	p = strchr(tmpinst, '.');
-	if(p)
-	    *p = 0;
-	i = tmpinst;
-    }
-    
-    if (strlcpy (name, n, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long name component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (instance, i, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long instance component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (realm, r, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long realm component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    return 0;
-}
-
-/*
- * Create a principal in `ret_princ' for the service `sname' running
- * on host `hostname'.  */
-			
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sname_to_principal (krb5_context context,
-			 const char *hostname,
-			 const char *sname,
-			 int32_t type,
-			 krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    char localhost[MAXHOSTNAMELEN];
-    char **realms, *host = NULL;
-	
-    if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
-	krb5_set_error_string (context, "unsupported name type %d",
-			       type);
-	return KRB5_SNAME_UNSUPP_NAMETYPE;
-    }
-    if(hostname == NULL) {
-	gethostname(localhost, sizeof(localhost));
-	hostname = localhost;
-    }
-    if(sname == NULL)
-	sname = "host";
-    if(type == KRB5_NT_SRV_HST) {
-	ret = krb5_expand_hostname_realms (context, hostname,
-					   &host, &realms);
-	if (ret)
-	    return ret;
-	strlwr(host);
-	hostname = host;
-    } else {
-	ret = krb5_get_host_realm(context, hostname, &realms);
-	if(ret)
-	    return ret;
-    }
-
-    ret = krb5_make_principal(context, ret_princ, realms[0], sname,
-			      hostname, NULL);
-    if(host)
-	free(host);
-    krb5_free_host_realm(context, realms);
-    return ret;
-}
-
-static const struct {
-    const char *type;
-    int32_t value;
-} nametypes[] = {
-    { "UNKNOWN", KRB5_NT_UNKNOWN },
-    { "PRINCIPAL", KRB5_NT_PRINCIPAL },
-    { "SRV_INST", KRB5_NT_SRV_INST },
-    { "SRV_HST", KRB5_NT_SRV_HST },
-    { "SRV_XHST", KRB5_NT_SRV_XHST },
-    { "UID", KRB5_NT_UID },
-    { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
-    { "SMTP_NAME", KRB5_NT_SMTP_NAME },
-    { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
-    { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
-    { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
-    { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
-    { NULL }
-};
-
-krb5_error_code
-krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
-{
-    size_t i;
-    
-    for(i = 0; nametypes[i].type; i++) {
-	if (strcasecmp(nametypes[i].type, str) == 0) {
-	    *nametype = nametypes[i].value;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "Failed to find name type %s", str);
-    return KRB5_PARSE_MALFORMED;
-}
diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c
deleted file mode 100644
index 0586155..0000000
--- a/crypto/heimdal/lib/krb5/prog_setup.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: prog_setup.c 15470 2005-06-17 04:29:41Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_std_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_program_setup(krb5_context *context, int argc, char **argv,
-		   struct getargs *args, int num_args, 
-		   void (*usage)(int, struct getargs*, int))
-{
-    krb5_error_code ret;
-    int optidx = 0;
-
-    if(usage == NULL)
-	usage = krb5_std_usage;
-
-    setprogname(argv[0]);
-    ret = krb5_init_context(context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    if(getarg(args, num_args, argc, argv, &optidx))
-	(*usage)(1, args, num_args);
-    return optidx;
-}
diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c
deleted file mode 100644
index e0f407f..0000000
--- a/crypto/heimdal/lib/krb5/prompter_posix.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $");
-
-int KRB5_LIB_FUNCTION
-krb5_prompter_posix (krb5_context context,
-		     void *data,
-		     const char *name,
-		     const char *banner,
-		     int num_prompts,
-		     krb5_prompt prompts[])
-{
-    int i;
-
-    if (name)
-	fprintf (stderr, "%s\n", name);
-    if (banner)
-	fprintf (stderr, "%s\n", banner);
-    if (name || banner)
-	fflush(stderr);
-    for (i = 0; i < num_prompts; ++i) {
-	if (prompts[i].hidden) {
-	    if(UI_UTIL_read_pw_string(prompts[i].reply->data,
-				  prompts[i].reply->length,
-				  prompts[i].prompt,
-				  0))
-	       return 1;
-	} else {
-	    char *s = prompts[i].reply->data;
-
-	    fputs (prompts[i].prompt, stdout);
-	    fflush (stdout);
-	    if(fgets(prompts[i].reply->data,
-		     prompts[i].reply->length,
-		     stdin) == NULL)
-		return 1;
-	    s[strcspn(s, "\n")] = '\0';
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
deleted file mode 100644
index c3f7322..0000000
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_cred.c 20304 2007-04-11 11:15:05Z lha $");
-
-static krb5_error_code
-compare_addrs(krb5_context context,
-	      krb5_address *a,
-	      krb5_address *b,
-	      const char *message)
-{
-    char a_str[64], b_str[64];
-    size_t len;
-
-    if(krb5_address_compare (context, a, b))
-	return 0;
-
-    krb5_print_address (a, a_str, sizeof(a_str), &len);
-    krb5_print_address (b, b_str, sizeof(b_str), &len);
-    krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str);
-    return KRB5KRB_AP_ERR_BADADDR;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred(krb5_context context,
-	     krb5_auth_context auth_context,
-	     krb5_data *in_data,
-	     krb5_creds ***ret_creds,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    size_t len;
-    KRB_CRED cred;
-    EncKrbCredPart enc_krb_cred_part;
-    krb5_data enc_krb_cred_part_data;
-    krb5_crypto crypto;
-    int i;
-
-    memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    *ret_creds = NULL;
-
-    ret = decode_KRB_CRED(in_data->data, in_data->length, 
-			  &cred, &len);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-
-    if (cred.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.msg_type != krb_cred) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.enc_part.etype == ETYPE_NULL) {  
-	/* DK: MIT GSS-API Compatibility */
-	enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
-	enc_krb_cred_part_data.data   = cred.enc_part.cipher.data;
-    } else {
-	/* Try both subkey and session key.
-	 * 
-	 * RFC4120 claims we should use the session key, but Heimdal
-	 * before 0.8 used the remote subkey if it was send in the
-	 * auth_context.
-	 */
-
-	if (auth_context->remote_subkey) {
-	    ret = krb5_crypto_init(context, auth_context->remote_subkey,
-				   0, &crypto);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_decrypt_EncryptedData(context,
-					     crypto,
-					     KRB5_KU_KRB_CRED,
-					     &cred.enc_part,
-					     &enc_krb_cred_part_data);
-	    
-	    krb5_crypto_destroy(context, crypto);
-	}
-
-	/* 
-	 * If there was not subkey, or we failed using subkey, 
-	 * retry using the session key
-	 */
-	if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	{
-
-	    ret = krb5_crypto_init(context, auth_context->keyblock,
-				   0, &crypto);
-
-	    if (ret)
-		goto out;
-	    
-	    ret = krb5_decrypt_EncryptedData(context,
-					     crypto,
-					     KRB5_KU_KRB_CRED,
-					     &cred.enc_part,
-					     &enc_krb_cred_part_data);
-	    
-	    krb5_crypto_destroy(context, crypto);
-	}
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decode_EncKrbCredPart (context,
-				      enc_krb_cred_part_data.data,
-				      enc_krb_cred_part_data.length,
-				      &enc_krb_cred_part,
-				      &len);
-    if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data)
-	krb5_data_free(&enc_krb_cred_part_data);
-    if (ret)
-	goto out;
-
-    /* check sender address */
-
-    if (enc_krb_cred_part.s_address
-	&& auth_context->remote_address
-	&& auth_context->remote_port) {
-	krb5_address *a;
-
-	ret = krb5_make_addrport (context, &a,
-				  auth_context->remote_address,
-				  auth_context->remote_port);
-	if (ret)
-	    goto out;
-
-
-	ret = compare_addrs(context, a, enc_krb_cred_part.s_address, 
-			    "sender address is wrong in received creds");
-	krb5_free_address(context, a);
-	free(a);
-	if(ret)
-	    goto out;
-    }
-
-    /* check receiver address */
-
-    if (enc_krb_cred_part.r_address
-	&& auth_context->local_address) {
-	if(auth_context->local_port &&
-	   enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
-	    krb5_address *a;
-	    ret = krb5_make_addrport (context, &a,
-				      auth_context->local_address,
-				      auth_context->local_port);
-	    if (ret)
-		goto out;
-	    
-	    ret = compare_addrs(context, a, enc_krb_cred_part.r_address, 
-				"receiver address is wrong in received creds");
-	    krb5_free_address(context, a);
-	    free(a);
-	    if(ret)
-		goto out;
-	} else {
-	    ret = compare_addrs(context, auth_context->local_address,
-				enc_krb_cred_part.r_address,
-				"receiver address is wrong in received creds");
-	    if(ret)
-		goto out;
-	}
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-
-	if (enc_krb_cred_part.timestamp == NULL ||
-	    enc_krb_cred_part.usec      == NULL ||
-	    abs(*enc_krb_cred_part.timestamp - sec)
-	    > context->max_skew) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    goto out;
-	}
-    }
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the cred-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(enc_krb_cred_part.timestamp)
-	    outdata->timestamp = *enc_krb_cred_part.timestamp;
-	if(enc_krb_cred_part.usec)
-	    outdata->usec = *enc_krb_cred_part.usec;
-	if(enc_krb_cred_part.nonce)
-	    outdata->seq = *enc_krb_cred_part.nonce;
-    }
-    
-    /* Convert to NULL terminated list of creds */
-
-    *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, 
-			sizeof(**ret_creds));
-
-    if (*ret_creds == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out;
-    }
-
-    for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
-	KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
-	krb5_creds *creds;
-
-	creds = calloc(1, sizeof(*creds));
-	if(creds == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-			   &cred.tickets.val[i], &len, ret);
-	if (ret) {
-	    free(creds);
-	    goto out;
-	}
-	if(creds->ticket.length != len)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-	copy_EncryptionKey (&kci->key, &creds->session);
-	if (kci->prealm && kci->pname)
-	    _krb5_principalname2krb5_principal (context,
-						&creds->client,
-						*kci->pname,
-						*kci->prealm);
-	if (kci->flags)
-	    creds->flags.b = *kci->flags;
-	if (kci->authtime)
-	    creds->times.authtime = *kci->authtime;
-	if (kci->starttime)
-	    creds->times.starttime = *kci->starttime;
-	if (kci->endtime)
-	    creds->times.endtime = *kci->endtime;
-	if (kci->renew_till)
-	    creds->times.renew_till = *kci->renew_till;
-	if (kci->srealm && kci->sname)
-	    _krb5_principalname2krb5_principal (context,
-						&creds->server,
-						*kci->sname,
-						*kci->srealm);
-	if (kci->caddr)
-	    krb5_copy_addresses (context,
-				 kci->caddr,
-				 &creds->addresses);
-	
-	(*ret_creds)[i] = creds;
-	
-    }
-    (*ret_creds)[i] = NULL;
-
-    free_KRB_CRED (&cred);
-    free_EncKrbCredPart(&enc_krb_cred_part);
-
-    return 0;
-
-  out:
-    free_EncKrbCredPart(&enc_krb_cred_part);
-    free_KRB_CRED (&cred);
-    if(*ret_creds) {
-	for(i = 0; (*ret_creds)[i]; i++)
-	    krb5_free_creds(context, (*ret_creds)[i]);
-	free(*ret_creds);
-	*ret_creds = NULL;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred2 (krb5_context      context,
-	       krb5_auth_context auth_context,
-	       krb5_ccache       ccache,
-	       krb5_data         *in_data)
-{
-    krb5_error_code ret;
-    krb5_creds **creds;
-    int i;
-
-    ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
-    if(ret)
-	return ret;
-
-    /* Store the creds in the ccache */
-
-    for(i = 0; creds && creds[i]; i++) {
-	krb5_cc_store_cred(context, ccache, creds[i]);
-	krb5_free_creds(context, creds[i]);
-    }
-    free(creds);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c
deleted file mode 100644
index e764646..0000000
--- a/crypto/heimdal/lib/krb5/rd_error.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: rd_error.c 21057 2007-06-12 17:22:31Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_error(krb5_context context,
-	      const krb5_data *msg,
-	      KRB_ERROR *result)
-{
-    
-    size_t len;
-    krb5_error_code ret;
-
-    ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    result->error_code += KRB5KDC_ERR_NONE;
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_contents (krb5_context context,
-			  krb5_error *error)
-{
-    free_KRB_ERROR(error);
-    memset(error, 0, sizeof(*error));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_error (krb5_context context,
-		 krb5_error *error)
-{
-    krb5_free_error_contents (context, error);
-    free (error);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_error_from_rd_error(krb5_context context,
-			 const krb5_error *error,
-			 const krb5_creds *creds)
-{
-    krb5_error_code ret;
-
-    ret = error->error_code;
-    if (error->e_text != NULL) {
-	krb5_set_error_string(context, "%s", *error->e_text);
-    } else {
-	char clientname[256], servername[256];
-
-	if (creds != NULL) {
-	    krb5_unparse_name_fixed(context, creds->client,
-				    clientname, sizeof(clientname));
-	    krb5_unparse_name_fixed(context, creds->server,
-				    servername, sizeof(servername));
-	}
-
-	switch (ret) {
-	case KRB5KDC_ERR_NAME_EXP :
-	    krb5_set_error_string(context, "Client %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_SERVICE_EXP :
-	    krb5_set_error_string(context, "Server %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Client %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Server %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	default :
-	    krb5_clear_error_string(context);
-	    break;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c
deleted file mode 100644
index ed7a2cc..0000000
--- a/crypto/heimdal/lib/krb5/rd_priv.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_PRIV priv;
-    EncKrbPrivPart part;
-    size_t len;
-    krb5_data plain;
-    krb5_keyblock *key;
-    krb5_crypto crypto;
-
-    if (outbuf)
-	krb5_data_zero(outbuf);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL) {
-	krb5_clear_error_string (context);
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-    }
-
-    memset(&priv, 0, sizeof(priv));
-    ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
-    if (ret) {
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (priv.pvno != 5) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	goto failure;
-    }
-    if (priv.msg_type != krb_priv) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	goto failure;
-    }
-
-    if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto failure;
-    ret = krb5_decrypt_EncryptedData(context,
-				     crypto,
-				     KRB5_KU_KRB_PRIV,
-				     &priv.enc_part,
-				     &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) 
-	goto failure;
-
-    ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
-    krb5_data_free (&plain);
-    if (ret) {
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-  
-    /* check sender address */
-
-    if (part.s_address
-	&& auth_context->remote_address
-	&& !krb5_address_compare (context,
-				  auth_context->remote_address,
-				  part.s_address)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	goto failure_part;
-    }
-
-    /* check receiver address */
-
-    if (part.r_address
-	&& auth_context->local_address
-	&& !krb5_address_compare (context,
-				  auth_context->local_address,
-				  part.r_address)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	goto failure_part;
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-	if (part.timestamp == NULL ||
-	    part.usec      == NULL ||
-	    abs(*part.timestamp - sec) > context->max_skew) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    goto failure_part;
-	}
-    }
-
-    /* XXX - check replay cache */
-
-    /* check sequence number. since MIT krb5 cannot generate a sequence
-       number of zero but instead generates no sequence number, we accept that
-    */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if ((part.seq_number == NULL
-	     && auth_context->remote_seqnumber != 0)
-	    || (part.seq_number != NULL
-		&& *part.seq_number != auth_context->remote_seqnumber)) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_BADORDER;
-	    goto failure_part;
-	}
-	auth_context->remote_seqnumber++;
-    }
-
-    ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
-    if (ret)
-	goto failure_part;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the priv-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(part.timestamp)
-	    outdata->timestamp = *part.timestamp;
-	if(part.usec)
-	    outdata->usec = *part.usec;
-	if(part.seq_number)
-	    outdata->seq = *part.seq_number;
-    }
-
-  failure_part:
-    free_EncKrbPrivPart (&part);
-
-  failure:
-    free_KRB_PRIV (&priv);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c
deleted file mode 100644
index 8c9b7bb..0000000
--- a/crypto/heimdal/lib/krb5/rd_rep.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    const krb5_data *inbuf,
-	    krb5_ap_rep_enc_part **repl)
-{
-    krb5_error_code ret;
-    AP_REP ap_rep;
-    size_t len;
-    krb5_data data;
-    krb5_crypto crypto;
-
-    krb5_data_zero (&data);
-    ret = 0;
-
-    ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
-    if (ret)
-	return ret;
-    if (ap_rep.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-    if (ap_rep.msg_type != krb_ap_rep) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
-    if (ret)
-	goto out;
-    ret = krb5_decrypt_EncryptedData (context, 
-				      crypto,	
-				      KRB5_KU_AP_REQ_ENC_PART,
-				      &ap_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	goto out;
-
-    *repl = malloc(sizeof(**repl));
-    if (*repl == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out;
-    }
-    ret = krb5_decode_EncAPRepPart(context,
-				   data.data,
-				   data.length,
-				   *repl, 
-				   &len);
-    if (ret)
-	return ret;
-  
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { 
-	if ((*repl)->ctime != auth_context->authenticator->ctime ||
-	    (*repl)->cusec != auth_context->authenticator->cusec) 
-	{
-	    krb5_free_ap_rep_enc_part(context, *repl);
-	    *repl = NULL;
-	    ret = KRB5KRB_AP_ERR_MUT_FAIL;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-    if ((*repl)->seq_number)
-	krb5_auth_con_setremoteseqnumber(context, auth_context,
-					 *((*repl)->seq_number));
-    if ((*repl)->subkey)
-	krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
-  
- out:
-    krb5_data_free (&data);
-    free_AP_REP (&ap_rep);
-    return ret;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_ap_rep_enc_part (krb5_context context,
-			   krb5_ap_rep_enc_part *val)
-{
-    if (val) {
-	free_EncAPRepPart (val);
-	free (val);
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
deleted file mode 100644
index 0f33b97..0000000
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ /dev/null
@@ -1,892 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_req.c 22235 2007-12-08 21:52:07Z lha $");
-
-static krb5_error_code
-decrypt_tkt_enc_part (krb5_context context,
-		      krb5_keyblock *key,
-		      EncryptedData *enc_part,
-		      EncTicketPart *decr_part)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_TICKET,
-				      enc_part,
-				      &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, 
-				    decr_part, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-static krb5_error_code
-decrypt_authenticator (krb5_context context,
-		       EncryptionKey *key,
-		       EncryptedData *enc_part,
-		       Authenticator *authenticator,
-		       krb5_key_usage usage)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage /* KRB5_KU_AP_REQ_AUTH */,
-				      enc_part,
-				      &plain);
-    /* for backwards compatibility, also try the old usage */
-    if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_AP_REQ_AUTH,
-					  enc_part,
-					  &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_Authenticator(context, plain.data, plain.length, 
-				    authenticator, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ap_req(krb5_context context,
-		   const krb5_data *inbuf,
-		   krb5_ap_req *ap_req)
-{
-    krb5_error_code ret;
-    size_t len;
-    ret = decode_AP_REQ(inbuf->data, inbuf->length, ap_req, &len);
-    if (ret)
-	return ret;
-    if (ap_req->pvno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    if (ap_req->msg_type != krb_ap_req){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_MSG_TYPE;
-    }
-    if (ap_req->ticket.tkt_vno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    return 0;
-}
-
-static krb5_error_code
-check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
-{
-    char **realms;
-    int num_realms;
-    krb5_error_code ret;
-	    
-    /* 
-     * Windows 2000 and 2003 uses this inside their TGT so it's normaly
-     * not seen by others, however, samba4 joined with a Windows AD as
-     * a Domain Controller gets exposed to this.
-     */
-    if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0)
-	return 0;
-
-    if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
-
-    if(enc->transited.contents.length == 0)
-	return 0;
-
-    ret = krb5_domain_x500_decode(context, enc->transited.contents, 
-				  &realms, &num_realms, 
-				  enc->crealm,
-				  ticket->realm);
-    if(ret)
-	return ret;
-    ret = krb5_check_transited(context, enc->crealm, 
-			       ticket->realm, 
-			       realms, num_realms, NULL);
-    free(realms);
-    return ret;
-}
-
-static krb5_error_code
-find_etypelist(krb5_context context,
-	       krb5_auth_context auth_context,
-	       EtypeList *etypes)
-{
-    krb5_error_code ret;
-    krb5_authdata *ad;
-    krb5_authdata adIfRelevant;
-    unsigned i;
-
-    adIfRelevant.len = 0;
-
-    etypes->len = 0;
-    etypes->val = NULL;
-
-    ad = auth_context->authenticator->authorization_data;
-    if (ad == NULL)
-	return 0;
-
-    for (i = 0; i < ad->len; i++) {
-	if (ad->val[i].ad_type == KRB5_AUTHDATA_IF_RELEVANT) {
-	    ret = decode_AD_IF_RELEVANT(ad->val[i].ad_data.data,
-					ad->val[i].ad_data.length,
-					&adIfRelevant,
-					NULL);
-	    if (ret)
-		return ret;
-
-	    if (adIfRelevant.len == 1 &&
-		adIfRelevant.val[0].ad_type ==
-			KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION) {
-		break;
-	    }
-	    free_AD_IF_RELEVANT(&adIfRelevant);
-	    adIfRelevant.len = 0;
-	}
-    }
-
-    if (adIfRelevant.len == 0)
-	return 0;
-
-    ret = decode_EtypeList(adIfRelevant.val[0].ad_data.data,
-			   adIfRelevant.val[0].ad_data.length,
-			   etypes,
-			   NULL);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    free_AD_IF_RELEVANT(&adIfRelevant);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ticket(krb5_context context,
-		    Ticket *ticket,
-		    krb5_keyblock *key,
-		    EncTicketPart *out,
-		    krb5_flags flags)
-{
-    EncTicketPart t;
-    krb5_error_code ret;
-    ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
-    if (ret)
-	return ret;
-    
-    {
-	krb5_timestamp now;
-	time_t start = t.authtime;
-
-	krb5_timeofday (context, &now);
-	if(t.starttime)
-	    start = *t.starttime;
-	if(start - now > context->max_skew
-	   || (t.flags.invalid
-	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_NYV;
-	}
-	if(now - t.endtime > context->max_skew) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
-	}
-	
-	if(!t.flags.transited_policy_checked) {
-	    ret = check_transited(context, ticket, &t);
-	    if(ret) {
-		free_EncTicketPart(&t);
-		return ret;
-	    }
-	}
-    }
-    
-    if(out)
-	*out = t;
-    else
-	free_EncTicketPart(&t);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_authenticator_checksum(krb5_context context,
-				   krb5_auth_context ac,
-				   void *data,
-				   size_t len)
-{
-    krb5_error_code ret;
-    krb5_keyblock *key;
-    krb5_authenticator authenticator;
-    krb5_crypto crypto;
-    
-    ret = krb5_auth_con_getauthenticator (context,
-				      ac,
-				      &authenticator);
-    if(ret)
-	return ret;
-    if(authenticator->cksum == NULL) {
-	krb5_free_authenticator(context, &authenticator);
-	return -17;
-    }
-    ret = krb5_auth_con_getkey(context, ac, &key);
-    if(ret) {
-	krb5_free_authenticator(context, &authenticator);
-	return ret;
-    }
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if(ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_AP_REQ_AUTH_CKSUM,
-				data,
-				len,
-				authenticator->cksum);
-    krb5_crypto_destroy(context, crypto);
-out:
-    krb5_free_authenticator(context, &authenticator);
-    krb5_free_keyblock(context, key);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req(krb5_context context,
-		   krb5_auth_context *auth_context,
-		   krb5_ap_req *ap_req,
-		   krb5_const_principal server,
-		   krb5_keyblock *keyblock,
-		   krb5_flags flags,
-		   krb5_flags *ap_req_options,
-		   krb5_ticket **ticket)
-{
-    return krb5_verify_ap_req2 (context,
-				auth_context,
-				ap_req,
-				server,
-				keyblock,
-				flags,
-				ap_req_options,
-				ticket,
-				KRB5_KU_AP_REQ_AUTH);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req2(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keyblock *keyblock,
-		    krb5_flags flags,
-		    krb5_flags *ap_req_options,
-		    krb5_ticket **ticket,
-		    krb5_key_usage usage)
-{
-    krb5_ticket *t;
-    krb5_auth_context ac;
-    krb5_error_code ret;
-    EtypeList etypes;
-    
-    if (ticket)
-	*ticket = NULL;
-
-    if (auth_context && *auth_context) {
-	ac = *auth_context;
-    } else {
-	ret = krb5_auth_con_init (context, &ac);
-	if (ret)
-	    return ret;
-    }
-
-    t = calloc(1, sizeof(*t));
-    if (t == NULL) {
-	ret = ENOMEM;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (ap_req->ap_options.use_session_key && ac->keyblock){
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  ac->keyblock, 
-				  &t->ticket,
-				  flags);
-	krb5_free_keyblock(context, ac->keyblock);
-	ac->keyblock = NULL;
-    }else
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  keyblock, 
-				  &t->ticket,
-				  flags);
-    
-    if(ret)
-	goto out;
-
-    ret = _krb5_principalname2krb5_principal(context,
-					     &t->server,
-					     ap_req->ticket.sname, 
-					     ap_req->ticket.realm);
-    if (ret) goto out;
-    ret = _krb5_principalname2krb5_principal(context,
-					     &t->client,
-					     t->ticket.cname, 
-					     t->ticket.crealm);
-    if (ret) goto out;
-
-    /* save key */
-
-    ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
-    if (ret) goto out;
-
-    ret = decrypt_authenticator (context,
-				 &t->ticket.key,
-				 &ap_req->authenticator,
-				 ac->authenticator,
-				 usage);
-    if (ret)
-	goto out;
-
-    {
-	krb5_principal p1, p2;
-	krb5_boolean res;
-	
-	_krb5_principalname2krb5_principal(context,
-					   &p1,
-					   ac->authenticator->cname,
-					   ac->authenticator->crealm);
-	_krb5_principalname2krb5_principal(context,
-					   &p2, 
-					   t->ticket.cname,
-					   t->ticket.crealm);
-	res = krb5_principal_compare (context, p1, p2);
-	krb5_free_principal (context, p1);
-	krb5_free_principal (context, p2);
-	if (!res) {
-	    ret = KRB5KRB_AP_ERR_BADMATCH;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-
-    /* check addresses */
-
-    if (t->ticket.caddr
-	&& ac->remote_address
-	&& !krb5_address_search (context,
-				 ac->remote_address,
-				 t->ticket.caddr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    /* check timestamp in authenticator */
-    {
-	krb5_timestamp now;
-
-	krb5_timeofday (context, &now);
-
-	if (abs(ac->authenticator->ctime - now) > context->max_skew) {
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-
-    if (ac->authenticator->seq_number)
-	krb5_auth_con_setremoteseqnumber(context, ac,
-					 *ac->authenticator->seq_number);
-
-    /* XXX - Xor sequence numbers */
-
-    if (ac->authenticator->subkey) {
-	ret = krb5_auth_con_setremotesubkey(context, ac,
-					    ac->authenticator->subkey);
-	if (ret)
-	    goto out;
-    }
-
-    ret = find_etypelist(context, ac, &etypes);
-    if (ret)
-	goto out;
-
-    ac->keytype = ETYPE_NULL;
-
-    if (etypes.val) {
-	int i;
-
-	for (i = 0; i < etypes.len; i++) {
-	    if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
-		ac->keytype = etypes.val[i];
-		break;
-	    }
-	}
-    }
-
-    if (ap_req_options) {
-	*ap_req_options = 0;
-	if (ac->keytype != ETYPE_NULL)
-	    *ap_req_options |= AP_OPTS_USE_SUBKEY;
-	if (ap_req->ap_options.use_session_key)
-	    *ap_req_options |= AP_OPTS_USE_SESSION_KEY;
-	if (ap_req->ap_options.mutual_required)
-	    *ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-
-    if(ticket)
-	*ticket = t;
-    else
-	krb5_free_ticket (context, t);
-    if (auth_context) {
-	if (*auth_context == NULL)
-	    *auth_context = ac;
-    } else
-	krb5_auth_con_free (context, ac);
-    free_EtypeList(&etypes);
-    return 0;
- out:
-    if (t)
-	krb5_free_ticket (context, t);
-    if (auth_context == NULL || *auth_context == NULL)
-	krb5_auth_con_free (context, ac);
-    return ret;
-}
-		   
-/*
- *
- */
-
-struct krb5_rd_req_in_ctx_data {
-    krb5_keytab keytab;
-    krb5_keyblock *keyblock;
-    krb5_boolean check_pac;
-};
-
-struct krb5_rd_req_out_ctx_data {
-    krb5_keyblock *keyblock;
-    krb5_flags ap_req_options;
-    krb5_ticket *ticket;
-};
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keytab(krb5_context context, 
-			  krb5_rd_req_in_ctx in,
-			  krb5_keytab keytab)
-{
-    in->keytab = keytab; /* XXX should make copy */
-    return 0;
-}
-
-/**
- * Set if krb5_rq_red() is going to check the Windows PAC or not
- * 
- * @param context Keberos 5 context.
- * @param in krb5_rd_req_in_ctx to check the option on.
- * @param flag flag to select if to check the pac (TRUE) or not (FALSE).
- *
- * @return Kerberos 5 error code, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_pac_check(krb5_context context, 
-			     krb5_rd_req_in_ctx in,
-			     krb5_boolean flag)
-{
-    in->check_pac = flag;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keyblock(krb5_context context, 
-			    krb5_rd_req_in_ctx in,
-			    krb5_keyblock *keyblock)
-{
-    in->keyblock = keyblock; /* XXX should make copy */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ap_req_options(krb5_context context, 
-				   krb5_rd_req_out_ctx out,
-				   krb5_flags *ap_req_options)
-{
-    *ap_req_options = out->ap_req_options;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ticket(krb5_context context, 
-			    krb5_rd_req_out_ctx out,
-			    krb5_ticket **ticket)
-{
-    return krb5_copy_ticket(context, out->ticket, ticket);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_keyblock(krb5_context context, 
-			    krb5_rd_req_out_ctx out,
-			    krb5_keyblock **keyblock)
-{
-    return krb5_copy_keyblock(context, out->keyblock, keyblock);
-}
-
-void  KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
-{
-    free(ctx);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void  KRB5_LIB_FUNCTION
-krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
-{
-    krb5_free_keyblock(context, ctx->keyblock);
-    free(ctx);
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_data *inbuf,
-	    krb5_const_principal server,
-	    krb5_keytab keytab,
-	    krb5_flags *ap_req_options,
-	    krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_rd_req_in_ctx in;
-    krb5_rd_req_out_ctx out;
-
-    ret = krb5_rd_req_in_ctx_alloc(context, &in);
-    if (ret)
-	return ret;
-    
-    ret = krb5_rd_req_in_set_keytab(context, in, keytab);
-    if (ret) {
-	krb5_rd_req_in_ctx_free(context, in);
-	return ret;
-    }
-
-    ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
-    krb5_rd_req_in_ctx_free(context, in);
-    if (ret)
-	return ret;
-
-    if (ap_req_options)
-	*ap_req_options = out->ap_req_options;
-    if (ticket) {
-	ret = krb5_copy_ticket(context, out->ticket, ticket);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    krb5_rd_req_out_ctx_free(context, out);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_with_keyblock(krb5_context context,
-			  krb5_auth_context *auth_context,
-			  const krb5_data *inbuf,
-			  krb5_const_principal server,
-			  krb5_keyblock *keyblock,
-			  krb5_flags *ap_req_options,
-			  krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_rd_req_in_ctx in;
-    krb5_rd_req_out_ctx out;
-
-    ret = krb5_rd_req_in_ctx_alloc(context, &in);
-    if (ret)
-	return ret;
-    
-    ret = krb5_rd_req_in_set_keyblock(context, in, keyblock);
-    if (ret) {
-	krb5_rd_req_in_ctx_free(context, in);
-	return ret;
-    }
-
-    ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
-    krb5_rd_req_in_ctx_free(context, in);
-    if (ret)
-	return ret;
-
-    if (ap_req_options)
-	*ap_req_options = out->ap_req_options;
-    if (ticket) {
-	ret = krb5_copy_ticket(context, out->ticket, ticket);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    krb5_rd_req_out_ctx_free(context, out);
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-get_key_from_keytab(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keytab keytab,
-		    krb5_keyblock **out_key)
-{
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    int kvno;
-    krb5_keytab real_keytab;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-    
-    if (ap_req->ticket.enc_part.kvno)
-	kvno = *ap_req->ticket.enc_part.kvno;
-    else
-	kvno = 0;
-
-    ret = krb5_kt_get_entry (context,
-			     real_keytab,
-			     server,
-			     kvno,
-			     ap_req->ticket.enc_part.etype,
-			     &entry);
-    if(ret)
-	goto out;
-    ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
-    krb5_kt_free_entry (context, &entry);
-out:    
-    if(keytab == NULL)
-	krb5_kt_close(context, real_keytab);
-    
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_ctx(krb5_context context,
-		krb5_auth_context *auth_context,
-		const krb5_data *inbuf,
-		krb5_const_principal server,
-		krb5_rd_req_in_ctx inctx,
-		krb5_rd_req_out_ctx *outctx)
-{
-    krb5_error_code ret;
-    krb5_ap_req ap_req;
-    krb5_principal service = NULL;
-    krb5_rd_req_out_ctx o = NULL;
-
-    ret = _krb5_rd_req_out_ctx_alloc(context, &o);
-    if (ret)
-	goto out;
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init(context, auth_context);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decode_ap_req(context, inbuf, &ap_req);
-    if(ret)
-	goto out;
-
-    if(server == NULL){
-	ret = _krb5_principalname2krb5_principal(context,
-						 &service,
-						 ap_req.ticket.sname,
-						 ap_req.ticket.realm);
-	if (ret)
-	    goto out;
-	server = service;
-    }
-    if (ap_req.ap_options.use_session_key &&
-	(*auth_context)->keyblock == NULL) {
-	krb5_set_error_string(context, "krb5_rd_req: user to user auth "
-			      "without session key given");
-	ret = KRB5KRB_AP_ERR_NOKEY;
-	goto out;
-    }
-
-    if((*auth_context)->keyblock){
-	ret = krb5_copy_keyblock(context,
-				 (*auth_context)->keyblock,
-				 &o->keyblock);
-	if (ret)
-	    goto out;
-    } else if(inctx->keyblock){
-	ret = krb5_copy_keyblock(context,
-				 inctx->keyblock,
-				 &o->keyblock);
-	if (ret)
-	    goto out;
-    } else {
-	krb5_keytab keytab = NULL;
-
-	if (inctx && inctx->keytab)
-	    keytab = inctx->keytab;
-
-	ret = get_key_from_keytab(context, 
-				  auth_context, 
-				  &ap_req,
-				  server,
-				  keytab,
-				  &o->keyblock);
-	if(ret)
-	    goto out;
-    }
-
-    ret = krb5_verify_ap_req2(context,
-			      auth_context,
-			      &ap_req,
-			      server,
-			      o->keyblock,
-			      0,
-			      &o->ap_req_options,
-			      &o->ticket,
-			      KRB5_KU_AP_REQ_AUTH);
-
-    if (ret)
-	goto out;
-
-    /* If there is a PAC, verify its server signature */
-    if (inctx->check_pac) {
-	krb5_pac pac;
-	krb5_data data;
-
-	ret = krb5_ticket_get_authorization_data_type(context,
-						      o->ticket,
-						      KRB5_AUTHDATA_WIN2K_PAC,
-						      &data);
-	if (ret == 0) {
-	    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-	    krb5_data_free(&data);
-	    if (ret)
-		goto out;
-	
-	    ret = krb5_pac_verify(context,
-				  pac, 
-				  o->ticket->ticket.authtime,
-				  o->ticket->client, 
-				  o->keyblock, 
-				  NULL);
-	    krb5_pac_free(context, pac);
-	    if (ret)
-		goto out;
-	}
-	ret = 0;
-    }
-out:
-    if (ret || outctx == NULL) {
-	krb5_rd_req_out_ctx_free(context, o);
-    } else 
-	*outctx = o;
-
-    free_AP_REQ(&ap_req);
-    if(service)
-	krb5_free_principal(context, service);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c
deleted file mode 100644
index b2fb5c5..0000000
--- a/crypto/heimdal/lib/krb5/rd_safe.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_safe.c 19827 2007-01-11 02:54:59Z lha $");
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_auth_context auth_context,
-		KRB_SAFE *safe)
-{
-    krb5_error_code ret;
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    Checksum c;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-
-    c = safe->cksum;
-    safe->cksum.cksumtype       = 0;
-    safe->cksum.checksum.data   = NULL;
-    safe->cksum.checksum.length = 0;
-
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
-    if(ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_KRB_SAFE_CKSUM,
-				buf + buf_size - len,
-				len,
-				&c);
-    krb5_crypto_destroy(context, crypto);
-out:
-    safe->cksum = c;
-    free (buf);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_SAFE safe;
-    size_t len;
-
-    if (outbuf)
-	krb5_data_zero(outbuf);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL) {
-	krb5_set_error_string(context, "rd_safe: need outdata to return data");
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-    }
-
-    ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
-    if (ret) 
-	return ret;
-    if (safe.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (safe.msg_type != krb_safe) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
-	|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
-	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check sender address */
-
-    if (safe.safe_body.s_address
-	&& auth_context->remote_address
-	&& !krb5_address_compare (context,
-				  auth_context->remote_address,
-				  safe.safe_body.s_address)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check receiver address */
-
-    if (safe.safe_body.r_address
-	&& auth_context->local_address
-	&& !krb5_address_compare (context,
-				  auth_context->local_address,
-				  safe.safe_body.r_address)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-
-	if (safe.safe_body.timestamp == NULL ||
-	    safe.safe_body.usec      == NULL ||
-	    abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    krb5_clear_error_string (context);
-	    goto failure;
-	}
-    }
-    /* XXX - check replay cache */
-
-    /* check sequence number. since MIT krb5 cannot generate a sequence
-       number of zero but instead generates no sequence number, we accept that
-    */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if ((safe.safe_body.seq_number == NULL
-	     && auth_context->remote_seqnumber != 0)
-	    || (safe.safe_body.seq_number != NULL
-		&& *safe.safe_body.seq_number !=
-		auth_context->remote_seqnumber)) {
-	    ret = KRB5KRB_AP_ERR_BADORDER;
-	    krb5_clear_error_string (context);
-	    goto failure;
-	}
-	auth_context->remote_seqnumber++;
-    }
-
-    ret = verify_checksum (context, auth_context, &safe);
-    if (ret)
-	goto failure;
-  
-    outbuf->length = safe.safe_body.user_data.length;
-    outbuf->data   = malloc(outbuf->length);
-    if (outbuf->data == NULL && outbuf->length != 0) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	krb5_data_zero(outbuf);
-	goto failure;
-    }
-    memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the safe-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(safe.safe_body.timestamp)
-	    outdata->timestamp = *safe.safe_body.timestamp;
-	if(safe.safe_body.usec)
-	    outdata->usec = *safe.safe_body.usec;
-	if(safe.safe_body.seq_number)
-	    outdata->seq = *safe.safe_body.seq_number;
-    }
-
-  failure:
-    free_KRB_SAFE (&safe);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
deleted file mode 100644
index 5e03507..0000000
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: read_message.c 21750 2007-07-31 20:41:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_message (krb5_context context,
-		   krb5_pointer p_fd,
-		   krb5_data *data)
-{
-    krb5_error_code ret;
-    uint32_t len;
-    uint8_t buf[4];
-
-    krb5_data_zero(data);
-
-    ret = krb5_net_read (context, p_fd, buf, 4);
-    if(ret == -1) {
-	ret = errno;
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    if(ret < 4) {
-	krb5_clear_error_string(context);
-	return HEIM_ERR_EOF;
-    }
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
-    ret = krb5_data_alloc (data, len);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if (krb5_net_read (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_data_free (data);
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_priv_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_priv (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_safe_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_safe (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c
deleted file mode 100644
index 0348285..0000000
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: recvauth.c 20306 2007-04-11 11:15:55Z lha $");
-
-/*
- * See `sendauth.c' for the format.
- */
-
-static krb5_boolean
-match_exact(const void *data, const char *appl_version)
-{
-    return strcmp(data, appl_version) == 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal server,
-	      int32_t flags,
-	      krb5_keytab keytab,
-	      krb5_ticket **ticket)
-{
-    return krb5_recvauth_match_version(context, auth_context, p_fd,
-				       match_exact, appl_version,
-				       server, flags,
-				       keytab, ticket);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth_match_version(krb5_context context,
-			    krb5_auth_context *auth_context,
-			    krb5_pointer p_fd,
-			    krb5_boolean (*match_appl_version)(const void *, 
-							       const char*),
-			    const void *match_data,
-			    krb5_principal server,
-			    int32_t flags,
-			    krb5_keytab keytab,
-			    krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    const char *version = KRB5_SENDAUTH_VERSION;
-    char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
-    char *her_appl_version;
-    uint32_t len;
-    u_char repl;
-    krb5_data data;
-    krb5_flags ap_options;
-    ssize_t n;
-
-    /*
-     * If there are no addresses in auth_context, get them from `fd'.
-     */
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init (context, auth_context);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb5_auth_con_setaddrs_from_fd (context,
-					  *auth_context,
-					  p_fd);
-    if (ret)
-	return ret;
-
-    if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
-	n = krb5_net_read (context, p_fd, &len, 4);
-	if (n < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "read: %s", strerror(errno));
-	    return ret;
-	}
-	if (n == 0) {
-	    krb5_set_error_string (context, "Failed to receive sendauth data");
-	    return KRB5_SENDAUTH_BADAUTHVERS;
-	}
-	len = ntohl(len);
-	if (len != sizeof(her_version)
-	    || krb5_net_read (context, p_fd, her_version, len) != len
-	    || strncmp (version, her_version, len)) {
-	    repl = 1;
-	    krb5_net_write (context, p_fd, &repl, 1);
-	    krb5_clear_error_string (context);
-	    return KRB5_SENDAUTH_BADAUTHVERS;
-	}
-    }
-
-    n = krb5_net_read (context, p_fd, &len, 4);
-    if (n < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(errno));
-	return ret;
-    }
-    if (n == 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADAPPLVERS;
-    }
-    len = ntohl(len);
-    her_appl_version = malloc (len);
-    if (her_appl_version == NULL) {
-	repl = 2;
-	krb5_net_write (context, p_fd, &repl, 1);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
-	|| !(*match_appl_version)(match_data, her_appl_version)) {
-	repl = 2;
-	krb5_net_write (context, p_fd, &repl, 1);
-	krb5_set_error_string (context, "wrong sendauth version (%s)",
-			       her_appl_version);
-	free (her_appl_version);
-	return KRB5_SENDAUTH_BADAPPLVERS;
-    }
-    free (her_appl_version);
-
-    repl = 0;
-    if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(errno));
-	return ret;
-    }
-
-    krb5_data_zero (&data);
-    ret = krb5_read_message (context, p_fd, &data);
-    if (ret)
-	return ret;
-
-    ret = krb5_rd_req (context,
-		       auth_context,
-		       &data,
-		       server,
-		       keytab,
-		       &ap_options,
-		       ticket);
-    krb5_data_free (&data);
-    if (ret) {
-	krb5_data error_data;
-	krb5_error_code ret2;
-
-	ret2 = krb5_mk_error (context,
-			      ret,
-			      NULL,
-			      NULL,
-			      NULL,
-			      server,
-			      NULL,
-			      NULL,
-			      &error_data);
-	if (ret2 == 0) {
-	    krb5_write_message (context, p_fd, &error_data);
-	    krb5_data_free (&error_data);
-	}
-	return ret;
-    }      
-
-    len = 0;
-    if (krb5_net_write (context, p_fd, &len, 4) != 4) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(errno));
-	return ret;
-    }
-
-    if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
-	ret = krb5_mk_rep (context, *auth_context, &data);
-	if (ret)
-	    return ret;
-
-	ret = krb5_write_message (context, p_fd, &data);
-	if (ret)
-	    return ret;
-	krb5_data_free (&data);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c
deleted file mode 100644
index 12894d9..0000000
--- a/crypto/heimdal/lib/krb5/replay.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <vis.h>
-
-RCSID("$Id: replay.c 17047 2006-04-10 17:13:49Z lha $");
-
-struct krb5_rcache_data {
-    char *name;
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve(krb5_context context,
-		krb5_rcache id,
-		const char *name)
-{
-    id->name = strdup(name);
-    if(id->name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_type(krb5_context context,
-		     krb5_rcache *id,
-		     const char *type)
-{
-    *id = NULL;
-    if(strcmp(type, "FILE")) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       type);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    *id = calloc(1, sizeof(**id));
-    if(*id == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_full(krb5_context context,
-		     krb5_rcache *id,
-		     const char *string_name)
-{
-    krb5_error_code ret;
-
-    *id = NULL;
-
-    if(strncmp(string_name, "FILE:", 5)) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       string_name);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    ret = krb5_rc_resolve_type(context, id, "FILE");
-    if(ret)
-	return ret;
-    ret = krb5_rc_resolve(context, *id, string_name + 5);
-    if (ret) {
-	krb5_rc_close(context, *id);
-	*id = NULL;
-    }
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_name(krb5_context context)
-{
-    return "FILE:/var/run/default_rcache";
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_type(krb5_context context)
-{
-    return "FILE";
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_default(krb5_context context,
-		krb5_rcache *id)
-{
-    return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
-}
-
-struct rc_entry{
-    time_t stamp;
-    unsigned char data[16];
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_initialize(krb5_context context,
-		   krb5_rcache id,
-		   krb5_deltat auth_lifespan)
-{
-    FILE *f = fopen(id->name, "w");
-    struct rc_entry tmp;
-    int ret;
-
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    tmp.stamp = auth_lifespan;
-    fwrite(&tmp, 1, sizeof(tmp), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_recover(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_destroy(krb5_context context,
-		krb5_rcache id)
-{
-    int ret;
-
-    if(remove(id->name) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "remove(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    return krb5_rc_close(context, id);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_close(krb5_context context,
-	      krb5_rcache id)
-{
-    free(id->name);
-    free(id);
-    return 0;
-}
-
-static void
-checksum_authenticator(Authenticator *auth, void *data)
-{
-    MD5_CTX md5;
-    int i;
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
-    for(i = 0; i < auth->cname.name_string.len; i++)
-	MD5_Update(&md5, auth->cname.name_string.val[i], 
-		   strlen(auth->cname.name_string.val[i]));
-    MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
-    MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
-    MD5_Final (data, &md5);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_store(krb5_context context,
-	      krb5_rcache id,
-	      krb5_donot_replay *rep)
-{
-    struct rc_entry ent, tmp;
-    time_t t;
-    FILE *f;
-    int ret;
-
-    ent.stamp = time(NULL);
-    checksum_authenticator(rep, ent.data);
-    f = fopen(id->name, "r");
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    fread(&tmp, sizeof(ent), 1, f);
-    t = ent.stamp - tmp.stamp;
-    while(fread(&tmp, sizeof(ent), 1, f)){
-	if(tmp.stamp < t)
-	    continue;
-	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
-	    fclose(f);
-	    krb5_clear_error_string (context);
-	    return KRB5_RC_REPLAY;
-	}
-    }
-    if(ferror(f)){
-	ret = errno;
-	fclose(f);
-	krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
-	return ret;
-    }
-    fclose(f);
-    f = fopen(id->name, "a");
-    if(f == NULL) {
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(errno));
-	return KRB5_RC_IO_UNKNOWN;
-    }
-    fwrite(&ent, 1, sizeof(ent), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_expunge(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_get_lifespan(krb5_context context,
-		     krb5_rcache id,
-		     krb5_deltat *auth_lifespan)
-{
-    FILE *f = fopen(id->name, "r");
-    int r;
-    struct rc_entry ent;
-    r = fread(&ent, sizeof(ent), 1, f);
-    fclose(f);
-    if(r){
-	*auth_lifespan = ent.stamp;
-	return 0;
-    }
-    krb5_clear_error_string (context);
-    return KRB5_RC_IO_UNKNOWN;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_name(krb5_context context,
-		 krb5_rcache id)
-{
-    return id->name;
-}
-		 
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_type(krb5_context context,
-		 krb5_rcache id)
-{
-    return "FILE";
-}
-		 
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_server_rcache(krb5_context context, 
-		       const krb5_data *piece, 
-		       krb5_rcache *id)
-{
-    krb5_rcache rcache;
-    krb5_error_code ret;
-
-    char *tmp = malloc(4 * piece->length + 1);
-    char *name;
-
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
-#ifdef HAVE_GETEUID
-    asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
-#else
-    asprintf(&name, "FILE:rc_%s", tmp);
-#endif
-    free(tmp);
-    if(name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_rc_resolve_full(context, &rcache, name);
-    free(name);
-    if(ret)
-	return ret;
-    *id = rcache;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c
deleted file mode 100644
index 2582a61..0000000
--- a/crypto/heimdal/lib/krb5/send_to_kdc.c
+++ /dev/null
@@ -1,604 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $");
-
-struct send_to_kdc {
-    krb5_send_to_kdc_func func;
-    void *data;
-};
-
-/*
- * send the data in `req' on the socket `fd' (which is datagram iff udp)
- * waiting `tmout' for a reply and returning the reply in `rep'.
- * iff limit read up to this many bytes
- * returns 0 and data in `rep' if succesful, otherwise -1
- */
-
-static int
-recv_loop (int fd,
-	   time_t tmout,
-	   int udp,
-	   size_t limit,
-	   krb5_data *rep)
-{
-     fd_set fdset;
-     struct timeval timeout;
-     int ret;
-     int nbytes;
-
-     if (fd >= FD_SETSIZE) {
-	 return -1;
-     }
-
-     krb5_data_zero(rep);
-     do {
-	 FD_ZERO(&fdset);
-	 FD_SET(fd, &fdset);
-	 timeout.tv_sec  = tmout;
-	 timeout.tv_usec = 0;
-	 ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
-	 if (ret < 0) {
-	     if (errno == EINTR)
-		 continue;
-	     return -1;
-	 } else if (ret == 0) {
-	     return 0;
-	 } else {
-	     void *tmp;
-
-	     if (ioctl (fd, FIONREAD, &nbytes) < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     if(nbytes <= 0)
-		 return 0;
-
-	     if (limit)
-		 nbytes = min(nbytes, limit - rep->length);
-
-	     tmp = realloc (rep->data, rep->length + nbytes);
-	     if (tmp == NULL) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->data = tmp;
-	     ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
-	     if (ret < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->length += ret;
-	 }
-     } while(!udp && (limit == 0 || rep->length < limit));
-     return 0;
-}
-
-/*
- * Send kerberos requests and receive a reply on a udp or any other kind
- * of a datagram socket.  See `recv_loop'.
- */
-
-static int
-send_and_recv_udp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    if (send (fd, req->data, req->length, 0) < 0)
-	return -1;
-
-    return recv_loop(fd, tmout, 1, 0, rep);
-}
-
-/*
- * `send_and_recv' for a TCP (or any other stream) socket.
- * Since there are no record limits on a stream socket the protocol here
- * is to prepend the request with 4 bytes of its length and the reply
- * is similarly encoded.
- */
-
-static int
-send_and_recv_tcp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    unsigned char len[4];
-    unsigned long rep_len;
-    krb5_data len_data;
-
-    _krb5_put_int(len, req->length, 4);
-    if(net_write(fd, len, sizeof(len)) < 0)
-	return -1;
-    if(net_write(fd, req->data, req->length) < 0)
-	return -1;
-    if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
-	return -1;
-    if (len_data.length != 4) {
-	krb5_data_free (&len_data);
-	return -1;
-    }
-    _krb5_get_int(len_data.data, &rep_len, 4);
-    krb5_data_free (&len_data);
-    if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
-	return -1;
-    if(rep->length != rep_len) {
-	krb5_data_free (rep);
-	return -1;
-    }
-    return 0;
-}
-
-int
-_krb5_send_and_recv_tcp(int fd,
-			time_t tmout,
-			const krb5_data *req,
-			krb5_data *rep)
-{
-    return send_and_recv_tcp(fd, tmout, req, rep);
-}
-
-/*
- * `send_and_recv' tailored for the HTTP protocol.
- */
-
-static int
-send_and_recv_http(int fd, 
-		   time_t tmout,
-		   const char *prefix,
-		   const krb5_data *req,
-		   krb5_data *rep)
-{
-    char *request;
-    char *str;
-    int ret;
-    int len = base64_encode(req->data, req->length, &str);
-
-    if(len < 0)
-	return -1;
-    asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
-    free(str);
-    if (request == NULL)
-	return -1;
-    ret = net_write (fd, request, strlen(request));
-    free (request);
-    if (ret < 0)
-	return ret;
-    ret = recv_loop(fd, tmout, 0, 0, rep);
-    if(ret)
-	return ret;
-    {
-	unsigned long rep_len;
-	char *s, *p;
-
-	s = realloc(rep->data, rep->length + 1);
-	if (s == NULL) {
-	    krb5_data_free (rep);
-	    return -1;
-	}
-	s[rep->length] = 0;
-	p = strstr(s, "\r\n\r\n");
-	if(p == NULL) {
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	p += 4;
-	rep->data = s;
-	rep->length -= p - s;
-	if(rep->length < 4) { /* remove length */
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	rep->length -= 4;
-	_krb5_get_int(p, &rep_len, 4);
-	if (rep_len != rep->length) {
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	memmove(rep->data, p + 4, rep->length);
-    }
-    return 0;
-}
-
-static int
-init_port(const char *s, int fallback)
-{
-    if (s) {
-	int tmp;
-
-	sscanf (s, "%d", &tmp);
-	return htons(tmp);
-    } else
-	return fallback;
-}
-
-/*
- * Return 0 if succesful, otherwise 1
- */
-
-static int
-send_via_proxy (krb5_context context,
-		const krb5_krbhst_info *hi,
-		const krb5_data *send_data,
-		krb5_data *receive)
-{
-    char *proxy2 = strdup(context->http_proxy);
-    char *proxy  = proxy2;
-    char *prefix;
-    char *colon;
-    struct addrinfo hints;
-    struct addrinfo *ai, *a;
-    int ret;
-    int s = -1;
-    char portstr[NI_MAXSERV];
-		 
-    if (proxy == NULL)
-	return ENOMEM;
-    if (strncmp (proxy, "http://", 7) == 0)
-	proxy += 7;
-
-    colon = strchr(proxy, ':');
-    if(colon != NULL)
-	*colon++ = '\0';
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_family   = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    snprintf (portstr, sizeof(portstr), "%d",
-	      ntohs(init_port (colon, htons(80))));
-    ret = getaddrinfo (proxy, portstr, &hints, &ai);
-    free (proxy2);
-    if (ret)
-	return krb5_eai_to_heim_errno(ret, errno);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	return 1;
-    }
-    freeaddrinfo (ai);
-
-    asprintf(&prefix, "http://%s/", hi->hostname);
-    if(prefix == NULL) {
-	close(s);
-	return 1;
-    }
-    ret = send_and_recv_http(s, context->kdc_timeout,
-			     prefix, send_data, receive);
-    close (s);
-    free(prefix);
-    if(ret == 0 && receive->length != 0)
-	return 0;
-    return 1;
-}
-
-/*
- * Send the data `send' to one host from `handle` and get back the reply
- * in `receive'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto (krb5_context context,
-	     const krb5_data *send_data,
-	     krb5_krbhst_handle handle,	     
-	     krb5_data *receive)
-{
-     krb5_error_code ret;
-     int fd;
-     int i;
-
-     krb5_data_zero(receive);
-
-     for (i = 0; i < context->max_retries; ++i) {
-	 krb5_krbhst_info *hi;
-
-	 while (krb5_krbhst_next(context, handle, &hi) == 0) {
-	     struct addrinfo *ai, *a;
-
-	     if (context->send_to_kdc) {
-		 struct send_to_kdc *s = context->send_to_kdc;
-
-		 ret = (*s->func)(context, s->data, 
-				  hi, send_data, receive);
-		 if (ret == 0 && receive->length != 0)
-		     goto out;
-		 continue;
-	     }
-
-	     if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
-		 if (send_via_proxy (context, hi, send_data, receive) == 0) {
-		     ret = 0;
-		     goto out;
-		 }
-		 continue;
-	     }
-
-	     ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	     if (ret)
-		 continue;
-
-	     for (a = ai; a != NULL; a = a->ai_next) {
-		 fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-		 if (fd < 0)
-		     continue;
-		 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
-		     close (fd);
-		     continue;
-		 }
-		 switch (hi->proto) {
-		 case KRB5_KRBHST_HTTP :
-		     ret = send_and_recv_http(fd, context->kdc_timeout,
-					      "", send_data, receive);
-		     break;
-		 case KRB5_KRBHST_TCP :
-		     ret = send_and_recv_tcp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 case KRB5_KRBHST_UDP :
-		     ret = send_and_recv_udp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 }
-		 close (fd);
-		 if(ret == 0 && receive->length != 0)
-		     goto out;
-	     }
-	 }
-	 krb5_krbhst_reset(context, handle);
-     }
-     krb5_clear_error_string (context);
-     ret = KRB5_KDC_UNREACH;
-out:
-     return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc(krb5_context context,
-		const krb5_data *send_data,
-		const krb5_realm *realm,
-		krb5_data *receive)
-{
-    return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc_flags(krb5_context context,
-		      const krb5_data *send_data,
-		      const krb5_realm *realm,
-		      krb5_data *receive,
-		      int flags)
-{
-    krb5_error_code ret;
-    krb5_sendto_ctx ctx;
-
-    ret = krb5_sendto_ctx_alloc(context, &ctx);
-    if (ret)
-	return ret;
-    krb5_sendto_ctx_add_flags(ctx, flags);
-    krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL);
-
-    ret = krb5_sendto_context(context, ctx, send_data, *realm, receive);
-    krb5_sendto_ctx_free(context, ctx);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_send_to_kdc_func(krb5_context context, 
-			  krb5_send_to_kdc_func func,
-			  void *data)
-{
-    free(context->send_to_kdc);
-    if (func == NULL) {
-	context->send_to_kdc = NULL;
-	return 0;
-    }
-
-    context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
-    if (context->send_to_kdc == NULL) {
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-
-    context->send_to_kdc->func = func;
-    context->send_to_kdc->data = data;
-    return 0;
-}
-
-struct krb5_sendto_ctx_data {
-    int flags;
-    int type;
-    krb5_sendto_ctx_func func;
-    void *data;
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
-{
-    ctx->flags |= flags;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
-{
-    return ctx->flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
-{
-    ctx->type = type;
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
-			 krb5_sendto_ctx_func func,
-			 void *data)
-{
-    ctx->func = func;
-    ctx->data = data;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
-{
-    memset(ctx, 0, sizeof(*ctx));
-    free(ctx);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_context(krb5_context context,
-		    krb5_sendto_ctx ctx,
-		    const krb5_data *send_data,
-		    const krb5_realm realm,
-		    krb5_data *receive)
-{
-    krb5_error_code ret;
-    krb5_krbhst_handle handle = NULL;
-    int type, freectx = 0;
-    int action;
-
-    krb5_data_zero(receive);
-
-    if (ctx == NULL) {
-	freectx = 1;
-	ret = krb5_sendto_ctx_alloc(context, &ctx);
-	if (ret)
-	    return ret;
-    }
-
-    type = ctx->type;
-    if (type == 0) {
-	if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc)
-	    type = KRB5_KRBHST_ADMIN;
-	else
-	    type = KRB5_KRBHST_KDC;
-    }
-
-    if (send_data->length > context->large_msg_size)
-	ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
-
-    /* loop until we get back a appropriate response */
-
-    do {
-	action = KRB5_SENDTO_DONE;
-
-	krb5_data_free(receive);
-
-	if (handle == NULL) {
-	    ret = krb5_krbhst_init_flags(context, realm, type, 
-					 ctx->flags, &handle);
-	    if (ret) {
-		if (freectx)
-		    krb5_sendto_ctx_free(context, ctx);
-		return ret;
-	    }
-	}
-    
-	ret = krb5_sendto(context, send_data, handle, receive);
-	if (ret)
-	    break;
-	if (ctx->func) {
-	    ret = (*ctx->func)(context, ctx, ctx->data, receive, &action);
-	    if (ret)
-		break;
-	}
-	if (action != KRB5_SENDTO_CONTINUE) {
-	    krb5_krbhst_free(context, handle);
-	    handle = NULL;
-	}
-    } while (action != KRB5_SENDTO_DONE);
-    if (handle)
-	krb5_krbhst_free(context, handle);
-    if (ret == KRB5_KDC_UNREACH)
-	krb5_set_error_string(context, 
-			      "unable to reach any KDC in realm %s", realm);
-    if (ret)
-	krb5_data_free(receive);
-    if (freectx)
-	krb5_sendto_ctx_free(context, ctx);
-    return ret;
-}
-
-krb5_error_code
-_krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data,
-		const krb5_data *reply, int *action)
-{
-    krb5_error_code ret;
-    KRB_ERROR error;
-
-    if(krb5_rd_error(context, reply, &error))
-	return 0;
-
-    ret = krb5_error_from_rd_error(context, &error, NULL);
-    krb5_free_error_contents(context, &error);
-
-    switch(ret) {
-    case KRB5KRB_ERR_RESPONSE_TOO_BIG: {
-	if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG)
-	    break;
-	krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG);
-	*action = KRB5_SENDTO_RESTART;
-	break;
-    }
-    case KRB5KDC_ERR_SVC_UNAVAILABLE:
-	*action = KRB5_SENDTO_CONTINUE;
-	break;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c
deleted file mode 100644
index a7242f0..0000000
--- a/crypto/heimdal/lib/krb5/sendauth.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sendauth.c 17442 2006-05-05 09:31:15Z lha $");
-
-/*
- * The format seems to be:
- * client -> server
- *
- * 4 bytes - length
- * KRB5_SENDAUTH_V1.0 (including zero)
- * 4 bytes - length
- * protocol string (with terminating zero)
- *
- * server -> client
- * 1 byte - (0 = OK, else some kind of error)
- *
- * client -> server
- * 4 bytes - length
- * AP-REQ
- *
- * server -> client
- * 4 bytes - length (0 = OK, else length of error)
- * (error)
- *
- * if(mutual) {
- * server -> client
- * 4 bytes - length
- * AP-REP
- * }
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal client,
-	      krb5_principal server,
-	      krb5_flags ap_req_options,
-	      krb5_data *in_data,
-	      krb5_creds *in_creds,
-	      krb5_ccache ccache,
-	      krb5_error **ret_error,
-	      krb5_ap_rep_enc_part **rep_result,
-	      krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    uint32_t len, net_len;
-    const char *version = KRB5_SENDAUTH_VERSION;
-    u_char repl;
-    krb5_data ap_req, error_data;
-    krb5_creds this_cred;
-    krb5_principal this_client = NULL;
-    krb5_creds *creds;
-    ssize_t sret;
-    krb5_boolean my_ccache = FALSE;
-
-    len = strlen(version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    len = strlen(appl_version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, appl_version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
-    if (sret < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(ret));
-	return ret;
-    } else if (sret != sizeof(repl)) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADRESPONSE;
-    }
-
-    if (repl != 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_REJECTED;
-    }
-
-    if (in_creds == NULL) {
-	if (ccache == NULL) {
-	    ret = krb5_cc_default (context, &ccache);
-	    if (ret)
-		return ret;
-	    my_ccache = TRUE;
-	}
-
-	if (client == NULL) {
-	    ret = krb5_cc_get_principal (context, ccache, &this_client);
-	    if (ret) {
-		if(my_ccache)
-		    krb5_cc_close(context, ccache);
-		return ret;
-	    }
-	    client = this_client;
-	}
-	memset(&this_cred, 0, sizeof(this_cred));
-	this_cred.client = client;
-	this_cred.server = server;
-	this_cred.times.endtime = 0;
-	this_cred.ticket.length = 0;
-	in_creds = &this_cred;
-    }
-    if (in_creds->ticket.length == 0) {
-	ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
-	if (ret) {
-	    if(my_ccache)
-		krb5_cc_close(context, ccache);
-	    return ret;
-	}
-    } else {
-	creds = in_creds;
-    }
-    if(my_ccache)
-	krb5_cc_close(context, ccache);
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				creds,
-				&ap_req);
-
-    if (out_creds)
-	*out_creds = creds;
-    else
-	krb5_free_creds(context, creds);
-    if(this_client)
-	krb5_free_principal(context, this_client);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_write_message (context,
-			      p_fd,
-			      &ap_req);
-    if (ret)
-	return ret;
-
-    krb5_data_free (&ap_req);
-
-    ret = krb5_read_message (context, p_fd, &error_data);
-    if (ret)
-	return ret;
-
-    if (error_data.length != 0) {
-	KRB_ERROR error;
-
-	ret = krb5_rd_error (context, &error_data, &error);
-	krb5_data_free (&error_data);
-	if (ret == 0) {
-	    ret = krb5_error_from_rd_error(context, &error, NULL);
-	    if (ret_error != NULL) {
-		*ret_error = malloc (sizeof(krb5_error));
-		if (*ret_error == NULL) {
-		    krb5_free_error_contents (context, &error);
-		} else {
-		    **ret_error = error;
-		}
-	    } else {
-		krb5_free_error_contents (context, &error);
-	    }
-	    return ret;
-	} else {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-    }
-
-    if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
-	krb5_data ap_rep;
-	krb5_ap_rep_enc_part *ignore;
-
-	krb5_data_zero (&ap_rep);
-	ret = krb5_read_message (context,
-				 p_fd,
-				 &ap_rep);
-	if (ret)
-	    return ret;
-
-	ret = krb5_rd_rep (context, *auth_context, &ap_rep,
-			   rep_result ? rep_result : &ignore);
-	krb5_data_free (&ap_rep);
-	if (ret)
-	    return ret;
-	if (rep_result == NULL)
-	    krb5_free_ap_rep_enc_part (context, ignore);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c
deleted file mode 100644
index 98040bc..0000000
--- a/crypto/heimdal/lib/krb5/set_default_realm.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: set_default_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Convert the simple string `s' into a NULL-terminated and freshly allocated 
- * list in `list'.  Return an error code.
- */
-
-static krb5_error_code
-string_to_list (krb5_context context, const char *s, krb5_realm **list)
-{
-
-    *list = malloc (2 * sizeof(**list));
-    if (*list == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[0] = strdup (s);
-    if ((*list)[0] == NULL) {
-	free (*list);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[1] = NULL;
-    return 0;
-}
-
-/*
- * Set the knowledge of the default realm(s) in `context'.
- * If realm != NULL, that's the new default realm.
- * Otherwise, the realm(s) are figured out from configuration or DNS.  
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_realm(krb5_context context,
-		       const char *realm)
-{
-    krb5_error_code ret = 0;
-    krb5_realm *realms = NULL;
-
-    if (realm == NULL) {
-	realms = krb5_config_get_strings (context, NULL,
-					  "libdefaults",
-					  "default_realm",
-					  NULL);
-	if (realms == NULL)
-	    ret = krb5_get_host_realm(context, NULL, &realms);
-    } else {
-	ret = string_to_list (context, realm, &realms);
-    }
-    if (ret)
-	return ret;
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = realms;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c
deleted file mode 100644
index 9b4ba97..0000000
--- a/crypto/heimdal/lib/krb5/sock_principal.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sock_principal.c 13863 2004-05-25 21:46:46Z lha $");
-			
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sock_to_principal (krb5_context context,
-			int sock,
-			const char *sname,
-			int32_t type,
-			krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    socklen_t salen = sizeof(__ss);
-    char hostname[NI_MAXHOST];
-
-    if (getsockname (sock, sa, &salen) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "getsockname: %s", strerror(ret));
-	return ret;
-    }
-    ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
-    if (ret) {
-	int save_errno = errno;
-
-	krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret));
-	return krb5_eai_to_heim_errno(ret, save_errno);
-    }
-
-    ret = krb5_sname_to_principal (context,
-				   hostname,
-				   sname,
-				   type,
-				   ret_princ);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store-int.h b/crypto/heimdal/lib/krb5/store-int.h
deleted file mode 100644
index 42e695a..0000000
--- a/crypto/heimdal/lib/krb5/store-int.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __store_int_h__
-#define __store_int_h__
-
-struct krb5_storage_data {
-    void *data;
-    ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t);
-    ssize_t (*store)(struct krb5_storage_data*, const void*, size_t);
-    off_t (*seek)(struct krb5_storage_data*, off_t, int);
-    void (*free)(struct krb5_storage_data*);
-    krb5_flags flags;
-    int eof_code;
-};
-
-#endif /* __store_int_h__ */
diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c
deleted file mode 100644
index aec2dfe..0000000
--- a/crypto/heimdal/lib/krb5/store-test.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: store-test.c 16344 2005-12-02 15:15:43Z lha $");
-
-static void
-print_data(unsigned char *data, size_t len)
-{
-    int i;
-    for(i = 0; i < len; i++) {
-	if(i > 0 && (i % 16) == 0)
-	    printf("\n            ");
-	printf("%02x ", data[i]);
-    }
-    printf("\n");
-}
-
-static int
-compare(const char *name, krb5_storage *sp, void *expected, size_t len)
-{
-    int ret = 0;
-    krb5_data data;
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    if(data.length != len || memcmp(data.data, expected, len) != 0) {
-	printf("%s mismatch\n", name);
-	printf("  Expected: ");
-	print_data(expected, len);
-	printf("  Actual:   ");
-	print_data(data.data, data.length);
-	ret++;
-    }
-    krb5_data_free(&data);
-    return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-    int nerr = 0;
-    krb5_storage *sp;
-    krb5_context context;
-    krb5_principal principal;
-	
-
-    krb5_init_context(&context);
-
-    sp = krb5_storage_emem();
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
-    krb5_store_int32(sp, 0x01020304);
-    {
-	int test = 1;
-	void *data;
-	if(*(char*)&test) 
-	    data = "\x4\x3\x2\x1";
-	else 
-	    data = "\x1\x2\x3\x4";
-	nerr += compare("Integer (host)", sp, data, 4);
-    }
-
-    sp = krb5_storage_emem();
-    krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
-    krb5_store_principal(sp, principal);
-    krb5_free_principal(context, principal);
-    nerr += compare("Principal", sp, "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x4TEST"
-		    "\x0\x0\x0\x6""foobar", 26);
-    
-    krb5_free_context(context);
-
-    return nerr ? 1 : 0;
-}
diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c
deleted file mode 100644
index c9cbbb5..0000000
--- a/crypto/heimdal/lib/krb5/store.c
+++ /dev/null
@@ -1,1035 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $");
-
-#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
-#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
-#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
-#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
-			       krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags |= flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags &= ~flags;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
-{
-    return (sp->flags & flags) == flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
-    sp->flags |= byteorder;
-}
-
-krb5_flags KRB5_LIB_FUNCTION
-krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
-}
-
-off_t KRB5_LIB_FUNCTION
-krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    return (*sp->seek)(sp, offset, whence);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
-{
-    return sp->fetch(sp, buf, len);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
-{
-    return sp->store(sp, buf, len);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_eof_code(krb5_storage *sp, int code)
-{
-    sp->eof_code = code;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int(void *buffer, unsigned long value, size_t size)
-{
-    unsigned char *p = buffer;
-    int i;
-    for (i = size - 1; i >= 0; i--) {
-	p[i] = value & 0xff;
-	value >>= 8;
-    }
-    return size;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_get_int(void *buffer, unsigned long *value, size_t size)
-{
-    unsigned char *p = buffer;
-    unsigned long v = 0;
-    int i;
-    for (i = 0; i < size; i++)
-	v = (v << 8) + p[i];
-    *value = v;
-    return size;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_free(krb5_storage *sp)
-{
-    if(sp->free)
-	(*sp->free)(sp);
-    free(sp->data);
-    free(sp);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
-{
-    off_t pos;
-    size_t size;
-    krb5_error_code ret;
-
-    pos = sp->seek(sp, 0, SEEK_CUR);
-    size = (size_t)sp->seek(sp, 0, SEEK_END);
-    ret = krb5_data_alloc (data, size);
-    if (ret) {
-	sp->seek(sp, pos, SEEK_SET);
-	return ret;
-    }
-    if (size) {
-	sp->seek(sp, 0, SEEK_SET);
-	sp->fetch(sp, data->data, data->length);
-	sp->seek(sp, pos, SEEK_SET);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_store_int(krb5_storage *sp,
-	       int32_t value,
-	       size_t len)
-{
-    int ret;
-    unsigned char v[16];
-
-    if(len > sizeof(v))
-	return EINVAL;
-    _krb5_put_int(v, value, len);
-    ret = sp->store(sp, v, len);
-    if (ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int32(krb5_storage *sp,
-		 int32_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htonl(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap32(value);
-    return krb5_store_int(sp, value, 4);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint32(krb5_storage *sp,
-		  uint32_t value)
-{
-    return krb5_store_int32(sp, (int32_t)value);
-}
-
-static krb5_error_code
-krb5_ret_int(krb5_storage *sp,
-	     int32_t *value,
-	     size_t len)
-{
-    int ret;
-    unsigned char v[4];
-    unsigned long w;
-    ret = sp->fetch(sp, v, len);
-    if(ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    _krb5_get_int(v, &w, len);
-    *value = w;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int32(krb5_storage *sp,
-	       int32_t *value)
-{
-    krb5_error_code ret = krb5_ret_int(sp, value, 4);
-    if(ret)
-	return ret;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htonl(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap32(*value);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint32(krb5_storage *sp,
-		uint32_t *value)
-{
-    krb5_error_code ret;
-    int32_t v;
-
-    ret = krb5_ret_int32(sp, &v);
-    if (ret == 0)
-	*value = (uint32_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int16(krb5_storage *sp,
-		 int16_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htons(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap16(value);
-    return krb5_store_int(sp, value, 2);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint16(krb5_storage *sp,
-		  uint16_t value)
-{
-    return krb5_store_int16(sp, (int16_t)value);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int16(krb5_storage *sp,
-	       int16_t *value)
-{
-    int32_t v;
-    int ret;
-    ret = krb5_ret_int(sp, &v, 2);
-    if(ret)
-	return ret;
-    *value = v;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htons(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap16(*value);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint16(krb5_storage *sp,
-		uint16_t *value)
-{
-    krb5_error_code ret;
-    int16_t v;
-
-    ret = krb5_ret_int16(sp, &v);
-    if (ret == 0)
-	*value = (uint16_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int8(krb5_storage *sp,
-		int8_t value)
-{
-    int ret;
-
-    ret = sp->store(sp, &value, sizeof(value));
-    if (ret != sizeof(value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint8(krb5_storage *sp,
-		 uint8_t value)
-{
-    return krb5_store_int8(sp, (int8_t)value);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int8(krb5_storage *sp,
-	      int8_t *value)
-{
-    int ret;
-
-    ret = sp->fetch(sp, value, sizeof(*value));
-    if (ret != sizeof(*value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint8(krb5_storage *sp,
-	       uint8_t *value)
-{
-    krb5_error_code ret;
-    int8_t v;
-
-    ret = krb5_ret_int8(sp, &v);
-    if (ret == 0)
-	*value = (uint8_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_data(krb5_storage *sp,
-		krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int32(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = sp->store(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_data(krb5_storage *sp,
-	      krb5_data *data)
-{
-    int ret;
-    int32_t size;
-
-    ret = krb5_ret_int32(sp, &size);
-    if(ret)
-	return ret;
-    ret = krb5_data_alloc (data, size);
-    if (ret)
-	return ret;
-    if (size) {
-	ret = sp->fetch(sp, data->data, size);
-	if(ret != size)
-	    return (ret < 0)? errno : sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_string(krb5_storage *sp, const char *s)
-{
-    krb5_data data;
-    data.length = strlen(s);
-    data.data = rk_UNCONST(s);
-    return krb5_store_data(sp, data);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_string(krb5_storage *sp,
-		char **string)
-{
-    int ret;
-    krb5_data data;
-    ret = krb5_ret_data(sp, &data);
-    if(ret)
-	return ret;
-    *string = realloc(data.data, data.length + 1);
-    if(*string == NULL){
-	free(data.data);
-	return ENOMEM;
-    }
-    (*string)[data.length] = 0;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringz(krb5_storage *sp, const char *s)
-{
-    size_t len = strlen(s) + 1;
-    ssize_t ret;
-
-    ret = sp->store(sp, s, len);
-    if(ret != len) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringz(krb5_storage *sp,
-		char **string)
-{
-    char c;
-    char *s = NULL;
-    size_t len = 0;
-    ssize_t ret;
-
-    while((ret = sp->fetch(sp, &c, 1)) == 1){
-	char *tmp;
-
-	len++;
-	tmp = realloc (s, len);
-	if (tmp == NULL) {
-	    free (s);
-	    return ENOMEM;
-	}
-	s = tmp;
-	s[len - 1] = c;
-	if(c == 0)
-	    break;
-    }
-    if(ret != 1){
-	free(s);
-	if(ret == 0)
-	    return sp->eof_code;
-	return ret;
-    }
-    *string = s;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringnl(krb5_storage *sp, const char *s)
-{
-    size_t len = strlen(s);
-    ssize_t ret;
-
-    ret = sp->store(sp, s, len);
-    if(ret != len) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-    ret = sp->store(sp, "\n", 1);
-    if(ret != 1) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-
-    return 0;
-
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringnl(krb5_storage *sp,
-		  char **string)
-{
-    int expect_nl = 0;
-    char c;
-    char *s = NULL;
-    size_t len = 0;
-    ssize_t ret;
-
-    while((ret = sp->fetch(sp, &c, 1)) == 1){
-	char *tmp;
-
-	if (c == '\r') {
-	    expect_nl = 1;
-	    continue;
-	}
-	if (expect_nl && c != '\n') {
-	    free(s);
-	    return KRB5_BADMSGTYPE;
-	}
-
-	len++;
-	tmp = realloc (s, len);
-	if (tmp == NULL) {
-	    free (s);
-	    return ENOMEM;
-	}
-	s = tmp;
-	if(c == '\n') {
-	    s[len - 1] = '\0';
-	    break;
-	}
-	s[len - 1] = c;
-    }
-    if(ret != 1){
-	free(s);
-	if(ret == 0)
-	    return sp->eof_code;
-	return ret;
-    }
-    *string = s;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_principal(krb5_storage *sp,
-		     krb5_const_principal p)
-{
-    int i;
-    int ret;
-
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-	ret = krb5_store_int32(sp, p->name.name_type);
-	if(ret) return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int32(sp, p->name.name_string.len + 1);
-    else
-	ret = krb5_store_int32(sp, p->name.name_string.len);
-    
-    if(ret) return ret;
-    ret = krb5_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_store_string(sp, p->name.name_string.val[i]);
-	if(ret) return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_principal(krb5_storage *sp,
-		   krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int32_t type;
-    int32_t ncomp;
-    
-    p = calloc(1, sizeof(*p));
-    if(p == NULL)
-	return ENOMEM;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	type = KRB5_NT_UNKNOWN;
-    else if((ret = krb5_ret_int32(sp, &type))){
-	free(p);
-	return ret;
-    }
-    if((ret = krb5_ret_int32(sp, &ncomp))){
-	free(p);
-	return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ncomp--;
-    if (ncomp < 0) {
-	free(p);
-	return EINVAL;
-    }
-    p->name.name_type = type;
-    p->name.name_string.len = ncomp;
-    ret = krb5_ret_string(sp, &p->realm);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL && ncomp != 0){
-	free(p->realm);
-	free(p);
-	return ENOMEM;
-    }
-    for(i = 0; i < ncomp; i++){
-	ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
-	if(ret) {
-	    while (i >= 0)
-		free(p->name.name_string.val[i--]);
-	    free(p->realm);
-	    free(p);
-	    return ret;
-	}
-    }
-    *princ = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-	/* this should really be enctype, but it is the same as
-           keytype nowadays */
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-    }
-
-    ret = krb5_store_data(sp, p.keyvalue);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    p->keytype = tmp;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    }
-
-    ret = krb5_ret_data(sp, &p->keyvalue);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_times(krb5_storage *sp, krb5_times times)
-{
-    int ret;
-    ret = krb5_store_int32(sp, times.authtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.starttime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.endtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.renew_till);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_times(krb5_storage *sp, krb5_times *times)
-{
-    int ret;
-    int32_t tmp;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->authtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->starttime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->endtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->renew_till = tmp;
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_address(krb5_storage *sp, krb5_address p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.addr_type);
-    if(ret) return ret;
-    ret = krb5_store_data(sp, p.address);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_address(krb5_storage *sp, krb5_address *adr)
-{
-    int16_t t;
-    int ret;
-    ret = krb5_ret_int16(sp, &t);
-    if(ret) return ret;
-    adr->addr_type = t;
-    ret = krb5_ret_data(sp, &adr->address);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
-{
-    int i;
-    int ret;
-    ret = krb5_store_int32(sp, p.len);
-    if(ret) return ret;
-    for(i = 0; i<p.len; i++){
-	ret = krb5_store_address(sp, p.val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
-{
-    int i;
-    int ret;
-    int32_t tmp;
-
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    adr->len = tmp;
-    ALLOC(adr->val, adr->len);
-    if (adr->val == NULL && adr->len != 0)
-	return ENOMEM;
-    for(i = 0; i < adr->len; i++){
-	ret = krb5_ret_address(sp, &adr->val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
-{
-    krb5_error_code ret;
-    int i;
-    ret = krb5_store_int32(sp, auth.len);
-    if(ret) return ret;
-    for(i = 0; i < auth.len; i++){
-	ret = krb5_store_int16(sp, auth.val[i].ad_type);
-	if(ret) break;
-	ret = krb5_store_data(sp, auth.val[i].ad_data);
-	if(ret) break;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
-{
-    krb5_error_code ret;
-    int32_t tmp;
-    int16_t tmp2;
-    int i;
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    ALLOC_SEQ(auth, tmp);
-    if (auth->val == NULL && tmp != 0)
-	return ENOMEM;
-    for(i = 0; i < tmp; i++){
-	ret = krb5_ret_int16(sp, &tmp2);
-	if(ret) break;
-	auth->val[i].ad_type = tmp2;
-	ret = krb5_ret_data(sp, &auth->val[i].ad_data);
-	if(ret) break;
-    }
-    return ret;
-}
-
-static int32_t
-bitswap32(int32_t b)
-{
-    int32_t r = 0;
-    int i;
-    for (i = 0; i < 32; i++) {
-	r = r << 1 | (b & 1);
-	b = b >> 1;
-    }
-    return r;
-}
-
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    int ret;
-
-    ret = krb5_store_principal(sp, creds->client);
-    if(ret)
-	return ret;
-    ret = krb5_store_principal(sp, creds->server);
-    if(ret)
-	return ret;
-    ret = krb5_store_keyblock(sp, creds->session);
-    if(ret)
-	return ret;
-    ret = krb5_store_times(sp, creds->times);
-    if(ret)
-	return ret;
-    ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
-    if(ret)
-	return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
-	ret = krb5_store_int32(sp, creds->flags.i);
-    else
-	ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
-    if(ret)
-	return ret;
-
-    ret = krb5_store_addrs(sp, creds->addresses);
-    if(ret)
-	return ret;
-    ret = krb5_store_authdata(sp, creds->authdata);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->ticket);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->second_ticket);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    krb5_error_code ret;
-    int8_t dummy8;
-    int32_t dummy32;
-
-    memset(creds, 0, sizeof(*creds));
-    ret = krb5_ret_principal (sp,  &creds->client);
-    if(ret) goto cleanup;
-    ret = krb5_ret_principal (sp,  &creds->server);
-    if(ret) goto cleanup;
-    ret = krb5_ret_keyblock (sp,  &creds->session);
-    if(ret) goto cleanup;
-    ret = krb5_ret_times (sp,  &creds->times);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int8 (sp,  &dummy8);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int32 (sp,  &dummy32);
-    if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
-    ret = krb5_ret_addrs (sp,  &creds->addresses);
-    if(ret) goto cleanup;
-    ret = krb5_ret_authdata (sp,  &creds->authdata);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->ticket);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->second_ticket);
-cleanup:
-    if(ret) {
-#if 0	
-	krb5_free_cred_contents(context, creds); /* XXX */
-#endif
-    }
-    return ret;
-}
-
-#define SC_CLIENT_PRINCIPAL	    0x0001
-#define SC_SERVER_PRINCIPAL	    0x0002
-#define SC_SESSION_KEY		    0x0004
-#define SC_TICKET		    0x0008
-#define SC_SECOND_TICKET	    0x0010
-#define SC_AUTHDATA		    0x0020
-#define SC_ADDRESSES		    0x0040
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
-{
-    int ret;
-    int32_t header = 0;
-
-    if (creds->client)
-	header |= SC_CLIENT_PRINCIPAL;
-    if (creds->server)
-	header |= SC_SERVER_PRINCIPAL;
-    if (creds->session.keytype != ETYPE_NULL)
-	header |= SC_SESSION_KEY;
-    if (creds->ticket.data)
-	header |= SC_TICKET;
-    if (creds->second_ticket.length)
-	header |= SC_SECOND_TICKET;
-    if (creds->authdata.len)
-	header |= SC_AUTHDATA;
-    if (creds->addresses.len)
-	header |= SC_ADDRESSES;
-
-    ret = krb5_store_int32(sp, header);
-
-    if (creds->client) {
-	ret = krb5_store_principal(sp, creds->client);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->server) {
-	ret = krb5_store_principal(sp, creds->server);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->session.keytype != ETYPE_NULL) {
-	ret = krb5_store_keyblock(sp, creds->session);
-	if(ret)
-	    return ret;
-    }
-
-    ret = krb5_store_times(sp, creds->times);
-    if(ret)
-	return ret;
-    ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
-    if(ret)
-	return ret;
-
-    ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
-    if(ret)
-	return ret;
-
-    if (creds->addresses.len) {
-	ret = krb5_store_addrs(sp, creds->addresses);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->authdata.len) {
-	ret = krb5_store_authdata(sp, creds->authdata);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->ticket.data) {
-	ret = krb5_store_data(sp, creds->ticket);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->second_ticket.data) {
-	ret = krb5_store_data(sp, creds->second_ticket);
-	if (ret)
-	    return ret;
-    }
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds_tag(krb5_storage *sp,
-		   krb5_creds *creds)
-{
-    krb5_error_code ret;
-    int8_t dummy8;
-    int32_t dummy32, header;
-
-    memset(creds, 0, sizeof(*creds));
-
-    ret = krb5_ret_int32 (sp, &header);
-    if (ret) goto cleanup;
-
-    if (header & SC_CLIENT_PRINCIPAL) {
-	ret = krb5_ret_principal (sp,  &creds->client);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SERVER_PRINCIPAL) {
-	ret = krb5_ret_principal (sp,  &creds->server);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SESSION_KEY) {
-	ret = krb5_ret_keyblock (sp,  &creds->session);
-	if(ret) goto cleanup;
-    }
-    ret = krb5_ret_times (sp,  &creds->times);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int8 (sp,  &dummy8);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int32 (sp,  &dummy32);
-    if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
-    if (header & SC_ADDRESSES) {
-	ret = krb5_ret_addrs (sp,  &creds->addresses);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_AUTHDATA) {
-	ret = krb5_ret_authdata (sp,  &creds->authdata);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_TICKET) {
-	ret = krb5_ret_data (sp,  &creds->ticket);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SECOND_TICKET) {
-	ret = krb5_ret_data (sp,  &creds->second_ticket);
-	if(ret) goto cleanup;
-    }
-
-cleanup:
-    if(ret) {
-#if 0	
-	krb5_free_cred_contents(context, creds); /* XXX */
-#endif
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c
deleted file mode 100644
index b59a647..0000000
--- a/crypto/heimdal/lib/krb5/store_emem.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_emem.c 21745 2007-07-31 16:11:25Z lha $");
-
-typedef struct emem_storage{
-    unsigned char *base;
-    size_t size;
-    size_t len;
-    unsigned char *ptr;
-}emem_storage;
-
-static ssize_t
-emem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(s->base + s->len - s->ptr < size)
-	size = s->base + s->len - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-emem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr){
-	void *base;
-	size_t sz, off;
-	off = s->ptr - s->base;
-	sz = off + size;
-	if (sz < 4096)
-	    sz *= 2;
-	base = realloc(s->base, sz);
-	if(base == NULL)
-	    return 0;
-	s->size = sz;
-	s->base = base;
-	s->ptr = (unsigned char*)base + off;
-    }
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static off_t
-emem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	if(offset > s->len)
-	    s->len = offset;
-	break;
-    case SEEK_CUR:
-	sp->seek(sp,s->ptr - s->base + offset, SEEK_SET);
-	break;
-    case SEEK_END:
-	sp->seek(sp, s->len + offset, SEEK_SET);
-	break;
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-static void
-emem_free(krb5_storage *sp)
-{
-    emem_storage *s = sp->data;
-    memset(s->base, 0, s->len);
-    free(s->base);
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_emem(void)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    if (sp == NULL)
-	return NULL;
-    emem_storage *s = malloc(sizeof(*s));
-    if (s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->size = 1024;
-    s->base = malloc(s->size);
-    if (s->base == NULL) {
-	free(sp);
-	free(s);
-	return NULL;
-    }
-    s->len = 0;
-    s->ptr = s->base;
-    sp->fetch = emem_fetch;
-    sp->store = emem_store;
-    sp->seek = emem_seek;
-    sp->free = emem_free;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c
deleted file mode 100644
index 15f86fc..0000000
--- a/crypto/heimdal/lib/krb5/store_fd.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $");
-
-typedef struct fd_storage {
-    int fd;
-} fd_storage;
-
-#define FD(S) (((fd_storage*)(S)->data)->fd)
-
-static ssize_t
-fd_fetch(krb5_storage * sp, void *data, size_t size)
-{
-    return net_read(FD(sp), data, size);
-}
-
-static ssize_t
-fd_store(krb5_storage * sp, const void *data, size_t size)
-{
-    return net_write(FD(sp), data, size);
-}
-
-static off_t
-fd_seek(krb5_storage * sp, off_t offset, int whence)
-{
-    return lseek(FD(sp), offset, whence);
-}
-
-static void
-fd_free(krb5_storage * sp)
-{
-    close(FD(sp));
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd(int fd)
-{
-    krb5_storage *sp;
-
-    fd = dup(fd);
-    if (fd < 0)
-	return NULL;
-
-    sp = malloc(sizeof(krb5_storage));
-    if (sp == NULL) {
-	close(fd);
-	return NULL;
-    }
-
-    sp->data = malloc(sizeof(fd_storage));
-    if (sp->data == NULL) {
-	close(fd);
-	free(sp);
-	return NULL;
-    }
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    FD(sp) = fd;
-    sp->fetch = fd_fetch;
-    sp->store = fd_store;
-    sp->seek = fd_seek;
-    sp->free = fd_free;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_mem.c b/crypto/heimdal/lib/krb5/store_mem.c
deleted file mode 100644
index e6e62b5..0000000
--- a/crypto/heimdal/lib/krb5/store_mem.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $");
-
-typedef struct mem_storage{
-    unsigned char *base;
-    size_t size;
-    unsigned char *ptr;
-}mem_storage;
-
-static ssize_t
-mem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-mem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-mem_no_store(krb5_storage *sp, const void *data, size_t size)
-{
-    return -1;
-}
-
-static off_t
-mem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	break;
-    case SEEK_CUR:
-	return sp->seek(sp, s->ptr - s->base + offset, SEEK_SET);
-    case SEEK_END:
-	return sp->seek(sp, s->size + offset, SEEK_SET);
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_mem(void *buf, size_t len)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    mem_storage *s;
-    if(sp == NULL)
-	return NULL;
-    s = malloc(sizeof(*s));
-    if(s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->base = buf;
-    s->size = len;
-    s->ptr = buf;
-    sp->fetch = mem_fetch;
-    sp->store = mem_store;
-    sp->seek = mem_seek;
-    sp->free = NULL;
-    return sp;
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_data(krb5_data *data)
-{
-    return krb5_storage_from_mem(data->data, data->length);
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_readonly_mem(const void *buf, size_t len)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    mem_storage *s;
-    if(sp == NULL)
-	return NULL;
-    s = malloc(sizeof(*s));
-    if(s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->base = rk_UNCONST(buf);
-    s->size = len;
-    s->ptr = rk_UNCONST(buf);
-    sp->fetch = mem_fetch;
-    sp->store = mem_no_store;
-    sp->seek = mem_seek;
-    sp->free = NULL;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c
deleted file mode 100644
index 30075ea..0000000
--- a/crypto/heimdal/lib/krb5/string-to-key-test.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: string-to-key-test.c 16344 2005-12-02 15:15:43Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *principal_name;
-    const char *password;
-    krb5_enctype enctype;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"@", "", ETYPE_DES_CBC_MD5,
-     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}},
-    {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5,
-     {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5,
-     {0x5b, 0x9b, 0xcb, 0xf2, 0x97, 0x43, 0xc8, 0x40}},
-#if 0
-    {"@", "", ETYPE_DES3_CBC_SHA1,
-     {0xce, 0xa2, 0x2f, 0x9b, 0x52, 0x2c, 0xb0, 0x15, 0x6e, 0x6b, 0x64,
-      0x73, 0x62, 0x64, 0x73, 0x4f, 0x6e, 0x73, 0xce, 0xa2, 0x2f, 0x9b,
-      0x52, 0x57}},
-#endif
-    {"nisse@FOO.SE", "hej", ETYPE_DES3_CBC_SHA1,
-     {0x0e, 0xbc, 0x23, 0x9d, 0x68, 0x46, 0xf2, 0xd5, 0x51, 0x98, 0x5b,
-      0x57, 0xc1, 0x57, 0x01, 0x79, 0x04, 0xc4, 0xe9, 0xfe, 0xc1, 0x0e,
-      0x13, 0xd0}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES3_CBC_SHA1,
-     {0x7f, 0x40, 0x67, 0xb9, 0xbc, 0xc4, 0x40, 0xfb, 0x43, 0x73, 0xd9,
-      0xd3, 0xcd, 0x7c, 0xc7, 0x67, 0xe6, 0x79, 0x94, 0xd0, 0xa8, 0x34,
-      0xdf, 0x62}},
-    {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
-     {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
-      0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5,
-     {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5,
-     {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5,
-     {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5,
-     {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}},
-    {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5,
-     {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}},
-    {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5,
-     {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1,
-     {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1,
-     {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1,
-     {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1,
-     {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}},
-    {NULL}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->principal_name; ++t) {
-	krb5_keyblock key;
-	krb5_principal principal;
-	int i;
-
-	ret = krb5_parse_name (context, t->principal_name, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->principal_name);
-	ret = krb5_string_to_key (context, t->enctype, t->password,
-				  principal, &key);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_string_to_key");
-	krb5_free_principal (context, principal);
-	if (memcmp (key.keyvalue.data, t->res, key.keyvalue.length) != 0) {
-	    const unsigned char *p = key.keyvalue.data;
-
-	    printf ("string_to_key(%s, %s) failed\n",
-		    t->principal_name, t->password);
-	    printf ("should be: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-	krb5_free_keyblock_contents(context, &key);
-    }
-    krb5_free_context(context);
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/test_acl.c b/crypto/heimdal/lib/krb5/test_acl.c
deleted file mode 100644
index e52f31a..0000000
--- a/crypto/heimdal/lib/krb5/test_acl.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_acl.c 15036 2005-04-30 15:19:58Z lha $");
-
-#define RETVAL(c, r, e, s) \
-	do { if (r != e) krb5_errx(c, 1, "%s", s); } while (0)
-#define STRINGMATCH(c, s, _s1, _s2) \
-	do {							\
-		if (_s1 == NULL || _s2 == NULL) 		\
-			krb5_errx(c, 1, "s1 or s2 is NULL");	\
-		if (strcmp(_s1,_s2) != 0) 			\
-			krb5_errx(c, 1, "%s", s);		\
-	} while (0)
-
-static void
-test_match_string(krb5_context context)
-{
-    krb5_error_code ret;
-    char *s1, *s2;
-
-    ret = krb5_acl_match_string(context, "foo", "s", "foo");
-    RETVAL(context, ret, 0, "single s");
-    ret = krb5_acl_match_string(context, "foo foo", "s", "foo");
-    RETVAL(context, ret, EACCES, "too many strings");
-    ret = krb5_acl_match_string(context, "foo bar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings");
-    ret = krb5_acl_match_string(context, "foo  bar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings double space");
-    ret = krb5_acl_match_string(context, "foo \tbar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings space + tab");
-    ret = krb5_acl_match_string(context, "foo", "ss", "foo", "bar");
-    RETVAL(context, ret, EACCES, "one string, two format strings");
-    ret = krb5_acl_match_string(context, "foo", "ss", "foo", "foo");
-    RETVAL(context, ret, EACCES, "one string, two format strings (same)");
-    ret = krb5_acl_match_string(context, "foo  \t", "s", "foo");
-    RETVAL(context, ret, 0, "ending space");
-
-    ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/bar");
-    RETVAL(context, ret, 0, "liternal fnmatch");
-    ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/*");
-    RETVAL(context, ret, 0, "foo/*");
-    ret = krb5_acl_match_string(context, "foo/bar/baz", "f", "foo/*/baz");
-    RETVAL(context, ret, 0, "foo/*/baz");
-
-    ret = krb5_acl_match_string(context, "foo", "r", &s1);
-    RETVAL(context, ret, 0, "ret 1");
-    STRINGMATCH(context, "ret 1 match", s1, "foo"); free(s1);
-
-    ret = krb5_acl_match_string(context, "foo bar", "rr", &s1, &s2);
-    RETVAL(context, ret, 0, "ret 2");
-    STRINGMATCH(context, "ret 2 match 1", s1, "foo"); free(s1);
-    STRINGMATCH(context, "ret 2 match 2", s2, "bar"); free(s2);
-
-    ret = krb5_acl_match_string(context, "foo bar", "sr", "bar", &s1);
-    RETVAL(context, ret, EACCES, "ret mismatch");
-    if (s1 != NULL) krb5_errx(context, 1, "s1 not NULL");
-
-    ret = krb5_acl_match_string(context, "foo", "l", "foo");
-    RETVAL(context, ret, EINVAL, "unknown letter");
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_match_string(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_addr.c b/crypto/heimdal/lib/krb5/test_addr.c
deleted file mode 100644
index 1ab47ae..0000000
--- a/crypto/heimdal/lib/krb5/test_addr.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_addr.c 15036 2005-04-30 15:19:58Z lha $");
-
-static void
-print_addr(krb5_context context, const char *addr)
-{
-    krb5_addresses addresses;
-    krb5_error_code ret;
-    char buf[38];
-    char buf2[1000];
-    size_t len;
-    int i;
-
-    ret = krb5_parse_address(context, addr, &addresses);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (addresses.len < 1)
-	krb5_err(context, 1, ret, "too few addresses");
-    
-    for (i = 0; i < addresses.len; i++) {
-	krb5_print_address(&addresses.val[i], buf, sizeof(buf), &len);
-#if 0
-	printf("addr %d: %s (%d/%d)\n", i, buf, (int)len, (int)strlen(buf)); 
-#endif
-	if (strlen(buf) > sizeof(buf))
-	    abort();
-	krb5_print_address(&addresses.val[i], buf2, sizeof(buf2), &len);
-#if 0
-	printf("addr %d: %s (%d/%d)\n", i, buf2, (int)len, (int)strlen(buf2)); 
-#endif
-	if (strlen(buf2) > sizeof(buf2))
-	    abort();
-
-    }
-    krb5_free_addresses(context, &addresses);
-
-}
-
-static void
-truncated_addr(krb5_context context, const char *addr, 
-	       size_t truncate_len, size_t outlen)
-{
-    krb5_addresses addresses;
-    krb5_error_code ret;
-    char *buf;
-    size_t len;
-
-    buf = ecalloc(1, outlen + 1);
-
-    ret = krb5_parse_address(context, addr, &addresses);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (addresses.len != 1)
-	krb5_err(context, 1, ret, "addresses should be one");
-    
-    krb5_print_address(&addresses.val[0], buf, truncate_len, &len);
-    
-#if 0
-    printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); 
-#endif
-    
-    if (truncate_len > strlen(buf) + 1)
-	abort();
-    if (outlen != len)
-	abort();
-    
-    krb5_print_address(&addresses.val[0], buf, outlen + 1, &len);
-
-#if 0
-    printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); 
-#endif
-
-    if (len != outlen)
-	abort();
-    if (strlen(buf) != len)
-	abort();
-
-    krb5_free_addresses(context, &addresses);
-    free(buf);
-}
-
-static void
-check_truncation(krb5_context context, const char *addr)
-{
-    int i, len = strlen(addr);
-
-    for (i = 0; i < len; i++)
-	truncated_addr(context, addr, i, len);
-}
-
-static void
-match_addr(krb5_context context, const char *range_addr, 
-	   const char *one_addr, int match)
-{
-    krb5_addresses range, one;
-    krb5_error_code ret;
-
-    ret = krb5_parse_address(context, range_addr, &range);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (range.len != 1)
-	krb5_err(context, 1, ret, "wrong num of addresses");
-    
-    ret = krb5_parse_address(context, one_addr, &one);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (one.len != 1)
-	krb5_err(context, 1, ret, "wrong num of addresses");
-
-    if (krb5_address_order(context, &range.val[0], &one.val[0]) == 0) {
-	if (!match)
-	    krb5_errx(context, 1, "match when one shouldn't be");
-    } else {
-	if (match)
-	    krb5_errx(context, 1, "no match when one should be");
-    }
-
-    krb5_free_addresses(context, &range);
-    krb5_free_addresses(context, &one);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    print_addr(context, "RANGE:127.0.0.0/8");
-    print_addr(context, "RANGE:127.0.0.0/24");
-    print_addr(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
-    print_addr(context, "RANGE:130.237.237.4/29");
-#ifdef HAVE_IPV6
-    print_addr(context, "RANGE:fe80::209:6bff:fea0:e522/64");
-    print_addr(context, "RANGE:IPv6:fe80::209:6bff:fea0:e522/64");
-    print_addr(context, "RANGE:IPv6:fe80::-IPv6:fe80::ffff:ffff:ffff:ffff");
-    print_addr(context, "RANGE:fe80::-fe80::ffff:ffff:ffff:ffff");
-#endif
-
-    check_truncation(context, "IPv4:127.0.0.0");
-    check_truncation(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
-#ifdef HAVE_IPV6
-    check_truncation(context, "IPv6:::1");
-    check_truncation(context, "IPv6:fe80::ffff:ffff:ffff:ffff");
-#endif
-
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:127.0.0.0", 1);
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:127.255.255.255", 1);
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:128.0.0.0", 0);
-
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.7", 0);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.8", 1);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.15", 1);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.16", 0);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c
deleted file mode 100644
index e8397b7..0000000
--- a/crypto/heimdal/lib/krb5/test_alname.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_alname.c 15474 2005-06-17 04:48:02Z lha $");
-
-static void
-test_alname(krb5_context context, krb5_const_realm realm,
-	    const char *user, const char *inst, 
-	    const char *localuser, int ok)
-{
-    krb5_principal p;
-    char localname[1024];
-    krb5_error_code ret;
-    char *princ;
-
-    ret = krb5_make_principal(context, &p, realm, user, inst, NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_build_principal");
-
-    ret = krb5_unparse_name(context, p, &princ);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
-    krb5_free_principal(context, p);
-    free(princ);
-    if (ret) {
-	if (!ok)
-	    return;
-	krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", 
-		 princ, localuser);
-    }
-
-    if (strcmp(localname, localuser) != 0) {
-	if (ok)
-	    errx(1, "compared failed %s != %s (should have succeded)", 
-		 localname, localuser);
-    } else {
-	if (!ok)
-	    errx(1, "compared failed %s == %s (should have failed)", 
-		 localname, localuser);
-    }
-    
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_realm realm;
-    int optidx = 0;
-    char *user;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	errx(1, "first argument should be a local user that in root .k5login");
-
-    user = argv[0];
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_default_realm(context, &realm);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_default_realm");
-
-    test_alname(context, realm, user, NULL, user, 1);
-    test_alname(context, realm, user, "root", "root", 1);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0);
-
-    test_alname(context, realm, user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, realm, user, "root",
-		"not-same-as-user", 0);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root",
-		"not-same-as-user", 0);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c
deleted file mode 100644
index 075cfe2..0000000
--- a/crypto/heimdal/lib/krb5/test_cc.c
+++ /dev/null
@@ -1,532 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_cc.c 22115 2007-12-03 21:21:42Z lha $");
-
-static int debug_flag	= 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static void
-test_default_name(krb5_context context)
-{
-    krb5_error_code ret;
-    const char *p, *test_cc_name = "/tmp/krb5-cc-test-foo";
-    char *p1, *p2, *p3;
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 1 failed");
-    p1 = estrdup(p);
-
-    ret = krb5_cc_set_default_name(context, NULL);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name failed");
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p2 = estrdup(p);
-
-    if (strcmp(p1, p2) != 0)
-	krb5_errx (context, 1, "krb5_cc_default_name no longer same");
-	
-    ret = krb5_cc_set_default_name(context, test_cc_name);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-    
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p3 = estrdup(p);
-    
-    if (strcmp(p3, test_cc_name) != 0)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-
-    free(p1);
-    free(p2);
-    free(p3);
-}
-
-/*
- * Check that a closed cc still keeps it data and that it's no longer
- * there when it's destroyed.
- */
-
-static void
-test_mcache(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    const char *nc, *tc;
-    char *c;
-    krb5_principal p, p2;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, id, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    nc = krb5_cc_get_name(context, id);
-    if (nc == NULL)
-	krb5_errx(context, 1, "krb5_cc_get_name");
-
-    tc = krb5_cc_get_type(context, id);
-    if (tc == NULL)
-	krb5_errx(context, 1, "krb5_cc_get_name");
-
-    asprintf(&c, "%s:%s", tc, nc);
-    
-    krb5_cc_close(context, id);
-    
-    ret = krb5_cc_resolve(context, c, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    if (krb5_principal_compare(context, p, p2) == FALSE)
-	krb5_errx(context, 1, "p != p2");
-
-    krb5_cc_destroy(context, id2);
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-
-    ret = krb5_cc_resolve(context, c, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret == 0)
-	krb5_errx(context, 1, "krb5_cc_get_principal");
-
-    krb5_cc_destroy(context, id2);
-    free(c);
-}
-
-/*
- * Test that init works on a destroyed cc.
- */
-
-static void
-test_init_vs_destroy(krb5_context context, const krb5_cc_ops *ops)
-{
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    krb5_principal p, p2;
-    char *n;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    asprintf(&n, "%s:%s",
-	     krb5_cc_get_type(context, id),
-	     krb5_cc_get_name(context, id));
-
-    ret = krb5_cc_resolve(context, n, &id2);
-    free(n);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    krb5_cc_destroy(context, id);
-
-    ret = krb5_cc_initialize(context, id2, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    krb5_cc_destroy(context, id2);
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-}
-
-static void
-test_fcache_remove(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-    krb5_principal p;
-    krb5_creds cred;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, id, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    /* */
-    memset(&cred, 0, sizeof(cred));
-    ret = krb5_parse_name(context, "krbtgt/SU.SE@SU.SE", &cred.server);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    ret = krb5_parse_name(context, "lha@SU.SE", &cred.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_store_cred(context, id, &cred);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_store_cred");
-
-    ret = krb5_cc_remove_cred(context, id, 0, &cred);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_remove_cred");
-
-    ret = krb5_cc_destroy(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_destroy");
-
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, cred.server);
-    krb5_free_principal(context, cred.client);
-}
-
-static void
-test_mcc_default(void)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    int i;
-
-    for (i = 0; i < 10; i++) {
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_init_context");
-
-	ret = krb5_cc_set_default_name(context, "MEMORY:foo");
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_set_default_name");
-
-	ret = krb5_cc_default(context, &id);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_default");
-
-	ret = krb5_cc_default(context, &id2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_default");
-
-	ret = krb5_cc_close(context, id);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_close");
-
-	ret = krb5_cc_close(context, id2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_close");
-
-	krb5_free_context(context);
-    }
-}
-
-struct {
-    char *str;
-    int fail;
-    char *res;
-} cc_names[] = {
-    { "foo", 0, "foo" },
-    { "%{uid}", 0 },
-    { "foo%{null}", 0, "foo" },
-    { "foo%{null}bar", 0, "foobar" },
-    { "%{", 1 },
-    { "%{foo %{", 1 },
-    { "%{{", 1 },
-};
-
-static void
-test_def_cc_name(krb5_context context)
-{
-    krb5_error_code ret;
-    char *str;
-    int i;
-
-    for (i = 0; i < sizeof(cc_names)/sizeof(cc_names[0]); i++) {
-	ret = _krb5_expand_default_cc_name(context, cc_names[i].str, &str);
-	if (ret) {
-	    if (cc_names[i].fail == 0)
-		krb5_errx(context, 1, "test %d \"%s\" failed", 
-			  i, cc_names[i].str);
-	} else {
-	    if (cc_names[i].fail)
-		krb5_errx(context, 1, "test %d \"%s\" was successful", 
-			  i, cc_names[i].str);
-	    if (cc_names[i].res && strcmp(cc_names[i].res, str) != 0)
-		krb5_errx(context, 1, "test %d %s != %s", 
-			  i, cc_names[i].res, str);
-	    if (debug_flag)
-		printf("%s => %s\n", cc_names[i].str, str);
-	    free(str);
-	}
-    }
-}
-
-static void
-test_cache_find(krb5_context context, const char *type, const char *principal,
-		int find)
-{
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-
-    ret = krb5_parse_name(context, principal, &client);
-    if (ret)
-	krb5_err(context, 1, ret, "parse_name for %s failed", principal);
-    
-    ret = krb5_cc_cache_match(context, client, type, &id);
-    if (ret && find)
-	krb5_err(context, 1, ret, "cc_cache_match for %s failed", principal);
-    if (ret == 0 && !find)
-	krb5_err(context, 1, ret, "cc_cache_match for %s found", principal);
-
-    if (id)
-	krb5_cc_close(context, id);
-    krb5_free_principal(context, client);
-}
-
-
-static void
-test_cache_iter(krb5_context context, const char *type, int destroy)
-{
-    krb5_cc_cache_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache id;
-    
-    ret = krb5_cc_cache_get_first (context, type, &cursor);
-    if (ret == KRB5_CC_NOSUPP)
-	return;
-    else if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_cache_get_first(%s)", type);
-
-
-    while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
-	krb5_principal principal;
-	char *name;
-
-	if (debug_flag)
-	    printf("name: %s\n", krb5_cc_get_name(context, id));
-	ret = krb5_cc_get_principal(context, id, &principal);
-	if (ret == 0) {
-	    ret = krb5_unparse_name(context, principal, &name);
-	    if (ret == 0) {
-		if (debug_flag)
-		    printf("\tprincipal: %s\n", name);
-		free(name);
-	    }
-	    krb5_free_principal(context, principal);
-	}
-	if (destroy)
-	    krb5_cc_destroy(context, id);
-	else
-	    krb5_cc_close(context, id);
-    }
-
-    krb5_cc_cache_end_seq_get(context, cursor);
-}
-
-static void
-test_copy(krb5_context context, const char *fromtype, const char *totype)
-{
-    const krb5_cc_ops *from, *to;
-    krb5_ccache fromid, toid;
-    krb5_error_code ret;
-    krb5_principal p, p2;
-
-    from = krb5_cc_get_prefix_ops(context, fromtype);
-    if (from == NULL)
-	krb5_errx(context, 1, "%s isn't a type", fromtype);
-
-    to = krb5_cc_get_prefix_ops(context, totype);
-    if (to == NULL)
-	krb5_errx(context, 1, "%s isn't a type", totype);
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, from, &fromid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, fromid, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_gen_new(context, to, &toid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_copy_cache(context, fromid, toid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_copy_cache");
-
-    ret = krb5_cc_get_principal(context, toid, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    if (krb5_principal_compare(context, p, p2) == FALSE)
-	krb5_errx(context, 1, "p != p2");
-
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-
-    krb5_cc_destroy(context, fromid);
-    krb5_cc_destroy(context, toid);
-}
-
-static void
-test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops)
-{
-    const krb5_cc_ops *o;
-
-    o = krb5_cc_get_prefix_ops(context, name);
-    if (o == NULL)
-	krb5_errx(context, 1, "found no match for prefix '%s'", name);
-    if (strcmp(o->prefix, ops->prefix) != 0)
-	krb5_errx(context, 1, "ops for prefix '%s' is not "
-		  "the expected %s != %s", name, o->prefix, ops->prefix);
-}
-
-
-static struct getargs args[] = {
-    {"debug",	'd',	arg_flag,	&debug_flag,
-     "turn on debuggin", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0;
-    krb5_ccache id1, id2;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_fcache_remove(context);
-    test_default_name(context);
-    test_mcache(context);
-    test_init_vs_destroy(context, &krb5_mcc_ops);
-    test_init_vs_destroy(context, &krb5_fcc_ops);
-    test_mcc_default();
-    test_def_cc_name(context);
-    test_cache_iter(context, "MEMORY", 0);
-    {
-	krb5_principal p;
-	krb5_cc_new_unique(context, "MEMORY", "bar", &id1);
-	krb5_cc_new_unique(context, "MEMORY", "baz", &id2);
-	krb5_parse_name(context, "lha@SU.SE", &p);
-	krb5_cc_initialize(context, id1, p);
-	krb5_free_principal(context, p);
-    }
-
-    test_cache_find(context, "MEMORY", "lha@SU.SE", 1);
-    test_cache_find(context, "MEMORY", "hulabundulahotentot@SU.SE", 0);
-
-    test_cache_iter(context, "MEMORY", 0);
-    test_cache_iter(context, "MEMORY", 1);
-    test_cache_iter(context, "MEMORY", 0);
-    test_cache_iter(context, "FILE", 0);
-    test_cache_iter(context, "API", 0);
-
-    test_copy(context, "FILE", "FILE");
-    test_copy(context, "MEMORY", "MEMORY");
-    test_copy(context, "FILE", "MEMORY");
-    test_copy(context, "MEMORY", "FILE");
-
-    test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops);
-    test_prefix_ops(context, "FILE", &krb5_fcc_ops);
-    test_prefix_ops(context, "MEMORY", &krb5_mcc_ops);
-    test_prefix_ops(context, "MEMORY:foo", &krb5_mcc_ops);
-    test_prefix_ops(context, "/tmp/kaka", &krb5_fcc_ops);
-
-    krb5_cc_destroy(context, id1);
-    krb5_cc_destroy(context, id2);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_config.c b/crypto/heimdal/lib/krb5/test_config.c
deleted file mode 100644
index 7fe224e..0000000
--- a/crypto/heimdal/lib/krb5/test_config.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_config.c 15036 2005-04-30 15:19:58Z lha $");
-
-static int
-check_config_file(krb5_context context, char *filelist, char **res, int def)
-{
-    krb5_error_code ret;
-    char **pp;
-    int i;
-
-    pp = NULL;
-
-    if (def)
-	ret = krb5_prepend_config_files_default(filelist, &pp);
-    else
-	ret = krb5_prepend_config_files(filelist, NULL, &pp);
-    
-    if (ret)
-	krb5_err(context, 1, ret, "prepend_config_files");
-    
-    for (i = 0; res[i] && pp[i]; i++)
-	if (strcmp(pp[i], res[i]) != 0)
-	    krb5_errx(context, 1, "'%s' != '%s'", pp[i], res[i]);
-    
-    if (res[i] != NULL)
-	krb5_errx(context, 1, "pp ended before res list");
-    
-    if (def) {
-	char **deflist;
-	int j;
-	
-	ret = krb5_get_default_config_files(&deflist);
-	if (ret)
-	    krb5_err(context, 1, ret, "get_default_config_files");
-	
-	for (j = 0 ; pp[i] && deflist[j]; i++, j++)
-	    if (strcmp(pp[i], deflist[j]) != 0)
-		krb5_errx(context, 1, "'%s' != '%s'", pp[i], deflist[j]);
-	
-	if (deflist[j] != NULL)
-	    krb5_errx(context, 1, "pp ended before def list");
-	krb5_free_config_files(deflist);
-    }
-    
-    if (pp[i] != NULL)
-	krb5_errx(context, 1, "pp ended after res (and def) list");
-    
-    krb5_free_config_files(pp);
-    
-    return 0;
-}
-
-char *list0[] =  { "/tmp/foo", NULL };
-char *list1[] =  { "/tmp/foo", "/tmp/foo/bar", NULL };
-char *list2[] =  { "", NULL };
-
-struct {
-    char *fl;
-    char **res;
-} test[] = {
-    { "/tmp/foo", NULL },
-    { "/tmp/foo:/tmp/foo/bar", NULL },
-    { "", NULL }
-};
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    test[0].res = list0;
-    test[1].res = list1;
-    test[2].res = list2;
-
-    for (i = 0; i < sizeof(test)/sizeof(*test); i++) {
-	check_config_file(context, test[i].fl, test[i].res, 0);
-	check_config_file(context, test[i].fl, test[i].res, 1);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_crypto.c b/crypto/heimdal/lib/krb5/test_crypto.c
deleted file mode 100644
index 0837911..0000000
--- a/crypto/heimdal/lib/krb5/test_crypto.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_crypto.c 16290 2005-11-24 09:57:50Z lha $");
-
-static void
-time_encryption(krb5_context context, size_t size,
-		krb5_enctype etype, int iterations)
-{
-    struct timeval tv1, tv2;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    krb5_data data;
-    char *etype_name;
-    void *buf;
-    int i;
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    buf = malloc(size);
-    if (buf == NULL)
-	krb5_errx(context, 1, "out of memory");
-    memset(buf, 0, size);
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    gettimeofday(&tv1, NULL);
-
-    for (i = 0; i < iterations; i++) {
-	ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "encrypt: %d", i);
-	krb5_data_free(&data);
-    }
-
-    gettimeofday(&tv2, NULL);
-
-    timevalsub(&tv2, &tv1);
-
-    printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", 
-	   etype_name, (unsigned long)size, iterations,
-	   (long)tv2.tv_sec, (long)tv2.tv_usec);
-
-    free(buf);
-    free(etype_name);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_keyblock_contents(context, &key);
-}
-
-static void
-time_s2k(krb5_context context,
-	 krb5_enctype etype, 
-	 const char *password,
-	 krb5_salt salt,
-	 int iterations)
-{
-    struct timeval tv1, tv2;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_data opaque;
-    char *etype_name;
-    int i;
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    opaque.data = NULL;
-    opaque.length = 0;
-
-    gettimeofday(&tv1, NULL);
-
-    for (i = 0; i < iterations; i++) {
-	ret = krb5_string_to_key_salt_opaque(context, etype, password, salt,
-					 opaque, &key);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_string_to_key_data_salt_opaque");
-	krb5_free_keyblock_contents(context, &key);
-    }
-
-    gettimeofday(&tv2, NULL);
-
-    timevalsub(&tv2, &tv1);
-
-    printf("%s string2key %d iterations time: %3ld.%06ld\n", 
-	   etype_name, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec);
-    free(etype_name);
-
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, enciter, s2kiter;
-    int optidx = 0;
-    krb5_salt salt;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_DES_CBC_CRC,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    salt.salttype = KRB5_PW_SALT;
-    salt.saltvalue.data = NULL;
-    salt.saltvalue.length = 0;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    enciter = 1000;
-    s2kiter = 100;
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-
-	time_encryption(context, 16, enctypes[i], enciter);
-	time_encryption(context, 32, enctypes[i], enciter);
-	time_encryption(context, 512, enctypes[i], enciter);
-	time_encryption(context, 1024, enctypes[i], enciter);
-	time_encryption(context, 2048, enctypes[i], enciter);
-	time_encryption(context, 4096, enctypes[i], enciter);
-	time_encryption(context, 8192, enctypes[i], enciter);
-	time_encryption(context, 16384, enctypes[i], enciter);
-	time_encryption(context, 32768, enctypes[i], enciter);
-
-	time_s2k(context, enctypes[i], "mYsecreitPassword", salt, s2kiter);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c b/crypto/heimdal/lib/krb5/test_crypto_wrapping.c
deleted file mode 100644
index 1618fdf..0000000
--- a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_crypto_wrapping.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-test_wrapping(krb5_context context,
-	      size_t min_size,
-	      size_t max_size,
-	      size_t step,
-	      krb5_enctype etype)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    krb5_data data;
-    char *etype_name;
-    void *buf;
-    size_t size;
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    buf = malloc(max_size);
-    if (buf == NULL)
-	krb5_errx(context, 1, "out of memory");
-    memset(buf, 0, max_size);
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    for (size = min_size; size < max_size; size += step) {
-	size_t wrapped_size;
-
-	ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "encrypt size %lu using %s",
-		     (unsigned long)size, etype_name);
-
-	wrapped_size = krb5_get_wrapped_length(context, crypto, size);
-
-	if (wrapped_size != data.length)
-	    krb5_errx(context, 1, "calculated wrapped length %lu != "
-		      "real wrapped length %lu for data length %lu using "
-		      "enctype %s",
-		      (unsigned long)wrapped_size,
-		      (unsigned long)data.length,
-		      (unsigned long)size,
-		      etype_name);
-	krb5_data_free(&data);
-    }
-
-    free(etype_name);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_keyblock_contents(context, &key);
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_DES_CBC_CRC,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-	test_wrapping(context, 0, 1024, 1, enctypes[i]);
-	test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]);
-    }
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_forward.c b/crypto/heimdal/lib/krb5/test_forward.c
deleted file mode 100644
index 1639953..0000000
--- a/crypto/heimdal/lib/krb5/test_forward.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id$");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "hostname");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    const char *hostname;
-    krb5_context context;
-    krb5_auth_context ac;
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_ccache id;
-    krb5_data data;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 1)
-	usage(1);
-
-    hostname = argv[0];
-
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default failed: %d", ret);
-
-    ret = krb5_auth_con_init(context, &ac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_auth_con_init failed: %d", ret);
-
-    krb5_auth_con_addflags(context, ac,
-			   KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, NULL);
-
-    ret = krb5_cc_get_principal(context, id, &cred.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    ret = krb5_make_principal(context,
-			      &cred.server,
-			      krb5_principal_get_realm(context, cred.client),
-			      KRB5_TGS_NAME,
-			      krb5_principal_get_realm(context, cred.client),
-			      NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_make_principal(server)");
-
-    ret = krb5_get_forwarded_creds (context,
-				    ac,
-				    id,
-				    KDC_OPT_FORWARDABLE,
-				    hostname,
-				    &cred,
-				    &data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_forwarded_creds");
-
-    krb5_data_free(&data);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_get_addrs.c b/crypto/heimdal/lib/krb5/test_get_addrs.c
deleted file mode 100644
index 1d53e0e..0000000
--- a/crypto/heimdal/lib/krb5/test_get_addrs.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_get_addrs.c 15474 2005-06-17 04:48:02Z lha $");
-
-/* print all addresses that we find */
-
-static void
-print_addresses (krb5_context context, const krb5_addresses *addrs)
-{
-    int i;
-    char buf[256];
-    size_t len;
-    
-    for (i = 0; i < addrs->len; ++i) {
-	krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len);
-	printf ("%s\n", buf);
-    }
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_addresses addrs;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_all_client_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
-    printf ("client addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-
-    ret = krb5_get_all_server_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    printf ("server addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_hostname.c b/crypto/heimdal/lib/krb5/test_hostname.c
deleted file mode 100644
index 095cb39..0000000
--- a/crypto/heimdal/lib/krb5/test_hostname.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_hostname.c 15965 2005-08-23 20:18:55Z lha $");
-
-static int debug_flag	= 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static int
-expand_hostname(krb5_context context, const char *host)
-{
-    krb5_error_code ret;
-    char *h, **r;
-
-    ret = krb5_expand_hostname(context, host, &h);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_expand_hostname(%s)", host);
-
-    free(h);
-
-    if (debug_flag)
-	printf("hostname: %s -> %s\n", host, h);
-
-    ret = krb5_expand_hostname_realms(context, host, &h, &r);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_expand_hostname_realms(%s)", host);
-
-    if (debug_flag) {
-	int j;
-
-	printf("hostname: %s -> %s\n", host, h);
-	for (j = 0; r[j]; j++) {
-	    printf("\trealm: %s\n", r[j]);
-	}
-    }
-    free(h);
-    krb5_free_host_realm(context, r);
-
-    return 0;
-}
-
-static int
-test_expand_hostname(krb5_context context)
-{
-    int i, errors = 0;
-
-    struct t {
-	krb5_error_code ret;
-	const char *orig_hostname;
-	const char *new_hostname;
-    } tests[] = {
-	{ 0, "pstn1.su.se", "pstn1.su.se" },
-	{ 0, "pstnproxy.su.se", "pstnproxy.su.se" },
-    };
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	errors += expand_hostname(context, tests[i].orig_hostname);
-    }
-
-    return errors;
-}
-
-static struct getargs args[] = {
-    {"debug",	'd',	arg_flag,	&debug_flag,
-     "turn on debuggin", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0, errors = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if (argc > 0) {
-	while (argc-- > 0)
-	    errors += expand_hostname(context, *argv++);
-	return errors;
-    }
-
-    errors += test_expand_hostname(context);
-
-    krb5_free_context(context);
-
-    return errors;
-}
diff --git a/crypto/heimdal/lib/krb5/test_keytab.c b/crypto/heimdal/lib/krb5/test_keytab.c
deleted file mode 100644
index 97361cc..0000000
--- a/crypto/heimdal/lib/krb5/test_keytab.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_keytab.c 18809 2006-10-22 07:11:43Z lha $");
-
-/*
- * Test that removal entry from of empty keytab doesn't corrupts
- * memory.
- */
-
-static void
-test_empty_keytab(krb5_context context, const char *keytab)
-{
-    krb5_error_code ret;
-    krb5_keytab id;
-    krb5_keytab_entry entry;
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry, 0, sizeof(entry));
-
-    krb5_kt_remove_entry(context, id, &entry);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-}
-
-/*
- * Test that memory keytab are refcounted.
- */
-
-static void
-test_memory_keytab(krb5_context context, const char *keytab, const char *keytab2)
-{
-    krb5_error_code ret;
-    krb5_keytab id, id2, id3;
-    krb5_keytab_entry entry, entry2, entry3;
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry, 0, sizeof(entry));
-    ret = krb5_parse_name(context, "lha@SU.SE", &entry.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    entry.vno = 1;
-    ret = krb5_generate_random_keyblock(context,
-					ETYPE_AES256_CTS_HMAC_SHA1_96,
-					&entry.keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    krb5_kt_add_entry(context, id, &entry);
-
-    ret = krb5_kt_resolve(context, keytab, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    ret = krb5_kt_get_entry(context, id,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_get_entry");
-    krb5_kt_free_entry(context, &entry2);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    ret = krb5_kt_get_entry(context, id2,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_get_entry");
-    krb5_kt_free_entry(context, &entry2);
-
-    ret = krb5_kt_close(context, id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-
-    ret = krb5_kt_resolve(context, keytab2, &id3);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry3, 0, sizeof(entry3));
-    ret = krb5_parse_name(context, "lha3@SU.SE", &entry3.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    entry3.vno = 1;
-    ret = krb5_generate_random_keyblock(context,
-					ETYPE_AES256_CTS_HMAC_SHA1_96,
-					&entry3.keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    krb5_kt_add_entry(context, id3, &entry3);
-
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    ret = krb5_kt_get_entry(context, id,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret == 0)
-	krb5_errx(context, 1, "krb5_kt_get_entry when if should fail");
-
-    krb5_kt_remove_entry(context, id, &entry);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    krb5_kt_free_entry(context, &entry);
-
-    krb5_kt_remove_entry(context, id3, &entry3);
-
-    ret = krb5_kt_close(context, id3);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    krb5_free_principal(context, entry3.principal);
-    krb5_free_keyblock_contents(context, &entry3.keyblock);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_empty_keytab(context, "MEMORY:foo");
-    test_empty_keytab(context, "FILE:foo");
-    test_empty_keytab(context, "KRB4:foo");
-
-    test_memory_keytab(context, "MEMORY:foo", "MEMORY:foo2");
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_kuserok.c b/crypto/heimdal/lib/krb5/test_kuserok.c
deleted file mode 100644
index 04a6f21..0000000
--- a/crypto/heimdal/lib/krb5/test_kuserok.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_kuserok.c 15033 2005-04-30 15:15:38Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "principal luser");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_principal principal;
-    char *p;
-    int o = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &o))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= o;
-    argv += o;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if (argc != 2)
-	usage(1);
-
-    ret = krb5_parse_name(context, argv[0], &principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    
-    ret = krb5_unparse_name(context, principal, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    ret = krb5_kuserok(context, principal, argv[1]);
-
-    krb5_free_context(context);
-
-    printf("%s is %sallowed to login as %s\n", p, ret ? "" : "NOT ", argv[1]);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_mem.c b/crypto/heimdal/lib/krb5/test_mem.c
deleted file mode 100644
index 8989cae..0000000
--- a/crypto/heimdal/lib/krb5/test_mem.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_mem.c 15931 2005-08-12 13:43:46Z lha $");
-
-/*
- * Test run functions, to be used with valgrind to detect memoryleaks.
- */
-
-static void
-check_log(void)
-{
-    int i;
-
-    for (i = 0; i < 10; i++) {
-	krb5_log_facility *logfacility;
-	krb5_context context;
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    
-	krb5_initlog(context, "test-mem", &logfacility);
-	krb5_addlog_dest(context, logfacility, "0/STDERR:");
-	krb5_set_warn_dest(context, logfacility);
-    
-	krb5_free_context(context);
-    }
-}
-
-
-int
-main(int argc, char **argv)
-{
-    setprogname(argv[0]);
-
-    check_log();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_pac.c b/crypto/heimdal/lib/krb5/test_pac.c
deleted file mode 100644
index a22fe3a..0000000
--- a/crypto/heimdal/lib/krb5/test_pac.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: test_pac.c 21934 2007-08-27 14:21:04Z lha $");
-
-/*
- * This PAC and keys are copied (with permission) from Samba torture
- * regression test suite, they where created by Andrew Bartlet.
- */
-
-static const unsigned char saved_pac[] = {
-	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, 
-	0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
-	0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-	0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-	0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
-	0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, 
-	0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 
-	0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
-	0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
-	0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 
-	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, 
-	0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
-	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
-	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
-	0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
-	0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
-	0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
-	0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
-	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
-	0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
-	0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-	0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
-	0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
-	0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
-	0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
-	0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
-	0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
-	0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
-};
-
-static int type_1_length = 472;
-
-static const krb5_keyblock kdc_keyblock = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    { 16, "\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7" }
-};
-
-static const krb5_keyblock member_keyblock = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    { 16, "\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC" }
-};
-
-static time_t authtime = 1120440609;
-static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_pac pac;
-    krb5_data data;
-    krb5_principal p;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_contex");
-
-    ret = krb5_parse_name(context, user, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify");
-
-    ret = _krb5_pac_sign(context, pac, authtime, p, 
-			 &member_keyblock, &kdc_keyblock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "_krb5_pac_sign");
-
-    krb5_pac_free(context, pac);
-
-    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-    krb5_data_free(&data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse 2");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify 2");
-
-    /* make a copy and try to reproduce it */
-    {
-	uint32_t *list;
-	size_t len, i;
-	krb5_pac pac2;
-
-	ret = krb5_pac_init(context, &pac2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_init");
-
-	/* our two user buffer plus the three "system" buffers */
-	ret = krb5_pac_get_types(context, pac, &len, &list);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_types");
-
-	for (i = 0; i < len; i++) {
-	    /* skip server_cksum, privsvr_cksum, and logon_name */
-	    if (list[i] == 6 || list[i] == 7 || list[i] == 10)
-		continue;
-
-	    ret = krb5_pac_get_buffer(context, pac, list[i], &data);
-	    if (ret)
-		krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-
-	    if (list[i] == 1) {
-		if (type_1_length != data.length)
-		    krb5_errx(context, 1, "type 1 have wrong length: %lu", 
-			      (unsigned long)data.length);
-	    } else
-		krb5_errx(context, 1, "unknown type %lu", 
-			  (unsigned long)list[i]);
-
-	    ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
-	    if (ret)
-		krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-	    krb5_data_free(&data);
-	}
-	free(list);
-	
-	ret = _krb5_pac_sign(context, pac2, authtime, p, 
-			     &member_keyblock, &kdc_keyblock, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "_krb5_pac_sign 4");
-	
-	krb5_pac_free(context, pac2);
-
-	ret = krb5_pac_parse(context, data.data, data.length, &pac2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_parse 4");
-	
-	ret = krb5_pac_verify(context, pac2, authtime, p,
-			      &member_keyblock, &kdc_keyblock);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_verify 4");
-	
-	krb5_pac_free(context, pac2);
-    }
-
-    krb5_pac_free(context, pac);
-
-    /*
-     * Test empty free
-     */
-
-    ret = krb5_pac_init(context, &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_init");
-    krb5_pac_free(context, pac);
-
-    /*
-     * Test add remove buffer
-     */
-
-    ret = krb5_pac_init(context, &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_init");
-
-    {
-	const krb5_data cdata = { 2, "\x00\x01" } ;
-
-	ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-    }
-    {
-	ret = krb5_pac_get_buffer(context, pac, 1, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-    }
-
-    {
-	const krb5_data cdata = { 2, "\x02\x00" } ;
-
-	ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-    }
-    {
-	ret = krb5_pac_get_buffer(context, pac, 1, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-	/* */
-	ret = krb5_pac_get_buffer(context, pac, 2, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-    }
-
-    ret = _krb5_pac_sign(context, pac, authtime, p, 
-			 &member_keyblock, &kdc_keyblock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "_krb5_pac_sign");
-
-    krb5_pac_free(context, pac);
-
-    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-    krb5_data_free(&data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse 3");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify 3");
-
-    {
-	uint32_t *list;
-	size_t len;
-
-	/* our two user buffer plus the three "system" buffers */
-	ret = krb5_pac_get_types(context, pac, &len, &list);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_types");
-	if (len != 5)
-	    krb5_errx(context, 1, "list wrong length");
-	free(list);
-    }
-
-    krb5_pac_free(context, pac);
-
-    krb5_free_principal(context, p);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c b/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c
deleted file mode 100644
index e23bef9..0000000
--- a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_pkinit_dh2key.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-test_dh2key(int i,
-	    krb5_context context, 
-	    const heim_octet_string *dh,
-	    const heim_octet_string *c_n,
-	    const heim_octet_string *k_n,
-	    krb5_enctype etype,
-	    const heim_octet_string *result)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-
-    ret = _krb5_pk_octetstring2key(context,
-				   etype,
-				   dh->data, dh->length,
-				   c_n,
-				   k_n,
-				   &key);
-    if (ret != 0)
-	krb5_err(context, 1, ret, "_krb5_pk_octetstring2key: %d", i);
-
-    if (key.keyvalue.length != result->length ||
-	memcmp(key.keyvalue.data, result->data, result->length) != 0)
-	krb5_errx(context, 1, "resulting key wrong: %d", i);
-
-    krb5_free_keyblock_contents(context, &key);
-}
-
-
-struct {
-    krb5_enctype type;
-    krb5_data X;
-    krb5_data key;
-} tests[] = {
-    /* 0 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    256,
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	},
-	{
-	    32,
-	    "\x5e\xe5\x0d\x67\x5c\x80\x9f\xe5\x9e\x4a\x77\x62\xc5\x4b\x65\x83"
-	    "\x75\x47\xea\xfb\x15\x9b\xd8\xcd\xc7\x5f\xfc\xa5\x91\x1e\x4c\x41"
-	}
-    },
-    /* 1 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    128,
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	},
-	{
-	    32,
-	    "\xac\xf7\x70\x7c\x08\x97\x3d\xdf\xdb\x27\xcd\x36\x14\x42\xcc\xfb"
-	    "\xa3\x55\xc8\x88\x4c\xb4\x72\xf3\x7d\xa6\x36\xd0\x7d\x56\x78\x7e"
-	}
-    },
-    /* 2 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    128,
-	    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
-	    "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
-	    "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
-	    "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
-	    "\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b"
-	    "\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
-	    "\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09"
-	    "\x0a\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08"
-	},
-	{
-	    32,
-	    "\xc4\x42\xda\x58\x5f\xcb\x80\xe4\x3b\x47\x94\x6f\x25\x40\x93\xe3"
-	    "\x73\x29\xd9\x90\x01\x38\x0d\xb7\x83\x71\xdb\x3a\xcf\x5c\x79\x7e"
-	}
-    },
-    /* 3 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    77,
-	    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
-	    "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
-	    "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
-	    "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
-	    "\x0d\x0e\x0f\x10\x00\x01\x02\x03"
-	    "\x04\x05\x06\x07\x08"
-	},
-	{
-	    32,
-	    "\x00\x53\x95\x3b\x84\xc8\x96\xf4\xeb\x38\x5c\x3f\x2e\x75\x1c\x4a"
-	    "\x59\x0e\xd6\xff\xad\xca\x6f\xf6\x4f\x47\xeb\xeb\x8d\x78\x0f\xfc"
-	}
-    }
-};
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	test_dh2key(i, context, &tests[i].X, NULL, NULL, 
-		    tests[i].type, &tests[i].key);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_plugin.c b/crypto/heimdal/lib/krb5/test_plugin.c
deleted file mode 100644
index 18e9fcd..0000000
--- a/crypto/heimdal/lib/krb5/test_plugin.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-RCSID("$Id: test_plugin.c 22024 2007-11-03 21:36:55Z lha $");
-#include "locate_plugin.h"
-
-static krb5_error_code
-resolve_init(krb5_context context, void **ctx)
-{
-    *ctx = NULL;
-    return 0;
-}
-
-static void
-resolve_fini(void *ctx)
-{
-}
-
-static krb5_error_code
-resolve_lookup(void *ctx,
-	       enum locate_service_type service,
-	       const char *realm,
-	       int domain,
-	       int type, 
-	       int (*add)(void *,int,struct sockaddr *),
-	       void *addctx)
-{
-    struct sockaddr_in s;
-
-    memset(&s, 0, sizeof(s));
-
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-    s.sin_len = sizeof(s);
-#endif
-    s.sin_family = AF_INET;
-    s.sin_port = htons(88);
-    s.sin_addr.s_addr = htonl(0x7f000002);
-
-    if (strcmp(realm, "NOTHERE.H5L.SE") == 0)
-	(*add)(addctx, type, (struct sockaddr *)&s);
-
-    return 0;
-}
-
-
-krb5plugin_service_locate_ftable resolve = {
-    0,
-    resolve_init,
-    resolve_fini,
-    resolve_lookup
-};
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_krbhst_handle handle;
-    char host[MAXHOSTNAMELEN];
-    int found = 0;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_contex");
-
-    ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, "resolve", &resolve);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_plugin_register");
-
-
-    ret = krb5_krbhst_init_flags(context,
-				 "NOTHERE.H5L.SE",
-				 KRB5_KRBHST_KDC,
-				 0,
-				 &handle);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_krbhst_init_flags");
-
-    
-    while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0){
-	found++;
- 	if (strcmp(host, "127.0.0.2") != 0)
-	    krb5_errx(context, 1, "wrong address: %s", host);
-    }
-    if (!found)
-	krb5_errx(context, 1, "failed to find host");
-
-    krb5_krbhst_free(context, handle);
-
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_prf.c b/crypto/heimdal/lib/krb5/test_prf.c
deleted file mode 100644
index 94fb67d..0000000
--- a/crypto/heimdal/lib/krb5/test_prf.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: test_prf.c 20843 2007-06-03 14:23:20Z lha $");
-
-#include <hex.h>
-#include <err.h>
-
-/*
- * key: string2key(aes256, "testkey", "testkey", default_params)
- * input: unhex(1122334455667788)
- * output: 58b594b8a61df6e9439b7baa991ff5c1
- * 
- * key: string2key(aes128, "testkey", "testkey", default_params)
- * input: unhex(1122334455667788)
- * output: ffa2f823aa7f83a8ce3c5fb730587129
- */
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    size_t length;
-    krb5_data input, output, output2;
-    krb5_enctype etype = ETYPE_AES256_CTS_HMAC_SHA1_96;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_crypto_prf_length(context, etype, &length);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf_length");
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    input.data = rk_UNCONST("foo");
-    input.length = 3;
-
-    ret = krb5_crypto_prf(context, crypto, &input, &output);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf");
-
-    ret = krb5_crypto_prf(context, crypto, &input, &output2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf");
-
-    if (krb5_data_cmp(&output, &output2) != 0)
-	krb5_errx(context, 1, "krb5_data_cmp");
-
-    krb5_data_free(&output);
-    krb5_data_free(&output2);
-
-    krb5_crypto_destroy(context, crypto);
-    
-    krb5_free_keyblock_contents(context, &key);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_princ.c b/crypto/heimdal/lib/krb5/test_princ.c
deleted file mode 100644
index d1036c1..0000000
--- a/crypto/heimdal/lib/krb5/test_princ.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_princ.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * Check that a closed cc still keeps it data and that it's no longer
- * there when it's destroyed.
- */
-
-static void
-test_princ(krb5_context context)
-{
-    const char *princ = "lha@SU.SE";
-    const char *princ_short = "lha";
-    const char *noquote;
-    krb5_error_code ret;
-    char *princ_unparsed;
-    char *princ_reformed = NULL;
-    const char *realm;
-
-    krb5_principal p, p2;
-
-    ret = krb5_parse_name(context, princ, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed)) {
-	krb5_errx(context, 1, "%s != %s", princ, princ_unparsed);
-    }
-
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name_flags(context, p, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "%s != %s", princ_short, princ_unparsed);
-    free(princ_unparsed);
-    
-    realm = krb5_principal_get_realm(context, p);
-
-    asprintf(&princ_reformed, "%s@%s", princ_short, realm);
-
-    ret = krb5_parse_name(context, princ_reformed, &p2);
-    free(princ_reformed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2)) {
-	krb5_errx(context, 1, "p != p2");
-    }    
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_set_default_realm(context, "SU.SE");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p, 
-				  KRB5_PRINCIPAL_UNPARSE_SHORT,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name(context, princ_short, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-    krb5_free_principal(context, p2);
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_set_default_realm(context, "SAMBA.ORG");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name(context, princ_short, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p == p2");
-
-    if (!krb5_principal_compare_any_realm(context, p, p2))
-	krb5_errx(context, 1, "(ignoring realms) p != p2");
-
-    ret = krb5_unparse_name(context, p2, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed) == 0)
-	krb5_errx(context, 1, "%s == %s", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_parse_name(context, princ, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-
-    ret = krb5_unparse_name(context, p2, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_unparse_name_flags(context, p,
-				  KRB5_PRINCIPAL_UNPARSE_SHORT,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_short");
-
-    if (strcmp(princ, princ_unparsed) != 0)
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_short");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name_flags(context, princ, 
-				KRB5_PRINCIPAL_PARSE_NO_REALM,
-				&p2);
-    if (!ret)
-	krb5_err(context, 1, ret, "Should have failed to parse %s a "
-		 "short name", princ);
-
-    ret = krb5_parse_name_flags(context, princ_short, 
-				KRB5_PRINCIPAL_PARSE_NO_REALM,
-				&p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p2, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    krb5_free_principal(context, p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name_flags(context, princ_short, 
-				KRB5_PRINCIPAL_PARSE_MUST_REALM,
-				&p2);
-    if (!ret)
-	krb5_err(context, 1, ret, "Should have failed to parse %s "
-		 "because it lacked a realm", princ_short);
-
-    ret = krb5_parse_name_flags(context, princ,
-				KRB5_PRINCIPAL_PARSE_MUST_REALM,
-				&p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-
-    ret = krb5_unparse_name_flags(context, p2, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    krb5_free_principal(context, p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p);
-
-    /* test quoting */
-
-    princ = "test\\ principal@SU.SE";
-    noquote = "test principal@SU.SE";
-
-    ret = krb5_parse_name_flags(context, princ, 0, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p, 0, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_flags");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "q '%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_DISPLAY,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_flags");
-
-    if (strcmp(noquote, princ_unparsed))
-	krb5_errx(context, 1, "nq '%s' != '%s'", noquote, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p);
-}
-
-static void
-test_enterprise(krb5_context context)
-{
-    krb5_error_code ret;
-    char *unparsed;
-    krb5_principal p;
-
-    ret = krb5_set_default_realm(context, "SAMBA.ORG");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-
-    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
-	krb5_errx(context, 1, "enterprise name failed 1");
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se\\@WIN.SU.SE@SAMBA.ORG") != 0)
-	krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 0, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
-	krb5_errx(context, 1, "enterprise name failed 3");
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha@su.se", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se@SAMBA.ORG") != 0)
-	krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
-    free(unparsed);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_princ(context);
-
-    test_enterprise(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_renew.c b/crypto/heimdal/lib/krb5/test_renew.c
deleted file mode 100644
index 5fa2de1..0000000
--- a/crypto/heimdal/lib/krb5/test_renew.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id$");
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_principal client;
-    krb5_context context;
-    const char *in_tkt_service = NULL;
-    krb5_ccache id;
-    krb5_error_code ret;
-    krb5_creds out;;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc > 0)
-	in_tkt_service = argv[0];
-
-    memset(&out, 0, sizeof(out));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_init_context");
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_cc_get_principal(context, id, &client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_get_renewed_creds(context,
-				 &out,
-				 client,
-				 id,
-				 in_tkt_service);
-
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_get_kdc_cred");
-
-    if (krb5_principal_compare(context, out.client, client) != TRUE)
-	krb5_errx(context, 1, "return principal is not as expected");
-
-    krb5_free_cred_contents(context, &out);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_store.c b/crypto/heimdal/lib/krb5/test_store.c
deleted file mode 100644
index 2ce6c8d..0000000
--- a/crypto/heimdal/lib/krb5/test_store.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_store.c 20192 2007-02-05 23:21:03Z lha $");
-
-static void
-test_int8(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int8_t val[] = {
-	0, 1, -1, 128, -127
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int8(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int8");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int8(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int8");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_int16(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int16_t val[] = {
-	0, 1, -1, 32768, -32767
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int16(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int16");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int16(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int16");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_int32(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int32_t val[] = {
-	0, 1, -1, 2147483647, -2147483646
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int32(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int32");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int32(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int32");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint8(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint8_t val[] = {
-	0, 1, 255
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint8(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint8");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint8(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint8");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint16(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint16_t val[] = {
-	0, 1, 65535
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint16(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint16");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint16(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint16");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint32(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint32_t val[] = {
-	0, 1, 4294967295UL
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint32(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint32");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint32(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint32");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-
-static void
-test_storage(krb5_context context)
-{
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	krb5_errx(context, 1, "krb5_storage_emem: no mem");
-
-    test_int8(context, sp);
-    test_int16(context, sp);
-    test_int32(context, sp);
-    test_uint8(context, sp);
-    test_uint16(context, sp);
-    test_uint32(context, sp);
-
-    krb5_storage_free(sp);
-}
-
-/*
- *
- */
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_storage(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_time.c b/crypto/heimdal/lib/krb5/test_time.c
deleted file mode 100644
index 02a0204..0000000
--- a/crypto/heimdal/lib/krb5/test_time.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_time.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-check_set_time(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_timestamp sec;
-    int32_t usec;
-    struct timeval tv;
-    int diff = 10;
-    int diff2;
-
-    gettimeofday(&tv, NULL);
-
-    ret = krb5_set_real_time(context, tv.tv_sec + diff, tv.tv_usec);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_us_timeofday");
-    
-    ret = krb5_us_timeofday(context, &sec, &usec);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_us_timeofday");
-
-    diff2 = abs(sec - tv.tv_sec);
-
-    if (diff2 < 9 || diff > 11)
-	krb5_errx(context, 1, "set time error: diff: %d",
-		  abs(sec - tv.tv_sec));
-}
-
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c
deleted file mode 100644
index 7eb4d32..0000000
--- a/crypto/heimdal/lib/krb5/ticket.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: ticket.c 19544 2006-12-28 20:49:18Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_ticket(krb5_context context,
-		 krb5_ticket *ticket)
-{
-    free_EncTicketPart(&ticket->ticket);
-    krb5_free_principal(context, ticket->client);
-    krb5_free_principal(context, ticket->server);
-    free(ticket);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_ticket(krb5_context context,
-		 const krb5_ticket *from,
-		 krb5_ticket **to)
-{
-    krb5_error_code ret;
-    krb5_ticket *tmp;
-
-    *to = NULL;
-    tmp = malloc(sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
-	free(tmp);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->client, &tmp->client);
-    if(ret){
-	free_EncTicketPart(&tmp->ticket);
-	free(tmp);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->server, &tmp->server);
-    if(ret){
-	krb5_free_principal(context, tmp->client);
-	free_EncTicketPart(&tmp->ticket);
-	free(tmp);
-	return ret;
-    }
-    *to = tmp;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_client(krb5_context context,
-		       const krb5_ticket *ticket,
-		       krb5_principal *client)
-{
-    return krb5_copy_principal(context, ticket->client, client);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_server(krb5_context context,
-		       const krb5_ticket *ticket,
-		       krb5_principal *server)
-{
-    return krb5_copy_principal(context, ticket->server, server);
-}
-
-time_t KRB5_LIB_FUNCTION
-krb5_ticket_get_endtime(krb5_context context,
-			const krb5_ticket *ticket)
-{
-    return ticket->ticket.endtime;
-}
-
-static int
-find_type_in_ad(krb5_context context,
-		int type, 
-		krb5_data *data,
-		krb5_boolean *found,
-		krb5_boolean failp,
-		krb5_keyblock *sessionkey,
-		const AuthorizationData *ad,
-		int level)
-{
-    krb5_error_code ret = 0;
-    int i;
-
-    if (level > 9) {
-	krb5_set_error_string(context, "Authorization data nested deeper "
-			      "then %d levels, stop searching", level);
-	ret = ENOENT; /* XXX */
-	goto out;
-    }
-
-    /*
-     * Only copy out the element the first time we get to it, we need
-     * to run over the whole authorization data fields to check if
-     * there are any container clases we need to care about.
-     */
-    for (i = 0; i < ad->len; i++) {
-	if (!*found && ad->val[i].ad_type == type) {
-	    ret = der_copy_octet_string(&ad->val[i].ad_data, data);
-	    if (ret) {
-		krb5_set_error_string(context, "malloc - out of memory");
-		goto out;
-	    }
-	    *found = TRUE;
-	    continue;
-	}
-	switch (ad->val[i].ad_type) {
-	case KRB5_AUTHDATA_IF_RELEVANT: {
-	    AuthorizationData child;
-	    ret = decode_AuthorizationData(ad->val[i].ad_data.data,
-					   ad->val[i].ad_data.length,
-					   &child,
-					   NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode "
-				      "IF_RELEVANT with %d", ret);
-		goto out;
-	    }
-	    ret = find_type_in_ad(context, type, data, found, FALSE,
-				  sessionkey, &child, level + 1);
-	    free_AuthorizationData(&child);
-	    if (ret)
-		goto out;
-	    break;
-	}
-#if 0 /* XXX test */
-	case KRB5_AUTHDATA_KDC_ISSUED: {
-	    AD_KDCIssued child;
-
-	    ret = decode_AD_KDCIssued(ad->val[i].ad_data.data,
-				      ad->val[i].ad_data.length,
-				      &child,
-				      NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode "
-				      "AD_KDCIssued with %d", ret);
-		goto out;
-	    }
-	    if (failp) {
-		krb5_boolean valid;
-		krb5_data buf;
-		size_t len;
-
-		ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, 
-				   &child.elements, &len, ret);
-		if (ret) {
-		    free_AD_KDCIssued(&child);
-		    krb5_clear_error_string(context);
-		    goto out;
-		}
-		if(buf.length != len)
-		    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-		ret = krb5_c_verify_checksum(context, sessionkey, 19, &buf,
-					     &child.ad_checksum, &valid);
-		krb5_data_free(&buf);
-		if (ret) {
-		    free_AD_KDCIssued(&child);
-		    goto out;
-		}
-		if (!valid) {
-		    krb5_clear_error_string(context);
-		    ret = ENOENT;
-		    free_AD_KDCIssued(&child);
-		    goto out;
-		}
-	    }
-	    ret = find_type_in_ad(context, type, data, found, failp, sessionkey,
-				  &child.elements, level + 1);
-	    free_AD_KDCIssued(&child);
-	    if (ret)
-		goto out;
-	    break;
-	}
-#endif
-	case KRB5_AUTHDATA_AND_OR:
-	    if (!failp)
-		break;
-	    krb5_set_error_string(context, "Authorization data contains "
-				  "AND-OR element that is unknown to the "
-				  "application");
-	    ret = ENOENT; /* XXX */
-	    goto out;
-	default:
-	    if (!failp)
-		break;
-	    krb5_set_error_string(context, "Authorization data contains "
-				  "unknown type (%d) ", ad->val[i].ad_type);
-	    ret = ENOENT; /* XXX */
-	    goto out;
-	}
-    }
-out:
-    if (ret) {
-	if (*found) {
-	    krb5_data_free(data);
-	    *found = 0;
-	}
-    }
-    return ret;
-}
-
-/*
- * Extract the authorization data type of `type' from the
- * 'ticket'. Store the field in `data'. This function is to use for
- * kerberos applications.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_authorization_data_type(krb5_context context,
-					krb5_ticket *ticket,
-					int type,
-					krb5_data *data)
-{
-    AuthorizationData *ad;
-    krb5_error_code ret;
-    krb5_boolean found = FALSE;
-
-    krb5_data_zero(data);
-
-    ad = ticket->ticket.authorization_data;
-    if (ticket->ticket.authorization_data == NULL) {
-	krb5_set_error_string(context, "Ticket have not authorization data");
-	return ENOENT; /* XXX */
-    }
-
-    ret = find_type_in_ad(context, type, data, &found, TRUE,
-			  &ticket->ticket.key, ad, 0);
-    if (ret)
-	return ret;
-    if (!found) {
-	krb5_set_error_string(context, "Ticket have not authorization "
-			  "data of type %d", type);
-	return ENOENT; /* XXX */
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c
deleted file mode 100644
index 4cd992d..0000000
--- a/crypto/heimdal/lib/krb5/time.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: time.c 14308 2004-10-13 17:57:11Z lha $");
-
-/*
- * Set the absolute time that the caller knows the kdc has so the
- * kerberos library can calculate the relative diffrence beteen the
- * KDC time and local system time.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_real_time (krb5_context context,
-		    krb5_timestamp sec,
-		    int32_t usec)
-{
-    struct timeval tv;
-    
-    gettimeofday(&tv, NULL);
-
-    context->kdc_sec_offset = sec - tv.tv_sec;
-    context->kdc_usec_offset = usec - tv.tv_usec;
-
-    if (context->kdc_usec_offset < 0) {
-	context->kdc_sec_offset--;
-	context->kdc_usec_offset += 1000000;
-    }
-    return 0;
-}
-
-/*
- * return ``corrected'' time in `timeret'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_timeofday (krb5_context context,
-		krb5_timestamp *timeret)
-{
-    *timeret = time(NULL) + context->kdc_sec_offset;
-    return 0;
-}
-
-/*
- * like gettimeofday but with time correction to the KDC
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_us_timeofday (krb5_context context,
-		   krb5_timestamp *sec,
-		   int32_t *usec)
-{
-    struct timeval tv;
-
-    gettimeofday (&tv, NULL);
-
-    *sec  = tv.tv_sec + context->kdc_sec_offset;
-    *usec = tv.tv_usec;		/* XXX */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_format_time(krb5_context context, time_t t, 
-		 char *s, size_t len, krb5_boolean include_time)
-{
-    struct tm *tm;
-    if(context->log_utc)
-	tm = gmtime (&t);
-    else
-	tm = localtime(&t);
-    if(tm == NULL ||
-       strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm) == 0)
-	snprintf(s, len, "%ld", (long)t);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
-{
-    if((*deltat = parse_time(string, "s")) == -1)
-	return KRB5_DELTAT_BADFORMAT;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
deleted file mode 100644
index 9b67ecc..0000000
--- a/crypto/heimdal/lib/krb5/transited.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: transited.c 21745 2007-07-31 16:11:25Z lha $");
-
-/* this is an attempt at one of the most horrible `compression'
-   schemes that has ever been invented; it's so amazingly brain-dead
-   that words can not describe it, and all this just to save a few
-   silly bytes */
-
-struct tr_realm {
-    char *realm;
-    unsigned leading_space:1;
-    unsigned leading_slash:1;
-    unsigned trailing_dot:1;
-    struct tr_realm *next;
-};
-
-static void
-free_realms(struct tr_realm *r)
-{
-    struct tr_realm *p;
-    while(r){
-	p = r;
-	r = r->next;
-	free(p->realm);
-	free(p);
-    }	
-}
-
-static int
-make_path(krb5_context context, struct tr_realm *r,
-	  const char *from, const char *to)
-{
-    const char *p;
-    struct tr_realm *path = r->next;
-    struct tr_realm *tmp;
-
-    if(strlen(from) < strlen(to)){
-	const char *str;
-	str = from;
-	from = to;
-	to = str;
-    }
-	
-    if(strcmp(from + strlen(from) - strlen(to), to) == 0){
-	p = from;
-	while(1){
-	    p = strchr(p, '.');
-	    if(p == NULL) {
-		krb5_clear_error_string (context);
-		return KRB5KDC_ERR_POLICY;
-	    }
-	    p++;
-	    if(strcmp(p, to) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = strdup(p);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;;
-	    }
-	}
-    }else if(strncmp(from, to, strlen(to)) == 0){
-	p = from + strlen(from);
-	while(1){
-	    while(p >= from && *p != '/') p--;
-	    if(p == from) {
-		r->next = path; /* XXX */
-		return KRB5KDC_ERR_POLICY;
-	    }
-	    if(strncmp(to, from, p - from) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = malloc(p - from + 1);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memcpy(path->realm, from, p - from);
-	    path->realm[p - from] = '\0';
-	    p--;
-	}
-    } else {
-	krb5_clear_error_string (context);
-	return KRB5KDC_ERR_POLICY;
-    }
-    r->next = path;
-    
-    return 0;
-}
-
-static int
-make_paths(krb5_context context,
-	   struct tr_realm *realms, const char *client_realm, 
-	   const char *server_realm)
-{
-    struct tr_realm *r;
-    int ret;
-    const char *prev_realm = client_realm;
-    const char *next_realm = NULL;
-    for(r = realms; r; r = r->next){
-	/* it *might* be that you can have more than one empty
-	   component in a row, at least that's how I interpret the
-	   "," exception in 1510 */
-	if(r->realm[0] == '\0'){
-	    while(r->next && r->next->realm[0] == '\0')
-		r = r->next;
-	    if(r->next)
-		next_realm = r->next->realm;
-	    else
-		next_realm = server_realm;
-	    ret = make_path(context, r, prev_realm, next_realm);
-	    if(ret){
-		free_realms(realms);
-		return ret;
-	    }
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static int
-expand_realms(krb5_context context,
-	      struct tr_realm *realms, const char *client_realm)
-{
-    struct tr_realm *r;
-    const char *prev_realm = NULL;
-    for(r = realms; r; r = r->next){
-	if(r->trailing_dot){
-	    char *tmp;
-	    size_t len;
-
-	    if(prev_realm == NULL)
-		prev_realm = client_realm;
-
-	    len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    tmp = realloc(r->realm, len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    r->realm = tmp;
-	    strlcat(r->realm, prev_realm, len);
-	}else if(r->leading_slash && !r->leading_space && prev_realm){
-	    /* yet another exception: if you use x500-names, the
-               leading realm doesn't have to be "quoted" with a space */
-	    char *tmp;
-	    size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    tmp = malloc(len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlcpy(tmp, prev_realm, len);
-	    strlcat(tmp, r->realm, len);
-	    free(r->realm);
-	    r->realm = tmp;
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static struct tr_realm *
-make_realm(char *realm)
-{
-    struct tr_realm *r;
-    char *p, *q;
-    int quote = 0;
-    r = calloc(1, sizeof(*r));
-    if(r == NULL){
-	free(realm);
-	return NULL;
-    }
-    r->realm = realm;
-    for(p = q = r->realm; *p; p++){
-	if(p == r->realm && *p == ' '){
-	    r->leading_space = 1;
-	    continue;
-	}
-	if(q == r->realm && *p == '/')
-	    r->leading_slash = 1;
-	if(quote){
-	    *q++ = *p;
-	    quote = 0;
-	    continue;
-	}
-	if(*p == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(p[0] == '.' && p[1] == '\0')
-	    r->trailing_dot = 1;
-	*q++ = *p;
-    }
-    *q = '\0';
-    return r;
-}
-
-static struct tr_realm*
-append_realm(struct tr_realm *head, struct tr_realm *r)
-{
-    struct tr_realm *p;
-    if(head == NULL){
-	r->next = NULL;
-	return r;
-    }
-    p = head;
-    while(p->next) p = p->next;
-    p->next = r;
-    return head;
-}
-
-static int
-decode_realms(krb5_context context,
-	      const char *tr, int length, struct tr_realm **realms)
-{
-    struct tr_realm *r = NULL;
-
-    char *tmp;
-    int quote = 0;
-    const char *start = tr;
-    int i;
-
-    for(i = 0; i < length; i++){
-	if(quote){
-	    quote = 0;
-	    continue;
-	}
-	if(tr[i] == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(tr[i] == ','){
-	    tmp = malloc(tr + i - start + 1);
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memcpy(tmp, start, tr + i - start);
-	    tmp[tr + i - start] = '\0';
-	    r = make_realm(tmp);
-	    if(r == NULL){
-		free_realms(*realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    *realms = append_realm(*realms, r);
-	    start = tr + i + 1;
-	}
-    }
-    tmp = malloc(tr + i - start + 1);
-    if(tmp == NULL){
-	free(*realms);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(tmp, start, tr + i - start);
-    tmp[tr + i - start] = '\0';
-    r = make_realm(tmp);
-    if(r == NULL){
-	free_realms(*realms);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realms = append_realm(*realms, r);
-    
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_decode(krb5_context context,
-			krb5_data tr, char ***realms, int *num_realms, 
-			const char *client_realm, const char *server_realm)
-{
-    struct tr_realm *r = NULL;
-    struct tr_realm *p, **q;
-    int ret;
-    
-    if(tr.length == 0) {
-	*realms = NULL;
-	*num_realms = 0;
-	return 0;
-    }
-
-    /* split string in components */
-    ret = decode_realms(context, tr.data, tr.length, &r);
-    if(ret)
-	return ret;
-    
-    /* apply prefix rule */
-    ret = expand_realms(context, r, client_realm);
-    if(ret)
-	return ret;
-    
-    ret = make_paths(context, r, client_realm, server_realm);
-    if(ret)
-	return ret;
-    
-    /* remove empty components and count realms */
-    q = &r;
-    *num_realms = 0;
-    for(p = r; p; ){
-	if(p->realm[0] == '\0'){
-	    free(p->realm);
-	    *q = p->next;
-	    free(p);
-	    p = *q;
-	}else{
-	    q = &p->next;
-	    p = p->next;
-	    (*num_realms)++;
-	}
-    }
-    if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
-	return ERANGE;
-
-    {
-	char **R;
-	R = malloc((*num_realms + 1) * sizeof(*R));
-	if (R == NULL)
-	    return ENOMEM;
-	*realms = R;
-	while(r){
-	    *R++ = r->realm;
-	    p = r->next;
-	    free(r);
-	    r = p;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
-{
-    char *s = NULL;
-    int len = 0;
-    int i;
-    krb5_data_zero(encoding);
-    if (num_realms == 0)
-	return 0;
-    for(i = 0; i < num_realms; i++){
-	len += strlen(realms[i]);
-	if(realms[i][0] == '/')
-	    len++;
-    }
-    len += num_realms - 1;
-    s = malloc(len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    *s = '\0';
-    for(i = 0; i < num_realms; i++){
-	if(i && i < num_realms - 1)
-	    strlcat(s, ",", len + 1);
-	if(realms[i][0] == '/')
-	    strlcat(s, " ", len + 1);
-	strlcat(s, realms[i], len + 1);
-    }
-    encoding->data = s;
-    encoding->length = strlen(s);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited(krb5_context context,
-		     krb5_const_realm client_realm,
-		     krb5_const_realm server_realm,
-		     krb5_realm *realms,
-		     int num_realms,
-		     int *bad_realm)
-{
-    char **tr_realms;
-    char **p;
-    int i;
-
-    if(num_realms == 0)
-	return 0;
-    
-    tr_realms = krb5_config_get_strings(context, NULL, 
-					"capaths", 
-					client_realm, 
-					server_realm, 
-					NULL);
-    for(i = 0; i < num_realms; i++) {
-	for(p = tr_realms; p && *p; p++) {
-	    if(strcmp(*p, realms[i]) == 0)
-		break;
-	}
-	if(p == NULL || *p == NULL) {
-	    krb5_config_free_strings(tr_realms);
-	    krb5_set_error_string (context, "no transit through realm %s",
-				   realms[i]);
-	    if(bad_realm)
-		*bad_realm = i;
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-    }
-    krb5_config_free_strings(tr_realms);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited_realms(krb5_context context,
-			    const char *const *realms, 
-			    int num_realms, 
-			    int *bad_realm)
-{
-    int i;
-    int ret = 0;
-    char **bad_realms = krb5_config_get_strings(context, NULL, 
-						"libdefaults", 
-						"transited_realms_reject", 
-						NULL);
-    if(bad_realms == NULL)
-	return 0;
-
-    for(i = 0; i < num_realms; i++) {
-	char **p;
-	for(p = bad_realms; *p; p++)
-	    if(strcmp(*p, realms[i]) == 0) {
-		krb5_set_error_string (context, "no transit through realm %s",
-				       *p);
-		ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
-		if(bad_realm)
-		    *bad_realm = i;
-		break;
-	    }
-    }
-    krb5_config_free_strings(bad_realms);
-    return ret;
-}
-
-#if 0
-int
-main(int argc, char **argv)
-{
-    krb5_data x;
-    char **r;
-    int num, i;
-    x.data = argv[1];
-    x.length = strlen(x.data);
-    if(domain_expand(x, &r, &num, argv[2], argv[3]))
-	exit(1);
-    for(i = 0; i < num; i++)
-	printf("%s\n", r[i]);
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/krb5/v4_glue.c b/crypto/heimdal/lib/krb5/v4_glue.c
deleted file mode 100644
index 37b1e35..0000000
--- a/crypto/heimdal/lib/krb5/v4_glue.c
+++ /dev/null
@@ -1,939 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: v4_glue.c 22071 2007-11-14 20:04:50Z lha $");
-
-#include "krb5-v4compat.h"
-
-/*
- *
- */
-
-#define RCHECK(r,func,label) \
-	do { (r) = func ; if (r) goto label; } while(0);
-
-
-/* include this here, to avoid dependencies on libkrb */
-
-static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
-   38400,   41055,   43894,   46929,   50174,   53643,   57352,   61318,
-   65558,   70091,   74937,   80119,   85658,   91581,   97914,  104684,
-  111922,  119661,  127935,  136781,  146239,  156350,  167161,  178720,
-  191077,  204289,  218415,  233517,  249664,  266926,  285383,  305116,
-  326213,  348769,  372885,  398668,  426234,  455705,  487215,  520904,
-  556921,  595430,  636601,  680618,  727680,  777995,  831789,  889303,
-  950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
- 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
-};
-
-int KRB5_LIB_FUNCTION
-_krb5_krb_time_to_life(time_t start, time_t end)
-{
-    int i;
-    time_t life = end - start;
-
-    if (life > MAXTKTLIFETIME || life <= 0) 
-	return 0;
-#if 0    
-    if (krb_no_long_lifetimes) 
-	return (life + 5*60 - 1)/(5*60);
-#endif
-    
-    if (end >= NEVERDATE)
-	return TKTLIFENOEXPIRE;
-    if (life < _tkt_lifetimes[0]) 
-	return (life + 5*60 - 1)/(5*60);
-    for (i=0; i<TKTLIFENUMFIXED; i++)
-	if (life <= _tkt_lifetimes[i])
-	    return i + TKTLIFEMINFIXED;
-    return 0;
-    
-}
-
-time_t KRB5_LIB_FUNCTION
-_krb5_krb_life_to_time(int start, int life_)
-{
-    unsigned char life = (unsigned char) life_;
-
-#if 0    
-    if (krb_no_long_lifetimes)
-	return start + life*5*60;
-#endif
-
-    if (life == TKTLIFENOEXPIRE)
-	return NEVERDATE;
-    if (life < TKTLIFEMINFIXED)
-	return start + life*5*60;
-    if (life > TKTLIFEMAXFIXED)
-	return start + MAXTKTLIFETIME;
-    return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
-}
-
-/*
- * Get the name of the krb4 credentials cache, will use `tkfile' as
- * the name if that is passed in. `cc' must be free()ed by caller,
- */
-
-static krb5_error_code
-get_krb4_cc_name(const char *tkfile, char **cc)
-{
-
-    *cc = NULL;
-    if(tkfile == NULL) {
-	char *path;
-	if(!issuid()) {
-	    path = getenv("KRBTKFILE");
-	    if (path)
-		*cc = strdup(path);
-	}
-	if(*cc == NULL)
-	    if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
-		return errno;
-    } else {
-	*cc = strdup(tkfile);
-	if (*cc == NULL)
-	    return ENOMEM;
-    }
-    return 0;
-}
-
-/*
- * Write a Kerberos 4 ticket file
- */
-
-#define KRB5_TF_LCK_RETRY_COUNT 50
-#define KRB5_TF_LCK_RETRY 1
-
-static krb5_error_code
-write_v4_cc(krb5_context context, const char *tkfile, 
-	    krb5_storage *sp, int append)
-{
-    krb5_error_code ret;
-    struct stat sb;
-    krb5_data data;
-    char *path;
-    int fd, i;
-
-    ret = get_krb4_cc_name(tkfile, &path);
-    if (ret) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: failed getting "
-			      "the krb4 credentials cache name"); 
-	return ret;
-    }
-
-    fd = open(path, O_WRONLY|O_CREAT, 0600);
-    if (fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: error opening file %s", 
-			      path);
-	free(path);
-	return ret;
-    }
-
-    if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: tktfile %s is not a file",
-			      path);
-	free(path);
-	close(fd);
-	return KRB5_FCC_PERM;
-    }
-
-    for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) {
-	if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
-	    sleep(KRB5_TF_LCK_RETRY);
-	} else
-	    break;
-    }
-    if (i == KRB5_TF_LCK_RETRY_COUNT) {
-	krb5_set_error_string(context,
-			      "krb5_krb_tf_setup: failed to lock %s",
-			      path);
-	free(path);
-	close(fd);
-	return KRB5_FCC_PERM;
-    }
-
-    if (!append) {
-	ret = ftruncate(fd, 0);
-	if (ret < 0) {
-	    flock(fd, LOCK_UN);
-	    krb5_set_error_string(context,
-				  "krb5_krb_tf_setup: failed to truncate %s",
-				  path);
-	    free(path);
-	    close(fd);
-	    return KRB5_FCC_PERM;
-	}
-    }
-    ret = lseek(fd, 0L, SEEK_END);
-    if (ret < 0) {
-	ret = errno;
-	flock(fd, LOCK_UN);
-	free(path);
-	close(fd);
-	return ret;
-    }
-
-    krb5_storage_to_data(sp, &data);
-
-    ret = write(fd, data.data, data.length);
-    if (ret != data.length)
-	ret = KRB5_CC_IO;
-
-    krb5_free_data_contents(context, &data);
-
-    flock(fd, LOCK_UN);
-    free(path);
-    close(fd);
-
-    return 0;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_tf_setup(krb5_context context, 
-		   struct credentials *v4creds, 
-		   const char *tkfile,
-		   int append)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
-    krb5_storage_set_eof_code(sp, KRB5_CC_IO);
-
-    krb5_clear_error_string(context);
-
-    if (!append) {
-	RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
-	RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
-    }
-
-    /* cred */
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
-    ret = krb5_storage_write(sp, v4creds->session, 8);
-    if (ret != 8) {
-	ret = KRB5_CC_IO;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
-    RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
-    RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
-
-    ret = krb5_storage_write(sp, v4creds->ticket_st.dat, 
-			     v4creds->ticket_st.length);
-    if (ret != v4creds->ticket_st.length) {
-	ret = KRB5_CC_IO;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
-
-    ret = write_v4_cc(context, tkfile, sp, append);
-
- error:
-    krb5_storage_free(sp);
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
-{
-    krb5_error_code ret;
-    char *path;
-
-    ret = get_krb4_cc_name(tkfile, &path);
-    if (ret) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: failed getting "
-			      "the krb4 credentials cache name"); 
-	return ret;
-    }
-
-    if (unlink(path) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, 
-			      "krb5_krb_dest_tkt failed removing the cache "
-			      "with error %s", strerror(ret));
-    }
-    free(path);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-decrypt_etext(krb5_context context, const krb5_keyblock *key,
-	      const krb5_data *cdata, krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00";
-
-static krb5_error_code
-storage_to_etext(krb5_context context,
-		 krb5_storage *sp,
-		 const krb5_keyblock *key, 
-		 krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_ssize_t size;
-    krb5_data data;
-
-    /* multiple of eight bytes */
-
-    size = krb5_storage_seek(sp, 0, SEEK_END);
-    if (size < 0)
-	return KRB4ET_RD_AP_UNDEC;
-    size = 8 - (size & 7);
-
-    ret = krb5_storage_write(sp, eightzeros, size);
-    if (ret != size)
-	return KRB4ET_RD_AP_UNDEC;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret) {
-	krb5_data_free(&data);
-	return ret;
-    }
-
-    ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data);
-
-    krb5_data_free(&data);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-put_nir(krb5_storage *sp, const char *name,
-	const char *instance, const char *realm)
-{
-    krb5_error_code ret;
-
-    RCHECK(ret, krb5_store_stringz(sp, name), error);
-    RCHECK(ret, krb5_store_stringz(sp, instance), error);
-    if (realm) {
-	RCHECK(ret, krb5_store_stringz(sp, realm), error);
-    }
- error:
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ticket(krb5_context context,
-			unsigned char flags,
-			const char *pname,
-			const char *pinstance,
-			const char *prealm,
-			int32_t paddress,
-			const krb5_keyblock *session,
-			int16_t life,
-			int32_t life_sec,
-			const char *sname,
-			const char *sinstance,
-			const krb5_keyblock *key,
-			krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(enc_data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, flags), error);
-    RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
-    RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
-
-    /* session key */
-    ret = krb5_storage_write(sp,
-			     session->keyvalue.data, 
-			     session->keyvalue.length);
-    if (ret != session->keyvalue.length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, krb5_store_int8(sp, life), error);
-    RCHECK(ret, krb5_store_int32(sp, life_sec), error);
-    RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
-
-    ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ciph(krb5_context context,
-		      const krb5_keyblock *session,
-		      const char *service,
-		      const char *instance,
-		      const char *realm,
-		      uint32_t life,
-		      unsigned char kvno,
-		      const krb5_data *ticket,
-		      uint32_t kdc_time,
-		      const krb5_keyblock *key,
-		      krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(enc_data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    /* session key */
-    ret = krb5_storage_write(sp,
-			     session->keyvalue.data, 
-			     session->keyvalue.length);
-    if (ret != session->keyvalue.length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, put_nir(sp, service, instance, realm), error);
-    RCHECK(ret, krb5_store_int8(sp, life), error);
-    RCHECK(ret, krb5_store_int8(sp, kvno), error);
-    RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
-    ret = krb5_storage_write(sp, ticket->data, ticket->length);
-    if (ret != ticket->length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
-
-    ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_auth_reply(krb5_context context,
-			    const char *pname,
-			    const char *pinst,
-			    const char *prealm,
-			    int32_t time_ws,
-			    int n,
-			    uint32_t x_date,
-			    unsigned char kvno,
-			    const krb5_data *cipher,
-			    krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
-    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
-    RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
-    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
-    RCHECK(ret, krb5_store_int8(sp, n), error);
-    RCHECK(ret, krb5_store_int32(sp, x_date), error);
-    RCHECK(ret, krb5_store_int8(sp, kvno), error);
-    RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
-    ret = krb5_storage_write(sp, cipher->data, cipher->length);
-    if (ret != cipher->length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    ret = krb5_storage_to_data(sp, data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-	
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_cr_err_reply(krb5_context context,
-		       const char *name,
-		       const char *inst,
-		       const char *realm,
-		       uint32_t time_ws,
-		       uint32_t e,
-		       const char *e_string,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(data);
-
-    if (name == NULL) name = "";
-    if (inst == NULL) inst = "";
-    if (realm == NULL) realm = "";
-    if (e_string == NULL) e_string = "";
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
-    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
-    RCHECK(ret, put_nir(sp, name, inst, realm), error);
-    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
-    /* If it is a Kerberos 4 error-code, remove the et BASE */
-    if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
-	e -= ERROR_TABLE_BASE_krb;
-    RCHECK(ret, krb5_store_int32(sp, e), error);
-    RCHECK(ret, krb5_store_stringz(sp, e_string), error);
-
-    ret = krb5_storage_to_data(sp, data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 error");
-	
-    return 0;
-}
-
-static krb5_error_code
-get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
-{
-    krb5_error_code ret;
-
-    ret = krb5_ret_stringz(sp, str);
-    if (ret)
-	return ret;
-    if (strlen(*str) > max_len) {
-	free(*str);
-	*str = NULL;
-	return KRB4ET_INTK_PROT;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_decomp_ticket(krb5_context context,
-			const krb5_data *enc_ticket,
-			const krb5_keyblock *key,
-			const char *local_realm,
-			char **sname,
-			char **sinstance,
-			struct _krb5_krb_auth_data *ad)
-{
-    krb5_error_code ret;
-    krb5_ssize_t size;
-    krb5_storage *sp = NULL;
-    krb5_data ticket;
-    unsigned char des_key[8];
-
-    memset(ad, 0, sizeof(*ad));
-    krb5_data_zero(&ticket);
-
-    *sname = NULL;
-    *sinstance = NULL;
-
-    RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error);
-
-    sp = krb5_storage_from_data(&ticket);
-    if (sp == NULL) {
-	krb5_data_free(&ticket);
-	krb5_set_error_string(context, "alloc: out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
-    RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error);
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error);
-	
-    size = krb5_storage_read(sp, des_key, sizeof(des_key));
-    if (size != sizeof(des_key)) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error);
-
-    if (ad->k_flags & 1)
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    else
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error);
-
-    RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error);
-
-    ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE,
-			     des_key, sizeof(des_key), &ad->session);
-    if (ret)
-	goto error;
-
-    if (strlen(ad->prealm) == 0) {
-	free(ad->prealm);
-	ad->prealm = strdup(local_realm);
-	if (ad->prealm == NULL) {
-	    ret = ENOMEM;
-	    goto error;
-	}
-    }
-
- error:
-    memset(des_key, 0, sizeof(des_key));
-    if (sp)
-	krb5_storage_free(sp);
-    krb5_data_free(&ticket);
-    if (ret) {
-	if (*sname) {
-	    free(*sname);
-	    *sname = NULL;
-	}
-	if (*sinstance) {
-	    free(*sinstance);
-	    *sinstance = NULL;
-	}
-	_krb5_krb_free_auth_data(context, ad);
-	krb5_set_error_string(context, "Failed to decode v4 ticket");
-    }
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_rd_req(krb5_context context,
-		 krb5_data *authent,
-		 const char *service,
-		 const char *instance,
-		 const char *local_realm,
-		 int32_t from_addr,
-		 const krb5_keyblock *key,
-		 struct _krb5_krb_auth_data *ad)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    krb5_data ticket, eaut, aut;
-    krb5_ssize_t size;
-    int little_endian;
-    int8_t pvno;
-    int8_t type;
-    int8_t s_kvno;
-    uint8_t ticket_length;
-    uint8_t eaut_length;
-    uint8_t time_5ms;
-    char *realm = NULL;
-    char *sname = NULL;
-    char *sinstance = NULL;
-    char *r_realm = NULL;
-    char *r_name = NULL;
-    char *r_instance = NULL;
-
-    uint32_t r_time_sec;	/* Coarse time from authenticator */
-    unsigned long delta_t;      /* Time in authenticator - local time */
-    long tkt_age;		/* Age of ticket */
-
-    struct timeval tv;
-
-    krb5_data_zero(&ticket);
-    krb5_data_zero(&eaut);
-    krb5_data_zero(&aut);
-
-    sp = krb5_storage_from_data(authent);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "alloc: out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
-    ret = krb5_ret_int8(sp, &pvno);
-    if (ret) {
-	krb5_set_error_string(context, "Failed reading v4 pvno");
-	goto error;
-    }
-
-    if (pvno != KRB_PROT_VERSION) {
-	ret = KRB4ET_RD_AP_VERSION;
-	krb5_set_error_string(context, "Failed v4 pvno not 4");
-	goto error;
-    }
-
-    ret = krb5_ret_int8(sp, &type);
-    if (ret) {
-	krb5_set_error_string(context, "Failed readin v4 type");
-	goto error;
-    }
-
-    little_endian = type & 1;
-    type &= ~1;
-    
-    if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
-	ret = KRB4ET_RD_AP_MSG_TYPE;
-	krb5_set_error_string(context, "Not a valid v4 request type");
-	goto error;
-    }
-
-    RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error);
-    RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error);
-    RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error);
-
-    size = krb5_storage_read(sp, ticket.data, ticket.length);
-    if (size != ticket.length) {
-	ret = KRB4ET_INTK_PROT;
-	krb5_set_error_string(context, "Failed reading v4 ticket");
-	goto error;
-    }
-
-    /* Decrypt and take apart ticket */
-    ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, 
-				  &sname, &sinstance, ad);
-    if (ret)
-	goto error;
-
-    RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error);
-
-    size = krb5_storage_read(sp, eaut.data, eaut.length);
-    if (size != eaut.length) {
-	ret = KRB4ET_INTK_PROT;
-	krb5_set_error_string(context, "Failed reading v4 authenticator");
-	goto error;
-    }
-
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    ret = decrypt_etext(context, &ad->session, &eaut, &aut);
-    if (ret)
-	goto error;
-
-    sp = krb5_storage_from_data(&aut);
-    if (sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "alloc: out of memory");
-	goto error;
-    }
-
-    if (little_endian)
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    else
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error);
-
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error);
-    RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error);
-
-    if (strcmp(ad->pname, r_name) != 0 ||
-	strcmp(ad->pinst, r_instance) != 0 ||
-	strcmp(ad->prealm, r_realm) != 0) {
-	krb5_set_error_string(context, "v4 principal mismatch");
-	ret = KRB4ET_RD_AP_INCON;
-	goto error;
-    }
-    
-    if (from_addr && ad->address && from_addr != ad->address) {
-	krb5_set_error_string(context, "v4 bad address in ticket");
-	ret = KRB4ET_RD_AP_BADD;
-	goto error;
-    }
-
-    gettimeofday(&tv, NULL);
-    delta_t = abs((int)(tv.tv_sec - r_time_sec));
-    if (delta_t > CLOCK_SKEW) {
-        ret = KRB4ET_RD_AP_TIME;
-	krb5_set_error_string(context, "v4 clock skew");
-	goto error;
-    }
-
-    /* Now check for expiration of ticket */
-
-    tkt_age = tv.tv_sec - ad->time_sec;
-    
-    if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
-        ret = KRB4ET_RD_AP_NYV;
-	krb5_set_error_string(context, "v4 clock skew for expiration");
-	goto error;
-    }
-
-    if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
-	ret = KRB4ET_RD_AP_EXP;
-	krb5_set_error_string(context, "v4 ticket expired");
-	goto error;
-    }
-
-    ret = 0;
- error:
-    krb5_data_free(&ticket);
-    krb5_data_free(&eaut);
-    krb5_data_free(&aut);
-    if (realm)
-	free(realm);
-    if (sname)
-	free(sname);
-    if (sinstance)
-	free(sinstance);
-    if (r_name)
-	free(r_name);
-    if (r_instance)
-	free(r_instance);
-    if (r_realm)
-	free(r_realm);
-    if (sp)
-	krb5_storage_free(sp);
-
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-/*
- *
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
-{
-    if (ad->pname)
-	free(ad->pname);
-    if (ad->pinst)
-	free(ad->pinst);
-    if (ad->prealm)
-	free(ad->prealm);
-    krb5_free_keyblock_contents(context, &ad->session);
-    memset(ad, 0, sizeof(*ad));
-}
diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c
deleted file mode 100644
index 37db346..0000000
--- a/crypto/heimdal/lib/krb5/verify_init.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_init.c 15555 2005-07-06 00:48:16Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
-{
-    memset (options, 0, sizeof(*options));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options,
-					     int ap_req_nofail)
-{
-    options->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
-    options->ap_req_nofail = ap_req_nofail;
-}
-
-/*
- *
- */
-
-static krb5_boolean
-fail_verify_is_ok (krb5_context context,
-		   krb5_verify_init_creds_opt *options)
-{
-    if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
-	 && options->ap_req_nofail != 0)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 "verify_ap_req_nofail",
-				 NULL))
-	return FALSE;
-    else
-	return TRUE;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal ap_req_server,
-		       krb5_keytab ap_req_keytab,
-		       krb5_ccache *ccache,
-		       krb5_verify_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_data req;
-    krb5_ccache local_ccache = NULL;
-    krb5_creds *new_creds = NULL;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server = NULL;
-    krb5_keytab keytab = NULL;
-
-    krb5_data_zero (&req);
-
-    if (ap_req_server == NULL) {
-	char local_hostname[MAXHOSTNAMELEN];
-
-	if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "gethostname: %s",
-				   strerror(ret));
-	    return ret;
-	}
-
-	ret = krb5_sname_to_principal (context,
-				       local_hostname,
-				       "host",
-				       KRB5_NT_SRV_HST,
-				       &server);
-	if (ret)
-	    goto cleanup;
-    } else
-	server = ap_req_server;
-
-    if (ap_req_keytab == NULL) {
-	ret = krb5_kt_default (context, &keytab);
-	if (ret)
-	    goto cleanup;
-    } else
-	keytab = ap_req_keytab;
-
-    if (ccache && *ccache)
-	local_ccache = *ccache;
-    else {
-	ret = krb5_cc_gen_new (context, &krb5_mcc_ops, &local_ccache);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_initialize (context,
-				  local_ccache,
-				  creds->client);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_store_cred (context,
-				  local_ccache,
-				  creds);
-	if (ret)
-	    goto cleanup;
-    }
-
-    if (!krb5_principal_compare (context, server, creds->server)) {
-	krb5_creds match_cred;
-
-	memset (&match_cred, 0, sizeof(match_cred));
-
-	match_cred.client = creds->client;
-	match_cred.server = server;
-
-	ret = krb5_get_credentials (context,
-				    0,
-				    local_ccache,
-				    &match_cred,
-				    &new_creds);
-	if (ret) {
-	    if (fail_verify_is_ok (context, options))
-		ret = 0;
-	    goto cleanup;
-	}
-	creds = new_creds;
-    }
-
-    ret = krb5_mk_req_extended (context,
-				&auth_context,
-				0,
-				NULL,
-				creds,
-				&req);
-    
-    krb5_auth_con_free (context, auth_context);
-    auth_context = NULL;
-
-    if (ret)
-	goto cleanup;
-
-    ret = krb5_rd_req (context,
-		       &auth_context,
-		       &req,
-		       server,
-		       keytab,
-		       0,
-		       NULL);
-
-    if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
-	ret = 0;
-cleanup:
-    if (auth_context)
-	krb5_auth_con_free (context, auth_context);
-    krb5_data_free (&req);
-    if (new_creds != NULL)
-	krb5_free_creds (context, new_creds);
-    if (ap_req_server == NULL && server)
-	krb5_free_principal (context, server);
-    if (ap_req_keytab == NULL && keytab)
-	krb5_kt_close (context, keytab);
-    if (local_ccache != NULL
-	&&
-	(ccache == NULL
-	 || (ret != 0 && *ccache == NULL)))
-	krb5_cc_destroy (context, local_ccache);
-
-    if (ret == 0 && ccache != NULL && *ccache == NULL)
-	*ccache = local_ccache;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
deleted file mode 100644
index 28f84ab..0000000
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8
+++ /dev/null
@@ -1,95 +0,0 @@
-.\" Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: verify_krb5_conf.8 14375 2004-12-08 17:52:41Z lha $
-.\"
-.Dd December  8, 2004
-.Dt VERIFY_KRB5_CONF 8
-.Os HEIMDAL
-.Sh NAME
-.Nm verify_krb5_conf
-.Nd checks krb5.conf for obvious errors
-.Sh SYNOPSIS
-.Nm
-.Ar [config-file]
-.Sh DESCRIPTION
-.Nm
-reads the configuration file
-.Pa krb5.conf ,
-or the file given on the command line,
-and parses it, thereby verifying that the syntax is not correctly wrong.
-.Pp
-If the file is syntactically correct,
-.Nm
-tries to verify that the contents of the file is of relevant nature.
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh FILES
-.Bl -tag -width /etc/krb5.conf -compact
-.It Pa /etc/krb5.conf
-Kerberos 5 configuration file
-.El
-.Sh DIAGNOSTICS
-Possible output from
-.Nm
-include:
-.Bl -tag -width "FpathF"
-.It "<path>: failed to parse <something> as size/time/number/boolean"
-Usually means that <something> is misspelled, or that it contains
-weird characters. The parsing done by
-.Nm
-is more strict than the one performed by libkrb5, so strings that
-work in real life might be reported as bad.
-.It "<path>: host not found (<hostname>)"
-Means that <path> is supposed to point to a host, but it can't be
-recognised as one.
-.It <path>: unknown or wrong type
-Means that <path> is either a string when it should be a list, vice
-versa, or just that
-.Nm
-is confused.
-.It <path>: unknown entry
-Means that <string> is not known by
-.Nm "" .
-.El
-.Sh SEE ALSO
-.Xr krb5.conf 5
-.Sh BUGS
-Since each application can put almost anything in the config file,
-it's hard to come up with a watertight verification process. Most of
-the default settings are sanity checked, but this does not mean that
-every problem is discovered, or that everything that is reported as a
-possible problem actually is one. This tool should thus be used with
-some care.
-.Pp
-It should warn about obsolete data, or bad practice, but currently
-doesn't.
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c
deleted file mode 100644
index b55fbd7..0000000
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-#include <err.h>
-RCSID("$Id: verify_krb5_conf.c 22233 2007-12-08 21:43:37Z lha $");
-
-/* verify krb5.conf */
-
-static int dumpconfig_flag = 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-static int warn_mit_syntax_flag = 0;
-
-static struct getargs args[] = {
-    {"dumpconfig", 0,      arg_flag,       &dumpconfig_flag, 
-     "show the parsed config files", NULL },
-    {"warn-mit-syntax", 0, arg_flag,       &warn_mit_syntax_flag, 
-     "show the parsed config files", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[config-file]");
-    exit (ret);
-}
-
-static int
-check_bytes(krb5_context context, const char *path, char *data)
-{
-    if(parse_bytes(data, NULL) == -1) {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as size", path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_time(krb5_context context, const char *path, char *data)
-{
-    if(parse_time(data, NULL) == -1) {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as time", path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_numeric(krb5_context context, const char *path, char *data)
-{
-    long int v;
-    char *end;
-    v = strtol(data, &end, 0);
-    if(*end != '\0') {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as a number", 
-		   path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_boolean(krb5_context context, const char *path, char *data)
-{
-    long int v;
-    char *end;
-    if(strcasecmp(data, "yes") == 0 ||
-       strcasecmp(data, "true") == 0 ||
-       strcasecmp(data, "no") == 0 ||
-       strcasecmp(data, "false") == 0)
-	return 0;
-    v = strtol(data, &end, 0);
-    if(*end != '\0') {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", 
-		   path, data);
-	return 1;
-    }
-    if(v != 0 && v != 1)
-	krb5_warnx(context, "%s: numeric value \"%s\" is treated as \"true\"", 
-		   path, data);
-    return 0;
-}
-
-static int
-check_524(krb5_context context, const char *path, char *data)
-{
-    if(strcasecmp(data, "yes") == 0 ||
-       strcasecmp(data, "no") == 0 ||
-       strcasecmp(data, "2b") == 0 ||
-       strcasecmp(data, "local") == 0)
-	return 0;
-
-    krb5_warnx(context, "%s: didn't contain a valid option `%s'", 
-	       path, data);
-    return 1;
-}
-
-static int
-check_host(krb5_context context, const char *path, char *data)
-{
-    int ret;
-    char hostname[128];
-    const char *p = data;
-    struct addrinfo hints;
-    char service[32];
-    int defport;
-    struct addrinfo *ai;
-
-    hints.ai_flags = 0;
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = 0;
-    hints.ai_protocol = 0;
-
-    hints.ai_addrlen = 0;
-    hints.ai_canonname = NULL;
-    hints.ai_addr = NULL;
-    hints.ai_next = NULL;
-    
-    /* XXX data could be a list of hosts that this code can't handle */
-    /* XXX copied from krbhst.c */
-    if(strncmp(p, "http://", 7) == 0){
-        p += 7;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "http", sizeof(service));
-	defport = 80;
-    } else if(strncmp(p, "http/", 5) == 0) {
-        p += 5;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "http", sizeof(service));
-	defport = 80;
-    }else if(strncmp(p, "tcp/", 4) == 0){
-        p += 4;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    } else if(strncmp(p, "udp/", 4) == 0) {
-        p += 4;
-	hints.ai_socktype = SOCK_DGRAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    } else {
-	hints.ai_socktype = SOCK_DGRAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    }
-    if(strsep_copy(&p, ":", hostname, sizeof(hostname)) < 0) {
-	return 1;
-    }
-    hostname[strcspn(hostname, "/")] = '\0';
-    if(p != NULL) {
-	char *end;
-	int tmp = strtol(p, &end, 0);
-	if(end == p) {
-	    krb5_warnx(context, "%s: failed to parse port number in %s", 
-		       path, data);
-	    return 1;
-	}
-	defport = tmp;
-	snprintf(service, sizeof(service), "%u", defport);
-    }
-    ret = getaddrinfo(hostname, service, &hints, &ai);
-    if(ret == EAI_SERVICE && !isdigit((unsigned char)service[0])) {
-	snprintf(service, sizeof(service), "%u", defport);
-	ret = getaddrinfo(hostname, service, &hints, &ai);
-    }
-    if(ret != 0) {
-	krb5_warnx(context, "%s: %s (%s)", path, gai_strerror(ret), hostname);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-mit_entry(krb5_context context, const char *path, char *data)
-{
-    if (warn_mit_syntax_flag)
-	krb5_warnx(context, "%s is only used by MIT Kerberos", path);
-    return 0;
-}
-
-struct s2i {
-    const char *s;
-    int val;
-};
-
-#define L(X) { #X, LOG_ ## X }
-
-static struct s2i syslogvals[] = {
-    /* severity */
-    L(EMERG),
-    L(ALERT),
-    L(CRIT),
-    L(ERR),
-    L(WARNING),
-    L(NOTICE),
-    L(INFO),
-    L(DEBUG),
-    /* facility */
-    L(AUTH),
-#ifdef LOG_AUTHPRIV
-    L(AUTHPRIV),
-#endif
-#ifdef LOG_CRON
-    L(CRON),
-#endif
-    L(DAEMON),
-#ifdef LOG_FTP
-    L(FTP),
-#endif
-    L(KERN),
-    L(LPR),
-    L(MAIL),
-#ifdef LOG_NEWS
-    L(NEWS),
-#endif
-    L(SYSLOG),
-    L(USER),
-#ifdef LOG_UUCP
-    L(UUCP),
-#endif
-    L(LOCAL0),
-    L(LOCAL1),
-    L(LOCAL2),
-    L(LOCAL3),
-    L(LOCAL4),
-    L(LOCAL5),
-    L(LOCAL6),
-    L(LOCAL7),
-    { NULL, -1 }
-};
-
-static int
-find_value(const char *s, struct s2i *table)
-{
-    while(table->s && strcasecmp(table->s, s))
-	table++;
-    return table->val;
-}
-
-static int
-check_log(krb5_context context, const char *path, char *data)
-{
-    /* XXX sync with log.c */
-    int min = 0, max = -1, n;
-    char c;
-    const char *p = data;
-
-    n = sscanf(p, "%d%c%d/", &min, &c, &max);
-    if(n == 2){
-	if(c == '/') {
-	    if(min < 0){
-		max = -min;
-		min = 0;
-	    }else{
-		max = min;
-	    }
-	}
-    }
-    if(n){
-	p = strchr(p, '/');
-	if(p == NULL) {
-	    krb5_warnx(context, "%s: failed to parse \"%s\"", path, data);
-	    return 1;
-	}
-	p++;
-    }
-    if(strcmp(p, "STDERR") == 0 || 
-       strcmp(p, "CONSOLE") == 0 ||
-       (strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')) ||
-       (strncmp(p, "DEVICE", 6) == 0 && p[6] == '='))
-	return 0;
-    if(strncmp(p, "SYSLOG", 6) == 0){
-	int ret = 0;
-	char severity[128] = "";
-	char facility[128] = "";
-	p += 6;
-	if(*p != '\0')
-	    p++;
-	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
-	    strsep_copy(&p, ":", facility, sizeof(facility));
-	if(*severity == '\0')
-	    strlcpy(severity, "ERR", sizeof(severity));
- 	if(*facility == '\0')
-	    strlcpy(facility, "AUTH", sizeof(facility));
-	if(find_value(severity, syslogvals) == -1) {
-	    krb5_warnx(context, "%s: unknown syslog facility \"%s\"", 
-		       path, facility);
-	    ret++;
-	}
-	if(find_value(severity, syslogvals) == -1) {
-	    krb5_warnx(context, "%s: unknown syslog severity \"%s\"", 
-		       path, severity);
-	    ret++;
-	}
-	return ret;
-    }else{
-	krb5_warnx(context, "%s: unknown log type: \"%s\"", path, data);
-	return 1;
-    }
-}
-
-typedef int (*check_func_t)(krb5_context, const char*, char*);
-struct entry {
-    const char *name;
-    int type;
-    void *check_data;
-};
-
-struct entry all_strings[] = {
-    { "", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry all_boolean[] = {
-    { "", krb5_config_string, check_boolean },
-    { NULL }
-};
-
-
-struct entry v4_name_convert_entries[] = {
-    { "host", krb5_config_list, all_strings },
-    { "plain", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry libdefaults_entries[] = {
-    { "accept_null_addresses", krb5_config_string, check_boolean },
-    { "capath", krb5_config_list, all_strings },
-    { "check_pac", krb5_config_string, check_boolean },
-    { "clockskew", krb5_config_string, check_time },
-    { "date_format", krb5_config_string, NULL },
-    { "default_cc_name", krb5_config_string, NULL },
-    { "default_etypes", krb5_config_string, NULL },
-    { "default_etypes_des", krb5_config_string, NULL },
-    { "default_keytab_modify_name", krb5_config_string, NULL },
-    { "default_keytab_name", krb5_config_string, NULL },
-    { "default_realm", krb5_config_string, NULL },
-    { "dns_canonize_hostname", krb5_config_string, check_boolean },
-    { "dns_proxy", krb5_config_string, NULL },
-    { "dns_lookup_kdc", krb5_config_string, check_boolean },
-    { "dns_lookup_realm", krb5_config_string, check_boolean },
-    { "dns_lookup_realm_labels", krb5_config_string, NULL },
-    { "egd_socket", krb5_config_string, NULL },
-    { "encrypt", krb5_config_string, check_boolean },
-    { "extra_addresses", krb5_config_string, NULL },
-    { "fcache_version", krb5_config_string, check_numeric },
-    { "fcc-mit-ticketflags", krb5_config_string, check_boolean },
-    { "forward", krb5_config_string, check_boolean },
-    { "forwardable", krb5_config_string, check_boolean },
-    { "http_proxy", krb5_config_string, check_host /* XXX */ },
-    { "ignore_addresses", krb5_config_string, NULL },
-    { "kdc_timeout", krb5_config_string, check_time },
-    { "kdc_timesync", krb5_config_string, check_boolean },
-    { "log_utc", krb5_config_string, check_boolean },
-    { "maxretries", krb5_config_string, check_numeric },
-    { "scan_interfaces", krb5_config_string, check_boolean },
-    { "srv_lookup", krb5_config_string, check_boolean },
-    { "srv_try_txt", krb5_config_string, check_boolean }, 
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "time_format", krb5_config_string, NULL },
-    { "transited_realms_reject", krb5_config_string, NULL },
-    { "no-addresses", krb5_config_string, check_boolean },
-    { "v4_instance_resolve", krb5_config_string, check_boolean },
-    { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
-    { "verify_ap_req_nofail", krb5_config_string, check_boolean },
-    { "max_retries", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "warn_pwexpire", krb5_config_string, check_time },
-    /* MIT stuff */
-    { "permitted_enctypes", krb5_config_string, mit_entry },
-    { "default_tgs_enctypes", krb5_config_string, mit_entry },
-    { "default_tkt_enctypes", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry appdefaults_entries[] = {
-    { "afslog", krb5_config_string, check_boolean },
-    { "afs-use-524", krb5_config_string, check_524 },
-    { "encrypt", krb5_config_string, check_boolean },
-    { "forward", krb5_config_string, check_boolean },
-    { "forwardable", krb5_config_string, check_boolean },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "no-addresses", krb5_config_string, check_boolean },
-    { "krb4_get_tickets", krb5_config_string, check_boolean },
-    { "pkinit_anchors", krb5_config_string, NULL },
-    { "pkinit_win2k", krb5_config_string, NULL },
-    { "pkinit_win2k_require_binding", krb5_config_string, NULL },
-    { "pkinit_require_eku", krb5_config_string, NULL },
-    { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL },
-    { "pkinit_require_hostname_match", krb5_config_string, NULL },
-#if 0
-    { "anonymous", krb5_config_string, check_boolean },
-#endif
-    { "", krb5_config_list, appdefaults_entries },
-    { NULL }
-};
-
-struct entry realms_entries[] = {
-    { "forwardable", krb5_config_string, check_boolean },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "warn_pwexpire", krb5_config_string, check_time },
-    { "kdc", krb5_config_string, check_host },
-    { "admin_server", krb5_config_string, check_host },
-    { "kpasswd_server", krb5_config_string, check_host },
-    { "krb524_server", krb5_config_string, check_host },
-    { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
-    { "v4_instance_convert", krb5_config_list, all_strings },
-    { "v4_domains", krb5_config_string, NULL },
-    { "default_domain", krb5_config_string, NULL },
-    { "win2k_pkinit", krb5_config_string, NULL },
-    /* MIT stuff */
-    { "admin_keytab", krb5_config_string, mit_entry },
-    { "acl_file", krb5_config_string, mit_entry },
-    { "dict_file", krb5_config_string, mit_entry },
-    { "kadmind_port", krb5_config_string, mit_entry },
-    { "kpasswd_port", krb5_config_string, mit_entry },
-    { "master_key_name", krb5_config_string, mit_entry },
-    { "master_key_type", krb5_config_string, mit_entry },
-    { "key_stash_file", krb5_config_string, mit_entry },
-    { "max_life", krb5_config_string, mit_entry },
-    { "max_renewable_life", krb5_config_string, mit_entry },
-    { "default_principal_expiration", krb5_config_string, mit_entry },
-    { "default_principal_flags", krb5_config_string, mit_entry },
-    { "supported_enctypes", krb5_config_string, mit_entry },
-    { "database_name", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry realms_foobar[] = {
-    { "", krb5_config_list, realms_entries },
-    { NULL }
-};
-
-
-struct entry kdc_database_entries[] = {
-    { "realm", krb5_config_string, NULL },
-    { "dbname", krb5_config_string, NULL },
-    { "mkey_file", krb5_config_string, NULL },
-    { "acl_file", krb5_config_string, NULL },
-    { "log_file", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry kdc_entries[] = {
-    { "database", krb5_config_list, kdc_database_entries },
-    { "key-file", krb5_config_string, NULL },
-    { "logging", krb5_config_string, check_log },
-    { "max-request", krb5_config_string, check_bytes },
-    { "require-preauth", krb5_config_string, check_boolean },
-    { "ports", krb5_config_string, NULL },
-    { "addresses", krb5_config_string, NULL },
-    { "enable-kerberos4", krb5_config_string, check_boolean },
-    { "enable-524", krb5_config_string, check_boolean },
-    { "enable-http", krb5_config_string, check_boolean },
-    { "check-ticket-addresses", krb5_config_string, check_boolean },
-    { "allow-null-ticket-addresses", krb5_config_string, check_boolean },
-    { "allow-anonymous", krb5_config_string, check_boolean },
-    { "v4_realm", krb5_config_string, NULL },
-    { "enable-kaserver", krb5_config_string, check_boolean },
-    { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean },
-    { "kdc_warn_pwexpire", krb5_config_string, check_time },
-    { "use_2b", krb5_config_list, NULL },
-    { "enable-pkinit", krb5_config_string, check_boolean },
-    { "pkinit_identity", krb5_config_string, NULL },
-    { "pkinit_anchors", krb5_config_string, NULL },
-    { "pkinit_pool", krb5_config_string, NULL },
-    { "pkinit_revoke", krb5_config_string, NULL },
-    { "pkinit_kdc_ocsp", krb5_config_string, NULL },
-    { "pkinit_principal_in_certificate", krb5_config_string, NULL },
-    { "pkinit_dh_min_bits", krb5_config_string, NULL },
-    { "pkinit_allow_proxy_certificate", krb5_config_string, NULL },
-    { "hdb-ldap-create-base", krb5_config_string, NULL },
-    { "v4-realm", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry kadmin_entries[] = {
-    { "password_lifetime", krb5_config_string, check_time },
-    { "default_keys", krb5_config_string, NULL },
-    { "use_v4_salt", krb5_config_string, NULL },
-    { "require-preauth", krb5_config_string, check_boolean },
-    { NULL }
-};
-struct entry log_strings[] = {
-    { "", krb5_config_string, check_log },
-    { NULL }
-};
-
-
-/* MIT stuff */
-struct entry kdcdefaults_entries[] = {
-    { "kdc_ports", krb5_config_string, mit_entry },
-    { "v4_mode", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry capaths_entries[] = {
-    { "", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry password_quality_entries[] = {
-    { "policies", krb5_config_string, NULL },
-    { "external_program", krb5_config_string, NULL },
-    { "min_classes", krb5_config_string, check_numeric },
-    { "min_length", krb5_config_string, check_numeric },
-    { "", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry toplevel_sections[] = {
-    { "libdefaults" , krb5_config_list, libdefaults_entries },
-    { "realms", krb5_config_list, realms_foobar },
-    { "domain_realm", krb5_config_list, all_strings },
-    { "logging", krb5_config_list, log_strings },
-    { "kdc", krb5_config_list, kdc_entries },
-    { "kadmin", krb5_config_list, kadmin_entries },
-    { "appdefaults", krb5_config_list, appdefaults_entries },
-    { "gssapi", krb5_config_list, NULL },
-    { "capaths", krb5_config_list, capaths_entries },
-    { "password_quality", krb5_config_list, password_quality_entries },
-    /* MIT stuff */
-    { "kdcdefaults", krb5_config_list, kdcdefaults_entries },
-    { NULL }
-};
-
-
-static int
-check_section(krb5_context context, const char *path, krb5_config_section *cf, 
-	      struct entry *entries)
-{
-    int error = 0;
-    krb5_config_section *p;
-    struct entry *e;
-    
-    char *local;
-    
-    for(p = cf; p != NULL; p = p->next) {
-	asprintf(&local, "%s/%s", path, p->name);
-	for(e = entries; e->name != NULL; e++) {
-	    if(*e->name == '\0' || strcmp(e->name, p->name) == 0) {
-		if(e->type != p->type) {
-		    krb5_warnx(context, "%s: unknown or wrong type", local);
-		    error |= 1;
-		} else if(p->type == krb5_config_string && e->check_data != NULL) {
-		    error |= (*(check_func_t)e->check_data)(context, local, p->u.string);
-		} else if(p->type == krb5_config_list && e->check_data != NULL) {
-		    error |= check_section(context, local, p->u.list, e->check_data);
-		}
-		break;
-	    }
-	}
-	if(e->name == NULL) {
-	    krb5_warnx(context, "%s: unknown entry", local);
-	    error |= 1;
-	}
-	free(local);
-    }
-    return error;
-}
-
-
-static void
-dumpconfig(int level, krb5_config_section *top)
-{
-    krb5_config_section *x;
-    for(x = top; x; x = x->next) {
-	switch(x->type) {
-	case krb5_config_list:
-	    if(level == 0) {
-		printf("[%s]\n", x->name);
-	    } else {
-		printf("%*s%s = {\n", 4 * level, " ", x->name);
-	    }
-	    dumpconfig(level + 1, x->u.list);
-	    if(level > 0)
-		printf("%*s}\n", 4 * level, " ");
-	    break;
-	case krb5_config_string:
-	    printf("%*s%s = %s\n", 4 * level, " ", x->name, x->u.string);
-	    break;
-	}
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_config_section *tmp_cf;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret == KRB5_CONFIG_BADFORMAT)
-	errx (1, "krb5_init_context failed to parse configuration file");
-    else if (ret)
-	errx (1, "krb5_init_context failed with %d", ret);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    tmp_cf = NULL;
-    if(argc == 0)
-	krb5_get_default_config_files(&argv);
-
-    while(*argv) {
-	ret = krb5_config_parse_file_multi(context, *argv, &tmp_cf);
-	if (ret != 0)
-	    krb5_warn (context, ret, "krb5_config_parse_file");
-	argv++;
-    }
-
-    if(dumpconfig_flag)
-	dumpconfig(0, tmp_cf);
-    
-    return check_section(context, "", tmp_cf, toplevel_sections);
-}
diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c
deleted file mode 100644
index 1edbaff..0000000
--- a/crypto/heimdal/lib/krb5/verify_user.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_user.c 19078 2006-11-20 18:12:41Z lha $");
-
-static krb5_error_code
-verify_common (krb5_context context,
-	       krb5_principal principal,
-	       krb5_ccache ccache,
-	       krb5_keytab keytab,
-	       krb5_boolean secure,
-	       const char *service,
-	       krb5_creds cred)
-{
-    krb5_error_code ret;
-    krb5_principal server;
-    krb5_verify_init_creds_opt vopt;
-    krb5_ccache id;
-
-    ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
-				   &server);
-    if(ret)
-	return ret;
-
-    krb5_verify_init_creds_opt_init(&vopt);
-    krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
-
-    ret = krb5_verify_init_creds(context,
-				 &cred,
-				 server,
-				 keytab,
-				 NULL,
-				 &vopt);
-    krb5_free_principal(context, server);
-    if(ret)
-	return ret;
-    if(ccache == NULL)
-	ret = krb5_cc_default (context, &id);
-    else
-	id = ccache;
-    if(ret == 0){
-	ret = krb5_cc_initialize(context, id, principal);
-	if(ret == 0){
-	    ret = krb5_cc_store_cred(context, id, &cred);
-	}
-	if(ccache == NULL)
-	    krb5_cc_close(context, id);
-    }
-    krb5_free_cred_contents(context, &cred);
-    return ret;
-}
-
-/*
- * Verify user `principal' with `password'.
- *
- * If `secure', also verify against local service key for `service'.
- *
- * As a side effect, fresh tickets are obtained and stored in `ccache'.
- */
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_init(krb5_verify_opt *opt)
-{
-    memset(opt, 0, sizeof(*opt));
-    opt->secure = TRUE;
-    opt->service = "host";
-}
-
-int KRB5_LIB_FUNCTION
-krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt)
-{
-    *opt = calloc(1, sizeof(**opt));
-    if ((*opt) == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_verify_opt_init(*opt);
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_free(krb5_verify_opt *opt)
-{
-    free(opt);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache)
-{
-    opt->ccache = ccache;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab)
-{
-    opt->keytab = keytab;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure)
-{
-    opt->secure = secure;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service)
-{
-    opt->service = service;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags)
-{
-    opt->flags |= flags;
-}
-
-static krb5_error_code
-verify_user_opt_int(krb5_context context,
-		    krb5_principal principal,
-		    const char *password,
-		    krb5_verify_opt *vopt)
-
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *opt;
-    krb5_creds cred;
-
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	return ret;
-    krb5_get_init_creds_opt_set_default_flags(context, NULL, 
-					      krb5_principal_get_realm(context, principal), 
-					      opt);
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					password,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					NULL,
-					opt);
-    krb5_get_init_creds_opt_free(context, opt);
-    if(ret)
-	return ret;
-#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))
-    return verify_common (context, principal, OPT(ccache, NULL), 
-			  OPT(keytab, NULL), vopt ? vopt->secure : TRUE, 
-			  OPT(service, "host"), cred);
-#undef OPT
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_opt(krb5_context context,
-		     krb5_principal principal,
-		     const char *password,
-		     krb5_verify_opt *opt)
-{
-    krb5_error_code ret;
-
-    if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) {
-	krb5_realm *realms, *r;
-	ret = krb5_get_default_realms (context, &realms);
-	if (ret)
-	    return ret;
-	ret = KRB5_CONFIG_NODEFREALM;
-	
-	for (r = realms; *r != NULL && ret != 0; ++r) {
-	    char *tmp = strdup (*r);
-	    
-	    if (tmp == NULL) {
-		krb5_free_host_realm (context, realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    free (*krb5_princ_realm (context, principal));
-	    krb5_princ_set_realm (context, principal, &tmp);
-	    
-	    ret = verify_user_opt_int(context, principal, password, opt);
-	}
-	krb5_free_host_realm (context, realms);
-	if(ret)
-	    return ret;
-    } else
-	ret = verify_user_opt_int(context, principal, password, opt);
-    return ret;
-}
-
-/* compat function that calls above */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user(krb5_context context, 
-		 krb5_principal principal,
-		 krb5_ccache ccache,
-		 const char *password,
-		 krb5_boolean secure,
-		 const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
-
-/*
- * A variant of `krb5_verify_user'.  The realm of `principal' is
- * ignored and all the local realms are tried.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_lrealm(krb5_context context, 
-			krb5_principal principal,
-			krb5_ccache ccache,
-			const char *password,
-			krb5_boolean secure,
-			const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
diff --git a/crypto/heimdal/lib/krb5/version-script.map b/crypto/heimdal/lib/krb5/version-script.map
deleted file mode 100644
index df8804a..0000000
--- a/crypto/heimdal/lib/krb5/version-script.map
+++ /dev/null
@@ -1,722 +0,0 @@
-# $Id$
-
-HEIMDAL_KRB5_1.0 {
-	global:
-		krb524_convert_creds_kdc;
-		krb524_convert_creds_kdc_ccache;
-		krb5_425_conv_principal;
-		krb5_425_conv_principal_ext2;
-		krb5_425_conv_principal_ext;
-		krb5_524_conv_principal;
-		krb5_abort;
-		krb5_abortx;
-		krb5_acl_match_file;
-		krb5_acl_match_string;
-		krb5_add_et_list;
-		krb5_add_extra_addresses;
-		krb5_add_ignore_addresses;
-		krb5_addlog_dest;
-		krb5_addlog_func;
-		krb5_addr2sockaddr;
-		krb5_address_compare;
-		krb5_address_order;
-		krb5_address_prefixlen_boundary;
-		krb5_address_search;
-		krb5_aname_to_localname;
-		krb5_anyaddr;
-		krb5_appdefault_boolean;
-		krb5_appdefault_string;
-		krb5_appdefault_time;
-		krb5_append_addresses;
-		krb5_auth_con_addflags;
-		krb5_auth_con_free;
-		krb5_auth_con_genaddrs;
-		krb5_auth_con_generatelocalsubkey;
-		krb5_auth_con_getaddrs;
-		krb5_auth_con_getauthenticator;
-		krb5_auth_con_getcksumtype;
-		krb5_auth_con_getflags;
-		krb5_auth_con_getkey;
-		krb5_auth_con_getkeytype;
-		krb5_auth_con_getlocalseqnumber;
-		krb5_auth_con_getlocalsubkey;
-		krb5_auth_con_getrcache;
-		krb5_auth_con_getremotesubkey;
-		krb5_auth_con_init;
-		krb5_auth_con_removeflags;
-		krb5_auth_con_setaddrs;
-		krb5_auth_con_setaddrs_from_fd;
-		krb5_auth_con_setcksumtype;
-		krb5_auth_con_setflags;
-		krb5_auth_con_setkey;
-		krb5_auth_con_setkeytype;
-		krb5_auth_con_setlocalseqnumber;
-		krb5_auth_con_setlocalsubkey;
-		krb5_auth_con_setrcache;
-		krb5_auth_con_setremoteseqnumber;
-		krb5_auth_con_setremotesubkey;
-		krb5_auth_con_setuserkey;
-		krb5_auth_getremoteseqnumber;
-		krb5_build_ap_req;
-		krb5_build_authenticator;
-		krb5_build_principal;
-		krb5_build_principal_ext;
-		krb5_build_principal_va;
-		krb5_build_principal_va_ext;
-		krb5_c_block_size;
-		krb5_c_checksum_length;
-		krb5_c_decrypt;
-		krb5_c_encrypt;
-		krb5_c_encrypt_length;
-		krb5_c_enctype_compare;
-		krb5_c_get_checksum;
-		krb5_c_is_coll_proof_cksum;
-		krb5_c_is_keyed_cksum;
-		krb5_c_keylengths;
-		krb5_c_make_checksum;
-		krb5_c_make_random_key;
-		krb5_c_prf;
-		krb5_c_prf_length;
-		krb5_c_set_checksum;
-		krb5_c_valid_cksumtype;
-		krb5_c_valid_enctype;
-		krb5_c_verify_checksum;
-		krb5_cc_cache_end_seq_get;
-		krb5_cc_cache_get_first;
-		krb5_cc_cache_match;
-		krb5_cc_cache_next;
-		krb5_cc_clear_mcred;
-		krb5_cc_close;
-		krb5_cc_copy_cache;
-		krb5_cc_copy_cache_match;
-		krb5_cc_default;
-		krb5_cc_default_name;
-		krb5_cc_destroy;
-		krb5_cc_end_seq_get;
-		krb5_cc_gen_new;
-		krb5_cc_get_full_name;
-		krb5_cc_get_name;
-		krb5_cc_get_ops;
-		krb5_cc_get_prefix_ops;
-		krb5_cc_get_principal;
-		krb5_cc_get_type;
-		krb5_cc_get_version;
-		krb5_cc_initialize;
-		krb5_cc_move;
-		krb5_cc_new_unique;
-		krb5_cc_next_cred;
-		krb5_cc_next_cred_match;
-		krb5_cc_register;
-		krb5_cc_remove_cred;
-		krb5_cc_resolve;
-		krb5_cc_retrieve_cred;
-		krb5_cc_set_default_name;
-		krb5_cc_set_flags;
-		krb5_cc_start_seq_get;
-		krb5_cc_store_cred;
-		krb5_change_password;
-		krb5_check_transited;
-		krb5_check_transited_realms;
-		krb5_checksum_disable;
-		krb5_checksum_free;
-		krb5_checksum_is_collision_proof;
-		krb5_checksum_is_keyed;
-		krb5_checksumsize;
-		krb5_cksumtype_valid;
-		krb5_clear_error_string;
-		krb5_closelog;
-		krb5_compare_creds;
-		krb5_config_file_free;
-		krb5_config_free_strings;
-		krb5_config_get;
-		krb5_config_get_bool;
-		krb5_config_get_bool_default;
-		krb5_config_get_int;
-		krb5_config_get_int_default;
-		krb5_config_get_list;
-		krb5_config_get_next;
-		krb5_config_get_string;
-		krb5_config_get_string_default;
-		krb5_config_get_strings;
-		krb5_config_get_time;
-		krb5_config_get_time_default;
-		krb5_config_parse_file;
-		krb5_config_parse_file_multi;
-		krb5_config_parse_string_multi;
-		krb5_config_vget;
-		krb5_config_vget_bool;
-		krb5_config_vget_bool_default;
-		krb5_config_vget_int;
-		krb5_config_vget_int_default;
-		krb5_config_vget_list;
-		krb5_config_vget_next;
-		krb5_config_vget_string;
-		krb5_config_vget_string_default;
-		krb5_config_vget_strings;
-		krb5_config_vget_time;
-		krb5_config_vget_time_default;
-		krb5_copy_address;
-		krb5_copy_addresses;
-		krb5_copy_checksum;
-		krb5_copy_creds;
-		krb5_copy_creds_contents;
-		krb5_copy_data;
-		krb5_copy_host_realm;
-		krb5_copy_keyblock;
-		krb5_copy_keyblock_contents;
-		krb5_copy_principal;
-		krb5_copy_ticket;
-		krb5_create_checksum;
-		krb5_crypto_destroy;
-		krb5_crypto_get_checksum_type;
-		krb5_crypto_getblocksize;
-		krb5_crypto_getconfoundersize;
-		krb5_crypto_getenctype;
-		krb5_crypto_getpadsize;
-		krb5_crypto_init;
-		krb5_crypto_overhead;
-		krb5_crypto_prf;
-		krb5_crypto_prf_length;
-		krb5_data_alloc;
-		krb5_data_cmp;
-		krb5_data_copy;
-		krb5_data_free;
-		krb5_data_realloc;
-		krb5_data_zero;
-		krb5_decode_Authenticator;
-		krb5_decode_ETYPE_INFO2;
-		krb5_decode_ETYPE_INFO;
-		krb5_decode_EncAPRepPart;
-		krb5_decode_EncASRepPart;
-		krb5_decode_EncKrbCredPart;
-		krb5_decode_EncTGSRepPart;
-		krb5_decode_EncTicketPart;
-		krb5_decode_ap_req;
-		krb5_decrypt;
-		krb5_decrypt_EncryptedData;
-		krb5_decrypt_ivec;
-		krb5_decrypt_ticket;
-		krb5_derive_key;
-		krb5_digest_alloc;
-		krb5_digest_free;
-		krb5_digest_get_client_binding;
-		krb5_digest_get_identifier;
-		krb5_digest_get_opaque;
-		krb5_digest_get_rsp;
-		krb5_digest_get_server_nonce;
-		krb5_digest_get_session_key;
-		krb5_digest_get_tickets;
-		krb5_digest_init_request;
-		krb5_digest_probe;
-		krb5_digest_rep_get_status;
-		krb5_digest_request;
-		krb5_digest_set_authentication_user;
-		krb5_digest_set_authid;
-		krb5_digest_set_client_nonce;
-		krb5_digest_set_digest;
-		krb5_digest_set_hostname;
-		krb5_digest_set_identifier;
-		krb5_digest_set_method;
-		krb5_digest_set_nonceCount;
-		krb5_digest_set_opaque;
-		krb5_digest_set_qop;
-		krb5_digest_set_realm;
-		krb5_digest_set_responseData;
-		krb5_digest_set_server_cb;
-		krb5_digest_set_server_nonce;
-		krb5_digest_set_type;
-		krb5_digest_set_uri;
-		krb5_digest_set_username;
-		krb5_domain_x500_decode;
-		krb5_domain_x500_encode;
-		krb5_eai_to_heim_errno;
-		krb5_encode_Authenticator;
-		krb5_encode_ETYPE_INFO2;
-		krb5_encode_ETYPE_INFO;
-		krb5_encode_EncAPRepPart;
-		krb5_encode_EncASRepPart;
-		krb5_encode_EncKrbCredPart;
-		krb5_encode_EncTGSRepPart;
-		krb5_encode_EncTicketPart;
-		krb5_encrypt;
-		krb5_encrypt_EncryptedData;
-		krb5_encrypt_ivec;
-		krb5_enctype_disable;
-		krb5_enctype_keybits;
-		krb5_enctype_keysize;
-		krb5_enctype_to_keytype;
-		krb5_enctype_to_string;
-		krb5_enctype_valid;
-		krb5_enctypes_compatible_keys;
-		krb5_err;
-		krb5_error_from_rd_error;
-		krb5_errx;
-		krb5_expand_hostname;
-		krb5_expand_hostname_realms;
-		krb5_find_padata;
-		krb5_format_time;
-		krb5_free_address;
-		krb5_free_addresses;
-		krb5_free_ap_rep_enc_part;
-		krb5_free_authenticator;
-		krb5_free_checksum;
-		krb5_free_checksum_contents;
-		krb5_free_config_files;
-		krb5_free_context;
-		krb5_free_cred_contents;
-		krb5_free_creds;
-		krb5_free_creds_contents;
-		krb5_free_data;
-		krb5_free_data_contents;
-		krb5_free_error;
-		krb5_free_error_contents;
-		krb5_free_error_string;
-		krb5_free_host_realm;
-		krb5_free_kdc_rep;
-		krb5_free_keyblock;
-		krb5_free_keyblock_contents;
-		krb5_free_krbhst;
-		krb5_free_principal;
-		krb5_free_salt;
-		krb5_free_ticket;
-		krb5_fwd_tgt_creds;
-		krb5_generate_random_block;
-		krb5_generate_random_keyblock;
-		krb5_generate_seq_number;
-		krb5_generate_subkey;
-		krb5_generate_subkey_extended;
-		krb5_get_all_client_addrs;
-		krb5_get_all_server_addrs;
-		krb5_get_cred_from_kdc;
-		krb5_get_cred_from_kdc_opt;
-		krb5_get_credentials;
-		krb5_get_credentials_with_flags;
-		krb5_get_creds;
-		krb5_get_creds_opt_add_options;
-		krb5_get_creds_opt_alloc;
-		krb5_get_creds_opt_free;
-		krb5_get_creds_opt_set_enctype;
-		krb5_get_creds_opt_set_impersonate;
-		krb5_get_creds_opt_set_options;
-		krb5_get_creds_opt_set_ticket;
-		krb5_get_default_config_files;
-		krb5_get_default_in_tkt_etypes;
-		krb5_get_default_principal;
-		krb5_get_default_realm;
-		krb5_get_default_realms;
-		krb5_get_dns_canonicalize_hostname;
-		krb5_get_err_text;
-		krb5_get_error_message;
-		krb5_get_error_string;
-		krb5_get_extra_addresses;
-		krb5_get_fcache_version;
-		krb5_get_forwarded_creds;
-		krb5_get_host_realm;
-		krb5_get_ignore_addresses;
-		krb5_get_in_cred;
-		krb5_get_in_tkt;
-		krb5_get_in_tkt_with_keytab;
-		krb5_get_in_tkt_with_password;
-		krb5_get_in_tkt_with_skey;
-		krb5_get_init_creds;
-		krb5_get_init_creds_keyblock;
-		krb5_get_init_creds_keytab;
-		krb5_get_init_creds_opt_alloc;
-		krb5_get_init_creds_opt_free;
-		krb5_get_init_creds_opt_get_error;
-		krb5_get_init_creds_opt_init;
-		krb5_get_init_creds_opt_set_address_list;
-		krb5_get_init_creds_opt_set_addressless;
-		krb5_get_init_creds_opt_set_anonymous;
-		krb5_get_init_creds_opt_set_canonicalize;
-		krb5_get_init_creds_opt_set_default_flags;
-		krb5_get_init_creds_opt_set_etype_list;
-		krb5_get_init_creds_opt_set_forwardable;
-		krb5_get_init_creds_opt_set_pa_password;
-		krb5_get_init_creds_opt_set_pac_request;
-		krb5_get_init_creds_opt_set_pkinit;
-		krb5_get_init_creds_opt_set_preauth_list;
-		krb5_get_init_creds_opt_set_proxiable;
-		krb5_get_init_creds_opt_set_renew_life;
-		krb5_get_init_creds_opt_set_salt;
-		krb5_get_init_creds_opt_set_tkt_life;
-		krb5_get_init_creds_opt_set_win2k;
-		krb5_get_init_creds_password;
-		krb5_get_kdc_cred;
-		krb5_get_kdc_sec_offset;
-		krb5_get_krb524hst;
-		krb5_get_krb_admin_hst;
-		krb5_get_krb_changepw_hst;
-		krb5_get_krbhst;
-		krb5_get_max_time_skew;
-		krb5_get_pw_salt;
-		krb5_get_renewed_creds;
-		krb5_get_server_rcache;
-		krb5_get_use_admin_kdc;
-		krb5_get_warn_dest;
-		krb5_get_wrapped_length;
-		krb5_getportbyname;
-		krb5_h_addr2addr;
-		krb5_h_addr2sockaddr;
-		krb5_h_errno_to_heim_errno;
-		krb5_have_error_string;
-		krb5_hmac;
-		krb5_init_context;
-		krb5_init_ets;
-		krb5_init_etype;
-		krb5_initlog;
-		krb5_is_thread_safe;
-		krb5_kerberos_enctypes;
-		krb5_keyblock_get_enctype;
-		krb5_keyblock_init;
-		krb5_keyblock_key_proc;
-		krb5_keyblock_zero;
-		krb5_keytab_key_proc;
-		krb5_keytype_to_enctypes;
-		krb5_keytype_to_enctypes_default;
-		krb5_keytype_to_string;
-		krb5_krbhst_format_string;
-		krb5_krbhst_free;
-		krb5_krbhst_get_addrinfo;
-		krb5_krbhst_init;
-		krb5_krbhst_init_flags;
-		krb5_krbhst_next;
-		krb5_krbhst_next_as_string;
-		krb5_krbhst_reset;
-		krb5_kt_add_entry;
-		krb5_kt_close;
-		krb5_kt_compare;
-		krb5_kt_copy_entry_contents;
-		krb5_kt_default;
-		krb5_kt_default_modify_name;
-		krb5_kt_default_name;
-		krb5_kt_end_seq_get;
-		krb5_kt_free_entry;
-		krb5_kt_get_entry;
-		krb5_kt_get_full_name;
-		krb5_kt_get_name;
-		krb5_kt_get_type;
-		krb5_kt_next_entry;
-		krb5_kt_read_service_key;
-		krb5_kt_register;
-		krb5_kt_remove_entry;
-		krb5_kt_resolve;
-		krb5_kt_start_seq_get;
-		krb5_kuserok;
-		krb5_log;
-		krb5_log_msg;
-		krb5_make_addrport;
-		krb5_make_principal;
-		krb5_max_sockaddr_size;
-		krb5_mk_error;
-		krb5_mk_priv;
-		krb5_mk_rep;
-		krb5_mk_req;
-		krb5_mk_req_exact;
-		krb5_mk_req_extended;
-		krb5_mk_safe;
-		krb5_net_read;
-		krb5_net_write;
-		krb5_net_write_block;
-		krb5_ntlm_alloc;
-		krb5_ntlm_free;
-		krb5_ntlm_init_get_challange;
-		krb5_ntlm_init_get_flags;
-		krb5_ntlm_init_get_opaque;
-		krb5_ntlm_init_get_targetinfo;
-		krb5_ntlm_init_get_targetname;
-		krb5_ntlm_init_request;
-		krb5_ntlm_rep_get_sessionkey;
-		krb5_ntlm_rep_get_status;
-		krb5_ntlm_req_set_flags;
-		krb5_ntlm_req_set_lm;
-		krb5_ntlm_req_set_ntlm;
-		krb5_ntlm_req_set_opaque;
-		krb5_ntlm_req_set_session;
-		krb5_ntlm_req_set_targetname;
-		krb5_ntlm_req_set_username;
-		krb5_ntlm_request;
-		krb5_openlog;
-		krb5_pac_add_buffer;
-		krb5_pac_free;
-		krb5_pac_get_buffer;
-		krb5_pac_get_types;
-		krb5_pac_init;
-		krb5_pac_parse;
-		krb5_pac_verify;
-		krb5_padata_add;
-		krb5_parse_address;
-		krb5_parse_name;
-		krb5_parse_name_flags;
-		krb5_parse_nametype;
-		krb5_passwd_result_to_string;
-		krb5_password_key_proc;
-		krb5_plugin_register;
-		krb5_prepend_config_files;
-		krb5_prepend_config_files_default;
-		krb5_princ_realm;
-		krb5_princ_set_realm;
-		krb5_principal_compare;
-		krb5_principal_compare_any_realm;
-		krb5_principal_get_comp_string;
-		krb5_principal_get_realm;
-		krb5_principal_get_type;
-		krb5_principal_match;
-		krb5_principal_set_type;
-		krb5_print_address;
-		krb5_program_setup;
-		krb5_prompter_posix;
-		krb5_random_to_key;
-		krb5_rc_close;
-		krb5_rc_default;
-		krb5_rc_default_name;
-		krb5_rc_default_type;
-		krb5_rc_destroy;
-		krb5_rc_expunge;
-		krb5_rc_get_lifespan;
-		krb5_rc_get_name;
-		krb5_rc_get_type;
-		krb5_rc_initialize;
-		krb5_rc_recover;
-		krb5_rc_resolve;
-		krb5_rc_resolve_full;
-		krb5_rc_resolve_type;
-		krb5_rc_store;
-		krb5_rd_cred2;
-		krb5_rd_cred;
-		krb5_rd_error;
-		krb5_rd_priv;
-		krb5_rd_rep;
-		krb5_rd_req;
-		krb5_rd_req_ctx;
-		krb5_rd_req_in_ctx_alloc;
-		krb5_rd_req_in_ctx_free;
-		krb5_rd_req_in_set_keyblock;
-		krb5_rd_req_in_set_keytab;
-		krb5_rd_req_in_set_pac_check;
-		krb5_rd_req_out_ctx_free;
-		krb5_rd_req_out_get_ap_req_options;
-		krb5_rd_req_out_get_keyblock;
-		krb5_rd_req_out_get_ticket;
-		krb5_rd_req_with_keyblock;
-		krb5_rd_safe;
-		krb5_read_message;
-		krb5_read_priv_message;
-		krb5_read_safe_message;
-		krb5_realm_compare;
-		krb5_recvauth;
-		krb5_recvauth_match_version;
-		krb5_ret_address;
-		krb5_ret_addrs;
-		krb5_ret_authdata;
-		krb5_ret_creds;
-		krb5_ret_creds_tag;
-		krb5_ret_data;
-		krb5_ret_int16;
-		krb5_ret_int32;
-		krb5_ret_int8;
-		krb5_ret_keyblock;
-		krb5_ret_principal;
-		krb5_ret_string;
-		krb5_ret_stringnl;
-		krb5_ret_stringz;
-		krb5_ret_times;
-		krb5_ret_uint16;
-		krb5_ret_uint32;
-		krb5_ret_uint8;
-		krb5_salttype_to_string;
-		krb5_sendauth;
-		krb5_sendto;
-		krb5_sendto_context;
-		krb5_sendto_ctx_add_flags;
-		krb5_sendto_ctx_alloc;
-		krb5_sendto_ctx_free;
-		krb5_sendto_ctx_get_flags;
-		krb5_sendto_ctx_set_func;
-		krb5_sendto_ctx_set_type;
-		krb5_sendto_kdc;
-		krb5_sendto_kdc_flags;
-		krb5_set_config_files;
-		krb5_set_default_in_tkt_etypes;
-		krb5_set_default_realm;
-		krb5_set_dns_canonicalize_hostname;
-		krb5_set_error_string;
-		krb5_set_extra_addresses;
-		krb5_set_fcache_version;
-		krb5_set_ignore_addresses;
-		krb5_set_max_time_skew;
-		krb5_set_password;
-		krb5_set_password_using_ccache;
-		krb5_set_real_time;
-		krb5_set_send_to_kdc_func;
-		krb5_set_use_admin_kdc;
-		krb5_set_warn_dest;
-		krb5_sname_to_principal;
-		krb5_sock_to_principal;
-		krb5_sockaddr2address;
-		krb5_sockaddr2port;
-		krb5_sockaddr_uninteresting;
-		krb5_std_usage;
-		krb5_storage_clear_flags;
-		krb5_storage_emem;
-		krb5_storage_free;
-		krb5_storage_from_data;
-		krb5_storage_from_fd;
-		krb5_storage_from_mem;
-		krb5_storage_from_readonly_mem;
-		krb5_storage_get_byteorder;
-		krb5_storage_is_flags;
-		krb5_storage_read;
-		krb5_storage_seek;
-		krb5_storage_set_byteorder;
-		krb5_storage_set_eof_code;
-		krb5_storage_set_flags;
-		krb5_storage_to_data;
-		krb5_storage_write;
-		krb5_store_address;
-		krb5_store_addrs;
-		krb5_store_authdata;
-		krb5_store_creds;
-		krb5_store_creds_tag;
-		krb5_store_data;
-		krb5_store_int16;
-		krb5_store_int32;
-		krb5_store_int8;
-		krb5_store_keyblock;
-		krb5_store_principal;
-		krb5_store_string;
-		krb5_store_stringnl;
-		krb5_store_stringz;
-		krb5_store_times;
-		krb5_store_uint16;
-		krb5_store_uint32;
-		krb5_store_uint8;
-		krb5_string_to_deltat;
-		krb5_string_to_enctype;
-		krb5_string_to_key;
-		krb5_string_to_key_data;
-		krb5_string_to_key_data_salt;
-		krb5_string_to_key_data_salt_opaque;
-		krb5_string_to_key_derived;
-		krb5_string_to_key_salt;
-		krb5_string_to_key_salt_opaque;
-		krb5_string_to_keytype;
-		krb5_string_to_salttype;
-		krb5_ticket_get_authorization_data_type;
-		krb5_ticket_get_client;
-		krb5_ticket_get_endtime;
-		krb5_ticket_get_server;
-		krb5_timeofday;
-		krb5_unparse_name;
-		krb5_unparse_name_fixed;
-		krb5_unparse_name_fixed_flags;
-		krb5_unparse_name_fixed_short;
-		krb5_unparse_name_flags;
-		krb5_unparse_name_short;
-		krb5_us_timeofday;
-		krb5_vabort;
-		krb5_vabortx;
-		krb5_verify_ap_req2;
-		krb5_verify_ap_req;
-		krb5_verify_authenticator_checksum;
-		krb5_verify_checksum;
-		krb5_verify_init_creds;
-		krb5_verify_init_creds_opt_init;
-		krb5_verify_init_creds_opt_set_ap_req_nofail;
-		krb5_verify_opt_alloc;
-		krb5_verify_opt_free;
-		krb5_verify_opt_init;
-		krb5_verify_opt_set_ccache;
-		krb5_verify_opt_set_flags;
-		krb5_verify_opt_set_keytab;
-		krb5_verify_opt_set_secure;
-		krb5_verify_opt_set_service;
-		krb5_verify_user;
-		krb5_verify_user_lrealm;
-		krb5_verify_user_opt;
-		krb5_verr;
-		krb5_verrx;
-		krb5_vlog;
-		krb5_vlog_msg;
-		krb5_vset_error_string;
-		krb5_vwarn;
-		krb5_vwarnx;
-		krb5_warn;
-		krb5_warnx;
-		krb5_write_message;
-		krb5_write_priv_message;
-		krb5_write_safe_message;
-		krb5_xfree;
-
-		# com_err error tables
-		initialize_krb5_error_table_r;
-		initialize_krb5_error_table;
-		initialize_krb_error_table_r;
-		initialize_krb_error_table;
-		initialize_heim_error_table_r;
-		initialize_heim_error_table;
-		initialize_k524_error_table_r;
-		initialize_k524_error_table;
-
-		# variables
-		krb5_mcc_ops;
-		krb5_acc_ops;
-		krb5_fcc_ops;
-		krb5_kcm_ops;
-		krb4_fkt_ops;
-		krb5_wrfkt_ops;
-		krb5_mkt_ops;
-		krb5_fkt_ops;
-		krb5_akf_ops;
-		krb5_srvtab_fkt_ops;
-		krb5_any_ops;
-		heimdal_version;
-		heimdal_long_version;
-		krb5_config_file;
-		krb5_defkeyname;
-
-		# Shared with GSSAPI krb5
-		_krb5_crc_init_table;		
-		_krb5_crc_update;		
-
-		# V4 compat glue
-		_krb5_krb_tf_setup;
-		_krb5_krb_dest_tkt;
-		_krb5_krb_life_to_time;
-		_krb5_krb_decomp_ticket;
-		_krb5_krb_decomp_ticket;
-		_krb5_krb_create_ticket;
-		_krb5_krb_create_ciph;
-		_krb5_krb_create_auth_reply;
-		_krb5_krb_rd_req;
-		_krb5_krb_free_auth_data;
-		_krb5_krb_time_to_life;
-		_krb5_krb_cr_err_reply;
-
-		# Shared with libkdc
-		_krb5_principalname2krb5_principal;
-		_krb5_principal2principalname;
-		_krb5_s4u2self_to_checksumdata;
-		_krb5_put_int;
-		_krb5_get_int;
-		_krb5_pk_load_id;
-		_krb5_parse_moduli;
-		_krb5_pk_mk_ContentInfo;
-		_krb5_dh_group_ok;
-		_krb5_pk_octetstring2key;
-		_krb5_pk_allow_proxy_certificate;
-		_krb5_pac_sign;
-		_krb5_plugin_find;
-		_krb5_plugin_get_symbol;
-		_krb5_plugin_get_next;
-		_krb5_plugin_free;
-		_krb5_AES_string_to_default_iterator;
-		_krb5_get_host_realm_int;
-
-		# testing
-		_krb5_aes_cts_encrypt;
-		_krb5_n_fold;
-		_krb5_expand_default_cc_name;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/krb5/version.c b/crypto/heimdal/lib/krb5/version.c
deleted file mode 100644
index f7ccff5..0000000
--- a/crypto/heimdal/lib/krb5/version.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $");
-
-/* this is just to get a version stamp in the library file */
-
-#define heimdal_version __heimdal_version
-#define heimdal_long_version __heimdal_long_version
-#include "version.h"
-
diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c
deleted file mode 100644
index 85f143b..0000000
--- a/crypto/heimdal/lib/krb5/warn.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: warn.c 19086 2006-11-21 08:06:40Z lha $");
-
-static krb5_error_code _warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-	__attribute__((__format__(__printf__, 5, 0)));
-	
-static krb5_error_code
-_warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-{
-    char xfmt[7] = "";
-    const char *args[2], **arg;
-    char *msg = NULL;
-    char *err_str = NULL;
-    
-    args[0] = args[1] = NULL;
-    arg = args;
-    if(fmt){
-	strlcat(xfmt, "%s", sizeof(xfmt));
-	if(do_errtext)
-	    strlcat(xfmt, ": ", sizeof(xfmt));
-	vasprintf(&msg, fmt, ap);
-	if(msg == NULL)
-	    return ENOMEM;
-	*arg++ = msg;
-    }
-    if(context && do_errtext){
-	const char *err_msg;
-
-	strlcat(xfmt, "%s", sizeof(xfmt));
-
-	err_str = krb5_get_error_string(context);
-	if (err_str != NULL) {
-	    *arg++ = err_str;
-	} else {
-	    err_msg = krb5_get_err_text(context, code);
-	    if (err_msg)
-		*arg++ = err_msg;
-	    else
-		*arg++ = "<unknown error>";
-	}
-    }
-	
-    if(context && context->warn_dest)
-	krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
-    else
-	warnx(xfmt, args[0], args[1]);
-    free(msg);
-    free(err_str);
-    return 0;
-}
-
-#define FUNC(ETEXT, CODE, LEVEL)					\
-    krb5_error_code ret;						\
-    va_list ap;								\
-    va_start(ap, fmt);							\
-    ret = _warnerr(context, ETEXT, CODE, LEVEL, fmt, ap); 		\
-    va_end(ap);
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarn(krb5_context context, krb5_error_code code, 
-	   const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 3, 0)))
-{
-    return _warnerr(context, 1, code, 1, fmt, ap);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((format (printf, 3, 4)))
-{
-    FUNC(1, code, 1);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 2, 0)))
-{
-    return _warnerr(context, 0, 0, 1, fmt, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warnx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((format (printf, 2, 3)))
-{
-    FUNC(0, 0, 1);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verr(krb5_context context, int eval, krb5_error_code code, 
-	  const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 4, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    exit(eval);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_err(krb5_context context, int eval, krb5_error_code code, 
-	 const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 4, 5)))
-{
-    FUNC(1, code, 0);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_errx(krb5_context context, int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(0, 0, 0);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabort(krb5_context context, krb5_error_code code, 
-	    const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    abort();
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(1, code, 0);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abortx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)))
-{
-    FUNC(0, 0, 0);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
-{
-    context->warn_dest = fac;
-    return 0;
-}
-
-krb5_log_facility * KRB5_LIB_FUNCTION
-krb5_get_warn_dest(krb5_context context)
-{
-    return context->warn_dest;
-}
diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c
deleted file mode 100644
index 1694a10..0000000
--- a/crypto/heimdal/lib/krb5/write_message.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: write_message.c 17442 2006-05-05 09:31:15Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_message (krb5_context context,
-		    krb5_pointer p_fd,
-		    krb5_data *data)
-{
-    uint32_t len;
-    uint8_t buf[4];
-    int ret;
-
-    len = data->length;
-    _krb5_put_int(buf, len, 4);
-    if (krb5_net_write (context, p_fd, buf, 4) != 4
-	|| krb5_net_write (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_priv_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_mk_priv (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_safe_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-    ret = krb5_mk_safe (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/ntlm/ChangeLog b/crypto/heimdal/lib/ntlm/ChangeLog
deleted file mode 100644
index b38ae91..0000000
--- a/crypto/heimdal/lib/ntlm/ChangeLog
+++ /dev/null
@@ -1,112 +0,0 @@
-2007-12-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* heimntlm.h: Add NTLM_TARGET_*
-
-	* ntlm.c: Make heim_ntlm_decode_type3 more useful and provide a
-	username. From Ming Yang.
-
-2007-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* move doxygen into the main file
-
-	* write doxygen documentation
-
-	* export heim_ntlm_free_buf, start doxygen documentation
-	
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm.c: Use unsigned char * as argument to HMAC_Update to please
-	OpenSSL and gcc.
-
-	* test_ntlm.c: more verbose what we are testing.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: heim_ntlm_calculate_ntlm2_sess_resp
-
-	* ntlm.c: Change prototype to match other heim_ntlm_calculate
-	functions.
-
-	* test_ntlm.c: Its ok if infotarget2 length is longer.
-
-	* ntlm.c: Merge in changes from Puneet Mehra and make work again.
-
-	* ntlm.c (heim_ntlm_ntlmv2_key): target should be uppercase.
-	From Puneet Mehra.
-
-	* version-script.map: Add heim_ntlm_calculate_ntlm2_sess_resp from
-	Puneet Mehra.
-
-	* ntlm.c: Add heim_ntlm_calculate_ntlm2_sess_resp from Puneet
-	Mehra.
-	
-	* test_ntlm.c: Test heim_ntlm_calculate_ntlm2_sess_resp from
-	Puneet Mehra.
-	
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: EXTRA_DIST += version-script.map.
-	
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Free memory diffrently.
-
-	* ntlm.c: Make free functions free memory.
-	
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: symbol versioning.
-	
-	* version-script.map: symbol versioning.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: No need to include <gssapi.h>.
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add LIB_roken for test_ntlm
-	
-2006-12-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ntlm.c: Verify infotarget.
-
-	* ntlm.c: Extract the infotarget from the answer.
-
-	* ntlm.c (heim_ntlm_verify_ntlm2): verify the ntlmv2 reply
-	
-2006-12-22  Dave Love  <fx@gnu.org>
-
-	* ntlm.c: Include <limits.h>.
-	
-2006-12-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: add some new tests.
-
-	* ntlm.c: Add ntlmv2 answer calculating functions.
-
-	* ntlm.c: sent lm hashes, needed for NTLM2 session
-
-	* heimntlm.h: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security.
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm.c (heim_ntlm_build_ntlm1_master): return session master
-	key.
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm.c (heim_ntlm_build_ntlm1_master): calculate the ntlm
-	version 1 "master" key.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ntlm.c: Add simple parser test app.
-
-	* inital version of a NTLM library, only handles ntml version 1 and
-	ascii strings for now
-
diff --git a/crypto/heimdal/lib/ntlm/Makefile.am b/crypto/heimdal/lib/ntlm/Makefile.am
deleted file mode 100644
index 8d62141..0000000
--- a/crypto/heimdal/lib/ntlm/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES	= libheimntlm.la
-
-include_HEADERS = heimntlm.h heimntlm-protos.h
-
-libheimntlm_la_SOURCES	= ntlm.c heimntlm.h
-
-libheimntlm_la_LDFLAGS = -version-info 1:0:1
-
-if versionscript
-libheimntlm_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
-
-libheimntlm_la_LIBADD = \
-	../krb5/libkrb5.la \
-	$(LIBADD_roken)
-
-$(srcdir)/heimntlm-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
-
-$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
-
-
-TESTS = test_ntlm
-
-check_PROGRAMS = test_ntlm
-
-LDADD = libheimntlm.la $(LIB_roken)
-
-EXTRA_DIST = version-script.map
diff --git a/crypto/heimdal/lib/ntlm/Makefile.in b/crypto/heimdal/lib/ntlm/Makefile.in
deleted file mode 100644
index b5c614f..0000000
--- a/crypto/heimdal/lib/ntlm/Makefile.in
+++ /dev/null
@@ -1,909 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-TESTS = test_ntlm$(EXEEXT)
-check_PROGRAMS = test_ntlm$(EXEEXT)
-subdir = lib/ntlm
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libheimntlm_la_DEPENDENCIES = ../krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_libheimntlm_la_OBJECTS = ntlm.lo
-libheimntlm_la_OBJECTS = $(am_libheimntlm_la_OBJECTS)
-libheimntlm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libheimntlm_la_LDFLAGS) $(LDFLAGS) -o $@
-test_ntlm_SOURCES = test_ntlm.c
-test_ntlm_OBJECTS = test_ntlm.$(OBJEXT)
-test_ntlm_LDADD = $(LDADD)
-test_ntlm_DEPENDENCIES = libheimntlm.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
-DIST_SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libheimntlm.la
-include_HEADERS = heimntlm.h heimntlm-protos.h
-libheimntlm_la_SOURCES = ntlm.c heimntlm.h
-libheimntlm_la_LDFLAGS = -version-info 1:0:1 $(am__append_1)
-libheimntlm_la_LIBADD = \
-	../krb5/libkrb5.la \
-	$(LIBADD_roken)
-
-LDADD = libheimntlm.la $(LIB_roken)
-EXTRA_DIST = version-script.map
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/ntlm/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/ntlm/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libheimntlm.la: $(libheimntlm_la_OBJECTS) $(libheimntlm_la_DEPENDENCIES) 
-	$(libheimntlm_la_LINK) -rpath $(libdir) $(libheimntlm_la_OBJECTS) $(libheimntlm_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) 
-	@rm -f test_ntlm$(EXEEXT)
-	$(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
-
-$(srcdir)/heimntlm-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
-
-$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/ntlm/heimntlm-protos.h b/crypto/heimdal/lib/ntlm/heimntlm-protos.h
deleted file mode 100644
index bc64791..0000000
--- a/crypto/heimdal/lib/ntlm/heimntlm-protos.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/* This is a generated file */
-#ifndef __heimntlm_protos_h__
-#define __heimntlm_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int
-heim_ntlm_build_ntlm1_master (
-	void */*key*/,
-	size_t /*len*/,
-	struct ntlm_buf */*session*/,
-	struct ntlm_buf */*master*/);
-
-int
-heim_ntlm_calculate_ntlm1 (
-	void */*key*/,
-	size_t /*len*/,
-	unsigned char challange[8],
-	struct ntlm_buf */*answer*/);
-
-int
-heim_ntlm_calculate_ntlm2 (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	const unsigned char serverchallange[8],
-	const struct ntlm_buf */*infotarget*/,
-	unsigned char ntlmv2[16],
-	struct ntlm_buf */*answer*/);
-
-int
-heim_ntlm_calculate_ntlm2_sess (
-	const unsigned char clnt_nonce[8],
-	const unsigned char svr_chal[8],
-	const unsigned char ntlm_hash[16],
-	struct ntlm_buf */*lm*/,
-	struct ntlm_buf */*ntlm*/);
-
-int
-heim_ntlm_decode_targetinfo (
-	const struct ntlm_buf */*data*/,
-	int /*ucs2*/,
-	struct ntlm_targetinfo */*ti*/);
-
-int
-heim_ntlm_decode_type1 (
-	const struct ntlm_buf */*buf*/,
-	struct ntlm_type1 */*data*/);
-
-int
-heim_ntlm_decode_type2 (
-	const struct ntlm_buf */*buf*/,
-	struct ntlm_type2 */*type2*/);
-
-int
-heim_ntlm_decode_type3 (
-	const struct ntlm_buf */*buf*/,
-	int /*ucs2*/,
-	struct ntlm_type3 */*type3*/);
-
-int
-heim_ntlm_encode_targetinfo (
-	const struct ntlm_targetinfo */*ti*/,
-	int /*ucs2*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type1 (
-	const struct ntlm_type1 */*type1*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type2 (
-	const struct ntlm_type2 */*type2*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type3 (
-	const struct ntlm_type3 */*type3*/,
-	struct ntlm_buf */*data*/);
-
-void
-heim_ntlm_free_buf (struct ntlm_buf */*p*/);
-
-void
-heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/);
-
-void
-heim_ntlm_free_type1 (struct ntlm_type1 */*data*/);
-
-void
-heim_ntlm_free_type2 (struct ntlm_type2 */*data*/);
-
-void
-heim_ntlm_free_type3 (struct ntlm_type3 */*data*/);
-
-int
-heim_ntlm_nt_key (
-	const char */*password*/,
-	struct ntlm_buf */*key*/);
-
-void
-heim_ntlm_ntlmv2_key (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	unsigned char ntlmv2[16]);
-
-int
-heim_ntlm_verify_ntlm2 (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	time_t /*now*/,
-	const unsigned char serverchallange[8],
-	const struct ntlm_buf */*answer*/,
-	struct ntlm_buf */*infotarget*/,
-	unsigned char ntlmv2[16]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __heimntlm_protos_h__ */
diff --git a/crypto/heimdal/lib/ntlm/heimntlm.h b/crypto/heimdal/lib/ntlm/heimntlm.h
deleted file mode 100644
index 09d2205..0000000
--- a/crypto/heimdal/lib/ntlm/heimntlm.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */
-
-#ifndef HEIM_NTLM_H
-#define HEIM_NTLM_H
-
-/**
- * Buffer for storing data in the NTLM library. When filled in by the
- * library it should be freed with heim_ntlm_free_buf().
- */
-struct ntlm_buf {
-    size_t length; /**< length buffer data */
-    void *data; /**< pointer to the data itself */
-};
-
-#define NTLM_NEG_UNICODE		0x00000001
-#define NTLM_NEG_TARGET			0x00000004
-#define NTLM_NEG_SIGN			0x00000010
-#define NTLM_NEG_SEAL			0x00000020
-#define NTLM_NEG_NTLM			0x00000200
-
-#define NTLM_SUPPLIED_DOMAIN		0x00001000
-#define NTLM_SUPPLIED_WORKSTAION	0x00002000
-
-#define NTLM_NEG_ALWAYS_SIGN		0x00008000
-#define NTLM_NEG_NTLM2_SESSION		0x00080000
-
-#define NTLM_TARGET_DOMAIN		0x00010000
-#define NTLM_TARGET_SERVER		0x00020000
-#define NTLM_ENC_128			0x20000000
-#define NTLM_NEG_KEYEX			0x40000000
-
-/**
- * Struct for the NTLM target info, the strings is assumed to be in
- * UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_targetinfo().
- */
-struct ntlm_targetinfo {
-    char *servername; /**< */
-    char *domainname; /**< */
-    char *dnsdomainname; /**< */
-    char *dnsservername; /**< */
-};
-
-/**
- * Struct for the NTLM type1 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type1().
- */
-
-struct ntlm_type1 {
-    uint32_t flags; /**< */
-    char *domain; /**< */
-    char *hostname; /**< */
-    uint32_t os[2]; /**< */
-};
-
-/**
- * Struct for the NTLM type2 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type2().
- */
-
-struct ntlm_type2 {
-    uint32_t flags; /**< */
-    char *targetname; /**< */
-    struct ntlm_buf targetinfo; /**< */
-    unsigned char challange[8]; /**< */
-    uint32_t context[2]; /**< */
-    uint32_t os[2]; /**< */
-};
-
-/**
- * Struct for the NTLM type3 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type3().
- */
-
-struct ntlm_type3 {
-    uint32_t flags; /**< */
-    char *username; /**< */
-    char *targetname; /**< */
-    struct ntlm_buf lm; /**< */
-    struct ntlm_buf ntlm; /**< */
-    struct ntlm_buf sessionkey; /**< */
-    char *ws; /**< */
-    uint32_t os[2]; /**< */
-};
-
-#include <heimntlm-protos.h>
-
-#endif /* NTLM_NTLM_H */
diff --git a/crypto/heimdal/lib/ntlm/ntlm.c b/crypto/heimdal/lib/ntlm/ntlm.c
deleted file mode 100644
index f3dccfa..0000000
--- a/crypto/heimdal/lib/ntlm/ntlm.c
+++ /dev/null
@@ -1,1364 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <config.h>
-
-RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-
-#include <krb5.h>
-#include <roken.h>
-
-#include "krb5-types.h"
-#include "crypto-headers.h"
-
-#include <heimntlm.h>
-
-/*! \mainpage Heimdal NTLM library
- *
- * \section intro Introduction
- *
- * Heimdal libheimntlm library is a implementation of the NTLM
- * protocol, both version 1 and 2. The GSS-API mech that uses this
- * library adds support for transport encryption and integrity
- * checking.
- * 
- * NTLM is a protocol for mutual authentication, its still used in
- * many protocol where Kerberos is not support, one example is
- * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
- *
- * This is a support library for the core protocol, its used in
- * Heimdal to implement and GSS-API mechanism. There is also support
- * in the KDC to do remote digest authenticiation, this to allow
- * services to authenticate users w/o direct access to the users ntlm
- * hashes (same as Kerberos arcfour enctype hashes).
- *
- * More information about the NTLM protocol can found here
- * http://davenport.sourceforge.net/ntlm.html .
- * 
- * The Heimdal projects web page: http://www.h5l.org/
- */
-
-/** @defgroup ntlm_core Heimdal NTLM library 
- * 
- * The NTLM core functions implement the string2key generation
- * function, message encode and decode function, and the hash function
- * functions.
- */
-
-struct sec_buffer {
-    uint16_t length;
-    uint16_t allocated;
-    uint32_t offset;
-};
-
-static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
-
-/*
- *
- */
-
-#define CHECK(f, e)							\
-    do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0)
-
-/**
- * heim_ntlm_free_buf frees the ntlm buffer
- *
- * @param p buffer to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_buf(struct ntlm_buf *p)
-{
-    if (p->data)
-	free(p->data);
-    p->data = NULL;
-    p->length = 0;
-}
-    
-
-static int
-ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
-{
-    unsigned char *p;
-    size_t len, i;
-
-    len = strlen(string);
-    if (len / 2 > UINT_MAX)
-	return ERANGE;
-
-    buf->length = len * 2;
-    buf->data = malloc(buf->length);
-    if (buf->data == NULL && len != 0) {
-	heim_ntlm_free_buf(buf);
-	return ENOMEM;
-    }
-
-    p = buf->data;
-    for (i = 0; i < len; i++) {
-	unsigned char t = (unsigned char)string[i];
-	if (t & 0x80) {
-	    heim_ntlm_free_buf(buf);
-	    return EINVAL;
-	}
-	if (up)
-	    t = toupper(t);
-	p[(i * 2) + 0] = t;
-	p[(i * 2) + 1] = 0;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_ret_uint16(sp, &buf->length), 0);
-    CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
-    CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
-out:
-    return ret;
-}
-
-static krb5_error_code
-store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_store_uint16(sp, buf->length), 0);
-    CHECK(krb5_store_uint16(sp, buf->allocated), 0);
-    CHECK(krb5_store_uint32(sp, buf->offset), 0);
-out:
-    return ret;
-}
-
-/*
- * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
- * wire, but using utf8 in memory.
- */
-
-static krb5_error_code
-len_string(int ucs2, const char *s)
-{
-    size_t len = strlen(s);
-    if (ucs2)
-	len *= 2;
-    return len;
-}
-
-static krb5_error_code
-ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
-{
-    krb5_error_code ret;
-
-    *s = malloc(desc->length + 1);
-    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
-    CHECK(krb5_storage_read(sp, *s, desc->length), desc->length);
-    (*s)[desc->length] = '\0';
-
-    if (ucs2) {
-	size_t i;
-	for (i = 0; i < desc->length / 2; i++) {
-	    (*s)[i] = (*s)[i * 2];
-	    if ((*s)[i * 2 + 1]) {
-		free(*s);
-		*s = NULL;
-		return EINVAL;
-	    }
-	}
-	(*s)[i] = '\0';
-    }
-    ret = 0;
-out:
-    return ret;
-
-    return 0;
-}
-
-static krb5_error_code
-put_string(krb5_storage *sp, int ucs2, const char *s)
-{
-    krb5_error_code ret;
-    struct ntlm_buf buf;
-
-    if (ucs2) {
-	ret = ascii2ucs2le(s, 0, &buf);
-	if (ret)
-	    return ret;
-    } else {
-	buf.data = rk_UNCONST(s);
-	buf.length = strlen(s);
-    }
-
-    CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
-    if (ucs2)
-	heim_ntlm_free_buf(&buf);
-    ret = 0;
-out:
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
-{
-    krb5_error_code ret;
-
-    buf->data = malloc(desc->length);
-    buf->length = desc->length;
-    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
-    CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
-    ret = 0;
-out:
-    return ret;
-}
-
-static krb5_error_code
-put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
-    ret = 0;
-out:
-    return ret;
-}
-
-/**
- * Frees the ntlm_targetinfo message
- *
- * @param ti targetinfo to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
-{
-    free(ti->servername);
-    free(ti->domainname);
-    free(ti->dnsdomainname);
-    free(ti->dnsservername);
-    memset(ti, 0, sizeof(*ti));
-}
-
-static int
-encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s)
-{
-    krb5_error_code ret;
-    CHECK(krb5_store_uint16(out, type), 0);
-    CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
-    CHECK(put_string(out, ucs2, s), 0);
-out:
-    return ret;
-}
-
-/**
- * Encodes a ntlm_targetinfo message.
- *
- * @param ti the ntlm_targetinfo message to encode.
- * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
-			    int ucs2, 
-			    struct ntlm_buf *data)
-{
-    krb5_error_code ret;
-    krb5_storage *out;
-
-    data->data = NULL;
-    data->length = 0;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    if (ti->servername)
-	CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0);
-    if (ti->domainname)
-	CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0);
-    if (ti->dnsservername)
-	CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0);
-    if (ti->dnsdomainname)
-	CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0);
-
-    /* end tag */
-    CHECK(krb5_store_int16(out, 0), 0);
-    CHECK(krb5_store_int16(out, 0), 0);
-
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-out:
-    krb5_storage_free(out);
-    return ret;
-}
-
-/**
- * Decodes an NTLM targetinfo message
- *
- * @param data input data buffer with the encode NTLM targetinfo message
- * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
- * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
-			    int ucs2,
-			    struct ntlm_targetinfo *ti)
-{
-    memset(ti, 0, sizeof(*ti));
-    return 0;
-}
-
-/**
- * Frees the ntlm_type1 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type1(struct ntlm_type1 *data)
-{
-    if (data->domain)
-	free(data->domain);
-    if (data->hostname)
-	free(data->hostname);
-    memset(data, 0, sizeof(*data));
-}
-
-int
-heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type;
-    struct sec_buffer domain, hostname;
-    krb5_storage *in;
-    
-    memset(data, 0, sizeof(*data));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 1);
-    CHECK(krb5_ret_uint32(in, &data->flags), 0);
-    if (data->flags & NTLM_SUPPLIED_DOMAIN)
-	CHECK(ret_sec_buffer(in, &domain), 0);
-    if (data->flags & NTLM_SUPPLIED_WORKSTAION)
-	CHECK(ret_sec_buffer(in, &hostname), 0);
-#if 0
-    if (domain.offset > 32) {
-	CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
-	CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
-    }
-#endif
-    if (data->flags & NTLM_SUPPLIED_DOMAIN)
-	CHECK(ret_string(in, 0, &domain, &data->domain), 0);
-    if (data->flags & NTLM_SUPPLIED_WORKSTAION)
-	CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type1(data);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type1 message.
- *
- * @param type1 the ntlm_type1 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
-{
-    krb5_error_code ret;
-    struct sec_buffer domain, hostname;
-    krb5_storage *out;
-    uint32_t base, flags;
-    
-    flags = type1->flags;
-    base = 16;
-
-    if (type1->domain) {
-	base += 8;
-	flags |= NTLM_SUPPLIED_DOMAIN;
-    }
-    if (type1->hostname) {
-	base += 8;
-	flags |= NTLM_SUPPLIED_WORKSTAION;
-    }
-    if (type1->os[0])
-	base += 8;
-
-    if (type1->domain) {
-	domain.offset = base;
-	domain.length = len_string(0, type1->domain);
-	domain.allocated = domain.length;
-    }
-    if (type1->hostname) {
-	hostname.offset = domain.allocated + domain.offset;
-	hostname.length = len_string(0, type1->hostname);
-	hostname.allocated = hostname.length;
-    }
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 1), 0);
-    CHECK(krb5_store_uint32(out, flags), 0);
-    
-    if (type1->domain)
-	CHECK(store_sec_buffer(out, &domain), 0);
-    if (type1->hostname)
-	CHECK(store_sec_buffer(out, &hostname), 0);
-    if (type1->os[0]) {
-	CHECK(krb5_store_uint32(out, type1->os[0]), 0);
-	CHECK(krb5_store_uint32(out, type1->os[1]), 0);
-    }
-    if (type1->domain)
-	CHECK(put_string(out, 0, type1->domain), 0);
-    if (type1->hostname)
-	CHECK(put_string(out, 0, type1->hostname), 0);
-
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-/**
- * Frees the ntlm_type2 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type2(struct ntlm_type2 *data)
-{
-    if (data->targetname)
-	free(data->targetname);
-    heim_ntlm_free_buf(&data->targetinfo);
-    memset(data, 0, sizeof(*data));
-}
-
-int
-heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type, ctx[2];
-    struct sec_buffer targetname, targetinfo;
-    krb5_storage *in;
-    int ucs2 = 0;
-    
-    memset(type2, 0, sizeof(*type2));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 2);
-
-    CHECK(ret_sec_buffer(in, &targetname), 0);
-    CHECK(krb5_ret_uint32(in, &type2->flags), 0);
-    if (type2->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-    CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)),
-	  sizeof(type2->challange));
-    CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
-    CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
-    CHECK(ret_sec_buffer(in, &targetinfo), 0);
-    /* os version */
-#if 0
-    CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
-    CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
-#endif
-
-    CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0);
-    CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
-    ret = 0;
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type2(type2);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type2 message.
- *
- * @param type2 the ntlm_type2 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
-{
-    struct sec_buffer targetname, targetinfo;
-    krb5_error_code ret;
-    krb5_storage *out = NULL;
-    uint32_t base;
-    int ucs2 = 0;
-
-    if (type2->os[0])
-	base = 56;
-    else
-	base = 48;
-
-    if (type2->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-
-    targetname.offset = base;
-    targetname.length = len_string(ucs2, type2->targetname);
-    targetname.allocated = targetname.length;
-
-    targetinfo.offset = targetname.allocated + targetname.offset;
-    targetinfo.length = type2->targetinfo.length;
-    targetinfo.allocated = type2->targetinfo.length;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 2), 0);
-    CHECK(store_sec_buffer(out, &targetname), 0);
-    CHECK(krb5_store_uint32(out, type2->flags), 0);
-    CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)),
-	  sizeof(type2->challange));
-    CHECK(krb5_store_uint32(out, 0), 0); /* context */
-    CHECK(krb5_store_uint32(out, 0), 0);
-    CHECK(store_sec_buffer(out, &targetinfo), 0);
-    /* os version */
-    if (type2->os[0]) {
-	CHECK(krb5_store_uint32(out, type2->os[0]), 0);
-	CHECK(krb5_store_uint32(out, type2->os[1]), 0);
-    }
-    CHECK(put_string(out, ucs2, type2->targetname), 0);
-    CHECK(krb5_storage_write(out, type2->targetinfo.data, 
-			     type2->targetinfo.length),
-	  type2->targetinfo.length);
-    
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-/**
- * Frees the ntlm_type3 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type3(struct ntlm_type3 *data)
-{
-    heim_ntlm_free_buf(&data->lm);
-    heim_ntlm_free_buf(&data->ntlm);
-    if (data->targetname)
-	free(data->targetname);
-    if (data->username)
-	free(data->username);
-    if (data->ws)
-	free(data->ws);
-    heim_ntlm_free_buf(&data->sessionkey);
-    memset(data, 0, sizeof(*data));
-}
-
-/*
- *
- */
-
-int
-heim_ntlm_decode_type3(const struct ntlm_buf *buf,
-		       int ucs2,
-		       struct ntlm_type3 *type3)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type;
-    krb5_storage *in;
-    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
-
-    memset(type3, 0, sizeof(*type3));
-    memset(&sessionkey, 0, sizeof(sessionkey));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 3);
-    CHECK(ret_sec_buffer(in, &lm), 0);
-    CHECK(ret_sec_buffer(in, &ntlm), 0);
-    CHECK(ret_sec_buffer(in, &target), 0);
-    CHECK(ret_sec_buffer(in, &username), 0);
-    CHECK(ret_sec_buffer(in, &ws), 0);
-    if (lm.offset >= 60) {
-	CHECK(ret_sec_buffer(in, &sessionkey), 0);
-    }
-    if (lm.offset >= 64) {
-	CHECK(krb5_ret_uint32(in, &type3->flags), 0);
-    }
-    if (lm.offset >= 72) {
-	CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
-	CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
-    }
-    CHECK(ret_buf(in, &lm, &type3->lm), 0);
-    CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
-    CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0);
-    CHECK(ret_string(in, ucs2, &username, &type3->username), 0);
-    CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0);
-    if (sessionkey.offset)
-	CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type3(type3);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type3 message.
- *
- * @param type3 the ntlm_type3 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
-{
-    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
-    krb5_error_code ret;
-    krb5_storage *out = NULL;
-    uint32_t base;
-    int ucs2 = 0;
-
-    memset(&lm, 0, sizeof(lm));
-    memset(&ntlm, 0, sizeof(ntlm));
-    memset(&target, 0, sizeof(target));
-    memset(&username, 0, sizeof(username));
-    memset(&ws, 0, sizeof(ws));
-    memset(&sessionkey, 0, sizeof(sessionkey));
-
-    base = 52;
-    if (type3->sessionkey.length) {
-	base += 8; /* sessionkey sec buf */
-	base += 4; /* flags */
-    }
-    if (type3->os[0]) {
-	base += 8;
-    }
-
-    if (type3->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-
-    lm.offset = base;
-    lm.length = type3->lm.length;
-    lm.allocated = type3->lm.length;
-
-    ntlm.offset = lm.offset + lm.allocated;
-    ntlm.length = type3->ntlm.length;
-    ntlm.allocated = ntlm.length;
-
-    target.offset = ntlm.offset + ntlm.allocated;
-    target.length = len_string(ucs2, type3->targetname);
-    target.allocated = target.length;
-
-    username.offset = target.offset + target.allocated;
-    username.length = len_string(ucs2, type3->username);
-    username.allocated = username.length;
-
-    ws.offset = username.offset + username.allocated;
-    ws.length = len_string(ucs2, type3->ws);
-    ws.allocated = ws.length;
-
-    sessionkey.offset = ws.offset + ws.allocated;
-    sessionkey.length = type3->sessionkey.length;
-    sessionkey.allocated = type3->sessionkey.length;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 3), 0);
-
-    CHECK(store_sec_buffer(out, &lm), 0);
-    CHECK(store_sec_buffer(out, &ntlm), 0);
-    CHECK(store_sec_buffer(out, &target), 0);
-    CHECK(store_sec_buffer(out, &username), 0);
-    CHECK(store_sec_buffer(out, &ws), 0);
-    /* optional */
-    if (type3->sessionkey.length) {
-	CHECK(store_sec_buffer(out, &sessionkey), 0);
-	CHECK(krb5_store_uint32(out, type3->flags), 0);
-    }
-#if 0
-    CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
-    CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
-#endif
-
-    CHECK(put_buf(out, &type3->lm), 0);
-    CHECK(put_buf(out, &type3->ntlm), 0);
-    CHECK(put_string(out, ucs2, type3->targetname), 0);
-    CHECK(put_string(out, ucs2, type3->username), 0);
-    CHECK(put_string(out, ucs2, type3->ws), 0);
-    CHECK(put_buf(out, &type3->sessionkey), 0);
-    
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static void
-splitandenc(unsigned char *hash, 
-	    unsigned char *challange,
-	    unsigned char *answer)
-{
-    DES_cblock key;
-    DES_key_schedule sched;
-
-    ((unsigned char*)key)[0] =  hash[0];
-    ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
-    ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
-    ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
-    ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
-    ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
-    ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
-    ((unsigned char*)key)[7] = (hash[6] << 1);
-
-    DES_set_odd_parity(&key);
-    DES_set_key(&key, &sched);
-    DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
-    memset(&sched, 0, sizeof(sched));
-    memset(key, 0, sizeof(key));
-}
-
-/**
- * Calculate the NTLM key, the password is assumed to be in UTF8.
- *
- * @param password password to calcute the key for.
- * @param key calcuted key, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
-{
-    struct ntlm_buf buf;
-    MD4_CTX ctx;
-    int ret;
-
-    key->data = malloc(MD5_DIGEST_LENGTH);
-    if (key->data == NULL)
-	return ENOMEM;
-    key->length = MD5_DIGEST_LENGTH;
-
-    ret = ascii2ucs2le(password, 0, &buf);
-    if (ret) {
-	heim_ntlm_free_buf(key);
-	return ret;
-    }
-    MD4_Init(&ctx);
-    MD4_Update(&ctx, buf.data, buf.length);
-    MD4_Final(key->data, &ctx);
-    heim_ntlm_free_buf(&buf);
-    return 0;
-}
-
-/**
- * Calculate NTLMv1 response hash
- *
- * @param key the ntlm v1 key
- * @param len length of key
- * @param challange sent by the server
- * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm1(void *key, size_t len,
-			  unsigned char challange[8],
-			  struct ntlm_buf *answer)
-{
-    unsigned char res[21];
-
-    if (len != MD4_DIGEST_LENGTH)
-	return EINVAL;
-
-    memcpy(res, key, len);
-    memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
-
-    answer->data = malloc(24);
-    if (answer->data == NULL)
-	return ENOMEM;
-    answer->length = 24;
-
-    splitandenc(&res[0],  challange, ((unsigned char *)answer->data) + 0);
-    splitandenc(&res[7],  challange, ((unsigned char *)answer->data) + 8);
-    splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16);
-
-    return 0;
-}
-
-/**
- * Generates an NTLMv1 session random with assosited session master key.
- *
- * @param key the ntlm v1 key
- * @param len length of key
- * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
- * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_build_ntlm1_master(void *key, size_t len,
-			     struct ntlm_buf *session,
-			     struct ntlm_buf *master)
-{
-    RC4_KEY rc4;
-
-    memset(master, 0, sizeof(*master));
-    memset(session, 0, sizeof(*session));
-
-    if (len != MD4_DIGEST_LENGTH)
-	return EINVAL;
-    
-    session->length = MD4_DIGEST_LENGTH;
-    session->data = malloc(session->length);
-    if (session->data == NULL) {
-	session->length = 0;
-	return EINVAL;
-    }    
-    master->length = MD4_DIGEST_LENGTH;
-    master->data = malloc(master->length);
-    if (master->data == NULL) {
-	heim_ntlm_free_buf(master);
-	heim_ntlm_free_buf(session);
-	return EINVAL;
-    }
-    
-    {
-	unsigned char sessionkey[MD4_DIGEST_LENGTH];
-	MD4_CTX ctx;
-    
-	MD4_Init(&ctx);
-	MD4_Update(&ctx, key, len);
-	MD4_Final(sessionkey, &ctx);
-	
-	RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-    }
-    
-    if (RAND_bytes(session->data, session->length) != 1) {
-	heim_ntlm_free_buf(master);
-	heim_ntlm_free_buf(session);
-	return EINVAL;
-    }
-    
-    RC4(&rc4, master->length, session->data, master->data);
-    memset(&rc4, 0, sizeof(rc4));
-    
-    return 0;
-}
-
-/**
- * Generates an NTLMv2 session key.
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param ntlmv2 the ntlmv2 session key
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_ntlmv2_key(const void *key, size_t len,
-		     const char *username,
-		     const char *target,
-		     unsigned char ntlmv2[16])
-{
-    unsigned int hmaclen;
-    HMAC_CTX c;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
-    {
-	struct ntlm_buf buf;
-	/* uppercase username and turn it inte ucs2-le */
-	ascii2ucs2le(username, 1, &buf);
-	HMAC_Update(&c, buf.data, buf.length);
-	free(buf.data);
-	/* uppercase target and turn into ucs2-le */
-	ascii2ucs2le(target, 1, &buf);
-	HMAC_Update(&c, buf.data, buf.length);
-	free(buf.data);
-    }
-    HMAC_Final(&c, ntlmv2, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-}
-
-/*
- *
- */
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static uint64_t
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
-    return wt;
-}
-
-static time_t
-nt2unixtime(uint64_t t)
-{
-    t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
-    if (t > (((time_t)(~(uint64_t)0)) >> 1))
-	return 0;
-    return (time_t)t;
-}
-
-
-/**
- * Calculate NTLMv2 response
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param serverchallange challange as sent by the server in the type2 message.
- * @param infotarget infotarget as sent by the server in the type2 message.
- * @param ntlmv2 calculated session key
- * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm2(const void *key, size_t len,
-			  const char *username,
-			  const char *target,
-			  const unsigned char serverchallange[8],
-			  const struct ntlm_buf *infotarget,
-			  unsigned char ntlmv2[16],
-			  struct ntlm_buf *answer)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    unsigned int hmaclen;
-    unsigned char ntlmv2answer[16];
-    krb5_storage *sp;
-    unsigned char clientchallange[8];
-    HMAC_CTX c;
-    uint64_t t;
-    
-    t = unix2nttime(time(NULL));
-
-    if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1)
-	return EINVAL;
-    
-    /* calculate ntlmv2 key */
-
-    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
-
-    /* calculate and build ntlmv2 answer */
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_store_uint32(sp, 0x00000101), 0);
-    CHECK(krb5_store_uint32(sp, 0), 0);
-    /* timestamp le 64 bit ts */
-    CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
-    CHECK(krb5_store_uint32(sp, t >> 32), 0);
-
-    CHECK(krb5_storage_write(sp, clientchallange, 8), 8);
-
-    CHECK(krb5_store_uint32(sp, 0), 0);  /* unknown but zero will work */
-    CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), 
-	  infotarget->length);
-    CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
-    
-    CHECK(krb5_storage_to_data(sp, &data), 0);
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
-    HMAC_Update(&c, serverchallange, 8);
-    HMAC_Update(&c, data.data, data.length);
-    HMAC_Final(&c, ntlmv2answer, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_data_free(&data);
-	return ENOMEM;
-    }
-
-    CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
-    CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
-    krb5_data_free(&data);
-    
-    CHECK(krb5_storage_to_data(sp, &data), 0);
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    answer->data = data.data;
-    answer->length = data.length;
-
-    return 0;
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    return ret;
-}
-
-static const int authtimediff = 3600 * 2; /* 2 hours */
-
-/**
- * Verify NTLMv2 response.
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param now the time now (0 if the library should pick it up itself)
- * @param serverchallange challange as sent by the server in the type2 message.
- * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
- * @param infotarget infotarget as sent by the server in the type2 message.
- * @param ntlmv2 calculated session key
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_verify_ntlm2(const void *key, size_t len,
-		       const char *username,
-		       const char *target,
-		       time_t now,
-		       const unsigned char serverchallange[8],
-		       const struct ntlm_buf *answer,
-		       struct ntlm_buf *infotarget,
-		       unsigned char ntlmv2[16])
-{
-    krb5_error_code ret;
-    unsigned int hmaclen;
-    unsigned char clientanswer[16];
-    unsigned char clientnonce[8];
-    unsigned char serveranswer[16];
-    krb5_storage *sp;
-    HMAC_CTX c;
-    uint64_t t;
-    time_t authtime;
-    uint32_t temp;
-
-    infotarget->length = 0;    
-    infotarget->data = NULL;    
-
-    if (answer->length < 16)
-	return EINVAL;
-
-    if (now == 0)
-	now = time(NULL);
-
-    /* calculate ntlmv2 key */
-
-    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
-
-    /* calculate and build ntlmv2 answer */
-
-    sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
-
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    CHECK(temp, 0x00000101);
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    CHECK(temp, 0);
-    /* timestamp le 64 bit ts */
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    t = temp;
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    t |= ((uint64_t)temp)<< 32;
-
-    authtime = nt2unixtime(t);
-
-    if (abs((int)(authtime - now)) > authtimediff) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    /* client challange */
-    CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
-
-    CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
-
-    /* should really unparse the infotarget, but lets pick up everything */
-    infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
-    infotarget->data = malloc(infotarget->length);
-    if (infotarget->data == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), 
-	  infotarget->length);
-    /* XXX remove the unknown ?? */
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
-    HMAC_Update(&c, serverchallange, 8);
-    HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
-    HMAC_Final(&c, serveranswer, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    if (memcmp(serveranswer, clientanswer, 16) != 0) {
-	heim_ntlm_free_buf(infotarget);
-	return EINVAL;
-    }
-
-    return 0;
-out:
-    heim_ntlm_free_buf(infotarget);
-    if (sp)
-	krb5_storage_free(sp);
-    return ret;
-}
-
-
-/*
- * Calculate the NTLM2 Session Response
- *
- * @param clnt_nonce client nonce
- * @param svr_chal server challage
- * @param ntlm2_hash ntlm hash
- * @param lm The LM response, should be freed with heim_ntlm_free_buf().
- * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
-			       const unsigned char svr_chal[8],
-			       const unsigned char ntlm_hash[16],
-			       struct ntlm_buf *lm,
-			       struct ntlm_buf *ntlm)
-{
-    unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
-    unsigned char res[21], *resp;
-    MD5_CTX md5;
-
-    lm->data = malloc(24);
-    if (lm->data == NULL)
-	return ENOMEM;
-    lm->length = 24;
-
-    ntlm->data = malloc(24);
-    if (ntlm->data == NULL) {
-	free(lm->data);
-	lm->data = NULL;
-	return ENOMEM;
-    }
-    ntlm->length = 24;
-
-    /* first setup the lm resp */
-    memset(lm->data, 0, 24);
-    memcpy(lm->data, clnt_nonce, 8);
-
-    MD5_Init(&md5);
-    MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
-    MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
-    MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
-
-    memset(res, 0, sizeof(res));
-    memcpy(res, ntlm_hash, 16);
-
-    resp = ntlm->data;
-    splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
-    splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
-    splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/ntlm/test_ntlm.c b/crypto/heimdal/lib/ntlm/test_ntlm.c
deleted file mode 100644
index 11eceb0..0000000
--- a/crypto/heimdal/lib/ntlm/test_ntlm.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_ntlm.c 22377 2007-12-28 18:38:53Z lha $");
-
-#include <krb5.h>
-#include <heimntlm.h>
-
-static int
-test_parse(void)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword",
-	*target = "DOMAIN";
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    int flags;
-    
-    memset(&type1, 0, sizeof(type1));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
-    type1.domain = rk_UNCONST(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    memset(&type1, 0, sizeof(type1));
-
-    ret = heim_ntlm_decode_type1(&data, &type1);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    heim_ntlm_free_type1(&type1);
-
-    /*
-     *
-     */
-
-    memset(&type2, 0, sizeof(type2));
-
-    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
-    type2.flags = flags;
-
-    memset(type2.challange, 0x7f, sizeof(type2.challange));
-    type2.targetname = rk_UNCONST(target);
-    type2.targetinfo.data = NULL;
-    type2.targetinfo.length = 0;
-
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type2");
-
-    memset(&type2, 0, sizeof(type2));
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    heim_ntlm_free_type2(&type2);
-
-    /*
-     *
-     */
-
-    memset(&type3, 0, sizeof(type3));
-
-    type3.flags = flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = rk_UNCONST(target);
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm1(key.data, key.length,
-				  type2.challange,
-				  &type3.ntlm);
-	free(key.data);
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    free(type3.ntlm.data);
-
-    memset(&type3, 0, sizeof(type3));
-
-    ret = heim_ntlm_decode_type3(&data, 1, &type3);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type3");
-
-    if (strcmp("workstation", type3.ws) != 0)
-	errx(1, "type3 ws wrong");
-
-    if (strcmp(target, type3.targetname) != 0)
-	errx(1, "type3 targetname wrong");
-
-    if (strcmp(user, type3.username) != 0)
-	errx(1, "type3 username wrong");
-
-
-    heim_ntlm_free_type3(&type3);
-
-    /*
-     * NTLMv2
-     */
-
-    memset(&type2, 0, sizeof(type2));
-
-    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
-    type2.flags = flags;
-
-    memset(type2.challange, 0x7f, sizeof(type2.challange));
-    type2.targetname = rk_UNCONST(target);
-    type2.targetinfo.data = "\x00\x00";
-    type2.targetinfo.length = 2;
-
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type2");
-
-    memset(&type2, 0, sizeof(type2));
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    heim_ntlm_free_type2(&type2);
-
-    return 0;
-}
-
-static int
-test_keys(void)
-{
-    const char
-	*username = "test",
-	*password = "test1234",
-	*target = "TESTNT";
-    const unsigned char 
-	serverchallange[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
-    struct ntlm_buf infotarget, infotarget2, answer, key;
-    unsigned char ntlmv2[16], ntlmv2_1[16];
-    int ret;
-    
-    infotarget.length = 70;
-    infotarget.data =
-	"\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
-	"\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
-	"\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
-	    "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
-	    "\x00\x6d\x00"
-	"\x00\x00\x00\x00";
-
-    answer.length = 0;
-    answer.data = NULL;
-
-    heim_ntlm_nt_key(password, &key);
-
-    ret = heim_ntlm_calculate_ntlm2(key.data,
-				    key.length,
-				    username,
-				    target,
-				    serverchallange,
-				    &infotarget,
-				    ntlmv2,
-				    &answer);
-    if (ret)
-	errx(1, "heim_ntlm_calculate_ntlm2");
-
-    ret = heim_ntlm_verify_ntlm2(key.data,
-				 key.length,
-				 username,
-				 target,
-				 0,
-				 serverchallange,
-				 &answer,
-				 &infotarget2,
-				 ntlmv2_1);
-    if (ret)
-	errx(1, "heim_ntlm_verify_ntlm2");
-
-    if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
-	errx(1, "ntlm master key not same");
-
-    if (infotarget.length > infotarget2.length)
-	errx(1, "infotarget length");
-
-    if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
-	errx(1, "infotarget not the same");
-
-    free(key.data);
-    free(answer.data);
-    free(infotarget2.data);
-
-    return 0;
-}
-
-static int
-test_ntlm2_session_resp(void)
-{
-    int ret;
-    struct ntlm_buf lm, ntlm;
-
-    const unsigned char lm_resp[24] = 
-	"\xff\xff\xff\x00\x11\x22\x33\x44"
-	"\x00\x00\x00\x00\x00\x00\x00\x00"
-	"\x00\x00\x00\x00\x00\x00\x00\x00";
-    const unsigned char ntlm2_sess_resp[24] = 
-	"\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
-	"\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
-	"\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
-    
-    const unsigned char client_nonce[8] =
-	"\xff\xff\xff\x00\x11\x22\x33\x44";
-    const unsigned char server_challange[8] =
-	"\x01\x23\x45\x67\x89\xab\xcd\xef";
-
-    const unsigned char ntlm_hash[16] =
-	"\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
-	"\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
-
-    ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
-					 server_challange,
-					 ntlm_hash,
-					 &lm,
-					 &ntlm);
-    if (ret)
-	errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
-
-    if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
-	errx(1, "lm_resp wrong");
-    if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
-	errx(1, "ntlm2_sess_resp wrong");
-    
-    free(lm.data);
-    free(ntlm.data);
-
-
-    return 0;
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0, optind = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    printf("test_parse\n");
-    ret += test_parse();
-    printf("test_keys\n");
-    ret += test_keys();
-    printf("test_ntlm2_session_resp\n");
-    ret += test_ntlm2_session_resp();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/ntlm/version-script.map b/crypto/heimdal/lib/ntlm/version-script.map
deleted file mode 100644
index 654a630..0000000
--- a/crypto/heimdal/lib/ntlm/version-script.map
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: version-script.map 22041 2007-11-11 07:43:27Z lha $
-
-HEIMDAL_NTLM_1.0 {
-	global:
-		heim_ntlm_build_ntlm1_master;
-		heim_ntlm_calculate_ntlm1;
-		heim_ntlm_calculate_ntlm2;
-		heim_ntlm_calculate_ntlm2_sess;
-		heim_ntlm_decode_targetinfo;
-		heim_ntlm_decode_type1;
-		heim_ntlm_decode_type2;
-		heim_ntlm_decode_type3;
-		heim_ntlm_encode_targetinfo;
-		heim_ntlm_encode_type1;
-		heim_ntlm_encode_type2;
-		heim_ntlm_encode_type3;
-		heim_ntlm_free_buf;
-		heim_ntlm_free_targetinfo;
-		heim_ntlm_free_type1;
-		heim_ntlm_free_type2;
-		heim_ntlm_free_type3;
-		heim_ntlm_nt_key;
-		heim_ntlm_ntlmv2_key;
-		heim_ntlm_verify_ntlm2;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog
deleted file mode 100644
index 6a9abe7..0000000
--- a/crypto/heimdal/lib/roken/ChangeLog
+++ /dev/null
@@ -1,2196 +0,0 @@
-2008-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add missing files.
-
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* strftime.c: rewrite str[pf]time for testing.
-
-	* strptime.c: rewrite str[pf]time for testing.
-
-	* Makefile.am: add TEST_STRPFTIME
-	
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c (dbm_get): set dsize to 0 on failure.
-
-	* Makefile.am: add ndbm_wrap.[ch] to EXTRA_DIST
-
-	* ndbm_wrap.c (dbm_fetch): set dsize to 0 on failure.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: Implement swrap_dup too.
-
-	* socket_wrapper.c: Add dup(dummy stub) and dup2(real).
-
-	* socket_wrapper.h: Add dup(dummy stub) and dup2(real).
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c: set proxy_port to 0 to pacify BEAM.
-
-2007-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use "roken.h" consitantly
-
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test-readenv.c: Free environment.
-
-	* environment.c (free_environment): free result of
-	read_environment().
-
-	* roken-common.h (free_environment): free result of
-	read_environment().
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fnmatch.c: Do recursive call to rk_fnmatch
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: Try harder to call res_ndestroy().
-	
-2006-12-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: make sure built headers are copied to the
-	${build_topdir}/include
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unvis.c: Use internal version of rk_unvis
-
-	* unvis.c: Always include rk_versions.
-
-	* vis.c: Always include rk_versions.
-
-	* vis.hin: Fix argument for unvis and strsvisx.
-	
-	* unvis.c: prefix unvis functions with rk_, and prototypes.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* vis.c: Provide some prototypes for the rk_vis functions.
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ifaddrs.hin: Prefix getifaddrs functions with rk_ and do symbol
-	renaming.
-
-	* fnmatch.c: Prefix fnmatch functions with rk_ and do symbol
-	renaming.
-
-	* vis.hin: Prefix strvis functions with rk_ and do symbol
-	renaming.
-
-	* vis.c: prefix strvis functions with rk_
-
-	* Makefile.am: Install extra posix headers in <roken/...> to avoid
-	dup headers.
-	
-2006-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c (swrap_sendto): fail on to unknown si->type
-	
-2006-11-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* socket_wrapper.c: A few fixes to have Heimdal pass the make
-	check under socket_wrapper. The first is a missing 'break' before
-	the (heimdal specific) IPv6 support. The second works around the
-	fact that sendto() *may* object to a destination being specified.
-	It appears to be that on Linux, this objects (with EISCONN) for
-	unix stream sockets, but not for TCP sockets. The alternate fix
-	would be to have the KDC use 'send()' in this case. Andrew Bartlett.
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: split dist and nondist HEADERS
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* roken.h.in: Add timegm glue.
-
-	* timegm.c: add timegm()
-	
-	* socket_wrapper.c: Include <roken.h>, gives os socklen_t on IRIX
-	6.4.
-	
-	* socket_wrapper.c: Maybe include <sys/time.h> and/or maybe
-	include <time.h>.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Revert prevois for now, the problem is that we have
-	to include symbols unconditionally, even for those that just needs
-	protos.
-
-	* roken.h.in: Provide symbol renaming, let see what breaks.
-
-	* socket_wrapper.c: Maybe include <sys/filio.h>.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: more consitity check, remove dead code, add
-	socket length code, add missing break, make diffrent chars of type
-	type files for case-insensitiv filesystems
-
-	* socket_wrapper.c: try even hard to not use socket wrapper for
-	socket_wrapper itself.
-
-	* socket_wrapper.c: Force no socket wrapper for socket_wrapper
-	itself.
-	
-2006-10-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: Maybe include <config.h>.
-
-	* socket_wrapper.c: Protect AF_INET6 with #ifdef HAVE_IPV6.
-
-	* socket_wrapper.c: Use a symbol for the v6 address.
-
-	* socket_wrapper.c: Add IPv6 suppport.
-	
-	* socket_wrapper.[ch]: Include socket wrapper from samba4 (rev
-	19179).
-	
-2006-10-07 Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Add build_HEADERZ to EXTRA_DIST
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-
-	* Makefile.am: Add to all objects BUILD_ROKEN_LIB.
-	
-2006-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Add samba socket wrapper fragment.
-
-	* Makefile.am: Add samba socket wrapper fragment.
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf.c: reapply patch that went away in last commit
-	
-	* snprintf-test.c: unbreak from previous commit
-
-	* snprintf.c: Add size_t formater (z modifer).
-
-	* snprintf-test.c: add tests for size_t printf formater
-	
-2006-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rtbl.h: Add extern "C" for C++.
-
-	* rtbl.c: Add rtbl_add_column_entryv functions, printf like
-
-	* rtbl.h: Add rtbl_add_column_entryv functions, printf like
-	
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* glob.hin: Add extern "C" for C++. From joerg at britannica dot
-	bec dot de
-
-	* fnmatch.hin: Add extern "C" for C++. From joerg at britannica
-	dot bec dot de
-	
-2006-04-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fnmatch.hin (fnmatch): CPP rename to rk_fnmatch
-	
-2006-04-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* resolve.c (dns_srv_order): change a if (ptr == NULL) continue
-	into a assert(ptr != NULL) since it could never happen, found by
-	the IBM code checker (beam).  Thanks to Florian Krohm for
-	explaining it.
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c (roken_gethostby): make addr_list one larger
-	to avoid a off-by-one error. Found by IBM checker.
-
-	* resolve.c: Plug memory leak found by IBM checker (and try to
-	please it).
-	
-2006-02-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* resolve.c: Spelling, from Alexey Dobriyan, via Jason McIntyre
-	
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* getcap.c: Don't use db support unless its build into libc but we
-	dont check for that now, so just disable the code. This removes
-	the dependency on libdb for roken, and that is a good thing since
-	it causes problem with nss plugins that uses DB3 that also
-	provides the same symbol, but with a diffrent ABI. so when the
-	application calls getpwnamn() and it linked to roken, it craches
-	in the nss functions.
-	
-2006-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c (hex_decode): support decoding odd number of characters,
-	in the odd len case, the first character ends up in the first byte
-	in the lower nibble.
-
-	* hex-test.c: Check that we can decode single character hex chars.
-
-2005-12-12  Love H�rnquist �strand <lha@it.su.se>
-
-	* getifaddrs.c: Try handle HP/UX 11.nn, its diffrent from Solaris
-	large SIOCGIFCONF.
-	
-2005-09-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: Move rk_UNCONST to roken.h.in since it might use
-	uintptr_t depending on avaibility.
-
-	* roken.h.in: Include <stdint.h> if it exists.  If avaiable, use
-	uintptr_t to define rk_UNCONST.
-	
-2005-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: Add rk_dumpdata.
-	
-	* dumpdata.c: Add rk_dumpdata() that write a chunk of data into a
-	file for later processing by some other tool (like asn1_print).
-	
-2005-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: cast to unsigned char to make sure its not negative
-	when passing it to is* functions
-	
-2005-09-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket.c: Add socket_set_ipv6only.
-
-	* roken-common.h: Add socket_set_ipv6only, remove some argument
-	names.
-	
-2005-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpool.c (rk_strpoolprintf): remove debug printf, plug memory
-	leak
-	
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* setprogname.c (setprogname): const poision
-	
-	* print_version.c: Removed, moved to libvers.
-
-2005-08-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c (dns_lookup_int): if we have res_ndestroy, prefeer
-	that before res_nclose
-
-2005-08-12 Love H�rnquist �strand  <lha@it.su.se>
-
-	* getaddrinfo-test.c: Rename optind to optidx to avoid shadowing.
-
-2005-08-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gai_strerror.c: sprinkel more const
-	
-	* gai_strerror.c, roken.h.in: Make return value of gai_strerror
-	const to match SUSv3.  Prompted by Stefan Metzmacher change to
-	Samba.
-
-2005-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Remove parameter names to avoid shadow warnings.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getifaddrs.c (nl_getlist): poll to get messages from kernel, and
-	retry if the message was lost
-	(free_nlmsglist): free all linked elements, not just the first one
-
-2005-07-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf-test.c: Check a very simple format string
-	
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: If we have <strings.h> include it, its needed for
-	strcasecmp() on those platforms that are SUS3/iso c99 strict (like
-	AIX)
-
-	* roken-common.h: remove duplicate ;
-	
-2005-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: rk_strpoolprintf first variable identifier is 3
-
-2005-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* base64.h: remove variable names
-	
-2005-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: fix format attribute
-
-	* Makefile.am (libroken_la_SOURCES): += strpool.c
-	
-	* roken-common.h: add strpool, a printf collector to make it
-	eaiser to collect strings into one string
-	
-	* strpool.c: add strpool, a printf collector to make it eaiser to
-	collect strings into one string
-
-2005-06-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* base64.c: Add const, from Andrew Abartlet <abartlet@samba.org>
-
-2005-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpftime-test.c: test for "%Y%m"
-
-	* esetenv.c: unconst
-
-	* strptime.c: Write a new parse_number function that is possible
-	to limit that amount of numbers used, with this strptime can
-	handle strptime("200505", "%Y%m", &tm);
-
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getaddrinfo.c: avoid shadowing sin
-	
-	* resolve-test.c: rename optind to optidx to avoid shadowing
-	
-	* strptime.c: UNCONST return value from strptime
-	
-	* strftime.c: rk_UNCONST argument mktime
-	
-	* getnameinfo.c: avoid shadowing sin
-	
-	* socket.c: avoid shadowing sin
-
-	* resolve.c (parse_record): fix casting to avoid losing const
-	
-	* roken.awk: since we got no feedback regarding people running
-	heimdal on the crays, remove the quoted # version
-	
-	* environment.c: rename index to idx to avoid shadowing
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_reply-test.c: avoid signedness warnings
-
-	* test-mem.c: avoid signedness warnings
-
-2005-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c: include "roken.h" to avoid undefined size_t/ssize_t
-
-2005-05-24  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (snprintf_test_SOURCES): Add snprintf-test.h.
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* environment.c (rk_read_env_file): move assignment to later to
-	make pre c99 compiler happy
-
-2005-05-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: use english spelling of March
-
-2005-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: only link with dblib if we need it
-	
-	* Makefile.am: add test_readenv
-	
-	* test-readenv.c: test for read_environment()
-	
-	* environment.c: eliminate duplicates
-	
-2005-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* issuid.c (issuid): change the #ifdef order to avoid unreachable
-	code warning.
-
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* roken.h.in: Get daemon declared on Solaris (it's in unistd.h but
-	masked by a feature test), just to avoid a warning, since it has
-	int args. Include err.h unconditionally, since it's always
-	supplied.
-
-2005-05-04  Dave Love  <fx@gnu.org>
-
-	* snprintf-test.c: Include snprintf-test.h earlier.
-
-2005-05-03  Dave Love  <fx@gnu.org>
-
-	* snprintf.c: Include snprintf-test.h earlier.
-	
-	* test-mem.c: Add member fd to map.
-	(rk_test_mem_alloc, rk_test_mem_free): Use it.
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getifaddrs.c: add break on default: statements, from Douglas
-	E. Engert
-
-	* snprintf.c (vsnprintf): don't write the NUL into the string if
-	the length was 0
-
-	* snprintf-test.c: add check that snprintf doesn't write the NUL
-	into the last byte when its a zero length input string
-
-	* parse_time-test.c: Include <err.h>.
-	
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time-test.c: improve testing
-	
-	* roken-common.h: add rk_realloc
-
-	* Makefile.am: add realloc
-
-	* realloc.c: add rk_realloc, unbroken version of realloc
-
-2005-04-26  Dave Love  <fx@gnu.org>
-
-	* getusershell.c: Include roken.h
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unvis.c: cast to unsigned char to make sure its not negative
-	when passing it to is* functions
-
-	* strptime.c: cast to unsigned char to make sure its not negative
-	when passing it to to* functions
-
-2005-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* simple_exec.c: don't close stderr, close all fd that is num 3
-	and larger
-
-	* simple_exec.c (pipe_execv): use closefrom
-
-	* add closefrom
-
-2005-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add ROKEN_LIB_FUNCTION to all exported functions
-
-2005-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: print DS
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time-test.c: remove unused variable
-	
-2005-04-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpftime-test.c: print size_t by casting to unsigned long
-	
-	* base64-test.c: print size_t by casting to unsigned long
-	
-	* hex-test.c: print size_t by casting to unsigned long
-	
-	* resolve-test.c: print size_t by casting to unsigned long
-	
-2005-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf-test.c (try): reset va_list argument between reuse,
-	from Peter Kruty <xkruty@fi.muni.cz>
-
-2005-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c (roken_gethostby): s/sin/addr/ to avoid
-	shadowing
-
-	* resolve.c (dns_lookup_int): s/stat/state/ to avoid shadowing
-
-	* parse_units.c: avoid shadowing div
-
-2005-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf.c: use defined(TEST_SNPRINTF) like on all other places
-	in the same file
-
-2005-03-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c: check for overflows
-
-2005-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* vis.c: use RCSID instead of __RCSID
-
-2005-03-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: check_PROGRAMS += hex-test
-	
-	* hex-test.c: hex encoding/decoding test
-	
-	* hex.c: fix decodeing, it processed to much data and thus
-	returned the wrong length
-
-2005-03-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add hex.[ch]
-
-	* hex.c: add hex encoder/decoder
-
-2005-03-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* daemon.c fnmatch.c fnmatch.hin getcap.c getopt.c getusershell.c
-	glob.c glob.hin iruserok.c unvis.c vis.hin:
-	
-	In 1997, the University of California, Berkeley issued a statement
-	retroactively relicensing all code held under their copyright from
-	a 4-clause 'traditional' BSD license to a new 3-clause 'revised'
-	BSD license, which removed the advertising clause.
-
-	From NetBSD, via Joel Baker, and Alistair G. Crooks
-	
-	* getaddrinfo-test.c: remove stray ( in output
-	
-	* vis.c: Update new revision from NetBSD (copyright update)
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 17:0:1
-
-2005-01-19  Dave Love  <d.love@dl.ac.uk>
-
-	* getusershell.c: Include ctype.h, cast argument to isspace to
-	unsigned char.
-
-2004-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time.3, parse_units.c: Change the behavior of the
-	parse_unit code to return the number of bytes needed to print the
-	whole string (minus the trailing '\0'), just like snprintf.  Idea
-	from bugreport from Gabriel Kihlman <gk@stacken.kth.se>.
-
-	* parse_time-test.c Makefile.am test-mem.c test-mem.h: test parse_time
-
-2004-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: put dns_type_to_string and dns_string_to_type in the
-	abi
-
-	* resolve.c: add ds_record
-	
-	* resolve.h: add ds_record
-	
-2004-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c: undefine open so this works on solaris with large
-	file support From netbsd's pkgsrc via Gavan Fantom
-	
-2004-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: add --version/--help
-	
-2004-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: make resolve-test a noinst program
-	
-2004-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: test program for libroken resolve from resolve.c
-	
-	* Makefile.am: add resolve-test
-	
-	* resolve.h: add constant for max DNS protocol packet size
-	
-	* resolve.c (dns_lookup_int): grow the answer buffer to the size
-	the server send to us if the answer buffer was too small (limited
-	to the dns protocol max packet size)
-	
-2004-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* err.hin: no need to declare __progname here
-
-	* Makefile.am: always clean generated headers
-
-2004-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rtbl.3: use .In for header, remove trailing space
-	
-2004-06-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rtbl.h: add protos and macros
-	
-	* rtbl.c: implement a bunch of stuff:
-	  - column separator (instead of global column prefix)
-	  - per column suffix
-	  - indexing columns by id-number instead of column header
-	  - optional header supression (via settable flags)
-	  - ability to end a row
-	  - don't extend last column to full width
-	
-2004-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.[ch]: add and use and bind9 version of rr type
-	(rk_ns_t_XXX) instead of the old bind4 version (T_XXX)
-
-2004-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c (stot): add AAAA
-	
-2004-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getarg.c (add_string): catch error from realloc
-	
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: add simple_execve_timed
-	
-	* roken-common.h: add timed simple_exec
-	
-	* simple_exec.c: add timed simple_exec
-	
-2004-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gai_strerror.c: correct ifdef for EAI_ADDRFAMILY
-
-2003-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: parse dns header, add support for SSHFP
-	
-	* resolve.h: add cpp rewrite for sshfp_record
-	
-	* resolve.h: add SSHFP, clean up the the dns_header
-	
-2003-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.h: remove HEADER (only used for crays)
-	
-	* resolve.c: number-of fields no longer stored in network order
-	
-2003-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: remove depency on c99 types in resolv.h
-	
-	* resolve.h: remove depency on c99 types
-	
-2003-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolv.h: add more T_ types and inline the dns headers, all this
-	for bind9 resolvers
-
-2003-12-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gai_strerror.c: EAI_ADDRFAMILY and EAI_NODATA is deprecated
-	
-	* roken-common.h: use EAI_NONAME instead of EAI_ADDRFAMILY to
-	check for if we need EAI_ macros
-
-2003-10-04   Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: let t and n match zero or more whitespaces
-	
-2003-08-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c: patch for working with DB4 on heimdal-discuss
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: don't include discovered files in EXTRA_SOURCES;
-	don't depend on all header files, just the built ones
-
-2003-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* emalloc.3: manpage
-	
-2003-07-11  Love  <lha@stacken.kth.se>
-
-	* resolve.c: AIX have broken res_nsearch() in 5.1 (5.0 also ?)  so
-	just don't use res_nsearch on AIX
-
-2003-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c: * don't ever print sign for unsigned conversions *
-	don't break when right justifying a number past the end of the
-	buffer * handle zero precision and the value zero more correctly
-
-2003-06-14  Love  <lha@stacken.kth.se>
-
-	* glob.hin: prefix glob symbols with rk_
-	
-2003-04-22  Love  <lha@stacken.kth.se>
-
-	* resolve.c: copy NUL too, from janj@wenf.org via openbsd
-	
-2003-04-16  Love  <lha@stacken.kth.se>
-
-	* parse_units.h: remove typedef for units to avoid problems with
-	shadowing
-
-	* resolve.c: use strlcpy, from openbsd
-	
-	* getcap.c: use strlcpy, from openbsd
-	
-	* getarg.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-15  Love  <lha@stacken.kth.se>
-
-	* socket.c (socket_set_tos): if setsockopt failed with EINVAL
-	failed, just ignore it, sock was probably a just a non AF_INET
-	socket
-
-2003-04-14  Love  <lha@stacken.kth.se>
-
-	* strncasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strlwr.c: cast argument to tolower to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strcasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-2003-03-19  Love  <lha@stacken.kth.se>
-
-	* getarg.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-2003-03-07  Love  <lha@stacken.kth.se>
-
-	* parse_bytes.c: use struct units instead of units
-	
-	* parse_time.c: use struct units instead of units
-	
-2003-03-04  Love  <lha@stacken.kth.se>
-
-	* roken.awk: use full prototype for main
-	
-2002-10-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: check length of txt records
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: include config.h before stdio.h (breaks with
-	_FILE_OFFSET_BITS on solaris otherwise)
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
-	has a broken version that trashes memory
-
-	* roken-common.h: fix typo in previous
-
-	* roken-common.h: change IRIX == 4 to IRIX4
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: remove some warnings from the linux-portion
-
-	* getnameinfo_verified.c (getnameinfo_verified): handle the case
-	of forward but no backward DNS information, and also describe the
-	desired behaviour.  from Love <lha@stacken.kth.se>
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rtbl.c (rtbl_destroy): free whole table
-
-	* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
-	YOSHIFUJI of the Usagi project
-	
-	* parse_reply-test.c: make this build and return 77 if there is no
-	mmap
-
-	* Makefile.am (parse_reply-test): add
-	* parse_reply-test.c: add a test case for parse_reply reading past
-	the given buffer
-	* resolve.c (parse_reply): update the arguments to more reasonable
-	types.  allow parse_reply-test to call it
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): do alignment tricks with the random()
-	state (from NetBSD)
-
-2002-08-27  Assar Westerlund  <assar@kth.se>
-
-	* resolve.c (parse_reply): verify the lengths (both external and
-	internal) are consistent and not too long
-	(dns_lookup_int): be conservative in the length sent in to to
-	parse_reply
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* roken.h.in: add prototypes for str, unvis functions
-	* resolve.h: add fallback definition for T_AAAA
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: we may need a prototype for strndup
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: typedef ssize_t here
-
-	* getarg.c: don't put Ns before comma
-
-	* resolve.c: _res might not be available
-
-	* localtime_r.c: include stdio.h and roken.h
-
-	* strftime.c: only use altzone if we have it
-
-	* roken-common.h: AI_NUMERICHOST needs special handling
-
-	* strlcat.c: add some consistency checks
-
-	* strlcpy.c: make the logic simpler, and handle dst_sz == 0
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.h: prefix these functions to avoid conflicts with other
-	packages
-
-2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: don't write to buf if len == 0
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* Makefile.am: *_LDADD: add LDADD, so that libroken is used
-
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* xdbm.h: remove old dbm part
-
-2002-04-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ndbm_wrap.{c,h}: ndbm wrapper for newer db libraries
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: move mini_inetd protos to after addrinfo definition
-
-	* snprintf.c (append_number): make rep const
-
-	* getarg.h: rename optind and optarg to avoid some gcc warnings
-
-	* getarg.c: rename optind and optarg to avoid some gcc warnings
-
-2002-02-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* mini_inetd.c: mini_inetd_addrinfo that takes an addrinfo instead
-	of a port number
-
-2001-11-30  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c: support SIOCGLIFCONF and SIOCGLIFFLAGS which are
-	used on Solaris 8 to retrieve addresses larger than `struct
-	sockaddr'.  From Magnus Ahltorp <ahltorp@nada.kth.se> (with some
-	modifications by me)
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 15:0:6
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* localtime_r.c: add
-
-2001-10-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): don't try to return a value
-
-2001-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c: va_{start,end} fixes; from Thomas Klausner
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_srv_order): make sure of not reading after the
-	array
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump to 14:4:5
-	* snprintf.c: rename 'struct state' -> 'struct snprintf_test' to
-	avoid collision with resolv.h on aix
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c, parse_bytes.c, parse_bytes.h, parse_units.c,
-	parse_units.h: use int instead of size_t as return values to be
-	compatible with snprintf
-
-	* strftime.c (strftime): check for return values from snprintf() <
-	0
-
-2001-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* socket.c: restrict is a keyword
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* write_pid.c: handle atexit or on_exit
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add vis.hin to help
-	solaris make
-
-2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: use LDADD directly
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set to 14:3:5
-
-	* issuid.c (issuid): call issetugid if it exists
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make it play better with recent automake
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: provide a fallback for ARG_MAX.  from <tol@stacken.kth.se>
-
-	* roken.h.in: remove all winsock.h
-	for now, it does more harm than good under cygwin and if it should be
-	used, the correct conditional needs to be found
-	from <tol@stacken.kth.se>
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo.c: include a definition of in6addr_loopback if it
-	doesn't exist
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update to 14:2:5
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* hstrerror.c: move h_errno to its own file (h_errno.c)
-
-2001-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getarg.3
-
-2001-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): explicitly use PF_UNSPEC.  be more
-	resilient to bind/listen failing.
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): remove unused variables
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update version to 14:1:5
-
-2001-07-23  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_long): fix parsing of arg_counter optional
-	argument
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 14:0:5
-	
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.h: add a file with renaming of the snprintf
-	functions, to be used for running the tests
-
-2001-07-11  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.c: add more %X tests, and long and conditional
-	long long tests
-	* snprintf.c: add support for printing long long (if available)
-
-2001-07-10  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): adapt to const hostent_find_fqdn
-	* hostent_find_fqdn.c (hostent_find_fqdn): const-ize
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (hostent_find_fqdn): add
-	* hostent_find_fqdn.c: separate out hostent_find_fqdn
-
-	* warnerr.c: move out getprogname, setprogname
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (setprogname): add const cast
-	* vis.c (SVIS): add some (unsigned char) before calling isfoo*
-	* Makefile.am (libroken_la_LDFLAGS:) set version to 13:0:4
-
-	* Makefile.am: add snprintf_test
-	* snprintf.c: rewrite so that it does not stop as soon as there
-	are no more characters to print, we need to figure out how long
-	the string would have to be.  this also fixes snprintf(NULL, 0
-
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (pipe_execv): remove unused variable
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getdtablesize.c: fix typo in obviously never used sysctl case
-
-	* simple_exec.c: rename check_status to wait_for_process, and
-	export it; function pipe_execv similar to popen, but with more
-	control over input and output
-
-	* roken-common.h: prototypes for wait_for_process and pipe_execv
-
-2001-06-17  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: move emalloc et al to roken.h.in
-	* Makefile.am: make emalloc,ecalloc,erealloc,estrdup conditional
-	* emalloc.c, erealloc.c, estrup.c: use errx, since errno might not
-	be set reliably
-	* ecalloc.c: add for symmetry
-
-2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: dns_srv_order to order srv records
-
-2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: Grog tries to figure out if to use mdoc.old instead of
-	mdoc by looking at some macros that were only present in the old
-	version, and by looking at the number of .Oo's present. In
-	mdoc.old .Oo was a toggle, but in mdoc it's closed by .Oc, so if
-	the number of .Oo's is bigger than the number of .Oc's, it figures
-	it must be mdoc.old. This doesn't however account for called Oc's,
-	and thus grog thinks that valid pages are mdoc.old when they
-	infact are mdoc. So let's make sure that Oc's are not called by
-	other macros.
-
-2001-05-29  Assar Westerlund  <assar@sics.se>
-
-	* base64-test.c (main): initialize numerr
-
-2001-05-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* base64.c: clean up the decode mess somewhat
-
-	* base64-test.c: base64 tests
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: just use standard C types with bswap*
-
-	* bswap.c: just use standard C types
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include all the headers that AC_GROK_TYPES tries for
-	finding u_int17_t et al
-
-	* Makefile.am: bump version to 12:0:3
-	* roken.h.in: re-add set_progname and get_progname for backwards
-	compatability
-	* warnerr.c: re-add set_progname and get_progname for backwards
-	compatability
-
-2001-05-12  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: add limits.h, from <shadow@dementia.org>
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bswap.c
-	
-	* bswap.c: bswap{16,32}
-	
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* freeaddrinfo.c (freeaddrinfo): also free every `struct
-	addrinfo'.  from <tmartin@mirapoint.com>
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (free_getarg_strings): add prototype
-	* getarg.c (free_getarg_strings): add function
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: pack short flag options togther, to shorten the usage
-	string
-
-2001-04-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getifaddrs.c (getifaddrs2): close socket when done
-
-2001-03-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: END has to be last with Sun's awk
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): do not check the return value
-	from strtod, it might return != 0.0 when the string has no digits.
-	just testing if it consumed any characters is enough and more
-	resilient
-	* glob.c: add GLOB_LIMIT (from NetBSD)
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (warnerr): do not use __progname
-	* roken.h.in (setprogname, getprogname): add prototypes
-	* warnerr.c (setprogname, getprogname): rename to. change all
-	callers
-	
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): do the first
-	getnameinfo with NI_NUMERICSERV to avoid the error that bind 8.2.3
-	reports on not finding the service
-	(ENI_NOSERVNAME).  reported by Ake Sandgren <ake@cs.umu.se>
-
-2001-02-09  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo.c (doit): call inet_ntop with correct af, noted by
-	Ake Sandgren <ake@cs.umu.se>
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): always capture
-	the service from getnameinfo so it can be sent back to getaddrinfo
-	and set socktype to avoid getaddrinfo not returning any addresses
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 11:1:2
-	* print_version.c (print_version): add 2001
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): copy the entire sockaddr
-
-	* roken-common.h (_PATH_BSHELL): add
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: move __attribute__ to roken-common.h
-
-	* esetenv.c (esetenv): cast to handle a setenv that takes a `char
- 	* which is the case on Unicos
-
-2000-12-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): ifaddrs.h ->
-	ifaddrs.hin
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (print_arg): add a case for arg_strings
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c (append_string): handle NULL strings by printing
-	`(null)'
-
-2000-12-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-common.h: add c++ externs
-
-	* roken.h.in: fix last commit differently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* err.hin (warnerr): remove, it's not part of the err.h interface
-	* roken-common.h (warnerr): moved here from err.hin
-	* Makefile.am (libroken_la_LDFLAGS): set version to 11:0:2
-	* vis.c: s/u_int32_t/unsigned/ for systems that do not define
-	u_int32_t
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: rename some headers to avoid conflict with possible
-	system headers
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* vis.c: make sure _DIAGASSERT is defined
-
-	* unvis.c: make sure _DIAGASSERT is defined
-
-	* Makefile.am: unvis.c, and vis.h
-
-	* vis.h: vis.h from NetBSD
-
-	* unvis.c: unvis from NetBSD
-
-	* roken.h.in: cleanup previous
-
-	* roken-common.h: make `extern "C"' into a macro, this make emacs
-	much happier
-
-	* vis.c: strvis implementation from NetBSD
-
-	* roken.h.in: add prototypes for strvis*
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: fix freeifaddrs prototype, and add ifa_broadaddr
-	macro
-
-	* getifaddrs.c: free some memory
-
-2000-12-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: getifaddrs implementation using SIOCGIFCONFIG etc
-
-	* getifaddrs.c: getifaddrs implementation using SIOCGIFCONFIG etc
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): check that fds are not too large to
-	select on
-
-2000-09-24  Assar Westerlund  <assar@sics.se>
-
-	*  esetenv.c: new file/function
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 10:0:1
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (accept_it): type-correctness on parameters to
-	accept
-
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: add proto compat for getsockname
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* write_pid.c: conditionalise pidfile
-
-	* write_pid.c: add pidfile function
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 9:0:0
-
-	* warnerr.c: add get_progname
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): if there's no fqdn in `he' try
-	reverse resolving to see if there's a fuller name there.  don't
-	use just-freed memory
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: do not define ndbm functions in terms of dbm functions
-	if we're using db
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_format): avoid printing an empty row at the end
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: make this compatible with `make dist'
-
-	* Makefile.am: revert version number for now
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: AM_PROG_LIBTOOL -> AC_PROG_LIBTOOL
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: set ACLOCAL_AMFLAGS
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo_hostspec.c: add new function that takes socktype
-	hint as parameter
-
-2000-07-09  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_add_column): initialize `col' completely
-
-	* configure.in: bring headers and functions more in-line with
-	what's actually being used
-
-2000-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: declare ether_addr and sockaddr_dl for AIX
-
-	* rtbl.{c,h}: simple table functions
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AM_INIT_AUTOMAKE): bump version to 10
-	* configure.in (AC_BROKEN): add strsep_copy
-	* Makefile.am (ACLOCAL): fetch files from cf
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (pid_file_*): fix protos
-
-2000-06-28  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): free memory
-	returned from getaddrinfo
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c: export string_to_type and type_to_string
-	* resolve.c: add key,sig,cert update test-program
-	* resolve.h: add key,sig,cert
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* resolve.h: add T_SIG, T_KEY
-	* resolve.c: add SIG and KEY
-	* Makefile.am (libroken_la_SOURCES): add environment.c and
-	write_pid.c
-
-	* write_pid.c: new file for writing a pid file.
-
-	* environment.c: new file with functionality for reading
-	/etc/environment.  From Ake Sandgren <ake@cs.umu.se>
-
-2000-06-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: strsep, but with const stringp so returns string
-	in separate buffer
-
-2000-05-23  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): calculate length of new format string
-	correctly
-
-2000-05-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getusershell.c: implment the AIX version use
-	/etc/security/login.cfg
-
-2000-05-21  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): actually handle `%m'
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 8:1:3
-
-	* roken-common.h: moved __attribute__ to roken.h.in
-
-2000-04-14  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo_hostspec.c (roken_getaddrinfo_hostspec): copy the
-	correct length from `hostspec'.  based on a patch from Love
-	<lha@s3.kth.se>
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: only include one of db.h and the dbm-series
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (_resolve_debug): explicitly set to zero.  this moves
-	the variable from bss to data and the dynamic linker on MacOS
-	X/Darwin seems unhappy with stuff in the bss segment.
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 8:0:3
-
-2000-03-11  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (_SS_PAD1SIZE): try to write an inpenetrable
-	expression that also works on Crays
-
-2000-03-09  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_short): backup optind when there's a missing
-	argument so that the error can point at the flag and not the
-	non-existant argument
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add timeval.c
-	* Makefile.am (libroken_la_SOURCES): add timeval.c
-	* timeval.c: new file
-
-2000-02-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 7:1:2
-	
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): note that shorts are actually
-	transmitted as ints
-	(according to the integer protomotion rules) in variable arguments
-	lists.  Therefore, we should not call va_arg with short but rather
-	with int.  See <http://www.debian.org/Bugs/db/57/57919.html> for
-	original bug report
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 7:0:2
-
-	* getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
-	* getarg.c (mandoc_template): better man-stuff for negative
-	options
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 6:0:1
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: hopefully catch a few more declarations by including
-	<ndbm.h> even if <db.h> was found
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): separate number of allocated sockets
-	and number of actual ones
-	* mini_inetd.c (mini_inetd): count sockets properly.  and fail if
-	we cannot bind any
-	* mini_inetd.c (mini_inetd): make failing to create a socket
-	non-fatal
-
-2000-01-09  Assar Westerlund  <assar@sics.se>
-
- 	* Makefile.am(libroken_la_SOURCES): add strcollect.c
-	* Makefile.in: add strcollect.[co]
-	* simple_exec.c: use vstrcollect
-	* roken-common.h (_PATH_DEV): add
-	(strcollect, vstrcollect): add prototypes
-	* strcollect.c: new file.  functions for collapsing an `va_list'
-	into an `char **'
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime_test_SOURCES): correct source file name
-
-	* roken.h.in (sockaddr_storage): change padding so that we have
- 	one char[] of pad and then an unsigned long[] (for alignment and
- 	padding).  this works much better in practice.
-
-1999-12-22  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): drop leading underscore on
- 	`public' fields.  this was the consensus on the ipng mailing list
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime-test): define sources to avoid having
- 	'.o'
-	* Makefile.am (print_version.h): use $(EXEEXT)
-	* Makefile.am (roken.h): add $(EXEEXT) to make this work on cygwin
- 	et al
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:3:0
-
-	* getaddrinfo.c (get_nodes): use getipnodebyname instead of
-	gethostbyname(2)
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:2:0
-
-	* roken.h.in (struct sockaddr_storage): redefine with the example
- 	code from rfc2553
-
-	* getaddrinfo.c (get_null): set loopback with correct endianess
-	for v4.  dunno about v6.
-
-1999-12-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: add prototypes for str[pf]time
-
-	* signal.c: macosx = rhapsody ~= nextstep also can't handle
- 	various definitions of the same symbol.
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:1:0
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: replace inaddr2str with getnameinfo_verified
-
-	* roken-common.h (INADDR_LOOPBACK): add fallback definition
-
-	* roken-common.h: move getnameinfo_verified to roken.h.in
-	* roken.h.in (inaddr2str): remove
-	* Makefile.am (libroken_la_SOURCES); removed inaddr2str
-	* roken-common.h (getnameinfo_verified): add prototype
-	* getnameinfo_verified.c: new file
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add constants for getaddrinfo, getnameinfo
-	* roken.h.in (socklen_t): make independent of sockaddr_storage
-	(AI_*, NI_*, EAI_*): move to roken-common.h
-
-1999-12-03  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inted): rewrite to use `getaddrinfo'
-	* getaddrinfo.c (const_v*): no sizeof(sizeof())
-	* getaddrinfo.c (add_hostent): search for the canonical name among
-	all aliases
-	(getaddrinfo): handle AI_NUMERICHOST correctly
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add freeaddinfo,
-	getaddrinfo, getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* Makefile.in (SOURCES): add freeaddinfo, getaddrinfo,
-	getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* roken.h.in: arpa/inet.h: include
-	(socklen_t): add
-	(struct addrinfo): add
-	(EAI_*): add
-	(NI_*): add
-	(AI_*): add
-	(getaddrinfo, getnameinfo, freeaddrinfo, gai_strerror): add
-	* getnameinfo.c: new file
-	* getaddrinfo-test.c: new file
-	* gai_strerror.c: new file
-	* getaddrinfo.c: new file
-	* freeaddrinfo.c: new file
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* getopt.c (getopt): return -1 instead of EOF.  From
-	<art@stacken.kth.se>
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* strftime.c (strftime): handle `%z' and `%Z' in a tm_gmtoff-less
-	world
-
-	* getcap.c: make sure to use db only if we have both the library
-	and the header file
-	
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h: add arg_counter
-	* getarg.c: add a new type of argument: `arg_counter' re-organize
-	the code somewhat
-	
-	* Makefile.am: add strptime and strpftime-test
-	
-	* snprintf.c (xyzprintf): try to do the right thing with an % at
-	the end of the format string
-	
-	* strptime.c (strptime): implement '%U', '%V', '%W'
-	* strftime.c (strftime): implement '%U', '%V', '%W', '%z'
-	
-	* strftime.c (strftime): correct %E and %O handling.  do something
- 	reasonable with "...%"
-
-	* strftime.c: replace the BSD implementation by one of our own
-	coding
-
-	* strptime.c : new file
-	* strpftime-test.c: new file
-
-1999-11-07  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c: new file
-
-	* Makefile.am: add parse_bytes-test
-
-	* parse_units.c (parse_something): try to handle the case of no
- 	value specified a little bit better
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:2:0
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): add redundant casts to work
- 	around a gcc-bug that manifests itself on Linux-PPC.  From Tom
- 	Rini <trini@kernel.crashing.org>
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:0
-
-	* roken.h.in: use `unsigned char' instead of `u_int8_t' to avoid
- 	having to have that definition.  this is the easy way out instead
- 	of getting the definition here where it's needed.  flame me.
-
-Fri Oct 22 15:39:31 1999  Bjoern Groenvall  <bg@sics.se>
-
-	* k_getpwuid.c (k_getpwuid): getspuid() does not exist (even
- 	though it should), use getspnam().
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 3:0:0
-
-1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: document arg_collect
-
-	* getarg.c: change the way arg_collect works; it's still quite
-	horrible though
-
-	* getarg.h: change type of the collect function
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: undo last commit
-
-	* xdbm.h: reorder db includes
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* socket.c: const-ize and comment
-
-	* net_write.c: const-ize
-
-	* base64.c: const-ize
-
-1999-10-06  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (getarg): also set optind when returning error
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add parse_bytes.[ch]
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: getarg manpage
-
-	* getarg.{c,h}: add a callback type to do more complicated processing
-
-	* getarg.{c,h}: add floating point support
-
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* strlcat.c (strlcat): call strlcpy
-
-	* strlcpy.c: update name and prototype
-
-	* strlcat.c: update name and prototype
-
-	* roken.h.in: rename strc{py,at}_truncate to strlc{py,at}
-
-	* Makefile.am: rename strc{py,at}_truncate -> strlc{py,at}
-
-	* Makefile.in: rename strc{py,at}_truncate -> strlc{py,at}
-
- 	* strcpy_truncate.c (strcpy_truncate): change return value to be
- 	the length of `src'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* getcap.c: try to make this work on systems with DB
-
-1999-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getcap.c: protect from db-less systems
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* simple_exec.c: add simple_exec{ve,le}
-
-	* getcap.c: getcap from NetBSD
-
-1999-08-06  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): cater for those that have
- 	v6-support also
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* inet_ntop.c (inet_ntop_v4): remember to call ntohl
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add shutdown constants
-
-	* mini_inetd.c (listen_v4, listen_v6): handle the case of the
- 	protocol not being supported
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (socket_set_reuseaddr): remove duplicate
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): fix my stupid bugs
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add socket* functions
-
-	* Makefile.am (libroken_la_SOURCES): add socket.c
-
-	* socket.c: new file, originally from appl/ftp/common
-
-	* Makefile.am: set version to 2:0:2
-
-	* roken.h.in (inet_pton): add prototype
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_pton
-
-	* inet_pton.c: new file
-
-	* getipnodebyname.c (getipnodebyname): try gethostbyname2 if we
- 	have it
-
-1999-07-27  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c: support IPv6
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-	* roken.h.in (inet_ntop): add prototype
-
- 	* roken-common.h: (INET{,6}_ADDRSTRLEN): add
-
-	* inet_ntop.c: new file
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_ntop.c
-
-	* Makefile.am: move some files from libroken_la_SOURCES to
- 	EXTRA_libroken_la_SOURCES
-
-	* snprintf.c: some signed vs unsigned casts
-	
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (struct sockaddr_storage): define it needed
-
-1999-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_SOURCES): add copyhostent.c,
- 	freehostent.c, getipnodebyname.c, getipnodebyaddr.c
-	
-	* roken.h.in: <netdb.h>: include
-	(copyhostent, freehostent, getipnodebyname, getipnodebyaddr): add
-	prototypes
-
-	* roken-common.h: new constants for getipnodeby*
-
-	* Makefile.in (SOURCES): add freehostent, copyhostent,
- 	getipnodebyname, getipnodebyaddr
-
-	* freehostent.c: new file
-
-	* copyhostent.c: new file
-
-	* getipnodebyaddr.c: new file
-
-	* getipnodebyname.c: new file
-
-1999-07-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (k_getpwnam): update prototype
-
-	* k_getpwnam.c (k_getpwnam): const-ize
-
-	* get_default_username.c (get_default_username): a better way of
- 	guessing when the user has su:ed
-
-1999-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: use puts, as suggested by Jeffrey Hutzelman
-	<jhutz+@cmu.edu>
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* readv.c (readv): typo
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* writev.c (writev): error check malloc properly
-
-	* sendmsg.c (sendmsg): error check malloc properly
-
-	* resolve.c (parse_reply): error check malloc properly
-
-	* recvmsg.c (recvmsg): error check malloc properly
-
-	* readv.c (readv): error check malloc properly
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (acc_units): move the special case of 0 -> 1 to
- 	parse_something to avoid having it happen at the end of the string
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add get_default_username
-
-	* get_default_username.c: new file
-
-	* roken.h.in (get_default_username): add prototype
-
-	* Makefile.am: add get_default_username
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
-
-	* strnlen.c (strnlen): update prototype
-
-	* Makefile.am: strndup.c: add
-
-	* Makefile.in: strndup.c: add
-
-	* roken.h.in (strndup): add
-	(strnlen): update prototype
-
-	* strndup.c: new file
-
-Fri Apr 16 17:59:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include strsep prototype if needed
-
-Thu Apr 15 14:04:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make make-print-version.o depend on version.h
-
-Wed Apr  7 14:11:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make it compile w/o krb4
-
-Sat Mar 27 17:33:03 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* snprintf.c (vasnprintf): correct check if realloc returns NULL
-
-Sat Mar 27 12:37:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: link print_version with -ldes to avoid unresolved
- 	references if -lkrb is shared
-
-Sat Mar 20 03:42:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (eread, ewrite): add
-
-	* simple_exec.c: add <roken.h>
-
-Fri Mar 19 21:29:58 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add eread, ewrite
-
-	* eread.c, ewrite.c: new files
-
-	* Makefile.am (libroken_la_SOURCES): add eread and ewrite
-
-Fri Mar 19 14:52:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 12:53:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove include_dir hack
-
-	* Makefile.am: parse_units.h
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Mar 13 23:31:35 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add glob.c
-
-Thu Mar 11 15:02:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* iruserok.c: move innetgr() to separate file
-
-	* innetgr.c: move innetgr() to separate file
-
-	* hstrerror.c (hstrerror): add const to return type
-
-	* erealloc.c: fix types in format string
-
-	* emalloc.c: fix types in format string
-
-Wed Mar 10 16:36:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: ugly fix for crays
-
-Mon Mar  8 11:52:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* roken.h.in: protos for {un,}setenv
-
-1999-02-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add fnmatch
-
-	* roken-common.h (abs): add
-
-Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
-
-	* emalloc.c, erealloc.c, estrup.c: new files
-
-	* roken.h.in (mkstemp, gethostname): also includes prototypes if
- 	they are needed.
-
-1998-12-23  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: mkstemp: add prototype
-
-1998-12-20  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
-
-	* roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
-
-	* roken-common.h: __attribute__: check for autoconf'd
-	HAVE___ATTRIBUTE__ instead of GNUC
-
-Sun Dec  6 19:53:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): func is called with val == 0 if
- 	no unit was given
-	(acc_flags, acc_units): update to new standard
-
-Fri Nov 27 03:09:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (stot): constify
-	(type_to_string): always declare
-	(dns_lookup_int): correct debug output
-
-Thu Nov 26 23:43:55 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_lookup_int): send rr_class to res_search
-
-Thu Nov 26 17:09:47 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: some cleanup
-
-	* resolve.h: add T_NAPTR
-
-Sun Nov 22 10:23:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-	* k_getpwnam.c (k_getpwnam): check for `struct spwd'
-
-	* k_getpwuid.c (k_getpwuid): check for `struct spwd'
-
-Tue Sep  8 05:18:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* recvmsg.c (recvmsg): patch from bpreece@unity.ncsu.edu
-
-Fri Sep  4 16:29:27 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* vsyslog.c: asprintf -> vasprintf
-
-Tue Aug 18 22:25:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (arg_printusage): new signature
-
-	* getarg.c (arg_printusage): new parameter `progname'.  NULL means
- 	__progname.
-
-Sun Aug  9 14:53:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Fri Jul 24 21:56:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execvp): loop around waitpid when errno ==
- 	EINTR
-
-Thu Jul 23 20:24:35 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Wed Jul 22 21:38:35 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execlp): initialize `argv'
-
-Mon Jul 13 23:01:22 1998  Assar Westerlund  <assar@sics.se>
-
-	* inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
- 	use a copy instead
-
-Fri Jul 10 01:20:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (net_write, net_read): add prototypes
-
-	* Makefile.in: net_{read,write}.c: add
-
-	* net_{read,write}.c: new files
-
-Tue Jun 30 17:29:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (issuid): add
-
-	* get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
- 	fields
-
-Sun May 31 03:24:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	SYNOPSIS within the same [ ] pair.
-
-Sat May 30 00:13:01 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (arg_printusage): try to keep options shorter than
- 	column width
-
-	* get_window_size.c (get_window_size): check COLUMNS and LINES
-
-Fri May 29 00:05:04 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	DESCRIPTION on the same line.
-
-	* getarg.c (arg_match_long): make sure you only get an exact match
- 	if the strings are the same length
-
-Thu May 14 02:23:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.awk: stupid cray awk wants \#
-
-Fri May  1 01:29:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* print_version.c (print_version): according to ISO/ANSI C the
- 	elements of `arg' are not constant and therefore not settable at
- 	compile-time.  Set the at run-time instead.
-
-Sun Apr 19 10:00:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include paths.h
-
-Sun Apr  5 12:30:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add roken_gethostby.c to make solaris
- 	make happy
-
-Thu Mar 19 20:41:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* simple_exec.c: Simple fork+exec system() replacement.
-
-Fri Mar  6 00:21:53 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken_gethostby.c: Make `roken_gethostby_setup' take URL-like
- 	specification instead of split up versions. Makes it easier for
- 	calling applications.
-
-	* roken_gethostby.c: Another miracle of the 20th century:
- 	gethostby* over HTTP.
-
-Sat Feb 21 15:18:36 1998  assar westerlund  <assar@sics.se>
-
-	* parse_time.c (unparse_time_approx): new function that calls
- 	`unparse_units_approx'
-
-	* parse_units.c (unparse_units_approx): new function that will
- 	only print the first unit.
-
-	* Makefile.in: include parse_{time,units}
-
-Thu Feb 12 03:30:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): don't return a void value.
-
-Tue Feb  3 11:06:24 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Change date format to full month
- 	name, and day of month without leading zero.
-
-Thu Jan 22 21:23:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Fix long form of negative flags.
-
-Mon Dec 29 23:31:10 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken.h.in: Include <err.h>, to get linux __progname.
-
-Sun Dec 21 09:45:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): new function
-
-	* parse_units.c (print_flags_table, print_units_table): new
- 	functions.
-
-Thu Dec  4 02:51:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* iruserok.c: moved here.
-
-	* snprintf.c (sn_append_char): don't write any terminating zero.
-	(as_reserve): don't loop.  better heuristic for how much space to
- 	realloc.
-	(vasnprintf): simplify initializing to one.
-
-Sun Nov 30 14:56:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Add mandoc help back-end to getarg.
-
-Wed Nov 12 01:09:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* verr.c, verrx.c: Fix warnings by moving exit from.
-
-Tue Nov 11 21:12:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* parse_units.c: Change the list of separating characters (between
- 	units) to comma, space, and tab, removing digits. Having digits in
- 	this list makes a flag like `T42 generate a parse error. This
- 	change makes `17m3s' an invalid time-spec (you need a space).
-
-Tue Nov 11 02:38:44 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: add <sys/socket.h>
-
-Sun Nov  9 04:48:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* fnmatch.c: Add fnmatch from NetBSD
-
-Sun Nov  9 02:00:08 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): ignore white-space and ','
-
-Mon Nov  3 22:38:32 1997  Assar Westerlund  <assar@sics.se>
-	
-	* roken.h: fclose prototype
-
-	* roken.h: add prototype for vsyslog
-
-	* Makefile.in: add some more source files to make soriasis make
- 	happy
-
-Sat Nov  1 00:19:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: include <sys/uio.h> and <errno.h>.
-	prototypes for readv and writev
-
-	* readv.c, writev.c: new files
-
-Wed Oct 29 02:21:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: Add ugly macros for openlog, gethostbyname,
- 	gethostbyaddr, and getservbyname for the benefit of Crays.  Add
- 	default definition of MAXPATHLEN
diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am
deleted file mode 100644
index b1a4251..0000000
--- a/crypto/heimdal/lib/roken/Makefile.am
+++ /dev/null
@@ -1,194 +0,0 @@
-# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-ACLOCAL_AMFLAGS = -I ../../cf
-
-CLEANFILES = roken.h make-roken.c $(XHEADERS)
-
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 19:0:1
-libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
-
-# XXX this is needed for the LIBOBJS objects
-CPPFLAGS = $(libroken_la_CPPFLAGS)
-
-noinst_PROGRAMS = make-roken snprintf-test resolve-test
-
-nodist_make_roken_SOURCES = make-roken.c
-
-check_PROGRAMS = 				\
-		base64-test			\
-		getaddrinfo-test		\
-		hex-test			\
-		test-readenv			\
-		parse_bytes-test		\
-		parse_reply-test		\
-		parse_time-test			\
-		snprintf-test			\
-		strpftime-test
-
-TESTS = $(check_PROGRAMS)
-
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
-
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS  = -DTEST_RESOLVE
-
-test_readenv_SOURCES = test-readenv.c test-mem.c
-
-parse_time_test_SOURCES = parse_time-test.c test-mem.c
-
-strpftime_test_SOURCES	= strpftime-test.c strpftime-test.h
-strpftime_test_LDADD = libtest.la $(LDADD)
-strpftime_test_CFLAGS = -DTEST_STRPFTIME
-snprintf_test_SOURCES	= snprintf-test.c snprintf-test.h
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS	= -DTEST_SNPRINTF
-
-resolve_test_SOURCES = resolve-test.c
-
-libroken_la_SOURCES =		\
-	base64.c		\
-	bswap.c			\
-	concat.c		\
-	dumpdata.c		\
-	environment.c		\
-	eread.c			\
-	esetenv.c		\
-	ewrite.c		\
-	getaddrinfo_hostspec.c	\
-	get_default_username.c	\
-	get_window_size.c	\
-	getarg.c		\
-	getnameinfo_verified.c	\
-	getprogname.c		\
-	h_errno.c		\
-	hex.c			\
-	hostent_find_fqdn.c	\
-	issuid.c		\
-	k_getpwnam.c		\
-	k_getpwuid.c		\
-	mini_inetd.c		\
-	net_read.c		\
-	net_write.c		\
-	parse_bytes.c		\
-	parse_time.c		\
-	parse_units.c		\
-	realloc.c		\
-	resolve.c		\
-	roken_gethostby.c	\
-	rtbl.c			\
-	rtbl.h			\
-	setprogname.c		\
-	signal.c		\
-	simple_exec.c		\
-	snprintf.c		\
-	socket.c		\
-	strcollect.c		\
-	strpool.c		\
-	timeval.c		\
-	tm2time.c		\
-	unvis.c			\
-	verify.c		\
-	vis.c			\
-	vis.h			\
-	warnerr.c		\
-	write_pid.c		\
-	xdbm.h
-
-EXTRA_libroken_la_SOURCES =	\
-	err.hin			\
-	glob.hin		\
-	fnmatch.hin		\
-	ifaddrs.hin		\
-	vis.hin	
-
-libroken_la_LIBADD = @LTLIBOBJS@
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
-
-BUILT_SOURCES = make-roken.c roken.h
-
-if have_err_h
-err_h =
-else
-err_h = err.h
-endif
-
-if have_fnmatch_h
-fnmatch_h =
-else
-fnmatch_h = fnmatch.h
-endif
-
-if have_glob_h
-glob_h =
-else
-glob_h = glob.h
-endif
-
-if have_ifaddrs_h
-ifaddrs_h =
-else
-ifaddrs_h = ifaddrs.h
-endif
-
-if have_vis_h
-vis_h = 
-else
-vis_h = vis.h
-endif
-
-## these are controlled by configure
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-CLEANFILES += err.h fnmatch.h glob.h ifaddrs.h vis.h
-
-dist_include_HEADERS = 				\
-	base64.h				\
-	getarg.h				\
-	hex.h					\
-	parse_bytes.h 				\
-	parse_time.h 				\
-	parse_units.h				\
-	resolve.h 				\
-	roken-common.h 				\
-	rtbl.h 					\
-	xdbm.h
-
-if have_socket_wrapper
-libroken_la_SOURCES += socket_wrapper.c socket_wrapper.h
-dist_include_HEADERS += socket_wrapper.h
-endif
-
-build_HEADERZ = test-mem.h $(XHEADERS)
-
-nodist_include_HEADERS = roken.h
-rokenincludedir = $(includedir)/roken
-nodist_rokeninclude_HEADERS = $(XHEADERS)
-
-man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
-
-SUFFIXES += .hin
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-
-EXTRA_DIST = \
-	roken.awk roken.h.in \
-	$(man_MANS) \
-	test-mem.h \
-	ndbm_wrap.c \
-	ndbm_wrap.h
diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in
deleted file mode 100644
index 0398523..0000000
--- a/crypto/heimdal/lib/roken/Makefile.in
+++ /dev/null
@@ -1,1426 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(am__dist_include_HEADERS_DIST) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog chown.c \
-	closefrom.c copyhostent.c daemon.c ecalloc.c emalloc.c \
-	erealloc.c err.c errx.c estrdup.c fchown.c flock.c fnmatch.c \
-	freeaddrinfo.c freehostent.c gai_strerror.c getaddrinfo.c \
-	getcap.c getcwd.c getdtablesize.c getegid.c geteuid.c getgid.c \
-	gethostname.c getifaddrs.c getipnodebyaddr.c getipnodebyname.c \
-	getnameinfo.c getopt.c gettimeofday.c getuid.c getusershell.c \
-	glob.c hstrerror.c inet_aton.c inet_ntop.c inet_pton.c \
-	initgroups.c innetgr.c install-sh iruserok.c localtime_r.c \
-	lstat.c memmove.c missing mkinstalldirs mkstemp.c putenv.c \
-	rcmd.c readv.c recvmsg.c sendmsg.c setegid.c setenv.c \
-	seteuid.c strcasecmp.c strdup.c strerror.c strftime.c \
-	strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c \
-	strptime.c strsep.c strsep_copy.c strtok_r.c strupr.c swab.c \
-	timegm.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c \
-	warn.c warnx.c writev.c
-noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) \
-	resolve-test$(EXEEXT)
-check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
-	hex-test$(EXEEXT) test-readenv$(EXEEXT) \
-	parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \
-	parse_time-test$(EXEEXT) snprintf-test$(EXEEXT) \
-	strpftime-test$(EXEEXT)
-@have_socket_wrapper_TRUE@am__append_1 = socket_wrapper.c socket_wrapper.h
-@have_socket_wrapper_TRUE@am__append_2 = socket_wrapper.h
-subdir = lib/roken
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(rokenincludedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-libroken_la_DEPENDENCIES = @LTLIBOBJS@
-am__libroken_la_SOURCES_DIST = base64.c bswap.c concat.c dumpdata.c \
-	environment.c eread.c esetenv.c ewrite.c \
-	getaddrinfo_hostspec.c get_default_username.c \
-	get_window_size.c getarg.c getnameinfo_verified.c \
-	getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
-	k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
-	parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
-	roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
-	simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
-	timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
-	write_pid.c xdbm.h socket_wrapper.c socket_wrapper.h
-@have_socket_wrapper_TRUE@am__objects_1 =  \
-@have_socket_wrapper_TRUE@	libroken_la-socket_wrapper.lo
-am_libroken_la_OBJECTS = libroken_la-base64.lo libroken_la-bswap.lo \
-	libroken_la-concat.lo libroken_la-dumpdata.lo \
-	libroken_la-environment.lo libroken_la-eread.lo \
-	libroken_la-esetenv.lo libroken_la-ewrite.lo \
-	libroken_la-getaddrinfo_hostspec.lo \
-	libroken_la-get_default_username.lo \
-	libroken_la-get_window_size.lo libroken_la-getarg.lo \
-	libroken_la-getnameinfo_verified.lo libroken_la-getprogname.lo \
-	libroken_la-h_errno.lo libroken_la-hex.lo \
-	libroken_la-hostent_find_fqdn.lo libroken_la-issuid.lo \
-	libroken_la-k_getpwnam.lo libroken_la-k_getpwuid.lo \
-	libroken_la-mini_inetd.lo libroken_la-net_read.lo \
-	libroken_la-net_write.lo libroken_la-parse_bytes.lo \
-	libroken_la-parse_time.lo libroken_la-parse_units.lo \
-	libroken_la-realloc.lo libroken_la-resolve.lo \
-	libroken_la-roken_gethostby.lo libroken_la-rtbl.lo \
-	libroken_la-setprogname.lo libroken_la-signal.lo \
-	libroken_la-simple_exec.lo libroken_la-snprintf.lo \
-	libroken_la-socket.lo libroken_la-strcollect.lo \
-	libroken_la-strpool.lo libroken_la-timeval.lo \
-	libroken_la-tm2time.lo libroken_la-unvis.lo \
-	libroken_la-verify.lo libroken_la-vis.lo \
-	libroken_la-warnerr.lo libroken_la-write_pid.lo \
-	$(am__objects_1)
-libroken_la_OBJECTS = $(am_libroken_la_OBJECTS)
-libroken_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libroken_la_LDFLAGS) $(LDFLAGS) -o $@
-libtest_la_LIBADD =
-am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
-	libtest_la-snprintf.lo
-libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
-libtest_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS)
-base64_test_SOURCES = base64-test.c
-base64_test_OBJECTS = base64-test.$(OBJEXT)
-base64_test_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-base64_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-getaddrinfo_test_SOURCES = getaddrinfo-test.c
-getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT)
-getaddrinfo_test_LDADD = $(LDADD)
-getaddrinfo_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-hex_test_SOURCES = hex-test.c
-hex_test_OBJECTS = hex-test.$(OBJEXT)
-hex_test_LDADD = $(LDADD)
-hex_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-nodist_make_roken_OBJECTS = make-roken.$(OBJEXT)
-make_roken_OBJECTS = $(nodist_make_roken_OBJECTS)
-make_roken_DEPENDENCIES =
-parse_bytes_test_SOURCES = parse_bytes-test.c
-parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
-parse_bytes_test_LDADD = $(LDADD)
-parse_bytes_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_parse_reply_test_OBJECTS =  \
-	parse_reply_test-parse_reply-test.$(OBJEXT) \
-	parse_reply_test-resolve.$(OBJEXT)
-parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS)
-parse_reply_test_LDADD = $(LDADD)
-parse_reply_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-parse_reply_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(parse_reply_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_parse_time_test_OBJECTS = parse_time-test.$(OBJEXT) \
-	test-mem.$(OBJEXT)
-parse_time_test_OBJECTS = $(am_parse_time_test_OBJECTS)
-parse_time_test_LDADD = $(LDADD)
-parse_time_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_resolve_test_OBJECTS = resolve-test.$(OBJEXT)
-resolve_test_OBJECTS = $(am_resolve_test_OBJECTS)
-resolve_test_LDADD = $(LDADD)
-resolve_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
-snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
-am__DEPENDENCIES_2 = libroken.la $(am__DEPENDENCIES_1)
-snprintf_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
-snprintf_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(snprintf_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_strpftime_test_OBJECTS = strpftime_test-strpftime-test.$(OBJEXT)
-strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS)
-strpftime_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
-strpftime_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(strpftime_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_test_readenv_OBJECTS = test-readenv.$(OBJEXT) test-mem.$(OBJEXT)
-test_readenv_OBJECTS = $(am_test_readenv_OBJECTS)
-test_readenv_LDADD = $(LDADD)
-test_readenv_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
-	$(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
-	hex-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c \
-	$(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
-	$(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
-	$(strpftime_test_SOURCES) $(test_readenv_SOURCES)
-DIST_SOURCES = $(am__libroken_la_SOURCES_DIST) \
-	$(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) \
-	base64-test.c getaddrinfo-test.c hex-test.c parse_bytes-test.c \
-	$(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
-	$(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
-	$(strpftime_test_SOURCES) $(test_readenv_SOURCES)
-man3dir = $(mandir)/man3
-MANS = $(man_MANS)
-am__dist_include_HEADERS_DIST = base64.h getarg.h hex.h parse_bytes.h \
-	parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
-	xdbm.h socket_wrapper.h
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_rokenincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) \
-	$(nodist_rokeninclude_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-
-# XXX this is needed for the LIBOBJS objects
-CPPFLAGS = $(libroken_la_CPPFLAGS)
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-ACLOCAL_AMFLAGS = -I ../../cf
-CLEANFILES = roken.h make-roken.c $(XHEADERS) err.h fnmatch.h glob.h \
-	ifaddrs.h vis.h
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 19:0:1
-libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
-nodist_make_roken_SOURCES = make-roken.c
-TESTS = $(check_PROGRAMS)
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS = -DTEST_RESOLVE
-test_readenv_SOURCES = test-readenv.c test-mem.c
-parse_time_test_SOURCES = parse_time-test.c test-mem.c
-strpftime_test_SOURCES = strpftime-test.c strpftime-test.h
-strpftime_test_LDADD = libtest.la $(LDADD)
-strpftime_test_CFLAGS = -DTEST_STRPFTIME
-snprintf_test_SOURCES = snprintf-test.c snprintf-test.h
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS = -DTEST_SNPRINTF
-resolve_test_SOURCES = resolve-test.c
-libroken_la_SOURCES = base64.c bswap.c concat.c dumpdata.c \
-	environment.c eread.c esetenv.c ewrite.c \
-	getaddrinfo_hostspec.c get_default_username.c \
-	get_window_size.c getarg.c getnameinfo_verified.c \
-	getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
-	k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
-	parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
-	roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
-	simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
-	timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
-	write_pid.c xdbm.h $(am__append_1)
-EXTRA_libroken_la_SOURCES = \
-	err.hin			\
-	glob.hin		\
-	fnmatch.hin		\
-	ifaddrs.hin		\
-	vis.hin	
-
-libroken_la_LIBADD = @LTLIBOBJS@
-BUILT_SOURCES = make-roken.c roken.h
-@have_err_h_FALSE@err_h = err.h
-@have_err_h_TRUE@err_h = 
-@have_fnmatch_h_FALSE@fnmatch_h = fnmatch.h
-@have_fnmatch_h_TRUE@fnmatch_h = 
-@have_glob_h_FALSE@glob_h = glob.h
-@have_glob_h_TRUE@glob_h = 
-@have_ifaddrs_h_FALSE@ifaddrs_h = ifaddrs.h
-@have_ifaddrs_h_TRUE@ifaddrs_h = 
-@have_vis_h_FALSE@vis_h = vis.h
-@have_vis_h_TRUE@vis_h = 
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-dist_include_HEADERS = base64.h getarg.h hex.h parse_bytes.h \
-	parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
-	xdbm.h $(am__append_2)
-build_HEADERZ = test-mem.h $(XHEADERS)
-nodist_include_HEADERS = roken.h
-rokenincludedir = $(includedir)/roken
-nodist_rokeninclude_HEADERS = $(XHEADERS)
-man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
-EXTRA_DIST = \
-	roken.awk roken.h.in \
-	$(man_MANS) \
-	test-mem.h \
-	ndbm_wrap.c \
-	ndbm_wrap.h
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/roken/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/roken/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libroken.la: $(libroken_la_OBJECTS) $(libroken_la_DEPENDENCIES) 
-	$(libroken_la_LINK) -rpath $(libdir) $(libroken_la_OBJECTS) $(libroken_la_LIBADD) $(LIBS)
-libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) 
-	$(libtest_la_LINK)  $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES) 
-	@rm -f base64-test$(EXEEXT)
-	$(LINK) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS)
-getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES) 
-	@rm -f getaddrinfo-test$(EXEEXT)
-	$(LINK) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS)
-hex-test$(EXEEXT): $(hex_test_OBJECTS) $(hex_test_DEPENDENCIES) 
-	@rm -f hex-test$(EXEEXT)
-	$(LINK) $(hex_test_OBJECTS) $(hex_test_LDADD) $(LIBS)
-make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) 
-	@rm -f make-roken$(EXEEXT)
-	$(LINK) $(make_roken_OBJECTS) $(make_roken_LDADD) $(LIBS)
-parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) 
-	@rm -f parse_bytes-test$(EXEEXT)
-	$(LINK) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
-parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES) 
-	@rm -f parse_reply-test$(EXEEXT)
-	$(parse_reply_test_LINK) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS)
-parse_time-test$(EXEEXT): $(parse_time_test_OBJECTS) $(parse_time_test_DEPENDENCIES) 
-	@rm -f parse_time-test$(EXEEXT)
-	$(LINK) $(parse_time_test_OBJECTS) $(parse_time_test_LDADD) $(LIBS)
-resolve-test$(EXEEXT): $(resolve_test_OBJECTS) $(resolve_test_DEPENDENCIES) 
-	@rm -f resolve-test$(EXEEXT)
-	$(LINK) $(resolve_test_OBJECTS) $(resolve_test_LDADD) $(LIBS)
-snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) 
-	@rm -f snprintf-test$(EXEEXT)
-	$(snprintf_test_LINK) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS)
-strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES) 
-	@rm -f strpftime-test$(EXEEXT)
-	$(strpftime_test_LINK) $(strpftime_test_OBJECTS) $(strpftime_test_LDADD) $(LIBS)
-test-readenv$(EXEEXT): $(test_readenv_OBJECTS) $(test_readenv_DEPENDENCIES) 
-	@rm -f test-readenv$(EXEEXT)
-	$(LINK) $(test_readenv_OBJECTS) $(test_readenv_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libroken_la-base64.lo: base64.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
-
-libroken_la-bswap.lo: bswap.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c
-
-libroken_la-concat.lo: concat.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c
-
-libroken_la-dumpdata.lo: dumpdata.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c
-
-libroken_la-environment.lo: environment.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c
-
-libroken_la-eread.lo: eread.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c
-
-libroken_la-esetenv.lo: esetenv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c
-
-libroken_la-ewrite.lo: ewrite.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c
-
-libroken_la-getaddrinfo_hostspec.lo: getaddrinfo_hostspec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c
-
-libroken_la-get_default_username.lo: get_default_username.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c
-
-libroken_la-get_window_size.lo: get_window_size.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c
-
-libroken_la-getarg.lo: getarg.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c
-
-libroken_la-getnameinfo_verified.lo: getnameinfo_verified.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c
-
-libroken_la-getprogname.lo: getprogname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c
-
-libroken_la-h_errno.lo: h_errno.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c
-
-libroken_la-hex.lo: hex.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c
-
-libroken_la-hostent_find_fqdn.lo: hostent_find_fqdn.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c
-
-libroken_la-issuid.lo: issuid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c
-
-libroken_la-k_getpwnam.lo: k_getpwnam.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c
-
-libroken_la-k_getpwuid.lo: k_getpwuid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c
-
-libroken_la-mini_inetd.lo: mini_inetd.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c
-
-libroken_la-net_read.lo: net_read.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
-
-libroken_la-net_write.lo: net_write.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
-
-libroken_la-parse_bytes.lo: parse_bytes.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c
-
-libroken_la-parse_time.lo: parse_time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c
-
-libroken_la-parse_units.lo: parse_units.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c
-
-libroken_la-realloc.lo: realloc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c
-
-libroken_la-resolve.lo: resolve.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-libroken_la-roken_gethostby.lo: roken_gethostby.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c
-
-libroken_la-rtbl.lo: rtbl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c
-
-libroken_la-setprogname.lo: setprogname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c
-
-libroken_la-signal.lo: signal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
-
-libroken_la-simple_exec.lo: simple_exec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c
-
-libroken_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libroken_la-socket.lo: socket.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c
-
-libroken_la-strcollect.lo: strcollect.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c
-
-libroken_la-strpool.lo: strpool.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c
-
-libroken_la-timeval.lo: timeval.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
-
-libroken_la-tm2time.lo: tm2time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c
-
-libroken_la-unvis.lo: unvis.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c
-
-libroken_la-verify.lo: verify.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c
-
-libroken_la-vis.lo: vis.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c
-
-libroken_la-warnerr.lo: warnerr.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c
-
-libroken_la-write_pid.lo: write_pid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c
-
-libroken_la-socket_wrapper.lo: socket_wrapper.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c
-
-libtest_la-strftime.lo: strftime.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strptime.lo: strptime.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-parse_reply_test-parse_reply-test.o: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
-
-parse_reply_test-parse_reply-test.obj: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi`
-
-parse_reply_test-resolve.o: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-parse_reply_test-resolve.obj: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi`
-
-snprintf_test-snprintf-test.o: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-snprintf_test-snprintf-test.obj: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi`
-
-strpftime_test-strpftime-test.o: strpftime-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c
-
-strpftime_test-strpftime-test.obj: strpftime-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi`
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_rokenincludeHEADERS: $(nodist_rokeninclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(rokenincludedir)" || $(MKDIR_P) "$(DESTDIR)$(rokenincludedir)"
-	@list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_rokenincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(rokenincludedir)/$$f'"; \
-	  $(nodist_rokenincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(rokenincludedir)/$$f"; \
-	done
-
-uninstall-nodist_rokenincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(rokenincludedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(rokenincludedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(rokenincludedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS install-man \
-	install-nodist_includeHEADERS \
-	install-nodist_rokenincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-man uninstall-nodist_includeHEADERS \
-	uninstall-nodist_rokenincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dist_includeHEADERS install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 \
-	install-nodist_includeHEADERS \
-	install-nodist_rokenincludeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-nodist_includeHEADERS \
-	uninstall-nodist_rokenincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/roken/acconfig.h b/crypto/heimdal/lib/roken/acconfig.h
deleted file mode 100644
index 5fbe685..0000000
--- a/crypto/heimdal/lib/roken/acconfig.h
+++ /dev/null
@@ -1,36 +0,0 @@
-@BOTTOM@
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
-
-#undef PROTOTYPES
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc).  If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
-/*
- * Defining this enables lots of useful (and used) extensions on
- * glibc-based systems such as Linux
- */
-
-#define _GNU_SOURCE
diff --git a/crypto/heimdal/lib/roken/acinclude.m4 b/crypto/heimdal/lib/roken/acinclude.m4
deleted file mode 100644
index 1d0197c..0000000
--- a/crypto/heimdal/lib/roken/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id$
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/lib/roken/base64-test.c b/crypto/heimdal/lib/roken/base64-test.c
deleted file mode 100644
index 435e41b..0000000
--- a/crypto/heimdal/lib/roken/base64-test.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64-test.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <base64.h>
-
-int
-main(int argc, char **argv)
-{
-    int numerr = 0;
-    int numtest = 1;
-    struct test {
-	void *data;
-	size_t len;
-	const char *result;
-    } *t, tests[] = {
-	{ "", 0 , "" },
-	{ "1", 1, "MQ==" },
-	{ "22", 2, "MjI=" },
-	{ "333", 3, "MzMz" },
-	{ "4444", 4, "NDQ0NA==" },
-	{ "55555", 5, "NTU1NTU=" },
-	{ "abc:def", 7, "YWJjOmRlZg==" },
-	{ NULL }
-    };
-    for(t = tests; t->data; t++) {
-	char *str;
-	int len;
-	len = base64_encode(t->data, t->len, &str);
-	if(strcmp(str, t->result) != 0) {
-	    fprintf(stderr, "failed test %d: %s != %s\n", numtest, 
-		    str, t->result);
-	    numerr++;
-	}
-	free(str);
-	str = strdup(t->result);
-	len = base64_decode(t->result, str);
-	if(len != t->len) {
-	    fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
-		    (unsigned long)len, (unsigned long)t->len);
-	    numerr++;
-	} else if(memcmp(str, t->data, t->len) != 0) {
-	    fprintf(stderr, "failed test %d: data\n", numtest);
-	    numerr++;
-	}
-	free(str);
-	numtest++;
-    }
-
-    {
-	char str[32];
-	if(base64_decode("M=M=", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `M=M='\n", 
-		    numtest++);
-	    numerr++;
-	}
-	if(base64_decode("MQ===", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `MQ==='\n", 
-		    numtest++);
-	    numerr++;
-	}
-    }
-    return numerr;
-}
diff --git a/crypto/heimdal/lib/roken/base64.c b/crypto/heimdal/lib/roken/base64.c
deleted file mode 100644
index daf7fc5..0000000
--- a/crypto/heimdal/lib/roken/base64.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-#include "base64.h"
-
-static const char base64_chars[] = 
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static int 
-pos(char c)
-{
-    const char *p;
-    for (p = base64_chars; *p; p++)
-	if (*p == c)
-	    return p - base64_chars;
-    return -1;
-}
-
-int ROKEN_LIB_FUNCTION
-base64_encode(const void *data, int size, char **str)
-{
-    char *s, *p;
-    int i;
-    int c;
-    const unsigned char *q;
-
-    p = s = (char *) malloc(size * 4 / 3 + 4);
-    if (p == NULL)
-	return -1;
-    q = (const unsigned char *) data;
-    i = 0;
-    for (i = 0; i < size;) {
-	c = q[i++];
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	p[0] = base64_chars[(c & 0x00fc0000) >> 18];
-	p[1] = base64_chars[(c & 0x0003f000) >> 12];
-	p[2] = base64_chars[(c & 0x00000fc0) >> 6];
-	p[3] = base64_chars[(c & 0x0000003f) >> 0];
-	if (i > size)
-	    p[3] = '=';
-	if (i > size + 1)
-	    p[2] = '=';
-	p += 4;
-    }
-    *p = 0;
-    *str = s;
-    return strlen(s);
-}
-
-#define DECODE_ERROR 0xffffffff
-
-static unsigned int
-token_decode(const char *token)
-{
-    int i;
-    unsigned int val = 0;
-    int marker = 0;
-    if (strlen(token) < 4)
-	return DECODE_ERROR;
-    for (i = 0; i < 4; i++) {
-	val *= 64;
-	if (token[i] == '=')
-	    marker++;
-	else if (marker > 0)
-	    return DECODE_ERROR;
-	else
-	    val += pos(token[i]);
-    }
-    if (marker > 2)
-	return DECODE_ERROR;
-    return (marker << 24) | val;
-}
-
-int ROKEN_LIB_FUNCTION
-base64_decode(const char *str, void *data)
-{
-    const char *p;
-    unsigned char *q;
-
-    q = data;
-    for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
-	unsigned int val = token_decode(p);
-	unsigned int marker = (val >> 24) & 0xff;
-	if (val == DECODE_ERROR)
-	    return -1;
-	*q++ = (val >> 16) & 0xff;
-	if (marker < 2)
-	    *q++ = (val >> 8) & 0xff;
-	if (marker < 1)
-	    *q++ = val & 0xff;
-    }
-    return q - (unsigned char *) data;
-}
diff --git a/crypto/heimdal/lib/roken/base64.h b/crypto/heimdal/lib/roken/base64.h
deleted file mode 100644
index 09aadff..0000000
--- a/crypto/heimdal/lib/roken/base64.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */
-
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-base64_encode(const void *, int, char **);
-
-int ROKEN_LIB_FUNCTION
-base64_decode(const char *, void *);
-
-#endif
diff --git a/crypto/heimdal/lib/roken/bswap.c b/crypto/heimdal/lib/roken/bswap.c
deleted file mode 100644
index e669eb2..0000000
--- a/crypto/heimdal/lib/roken/bswap.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_BSWAP32
-
-unsigned int ROKEN_LIB_FUNCTION
-bswap32 (unsigned int val)
-{
-    return (val & 0xff) << 24 |
-	(val & 0xff00) << 8 |
-	(val & 0xff0000) >> 8 |
-	(val & 0xff000000) >> 24;
-}
-#endif
-
-#ifndef HAVE_BSWAP16
-
-unsigned short ROKEN_LIB_FUNCTION
-bswap16 (unsigned short val)
-{
-    return (val & 0xff) << 8 |
-	(val & 0xff00) >> 8;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/chown.c b/crypto/heimdal/lib/roken/chown.c
deleted file mode 100644
index 5eb9c92..0000000
--- a/crypto/heimdal/lib/roken/chown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: chown.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-chown(const char *path, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/closefrom.c b/crypto/heimdal/lib/roken/closefrom.c
deleted file mode 100644
index f56e556..0000000
--- a/crypto/heimdal/lib/roken/closefrom.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-closefrom(int fd)
-{
-    int num = getdtablesize();
-
-    if (num < 0)
-	num = 1024; /* XXX */
-
-    for (; fd <= num; fd++)
-	close(fd);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/concat.c b/crypto/heimdal/lib/roken/concat.c
deleted file mode 100644
index 94e0fcc..0000000
--- a/crypto/heimdal/lib/roken/concat.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: concat.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-roken_concat (char *s, size_t len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, len);
-    ret = roken_vconcat (s, len, args);
-    va_end(args);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-roken_vconcat (char *s, size_t len, va_list args)
-{
-    const char *a;
-
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-
-	if (n >= len)
-	    return -1;
-	memcpy (s, a, n);
-	s += n;
-	len -= n;
-    }
-    *s = '\0';
-    return 0;
-}
-
-size_t ROKEN_LIB_FUNCTION
-roken_vmconcat (char **s, size_t max_len, va_list args)
-{
-    const char *a;
-    char *p, *q;
-    size_t len = 0;
-    *s = NULL;
-    p = malloc(1);
-    if(p == NULL)
-	return 0;
-    len = 1;
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-	
-	if(max_len && len + n > max_len){
-	    free(p);
-	    return 0;
-	}
-	q = realloc(p, len + n);
-	if(q == NULL){
-	    free(p);
-	    return 0;
-	}
-	p = q;
-	memcpy (p + len - 1, a, n);
-	len += n;
-    }
-    p[len - 1] = '\0';
-    *s = p;
-    return len;
-}
-
-size_t ROKEN_LIB_FUNCTION
-roken_mconcat (char **s, size_t max_len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, max_len);
-    ret = roken_vmconcat (s, max_len, args);
-    va_end(args);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/copyhostent.c b/crypto/heimdal/lib/roken/copyhostent.c
deleted file mode 100644
index 6410449..0000000
--- a/crypto/heimdal/lib/roken/copyhostent.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * return a malloced copy of `h'
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-copyhostent (const struct hostent *h)
-{
-    struct hostent *res;
-    char **p;
-    int i, n;
-
-    res = malloc (sizeof (*res));
-    if (res == NULL)
-	return NULL;
-    res->h_name      = NULL;
-    res->h_aliases   = NULL;
-    res->h_addrtype  = h->h_addrtype;
-    res->h_length    = h->h_length;
-    res->h_addr_list = NULL;
-    res->h_name = strdup (h->h_name);
-    if (res->h_name == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (n = 0, p = h->h_aliases; *p != NULL; ++p)
-	++n;
-    res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases));
-    if (res->h_aliases == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i)
-	res->h_aliases[i] = NULL;
-    for (i = 0; i < n; ++i) {
-	res->h_aliases[i] = strdup (h->h_aliases[i]);
-	if (res->h_aliases[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-    }
-
-    for (n = 0, p = h->h_addr_list; *p != NULL; ++p)
-	++n;
-    res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list));
-    if (res->h_addr_list == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i) {
-	res->h_addr_list[i] = NULL;
-    }
-    for (i = 0; i < n; ++i) {
-	res->h_addr_list[i] = malloc (h->h_length);
-	if (res->h_addr_list[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-	memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length);
-    }
-    return res;
-}
-
diff --git a/crypto/heimdal/lib/roken/daemon.c b/crypto/heimdal/lib/roken/daemon.c
deleted file mode 100644
index 2bc2350..0000000
--- a/crypto/heimdal/lib/roken/daemon.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)daemon.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: daemon.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_DAEMON
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-daemon(int nochdir, int noclose)
-{
-    int fd;
-
-    switch (fork()) {
-    case -1:
-	return (-1);
-    case 0:
-	break;
-    default:
-	_exit(0);
-    }
-
-    if (setsid() == -1)
-	return (-1);
-
-    if (!nochdir)
-	chdir("/");
-
-    if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-	dup2(fd, STDIN_FILENO);
-	dup2(fd, STDOUT_FILENO);
-	dup2(fd, STDERR_FILENO);
-	if (fd > 2)
-	    close (fd);
-    }
-    return (0);
-}
-
-#endif /* HAVE_DAEMON */
diff --git a/crypto/heimdal/lib/roken/dumpdata.c b/crypto/heimdal/lib/roken/dumpdata.c
deleted file mode 100644
index 4750cac..0000000
--- a/crypto/heimdal/lib/roken/dumpdata.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-
-#include "roken.h"
-
-/*
- * Write datablob to a filename, don't care about errors.
- */
-
-void ROKEN_LIB_FUNCTION
-rk_dumpdata (const char *filename, const void *buf, size_t size)
-{
-    int fd;
-
-    fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0640);
-    if (fd < 0)
-	return;
-    net_write(fd, buf, size);
-    close(fd);
-}
diff --git a/crypto/heimdal/lib/roken/ecalloc.3 b/crypto/heimdal/lib/roken/ecalloc.3
deleted file mode 100644
index 194ad27..0000000
--- a/crypto/heimdal/lib/roken/ecalloc.3
+++ /dev/null
@@ -1,84 +0,0 @@
-.\" Copyright (c) 2001, 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" $Id: ecalloc.3 12527 2003-08-15 12:28:14Z joda $
-.\"
-.Dd August 14, 2003
-.Dt ECALLOC 3
-.Os HEIMDAL
-.Sh NAME
-.Nm ecalloc ,
-.Nm emalloc ,
-.Nm eread ,
-.Nm erealloc ,
-.Nm esetenv ,
-.Nm estrdup ,
-.Nm ewrite
-.Nd exit-on-failure wrapper functions
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.Fd #include <roken.h>
-.Ft "void *"
-.Fn ecalloc "size_t number" "size_t size"
-.Ft "void *"
-.Fn emalloc "size_t sz"
-.Ft ssize_t
-.Fn eread "int fd" "void *buf" "size_t nbytes"
-.Ft "void *"
-.Fn erealloc "void *ptr" "size_t sz"
-.Ft void
-.Fn esetenv "const char *var" "const char *val" "int rewrite"
-.Ft "char *"
-.Fn estrdup "const char *str"
-.Ft ssize_t
-.Fn ewrite "int fd" "const void *buf" "size_t nbytes"
-.Sh DESCRIPTION
-These functions do the same as the ones without the 
-.Dq e
-prefix, but if there is an error they will print a message with 
-.Xr errx 3 ,
-and exit. For
-.Nm eread
-and 
-.Nm ewrite
-this is also true for partial data.
-.Pp
-This is useful in applications when there is no need for a more
-advanced failure mode.
-.Sh SEE ALSO
-.Xr read 2 ,
-.Xr write 2 ,
-.Xr calloc 3 ,
-.Xr errx 3 ,
-.Xr malloc 3 ,
-.Xr realloc 3 ,
-.Xr setenv 3 ,
-.Xr strdup 3
diff --git a/crypto/heimdal/lib/roken/ecalloc.c b/crypto/heimdal/lib/roken/ecalloc.c
deleted file mode 100644
index c5ef4a7..0000000
--- a/crypto/heimdal/lib/roken/ecalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like calloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-ecalloc (size_t number, size_t size)
-{
-    void *tmp = calloc (number, size);
-
-    if (tmp == NULL && number * size != 0)
-	errx (1, "calloc %lu failed", (unsigned long)number * size);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/emalloc.c b/crypto/heimdal/lib/roken/emalloc.c
deleted file mode 100644
index a39fcc0..0000000
--- a/crypto/heimdal/lib/roken/emalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like malloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-emalloc (size_t sz)
-{
-    void *tmp = malloc (sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "malloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/environment.c b/crypto/heimdal/lib/roken/environment.c
deleted file mode 100644
index 3822e4c..0000000
--- a/crypto/heimdal/lib/roken/environment.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2000, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: environment.c 20866 2007-06-03 21:00:29Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include "roken.h"
-
-/* find assignment in env list; len is length of variable including
- * equal 
- */
-
-static int
-find_var(char **env, char *assignment, size_t len)
-{
-    int i;
-    for(i = 0; env != NULL && env[i] != NULL; i++)
-	if(strncmp(env[i], assignment, len) == 0)
-	    return i;
-    return -1;
-}
-
-/*
- * return count of environment assignments from open file F in
- * assigned and list of malloced strings in env, return 0 or errno
- * number
- */
-
-static int
-rk_read_env_file(FILE *F, char ***env, int *assigned)
-{
-    int idx = 0;
-    int i;
-    char **l;
-    char buf[BUFSIZ], *p, *r;
-    char **tmp;
-    int ret = 0;
-
-    *assigned = 0;
-
-    for(idx = 0; *env != NULL && (*env)[idx] != NULL; idx++);
-    l = *env;
-
-    /* This is somewhat more relaxed on what it accepts then
-     * Wietses sysv_environ from K4 was...
-     */
-    while (fgets(buf, BUFSIZ, F) != NULL) {
-	buf[strcspn(buf, "#\n")] = '\0';
-
-	for(p = buf; isspace((unsigned char)*p); p++);
-	if (*p == '\0')
-	    continue;
-
-	/* Here one should check that it's a 'valid' env string... */
-	r = strchr(p, '=');
-	if (r == NULL)
-	    continue;
-
-	if((i = find_var(l, p, r - p + 1)) >= 0) {
-	    char *val = strdup(p);
-	    if(val == NULL) {
-		ret = ENOMEM;
-		break;
-	    }
-	    free(l[i]);
-	    l[i] = val;
-	    (*assigned)++;
-	    continue;
-	}
-
-	tmp = realloc(l, (idx+2) * sizeof (char *));
-	if(tmp == NULL) {
-	    ret = ENOMEM;
-	    break;
-	}
-
-	l = tmp;
-	l[idx] = strdup(p);
-	if(l[idx] == NULL) {
-	    ret = ENOMEM;
-	    break;
-	}
-	l[++idx] = NULL;
-	(*assigned)++;
-    }
-    if(ferror(F))
-	ret = errno;
-    *env = l;
-    return ret;
-}
-
-/*
- * return count of environment assignments from file and 
- * list of malloced strings in `env'
- */
-
-int ROKEN_LIB_FUNCTION
-read_environment(const char *file, char ***env)
-{
-    int assigned;
-    FILE *F;
-
-    if ((F = fopen(file, "r")) == NULL)
-	return 0;
-
-    rk_read_env_file(F, env, &assigned);
-    fclose(F);
-    return assigned;
-}
-
-void ROKEN_LIB_FUNCTION
-free_environment(char **env)
-{
-    int i;
-    if (env == NULL)
-	return;
-    for (i = 0; env[i]; i++)
-	free(env[i]);
-    free(env);
-}
diff --git a/crypto/heimdal/lib/roken/eread.c b/crypto/heimdal/lib/roken/eread.c
deleted file mode 100644
index ec4eed4..0000000
--- a/crypto/heimdal/lib/roken/eread.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: eread.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like read but never fails (and never returns partial data).
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-eread (int fd, void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_read (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "read");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/erealloc.c b/crypto/heimdal/lib/roken/erealloc.c
deleted file mode 100644
index c382360..0000000
--- a/crypto/heimdal/lib/roken/erealloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like realloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-erealloc (void *ptr, size_t sz)
-{
-    void *tmp = realloc (ptr, sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "realloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/err.c b/crypto/heimdal/lib/roken/err.c
deleted file mode 100644
index dcb820b..0000000
--- a/crypto/heimdal/lib/roken/err.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: err.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-err(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verr(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/err.hin b/crypto/heimdal/lib/roken/err.hin
deleted file mode 100644
index 2f1232d..0000000
--- a/crypto/heimdal/lib/roken/err.hin
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __ERR_H__
-#define __ERR_H__
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-void ROKEN_LIB_FUNCTION
-verr(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-
-void ROKEN_LIB_FUNCTION
-err(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-
-void ROKEN_LIB_FUNCTION
-verrx(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-
-void ROKEN_LIB_FUNCTION
-errx(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void ROKEN_LIB_FUNCTION
-vwarn(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-
-void ROKEN_LIB_FUNCTION
-warn(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-void ROKEN_LIB_FUNCTION
-vwarnx(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-
-void ROKEN_LIB_FUNCTION
-warnx(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-#endif /* __ERR_H__ */
diff --git a/crypto/heimdal/lib/roken/errx.c b/crypto/heimdal/lib/roken/errx.c
deleted file mode 100644
index 1090ac7..0000000
--- a/crypto/heimdal/lib/roken/errx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: errx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-errx(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verrx(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/esetenv.c b/crypto/heimdal/lib/roken/esetenv.c
deleted file mode 100644
index e92f04a..0000000
--- a/crypto/heimdal/lib/roken/esetenv.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2000, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: esetenv.c 15502 2005-06-21 18:56:15Z lha $");
-#endif
-
-#include "roken.h"
-
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-esetenv(const char *var, const char *val, int rewrite)
-{
-    if (setenv (rk_UNCONST(var), rk_UNCONST(val), rewrite))
-	errx (1, "failed setting environment variable %s", var);
-}
diff --git a/crypto/heimdal/lib/roken/estrdup.c b/crypto/heimdal/lib/roken/estrdup.c
deleted file mode 100644
index 262412b..0000000
--- a/crypto/heimdal/lib/roken/estrdup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like strdup but never fails.
- */
-
-char * ROKEN_LIB_FUNCTION
-estrdup (const char *str)
-{
-    char *tmp = strdup (str);
-
-    if (tmp == NULL)
-	errx (1, "strdup failed");
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/ewrite.c b/crypto/heimdal/lib/roken/ewrite.c
deleted file mode 100644
index a2323d6..0000000
--- a/crypto/heimdal/lib/roken/ewrite.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ewrite.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like write but never fails (and never returns partial data).
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-ewrite (int fd, const void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_write (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "write");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/fchown.c b/crypto/heimdal/lib/roken/fchown.c
deleted file mode 100644
index 87a2051..0000000
--- a/crypto/heimdal/lib/roken/fchown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: fchown.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-fchown(int fd, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/flock.c b/crypto/heimdal/lib/roken/flock.c
deleted file mode 100644
index 911d5ff..0000000
--- a/crypto/heimdal/lib/roken/flock.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifndef HAVE_FLOCK
-RCSID("$Id: flock.c 14773 2005-04-12 11:29:18Z lha $");
-
-#include "roken.h"
-
-
-#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
-
-int ROKEN_LIB_FUNCTION
-flock(int fd, int operation)
-{
-#if defined(HAVE_FCNTL) && defined(F_SETLK)
-  struct flock arg;
-  int code, cmd;
-  
-  arg.l_whence = SEEK_SET;
-  arg.l_start = 0;
-  arg.l_len = 0;		/* means to EOF */
-
-  if (operation & LOCK_NB)
-    cmd = F_SETLK;
-  else
-    cmd = F_SETLKW;		/* Blocking */
-
-  switch (operation & OP_MASK) {
-  case LOCK_UN:
-    arg.l_type = F_UNLCK;
-    code = fcntl(fd, F_SETLK, &arg);
-    break;
-  case LOCK_SH:
-    arg.l_type = F_RDLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  case LOCK_EX:
-    arg.l_type = F_WRLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  default:
-    errno = EINVAL;
-    code = -1;
-    break;
-  }
-  return code;
-#else
-  return -1;
-#endif
-}
-
-#endif
-
diff --git a/crypto/heimdal/lib/roken/fnmatch.c b/crypto/heimdal/lib/roken/fnmatch.c
deleted file mode 100644
index 126949a..0000000
--- a/crypto/heimdal/lib/roken/fnmatch.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*	$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $	*/
-
-/*
- * Copyright (c) 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
-#else
-static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
- * Compares a filename or pathname to a pattern.
- */
-
-#include <fnmatch.h>
-#include <string.h>
-
-#define	EOS	'\0'
-
-static const char *rangematch (const char *, int, int);
-
-int ROKEN_LIB_FUNCTION
-rk_fnmatch(const char *pattern, const char *string, int flags)
-{
-	const char *stringstart;
-	char c, test;
-
-	for (stringstart = string;;)
-		switch (c = *pattern++) {
-		case EOS:
-			return (*string == EOS ? 0 : FNM_NOMATCH);
-		case '?':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && (flags & FNM_PATHNAME))
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '*':
-			c = *pattern;
-			/* Collapse multiple stars. */
-			while (c == '*')
-				c = *++pattern;
-
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-
-			/* Optimize for pattern with * at end or before /. */
-			if (c == EOS)
-				if (flags & FNM_PATHNAME)
-					return (strchr(string, '/') == NULL ?
-					    0 : FNM_NOMATCH);
-				else
-					return (0);
-			else if (c == '/' && flags & FNM_PATHNAME) {
-				if ((string = strchr(string, '/')) == NULL)
-					return (FNM_NOMATCH);
-				break;
-			}
-
-			/* General case, use recursion. */
-			while ((test = *string) != EOS) {
-				if (!rk_fnmatch(pattern, string, flags & ~FNM_PERIOD))
-					return (0);
-				if (test == '/' && flags & FNM_PATHNAME)
-					break;
-				++string;
-			}
-			return (FNM_NOMATCH);
-		case '[':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && flags & FNM_PATHNAME)
-				return (FNM_NOMATCH);
-			if ((pattern =
-			    rangematch(pattern, *string, flags)) == NULL)
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '\\':
-			if (!(flags & FNM_NOESCAPE)) {
-				if ((c = *pattern++) == EOS) {
-					c = '\\';
-					--pattern;
-				}
-			}
-			/* FALLTHROUGH */
-		default:
-			if (c != *string++)
-				return (FNM_NOMATCH);
-			break;
-		}
-	/* NOTREACHED */
-}
-
-static const char *
-rangematch(const char *pattern, int test, int flags)
-{
-	int negate, ok;
-	char c, c2;
-
-	/*
-	 * A bracket expression starting with an unquoted circumflex
-	 * character produces unspecified results (IEEE 1003.2-1992,
-	 * 3.13.2).  This implementation treats it like '!', for
-	 * consistency with the regular expression syntax.
-	 * J.T. Conklin (conklin@ngai.kaleida.com)
-	 */
-	if (negate = (*pattern == '!' || *pattern == '^'))
-		++pattern;
-	
-	for (ok = 0; (c = *pattern++) != ']';) {
-		if (c == '\\' && !(flags & FNM_NOESCAPE))
-			c = *pattern++;
-		if (c == EOS)
-			return (NULL);
-		if (*pattern == '-' 
-		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
-			pattern += 2;
-			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
-				c2 = *pattern++;
-			if (c2 == EOS)
-				return (NULL);
-			if (c <= test && test <= c2)
-				ok = 1;
-		} else if (c == test)
-			ok = 1;
-	}
-	return (ok == negate ? NULL : pattern);
-}
diff --git a/crypto/heimdal/lib/roken/fnmatch.hin b/crypto/heimdal/lib/roken/fnmatch.hin
deleted file mode 100644
index d5d54a5..0000000
--- a/crypto/heimdal/lib/roken/fnmatch.hin
+++ /dev/null
@@ -1,64 +0,0 @@
-/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-
-int ROKEN_LIB_FUNCTION
-rk_fnmatch (const char *, const char *, int);
-
-#define fnmatch(a,b,c) rk_fnmatch(a,b,c)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_FNMATCH_H_ */
diff --git a/crypto/heimdal/lib/roken/freeaddrinfo.c b/crypto/heimdal/lib/roken/freeaddrinfo.c
deleted file mode 100644
index a61536d..0000000
--- a/crypto/heimdal/lib/roken/freeaddrinfo.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * free the list of `struct addrinfo' starting at `ai'
- */
-
-void ROKEN_LIB_FUNCTION
-freeaddrinfo(struct addrinfo *ai)
-{
-    struct addrinfo *tofree;
-
-    while(ai != NULL) {
-	free (ai->ai_canonname);
-	free (ai->ai_addr);
-	tofree = ai;
-	ai = ai->ai_next;
-	free (tofree);
-    }
-}
diff --git a/crypto/heimdal/lib/roken/freehostent.c b/crypto/heimdal/lib/roken/freehostent.c
deleted file mode 100644
index 54fc495..0000000
--- a/crypto/heimdal/lib/roken/freehostent.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * free a malloced hostent
- */
-
-void ROKEN_LIB_FUNCTION
-freehostent (struct hostent *h)
-{
-    char **p;
-
-    free (h->h_name);
-    if (h->h_aliases != NULL) {
-	for (p = h->h_aliases; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_aliases);
-    }
-    if (h->h_addr_list != NULL) {
-	for (p = h->h_addr_list; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_addr_list);
-    }
-    free (h);
-}
diff --git a/crypto/heimdal/lib/roken/gai_strerror.c b/crypto/heimdal/lib/roken/gai_strerror.c
deleted file mode 100644
index c862743..0000000
--- a/crypto/heimdal/lib/roken/gai_strerror.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $");
-#endif
-
-#include "roken.h"
-
-static struct gai_error {
-    int code;
-    const char *str;
-} errors[] = {
-{EAI_NOERROR,		"no error"},
-#ifdef EAI_ADDRFAMILY
-{EAI_ADDRFAMILY,	"address family for nodename not supported"},
-#endif
-{EAI_AGAIN,		"temporary failure in name resolution"},
-{EAI_BADFLAGS,		"invalid value for ai_flags"},
-{EAI_FAIL,		"non-recoverable failure in name resolution"},
-{EAI_FAMILY,		"ai_family not supported"},
-{EAI_MEMORY,		"memory allocation failure"},
-#ifdef EAI_NODATA
-{EAI_NODATA,		"no address associated with nodename"},
-#endif
-{EAI_NONAME,		"nodename nor servname provided, or not known"},
-{EAI_SERVICE,		"servname not supported for ai_socktype"},
-{EAI_SOCKTYPE,		"ai_socktype not supported"},
-{EAI_SYSTEM,		"system error returned in errno"},
-{0,			NULL},
-};
-
-/*
- *
- */
-
-const char * ROKEN_LIB_FUNCTION
-gai_strerror(int ecode)
-{
-    struct gai_error *g;
-
-    for (g = errors; g->str != NULL; ++g)
-	if (g->code == ecode)
-	    return g->str;
-    return "unknown error code in gai_strerror";
-}
diff --git a/crypto/heimdal/lib/roken/get_default_username.c b/crypto/heimdal/lib/roken/get_default_username.c
deleted file mode 100644
index 754b60d..0000000
--- a/crypto/heimdal/lib/roken/get_default_username.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_default_username.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-
-/*
- * Try to return what should be considered the default username or
- * NULL if we can't guess at all.
- */
-
-const char * ROKEN_LIB_FUNCTION
-get_default_username (void)
-{
-    const char *user;
-
-    user = getenv ("USER");
-    if (user == NULL)
-	user = getenv ("LOGNAME");
-    if (user == NULL)
-	user = getenv ("USERNAME");
-
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    if (user == NULL) {
-	user = (const char *)getlogin ();
-	if (user != NULL)
-	    return user;
-    }
-#endif
-#ifdef HAVE_PWD_H
-    {
-	uid_t uid = getuid ();
-	struct passwd *pwd;
-
-	if (user != NULL) {
-	    pwd = k_getpwnam (user);
-	    if (pwd != NULL && pwd->pw_uid == uid)
-		return user;
-	}
-	pwd = k_getpwuid (uid);
-	if (pwd != NULL)
-	    return pwd->pw_name;
-    }
-#endif
-    return user;
-}
diff --git a/crypto/heimdal/lib/roken/get_window_size.c b/crypto/heimdal/lib/roken/get_window_size.c
deleted file mode 100644
index 7fa91d6..0000000
--- a/crypto/heimdal/lib/roken/get_window_size.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#if 0 /* Where were those needed? /confused */
-#ifdef HAVE_SYS_PROC_H
-#include <sys/proc.h>
-#endif
-
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-#endif
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-get_window_size(int fd, struct winsize *wp)
-{
-    int ret = -1;
-    
-    memset(wp, 0, sizeof(*wp));
-
-#if defined(TIOCGWINSZ)
-    ret = ioctl(fd, TIOCGWINSZ, wp);
-#elif defined(TIOCGSIZE)
-    {
-	struct ttysize ts;
-	
-	ret = ioctl(fd, TIOCGSIZE, &ts);
-	if(ret == 0) {
-	    wp->ws_row = ts.ts_lines;
-	    wp->ws_col = ts.ts_cols;
-	}
-    }
-#elif defined(HAVE__SCRSIZE)
-    {
-	int dst[2];
-	
-	_scrsize(dst);
-	wp->ws_row = dst[1];
-	wp->ws_col = dst[0];
-	ret = 0;
-    }
-#endif
-    if (ret != 0) {
-        char *s;
-        if((s = getenv("COLUMNS")))
-	    wp->ws_col = atoi(s);
-	if((s = getenv("LINES")))
-	    wp->ws_row = atoi(s);
-	if(wp->ws_col > 0 && wp->ws_row > 0)
-	    ret = 0;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo-test.c b/crypto/heimdal/lib/roken/getaddrinfo-test.c
deleted file mode 100644
index 027e32a..0000000
--- a/crypto/heimdal/lib/roken/getaddrinfo-test.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo-test.c 15930 2005-08-12 13:42:17Z lha $");
-#endif
-
-#include "roken.h"
-#include "getarg.h"
-
-static int flags;
-static int family;
-static int socktype;
-
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    {"flags",	0,	arg_integer,	&flags,		"flags",	NULL},
-    {"family",	0,	arg_integer,	&family,	"family",	NULL},
-    {"socktype",0,	arg_integer,	&socktype,	"socktype",	NULL},
-    {"version",	0,	arg_flag,	&version_flag,	"print version",NULL},
-    {"help",	0,	arg_flag,	&help_flag,	NULL,		NULL}
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[nodename servname...]");
-    exit (ret);
-}
-
-static void
-doit (const char *nodename, const char *servname)
-{
-    struct addrinfo hints;
-    struct addrinfo *res, *r;
-    int ret;
-
-    printf ("(%s,%s)... ", nodename ? nodename : "null", servname);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = flags;
-    hints.ai_family   = family;
-    hints.ai_socktype = socktype;
-
-    ret = getaddrinfo (nodename, servname, &hints, &res);
-    if (ret) {
-	printf ("error: %s\n", gai_strerror(ret));
-	return;
-    }
-    printf ("\n");
-
-    for (r = res; r != NULL; r = r->ai_next) {
-	char addrstr[256];
-
-	if (inet_ntop (r->ai_family, 
-		       socket_get_address (r->ai_addr),
-		       addrstr, sizeof(addrstr)) == NULL) {
-	    printf ("\tbad address?\n");
-	    continue;
-	} 
-	printf ("\tfamily = %d, socktype = %d, protocol = %d, "
-		"address = \"%s\", port = %d",
-		r->ai_family, r->ai_socktype, r->ai_protocol,
-		addrstr,
-		ntohs(socket_get_port (r->ai_addr)));
-	if (r->ai_canonname)
-	    printf (", canonname = \"%s\"", r->ai_canonname);
-	printf ("\n");
-    }
-    freeaddrinfo (res);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    int i;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optidx))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION);
-	return 0;
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc % 2 != 0)
-	usage (1);
-
-    for (i = 0; i < argc; i += 2) {
-	const char *nodename = argv[i];
-
-	if (strcmp (nodename, "null") == 0)
-	    nodename = NULL;
-
-	doit (nodename, argv[i+1]);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo.c b/crypto/heimdal/lib/roken/getaddrinfo.c
deleted file mode 100644
index f9ffcd8..0000000
--- a/crypto/heimdal/lib/roken/getaddrinfo.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * uses hints->ai_socktype and hints->ai_protocol
- */
-
-static int
-get_port_protocol_socktype (const char *servname,
-			    const struct addrinfo *hints,
-			    int *port,
-			    int *protocol,
-			    int *socktype)
-{
-    struct servent *se;
-    const char *proto_str = NULL;
-
-    *socktype = 0;
-
-    if (hints != NULL && hints->ai_protocol != 0) {
-	struct protoent *protoent = getprotobynumber (hints->ai_protocol);
-
-	if (protoent == NULL)
-	    return EAI_SOCKTYPE; /* XXX */
-
-	proto_str = protoent->p_name;
-	*protocol = protoent->p_proto;
-    }
-
-    if (hints != NULL)
-	*socktype = hints->ai_socktype;
-
-    if (*socktype == SOCK_STREAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "tcp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_TCP;
-    } else if (*socktype == SOCK_DGRAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "udp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_UDP;
-    } else if (*socktype == 0) {
-	if (proto_str != NULL) {
-	    se = getservbyname (servname, proto_str);
-	} else {
-	    se = getservbyname (servname, "tcp");
-	    *protocol = IPPROTO_TCP;
-	    *socktype = SOCK_STREAM;
-	    if (se == NULL) {
-		se = getservbyname (servname, "udp");
-		*protocol = IPPROTO_UDP;
-		*socktype = SOCK_DGRAM;
-	    }
-	}
-    } else
-	return EAI_SOCKTYPE;
-
-    if (se == NULL) {
-	char *endstr;
-
-	*port = htons(strtol (servname, &endstr, 10));
-	if (servname == endstr)
-	    return EAI_NONAME;
-    } else {
-	*port = se->s_port;
-    }
-    return 0;
-}
-
-static int
-add_one (int port, int protocol, int socktype,
-	 struct addrinfo ***ptr,
-	 int (*func)(struct addrinfo *, void *data, int port),
-	 void *data,
-	 char *canonname)
-{
-    struct addrinfo *a;
-    int ret;
-
-    a = malloc (sizeof (*a));
-    if (a == NULL)
-	return EAI_MEMORY;
-    memset (a, 0, sizeof(*a));
-    a->ai_flags     = 0;
-    a->ai_next      = NULL;
-    a->ai_protocol  = protocol;
-    a->ai_socktype  = socktype;
-    a->ai_canonname = canonname;
-    ret = (*func)(a, data, port);
-    if (ret) {
-	free (a);
-	return ret;
-    }
-    **ptr = a;
-    *ptr = &a->ai_next;
-    return 0;
-}
-
-static int
-const_v4 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in *sin4;
-    struct in_addr *addr = (struct in_addr *)data;
-
-    a->ai_family  = PF_INET;
-    a->ai_addrlen = sizeof(*sin4);
-    a->ai_addr    = malloc (sizeof(*sin4));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin4 = (struct sockaddr_in *)a->ai_addr;
-    memset (sin4, 0, sizeof(*sin4));
-    sin4->sin_family = AF_INET;
-    sin4->sin_port   = port;
-    sin4->sin_addr   = *addr;
-    return 0;
-}
-
-#ifdef HAVE_IPV6
-static int
-const_v6 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in6 *sin6;
-    struct in6_addr *addr = (struct in6_addr *)data;
-
-    a->ai_family  = PF_INET6;
-    a->ai_addrlen = sizeof(*sin6);
-    a->ai_addr    = malloc (sizeof(*sin6));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin6 = (struct sockaddr_in6 *)a->ai_addr;
-    memset (sin6, 0, sizeof(*sin6));
-    sin6->sin6_family = AF_INET6;
-    sin6->sin6_port   = port;
-    sin6->sin6_addr   = *addr;
-    return 0;
-}
-#endif
-
-/* this is mostly a hack for some versions of AIX that has a prototype
-   for in6addr_loopback but no actual symbol in libc */
-#if defined(HAVE_IPV6) && !defined(HAVE_IN6ADDR_LOOPBACK) && defined(IN6ADDR_LOOPBACK_INIT)
-#define in6addr_loopback _roken_in6addr_loopback
-struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
-#endif
-
-static int
-get_null (const struct addrinfo *hints,
-	  int port, int protocol, int socktype,
-	  struct addrinfo **res)
-{
-    struct in_addr v4_addr;
-#ifdef HAVE_IPV6
-    struct in6_addr v6_addr;
-#endif
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL)
-	family = hints->ai_family;
-
-    if (hints && hints->ai_flags & AI_PASSIVE) {
-	v4_addr.s_addr = INADDR_ANY;
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_any;
-#endif
-    } else {
-	v4_addr.s_addr = htonl(INADDR_LOOPBACK);
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_loopback;
-#endif
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v6, &v6_addr, NULL);
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v4, &v4_addr, NULL);
-    }
-    *res = first;
-    return 0;
-}
-
-static int
-add_hostent (int port, int protocol, int socktype,
-	     struct addrinfo ***current,
-	     int (*func)(struct addrinfo *, void *data, int port),
-	     struct hostent *he, int *flags)
-{
-    int ret;
-    char *canonname = NULL;
-    char **h;
-
-    if (*flags & AI_CANONNAME) {
-	struct hostent *he2 = NULL;
-	const char *tmp_canon;
-
-	tmp_canon = hostent_find_fqdn (he);
-	if (strchr (tmp_canon, '.') == NULL) {
-	    int error;
-
-	    he2 = getipnodebyaddr (he->h_addr_list[0], he->h_length,
-				   he->h_addrtype, &error);
-	    if (he2 != NULL) {
-		const char *tmp = hostent_find_fqdn (he2);
-
-		if (strchr (tmp, '.') != NULL)
-		    tmp_canon = tmp;
-	    }
-	}
-
-	canonname = strdup (tmp_canon);
-	if (he2 != NULL)
-	    freehostent (he2);
-	if (canonname == NULL)
-	    return EAI_MEMORY;
-    }
-
-    for (h = he->h_addr_list; *h != NULL; ++h) {
-	ret = add_one (port, protocol, socktype,
-		       current, func, *h, canonname);
-	if (ret)
-	    return ret;
-	if (*flags & AI_CANONNAME) {
-	    *flags &= ~AI_CANONNAME;
-	    canonname = NULL;
-	}
-    }
-    return 0;
-}
-
-static int
-get_number (const char *nodename,
-	    const struct addrinfo *hints,
-	    int port, int protocol, int socktype,
-	    struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct in6_addr v6_addr;
-
-	if (inet_pton (PF_INET6, nodename, &v6_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v6, &v6_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct in_addr v4_addr;
-
-	if (inet_pton (PF_INET, nodename, &v4_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v4, &v4_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-    return EAI_NONAME;
-}
-
-static int
-get_nodes (const char *nodename,
-	   const struct addrinfo *hints,
-	   int port, int protocol, int socktype,
-	   struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int flags  = 0;
-    int ret = EAI_NONAME;
-    int error;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-	flags  = hints->ai_flags;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET6, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v6, he, &flags);
-	    freehostent (he);
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v4, he, &flags);
-	    freehostent (he);
-	}
-    }
-    *res = first;
-    return ret;
-}
-
-/*
- * hints:
- *
- * struct addrinfo {
- *     int    ai_flags;
- *     int    ai_family;
- *     int    ai_socktype;
- *     int    ai_protocol;
- * ...
- * };
- */
-
-int ROKEN_LIB_FUNCTION
-getaddrinfo(const char *nodename,
-	    const char *servname,
-	    const struct addrinfo *hints,
-	    struct addrinfo **res)
-{
-    int ret;
-    int port     = 0;
-    int protocol = 0;
-    int socktype = 0;
-
-    *res = NULL;
-
-    if (servname == NULL && nodename == NULL)
-	return EAI_NONAME;
-
-    if (hints != NULL
-	&& hints->ai_family != PF_UNSPEC
-	&& hints->ai_family != PF_INET
-#ifdef HAVE_IPV6
-	&& hints->ai_family != PF_INET6
-#endif
-	)
-	return EAI_FAMILY;
-
-    if (servname != NULL) {
-	ret = get_port_protocol_socktype (servname, hints,
-					  &port, &protocol, &socktype);
-	if (ret)
-	    return ret;
-    }
-    if (nodename != NULL) {
-	ret = get_number (nodename, hints, port, protocol, socktype, res);
-	if (ret) {
-	    if(hints && hints->ai_flags & AI_NUMERICHOST)
-		ret = EAI_NONAME;
-	    else
-		ret = get_nodes (nodename, hints, port, protocol, socktype,
-				 res);
-	}
-    } else {
-	ret = get_null (hints, port, protocol, socktype, res);
-    }
-    if (ret)
-	freeaddrinfo (*res);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
deleted file mode 100644
index 29eae31..0000000
--- a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo_hostspec.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/* getaddrinfo via string specifying host and port */
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec2(const char *hostspec, 
-			    int socktype,
-			    int port,
-			    struct addrinfo **ai)
-{
-    const char *p;
-    char portstr[NI_MAXSERV];
-    char host[MAXHOSTNAMELEN];
-    struct addrinfo hints;
-    int hostspec_len;
-
-    struct hst {
-	const char *prefix;
-	int socktype;
-	int protocol;
-	int port;
-    } *hstp, hst[] = {
-	{ "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "tcp/", SOCK_STREAM, IPPROTO_TCP },
-	{ "udp/", SOCK_DGRAM, IPPROTO_UDP },
-	{ NULL }
-    };
-
-    memset(&hints, 0, sizeof(hints));
-
-    hints.ai_socktype = socktype;
-	
-    for(hstp = hst; hstp->prefix; hstp++) {
-	if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
-	    hints.ai_socktype = hstp->socktype;
-	    hints.ai_protocol = hstp->protocol;
-	    if(port == 0)
-		port = hstp->port;
-	    hostspec += strlen(hstp->prefix);
-	    break;
-	}
-    }
-    
-    p = strchr (hostspec, ':');
-    if (p != NULL) {
-	char *end;
-
-	port = strtol (p + 1, &end, 0);
-	hostspec_len = p - hostspec;
-    } else {
-	hostspec_len = strlen(hostspec);
-    }
-    snprintf (portstr, sizeof(portstr), "%u", port);
-    
-    snprintf (host, sizeof(host), "%.*s", hostspec_len, hostspec);
-    return getaddrinfo (host, portstr, &hints, ai);
-}
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec(const char *hostspec, 
-			   int port,
-			   struct addrinfo **ai)
-{
-    return roken_getaddrinfo_hostspec2(hostspec, 0, port, ai);
-}
diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3
deleted file mode 100644
index fd5ed3d..0000000
--- a/crypto/heimdal/lib/roken/getarg.3
+++ /dev/null
@@ -1,341 +0,0 @@
-.\" Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: getarg.3 13380 2004-02-17 12:04:59Z lha $
-.Dd September 24, 1999
-.Dt GETARG 3
-.Os ROKEN
-.Sh NAME
-.Nm getarg ,
-.Nm arg_printusage
-.Nd collect command line options
-.Sh SYNOPSIS
-.In getarg.h
-.Ft int
-.Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
-.Ft void
-.Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
-.Sh DESCRIPTION
-.Fn getarg
-collects any command line options given to a program in an easily used way.
-.Fn arg_printusage
-pretty-prints the available options, with a short help text.
-.Pp
-.Fa args
-is the option specification to use, and it's an array of
-.Fa struct getargs
-elements.
-.Fa num_args
-is the size of
-.Fa args
-(in elements).
-.Fa argc
-and
-.Fa argv
-are the argument count and argument vector to extract option from.
-.Fa optind
-is a pointer to an integer where the index to the last processed
-argument is stored, it must be initialised to the first index (minus
-one) to process (normally 0) before the first call.
-.Pp
-.Fa arg_printusage
-take the same
-.Fa args
-and
-.Fa num_args
-as getarg;
-.Fa progname
-is the name of the program (to be used in the help text), and
-.Fa extra_string
-is a string to print after the actual options to indicate more
-arguments. The usefulness of this function is realised only be people
-who has used programs that has help strings that doesn't match what
-the code does.
-.Pp
-The
-.Fa getargs
-struct has the following elements.
-.Bd -literal
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer,
-	   arg_string,
-	   arg_flag,
-	   arg_negative_flag,
-	   arg_strings,
-	   arg_double,
-           arg_collect
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-.Ed
-.Pp
-.Fa long_name
-is the long name of the option, it can be
-.Dv NULL ,
-if you don't want a long name.
-.Fa short_name
-is the characted to use as short option, it can be zero. If the option
-has a value the
-.Fa value
-field gets filled in with that value interpreted as specified by the
-.Fa type
-field.
-.Fa help
-is a longer help string for the option as a whole, if it's
-.Dv NULL
-the help text for the option is omitted (but it's still displayed in
-the synopsis).
-.Fa arg_help
-is a description of the argument, if
-.Dv NULL
-a default value will be used, depending on the type of the option:
-.Pp
-.Bl -hang -width arg_negative_flag
-.It arg_integer
-the argument is a signed integer, and
-.Fa value
-should point to an
-.Fa int .
-.It Fa arg_string
-the argument is a string, and
-.Fa value
-should point to a
-.Fa char* .
-.It Fa arg_flag
-the argument is a flag, and
-.Fa value
-should point to a
-.Fa int .
-It gets filled in with either zero or one, depending on how the option
-is given, the normal case being one. Note that if the option isn't
-given, the value isn't altered, so it should be initialised to some
-useful default.
-.It Fa arg_negative_flag
-this is the same as
-.Fa arg_flag
-but it reverses the meaning of the flag (a given short option clears
-the flag), and the synopsis of a long option is negated.
-.It Fa arg_strings
-the argument can be given multiple times, and the values are collected
-in an array;
-.Fa value
-should be a pointer to a
-.Fa struct getarg_strings
-structure, which holds a length and a string pointer.
-.It Fa arg_double
-argument is a double precision floating point value, and
-.Fa value
-should point to a
-.Fa double .
-.It Fa arg_collect
-allows more fine-grained control of the option parsing process.
-.Fa value
-should be a pointer to a
-.Fa getarg_collect_info
-structure:
-.Bd -literal
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *optind,
-				   int *optarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-.Ed
-.Pp
-With the
-.Fa func
-member set to a function to call, and
-.Fa data
-to some application specific data. The parameters to the collect function are:
-.Bl -inset
-.It Fa short_flag
-non-zero if this call is via a short option flag, zero otherwise
-.It Fa argc , argv
-the whole argument list
-.It Fa optind
-pointer to the index in argv where the flag is
-.It Fa optarg
-pointer to the index in argv[*optind] where the flag name starts
-.It Fa data
-application specific data
-.El
-.Pp
-You can modify
-.Fa *optind ,
-and
-.Fa *optarg ,
-but to do this correct you (more or less) have to know about the inner
-workings of getarg.
-.Pp
-You can skip parts of arguments by increasing
-.Fa *optarg
-(you could
-implement the
-.Fl z Ns Ar 3
-set of flags from
-.Nm gzip
-with this), or whole argument strings by increasing
-.Fa *optind
-(let's say you want a flag
-.Fl c Ar x y z
-to specify a coordinate); if you also have to set
-.Fa *optarg
-to a sane value.
-.Pp
-The collect function should return one of
-.Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG, ENOMEM
-on error, zero otherwise.
-.Pp
-For your convenience there is a function,
-.Fn getarg_optarg ,
-that returns the traditional argument string, and you pass it all
-arguments, sans data, that where given to the collection function.
-.Pp
-Don't use this more this unless you absolutely have to.
-.El
-.Pp
-Option parsing is similar to what
-.Xr getopt
-uses. Short options without arguments can be compressed
-.Pf ( Fl xyz
-is the same as
-.Fl x y z ) ,
-and short
-options with arguments take these as either the rest of the
-argv-string or as the next option
-.Pf ( Fl o Ns Ar foo ,
-or
-.Fl o Ar foo ) .
-.Pp
-Long option names are prefixed with -- (double dash), and the value
-with a = (equal),
-.Fl -foo= Ns Ar bar .
-Long option flags can either be specified as they are
-.Pf ( Fl -help ) ,
-or with an (boolean parsable) option
-.Pf ( Fl -help= Ns Ar yes ,
-.Fl -help= Ns Ar true ,
-or similar), or they can also be negated
-.Pf ( Fl -no-help
-is the same as
-.Fl -help= Ns no ) ,
-and if you're really confused you can do it multiple times
-.Pf ( Fl -no-no-help= Ns Ar false ,
-or even
-.Fl -no-no-help= Ns Ar maybe ) .
-.Sh EXAMPLE
-.Bd -literal
-#include <stdio.h>
-#include <string.h>
-#include <getarg.h>
-
-char *source = "Ouagadougou";
-char *destination;
-int weight;
-int include_catalog = 1;
-int help_flag;
-
-struct getargs args[] = {
-    { "source",      's', arg_string,  &source,
-      "source of shippment", "city" },
-    { "destination", 'd', arg_string,  &destination,
-      "destination of shippment", "city" },
-    { "weight",      'w', arg_integer, &weight,
-      "weight of shippment", "tons" },
-    { "catalog",     'c', arg_negative_flag, &include_catalog,
-      "include product catalog" },
-    { "help",        'h', arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */
-
-const char *progname = "ship++";
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    if (getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (1);
-    }
-    if (help_flag) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (0);
-    }
-    if (destination == NULL) {
-	fprintf(stderr, "%s: must specify destination\en", progname);
-	exit(1);
-    }
-    if (strcmp(source, destination) == 0) {
-	fprintf(stderr, "%s: destination must be different from source\en");
-	exit(1);
-    }
-    /* include more stuff here ... */
-    exit(2);
-}
-.Ed
-.Pp
-The output help output from this program looks like this:
-.Bd -literal
-$ ship++ --help
-Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
-   [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
--s city, --source=city      source of shippment
--d city, --destination=city destination of shippment
--w tons, --weight=tons      weight of shippment
--c, --no-catalog            include product catalog
-.Ed
-.Sh BUGS
-It should be more flexible, so it would be possible to use other more
-complicated option syntaxes, such as what
-.Xr ps 1 ,
-and
-.Xr tar 1 ,
-uses, or the AFS model where you can skip the flag names as long as
-the options come in the correct order.
-.Pp
-Options with multiple arguments should be handled better.
-.Pp
-Should be integreated with SL.
-.Pp
-It's very confusing that the struct you pass in is called getargS.
-.Sh SEE ALSO
-.Xr getopt 3
diff --git a/crypto/heimdal/lib/roken/getarg.c b/crypto/heimdal/lib/roken/getarg.c
deleted file mode 100644
index c732d2f..0000000
--- a/crypto/heimdal/lib/roken/getarg.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "roken.h"
-#include "getarg.h"
-
-#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
-
-static size_t
-print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
-{
-    const char *s;
-
-    *string = '\0';
-
-    if (ISFLAG(*arg) || (!longp && arg->type == arg_counter))
-	return 0;
-
-    if(mdoc){
-	if(longp)
-	    strlcat(string, "= Ns", len);
-	strlcat(string, " Ar ", len);
-    } else {
-	if (longp)
-	    strlcat (string, "=", len);
-	else
-	    strlcat (string, " ", len);
-    }
-
-    if (arg->arg_help)
-	s = arg->arg_help;
-    else if (arg->type == arg_integer || arg->type == arg_counter)
-	s = "integer";
-    else if (arg->type == arg_string)
-	s = "string";
-    else if (arg->type == arg_strings)
-	s = "strings";
-    else if (arg->type == arg_double)
-	s = "float";
-    else
-	s = "<undefined>";
-
-    strlcat(string, s, len);
-    return 1 + strlen(s);
-}
-
-static void
-mandoc_template(struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    char timestr[64], cmd[64];
-    char buf[128];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(progname, '/');
-    if(p) p++; else p = progname;
-    strlcpy(cmd, p, sizeof(cmd));
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(i = 0; i < num_args; i++){
-	/* we seem to hit a limit on number of arguments if doing
-           short and long flags with arguments -- split on two lines */
-	if(ISFLAG(args[i]) || 
-	   args[i].short_name == 0 || args[i].long_name == NULL) {
-	    printf(".Op ");
-
-	    if(args[i].short_name) {
-		print_arg(buf, sizeof(buf), 1, 0, args + i);
-		printf("Fl %c%s", args[i].short_name, buf);
-		if(args[i].long_name)
-		    printf(" | ");
-	    }
-	    if(args[i].long_name) {
-		print_arg(buf, sizeof(buf), 1, 1, args + i);
-		printf("Fl -%s%s%s",
-		       args[i].type == arg_negative_flag ? "no-" : "",
-		       args[i].long_name, buf);
-	    }
-	    printf("\n");
-	} else {
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
-	}
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    for(i = 0; i < num_args; i++){
-	printf(".It Xo\n");
-	if(args[i].short_name){
-	    printf(".Fl %c", args[i].short_name);
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf("%s", buf);
-	    if(args[i].long_name)
-		printf(" ,");
-	    printf("\n");
-	}
-	if(args[i].long_name){
-	    printf(".Fl -%s%s",
-		   args[i].type == arg_negative_flag ? "no-" : "",
-		   args[i].long_name);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf("%s\n", buf);
-	}
-	printf(".Xc\n");
-	if(args[i].help)
-	    printf("%s\n", args[i].help);
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-static int
-check_column(FILE *f, int col, int len, int columns)
-{
-    if(col + len > columns) {
-	fprintf(f, "\n");
-	col = fprintf(f, "  ");
-    }
-    return col;
-}
-
-void ROKEN_LIB_FUNCTION
-arg_printusage (struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    size_t max_len = 0;
-    char buf[128];
-    int col = 0, columns;
-    struct winsize ws;
-
-    if (progname == NULL)
-	progname = getprogname();
-
-    if(getenv("GETARGMANDOC")){
-	mandoc_template(args, num_args, progname, extra_string);
-	return;
-    }
-    if(get_window_size(2, &ws) == 0)
-	columns = ws.ws_col;
-    else
-	columns = 80;
-    col = 0;
-    col += fprintf (stderr, "Usage: %s", progname);
-    buf[0] = '\0';
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].short_name && ISFLAG(args[i])) {
-	    char s[2];
-	    if(buf[0] == '\0')
-		strlcpy(buf, "[-", sizeof(buf));
-	    s[0] = args[i].short_name;
-	    s[1] = '\0';
-	    strlcat(buf, s, sizeof(buf));
-	}
-    }
-    if(buf[0] != '\0') {
-	strlcat(buf, "]", sizeof(buf));
-	col = check_column(stderr, col, strlen(buf) + 1, columns);
-	col += fprintf(stderr, " %s", buf);
-    }
-
-    for (i = 0; i < num_args; ++i) {
-	size_t len = 0;
-
-	if (args[i].long_name) {
-	    buf[0] = '\0';
-	    strlcat(buf, "[--", sizeof(buf));
-	    len += 2;
-	    if(args[i].type == arg_negative_flag) {
-		strlcat(buf, "no-", sizeof(buf));
-		len += 3;
-	    }
-	    strlcat(buf, args[i].long_name, sizeof(buf));
-	    len += strlen(args[i].long_name);
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 1, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].short_name && !ISFLAG(args[i])) {
-	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
-	    len += 2;
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 0, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].long_name && args[i].short_name)
-	    len += 2; /* ", " */
-	max_len = max(max_len, len);
-    }
-    if (extra_string) {
-	col = check_column(stderr, col, strlen(extra_string) + 1, columns);
-	fprintf (stderr, " %s\n", extra_string);
-    } else
-	fprintf (stderr, "\n");
-    for (i = 0; i < num_args; ++i) {
-	if (args[i].help) {
-	    size_t count = 0;
-
-	    if (args[i].short_name) {
-		count += fprintf (stderr, "-%c", args[i].short_name);
-		print_arg (buf, sizeof(buf), 0, 0, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    if (args[i].short_name && args[i].long_name)
-		count += fprintf (stderr, ", ");
-	    if (args[i].long_name) {
-		count += fprintf (stderr, "--");
-		if (args[i].type == arg_negative_flag)
-		    count += fprintf (stderr, "no-");
-		count += fprintf (stderr, "%s", args[i].long_name);
-		print_arg (buf, sizeof(buf), 0, 1, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    while(count++ <= max_len)
-		putc (' ', stderr);
-	    fprintf (stderr, "%s\n", args[i].help);
-	}
-    }
-}
-
-static int
-add_string(getarg_strings *s, char *value)
-{
-    char **strings;
-
-    strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
-    if (strings == NULL) {
-	free(s->strings);
-	s->strings = NULL;
-	s->num_strings = 0;
-	return ENOMEM;
-    }
-    s->strings = strings;
-    s->strings[s->num_strings] = value;
-    s->num_strings++;
-    return 0;
-}
-
-static int
-arg_match_long(struct getargs *args, size_t num_args,
-	       char *argv, int argc, char **rargv, int *goptind)
-{
-    int i;
-    char *goptarg = NULL;
-    int negate = 0;
-    int partial_match = 0;
-    struct getargs *partial = NULL;
-    struct getargs *current = NULL;
-    int argv_len;
-    char *p;
-    int p_len;
-
-    argv_len = strlen(argv);
-    p = strchr (argv, '=');
-    if (p != NULL)
-	argv_len = p - argv;
-
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].long_name) {
-	    int len = strlen(args[i].long_name);
-	    p = argv;
-	    p_len = argv_len;
-	    negate = 0;
-
-	    for (;;) {
-		if (strncmp (args[i].long_name, p, p_len) == 0) {
-		    if(p_len == len)
-			current = &args[i];
-		    else {
-			++partial_match;
-			partial = &args[i];
-		    }
-		    goptarg  = p + p_len;
-		} else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
-		    negate = !negate;
-		    p += 3;
-		    p_len -= 3;
-		    continue;
-		}
-		break;
-	    }
-	    if (current)
-		break;
-	}
-    }
-    if (current == NULL) {
-	if (partial_match == 1)
-	    current = partial;
-	else
-	    return ARG_ERR_NO_MATCH;
-    }
-    
-    if(*goptarg == '\0'
-       && !ISFLAG(*current)
-       && current->type != arg_collect
-       && current->type != arg_counter)
-	return ARG_ERR_NO_MATCH;
-    switch(current->type){
-    case arg_integer:
-    {
-	int tmp;
-	if(sscanf(goptarg + 1, "%d", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int*)current->value = tmp;
-	return 0;
-    }
-    case arg_string:
-    {
-	*(char**)current->value = goptarg + 1;
-	return 0;
-    }
-    case arg_strings:
-    {
-	return add_string((getarg_strings*)current->value, goptarg + 1);
-    }
-    case arg_flag:
-    case arg_negative_flag:
-    {
-	int *flag = current->value;
-	if(*goptarg == '\0' ||
-	   strcmp(goptarg + 1, "yes") == 0 || 
-	   strcmp(goptarg + 1, "true") == 0){
-	    *flag = !negate;
-	    return 0;
-	} else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
-#ifdef HAVE_RANDOM
-	    *flag = random() & 1;
-#else
-	    *flag = rand() & 1;
-#endif
-	} else {
-	    *flag = negate;
-	    return 0;
-	}
-	return ARG_ERR_BAD_ARG;
-    }
-    case arg_counter :
-    {
-	int val;
-
-	if (*goptarg == '\0')
-	    val = 1;
-	else if(sscanf(goptarg + 1, "%d", &val) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int *)current->value += val;
-	return 0;
-    }
-    case arg_double:
-    {
-	double tmp;
-	if(sscanf(goptarg + 1, "%lf", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(double*)current->value = tmp;
-	return 0;
-    }
-    case arg_collect:{
-	struct getarg_collect_info *c = current->value;
-	int o = argv - rargv[*goptind];
-	return (*c->func)(FALSE, argc, rargv, goptind, &o, c->data);
-    }
-
-    default:
-	abort ();
-    }
-}
-
-static int
-arg_match_short (struct getargs *args, size_t num_args,
-		 char *argv, int argc, char **rargv, int *goptind)
-{
-    int j, k;
-
-    for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
-	for(k = 0; k < num_args; k++) {
-	    char *goptarg;
-
-	    if(args[k].short_name == 0)
-		continue;
-	    if(argv[j] == args[k].short_name) {
-		if(args[k].type == arg_flag) {
-		    *(int*)args[k].value = 1;
-		    break;
-		}
-		if(args[k].type == arg_negative_flag) {
-		    *(int*)args[k].value = 0;
-		    break;
-		} 
-		if(args[k].type == arg_counter) {
-		    ++*(int *)args[k].value;
-		    break;
-		}
-		if(args[k].type == arg_collect) {
-		    struct getarg_collect_info *c = args[k].value;
-
-		    if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
-			return ARG_ERR_BAD_ARG;
-		    break;
-		}
-
-		if(argv[j + 1])
-		    goptarg = &argv[j + 1];
-		else {
-		    ++*goptind;
-		    goptarg = rargv[*goptind];
-		}
-		if(goptarg == NULL) {
-		    --*goptind;
-		    return ARG_ERR_NO_ARG;
-		}
-		if(args[k].type == arg_integer) {
-		    int tmp;
-		    if(sscanf(goptarg, "%d", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(int*)args[k].value = tmp;
-		    return 0;
-		} else if(args[k].type == arg_string) {
-		    *(char**)args[k].value = goptarg;
-		    return 0;
-		} else if(args[k].type == arg_strings) {
-		    return add_string((getarg_strings*)args[k].value, goptarg);
-		} else if(args[k].type == arg_double) {
-		    double tmp;
-		    if(sscanf(goptarg, "%lf", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(double*)args[k].value = tmp;
-		    return 0;
-		}
-		return ARG_ERR_BAD_ARG;
-	    }
-	}
-	if (k == num_args)
-	    return ARG_ERR_NO_MATCH;
-    }
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-getarg(struct getargs *args, size_t num_args, 
-       int argc, char **argv, int *goptind)
-{
-    int i;
-    int ret = 0;
-
-#if defined(HAVE_SRANDOMDEV)
-    srandomdev();
-#elif defined(HAVE_RANDOM)
-    srandom(time(NULL));
-#else
-    srand (time(NULL));
-#endif
-    (*goptind)++;
-    for(i = *goptind; i < argc; i++) {
-	if(argv[i][0] != '-')
-	    break;
-	if(argv[i][1] == '-'){
-	    if(argv[i][2] == 0){
-		i++;
-		break;
-	    }
-	    ret = arg_match_long (args, num_args, argv[i] + 2, 
-				  argc, argv, &i);
-	} else {
-	    ret = arg_match_short (args, num_args, argv[i],
-				   argc, argv, &i);
-	}
-	if(ret)
-	    break;
-    }
-    *goptind = i;
-    return ret;
-}
-
-void ROKEN_LIB_FUNCTION
-free_getarg_strings (getarg_strings *s)
-{
-    free (s->strings);
-}
-
-#if TEST
-int foo_flag = 2;
-int flag1 = 0;
-int flag2 = 0;
-int bar_int;
-char *baz_string;
-
-struct getargs args[] = {
-    { NULL, '1', arg_flag, &flag1, "one", NULL },
-    { NULL, '2', arg_flag, &flag2, "two", NULL },
-    { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
-    { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
-    { "baz", 'x', arg_string, &baz_string, "baz", "name" },
-};
-
-int main(int argc, char **argv)
-{
-    int goptind = 0;
-    while(getarg(args, 5, argc, argv, &goptind))
-	printf("Bad arg: %s\n", argv[goptind]);
-    printf("flag1 = %d\n", flag1);  
-    printf("flag2 = %d\n", flag2);  
-    printf("foo_flag = %d\n", foo_flag);  
-    printf("bar_int = %d\n", bar_int);
-    printf("baz_flag = %s\n", baz_string);
-    arg_printusage (args, 5, argv[0], "nothing here");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getarg.h b/crypto/heimdal/lib/roken/getarg.h
deleted file mode 100644
index 62d1b66..0000000
--- a/crypto/heimdal/lib/roken/getarg.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */
-
-#ifndef __GETARG_H__
-#define __GETARG_H__
-
-#include <stddef.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer, 
-	   arg_string, 
-	   arg_flag, 
-	   arg_negative_flag, 
-	   arg_strings,
-	   arg_double,
-	   arg_collect,
-	   arg_counter
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-
-enum {
-    ARG_ERR_NO_MATCH  = 1,
-    ARG_ERR_BAD_ARG,
-    ARG_ERR_NO_ARG
-};
-
-typedef struct getarg_strings {
-    int num_strings;
-    char **strings;
-} getarg_strings;
-
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *goptind,
-				   int *goptarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-
-int ROKEN_LIB_FUNCTION
-getarg(struct getargs *args, size_t num_args, 
-       int argc, char **argv, int *goptind);
-
-void ROKEN_LIB_FUNCTION
-arg_printusage (struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string);
-
-void ROKEN_LIB_FUNCTION
-free_getarg_strings (getarg_strings *);
-
-#endif /* __GETARG_H__ */
diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c
deleted file mode 100644
index a4e3a7d..0000000
--- a/crypto/heimdal/lib/roken/getcap.c
+++ /dev/null
@@ -1,1122 +0,0 @@
-/*	$NetBSD: getcap.c,v 1.29 1999/03/29 09:27:29 abs Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Casey Leedom of Lawrence Livermore National Laboratory.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-RCSID("$Id: getcap.c 22071 2007-11-14 20:04:50Z lha $");
-
-#include <sys/types.h>
-#include <ctype.h>
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-#include <errno.h>	
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define	BFRAG		1024
-#if 0
-#define	BSIZE		1024
-#endif
-#define	ESC		('[' & 037)	/* ASCII ESC */
-#define	MAX_RECURSION	32		/* maximum getent recursion */
-#define	SFRAG		100		/* cgetstr mallocs in SFRAG chunks */
-
-#define RECOK	(char)0
-#define TCERR	(char)1
-#define	SHADOW	(char)2
-
-static size_t	 topreclen;	/* toprec length */
-static char	*toprec;	/* Additional record specified by cgetset() */
-static int	 gottoprec;	/* Flag indicating retrieval of toprecord */
-
-#if 0 /*
-       * Don't use db support unless it's build into libc but we don't
-       * check for that now, so just disable the code.
-       */
-#if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)
-#define USE_DB
-#endif
-#endif
-
-#ifdef USE_DB
-static int	cdbget (DB *, char **, const char *);
-#endif
-static int 	getent (char **, size_t *, char **, int, const char *, int, char *);
-static int	nfcmp (char *, char *);
-
-
-int ROKEN_LIB_FUNCTION cgetset(const char *ent);
-char *ROKEN_LIB_FUNCTION cgetcap(char *buf, const char *cap, int type);
-int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name);
-int ROKEN_LIB_FUNCTION cgetmatch(const char *buf, const char *name);
-int ROKEN_LIB_FUNCTION cgetclose(void);
-#if 0
-int cgetfirst(char **buf, char **db_array);
-int cgetnext(char **bp, char **db_array);
-#endif
-int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str);
-int ROKEN_LIB_FUNCTION cgetustr(char *buf, const char *cap, char **str);
-int ROKEN_LIB_FUNCTION cgetnum(char *buf, const char *cap, long *num);
-/*
- * Cgetset() allows the addition of a user specified buffer to be added
- * to the database array, in effect "pushing" the buffer on top of the
- * virtual database. 0 is returned on success, -1 on failure.
- */
-int ROKEN_LIB_FUNCTION
-cgetset(const char *ent)
-{
-    const char *source, *check;
-    char *dest;
-
-    if (ent == NULL) {
-	if (toprec)
-	    free(toprec);
-	toprec = NULL;
-	topreclen = 0;
-	return (0);
-    }
-    topreclen = strlen(ent);
-    if ((toprec = malloc (topreclen + 1)) == NULL) {
-	errno = ENOMEM;
-	return (-1);
-    }
-    gottoprec = 0;
-
-    source=ent;
-    dest=toprec;
-    while (*source) { /* Strip whitespace */
-	*dest++ = *source++; /* Do not check first field */
-	while (*source == ':') {
-	    check=source+1;
-	    while (*check && (isspace((unsigned char)*check) ||
-			      (*check=='\\' && isspace((unsigned char)check[1]))))
-		++check;
-	    if( *check == ':' )
-		source=check;
-	    else
-		break;
-
-	}
-    }
-    *dest=0;
-
-    return (0);
-}
-
-/*
- * Cgetcap searches the capability record buf for the capability cap with
- * type `type'.  A pointer to the value of cap is returned on success, NULL
- * if the requested capability couldn't be found.
- *
- * Specifying a type of ':' means that nothing should follow cap (:cap:).
- * In this case a pointer to the terminating ':' or NUL will be returned if
- * cap is found.
- *
- * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
- * return NULL.
- */
-char * ROKEN_LIB_FUNCTION
-cgetcap(char *buf, const char *cap, int type)
-{
-    char *bp;
-    const char *cp;
-
-    bp = buf;
-    for (;;) {
-	/*
-	 * Skip past the current capability field - it's either the
-	 * name field if this is the first time through the loop, or
-	 * the remainder of a field whose name failed to match cap.
-	 */
-	for (;;)
-	    if (*bp == '\0')
-		return (NULL);
-	    else
-		if (*bp++ == ':')
-		    break;
-
-	/*
-	 * Try to match (cap, type) in buf.
-	 */
-	for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
-	    continue;
-	if (*cp != '\0')
-	    continue;
-	if (*bp == '@')
-	    return (NULL);
-	if (type == ':') {
-	    if (*bp != '\0' && *bp != ':')
-		continue;
-	    return(bp);
-	}
-	if (*bp != type)
-	    continue;
-	bp++;
-	return (*bp == '@' ? NULL : bp);
-    }
-    /* NOTREACHED */
-}
-
-/*
- * Cgetent extracts the capability record name from the NULL terminated file
- * array db_array and returns a pointer to a malloc'd copy of it in buf.
- * Buf must be retained through all subsequent calls to cgetcap, cgetnum,
- * cgetflag, and cgetstr, but may then be free'd.  0 is returned on success,
- * -1 if the requested record couldn't be found, -2 if a system error was
- * encountered (couldn't open/read a file, etc.), and -3 if a potential
- * reference loop is detected.
- */
-int ROKEN_LIB_FUNCTION
-cgetent(char **buf, char **db_array, const char *name)
-{
-    size_t dummy;
-
-    return (getent(buf, &dummy, db_array, -1, name, 0, NULL));
-}
-
-/*
- * Getent implements the functions of cgetent.  If fd is non-negative,
- * *db_array has already been opened and fd is the open file descriptor.  We
- * do this to save time and avoid using up file descriptors for tc=
- * recursions.
- *
- * Getent returns the same success/failure codes as cgetent.  On success, a
- * pointer to a malloc'ed capability record with all tc= capabilities fully
- * expanded and its length (not including trailing ASCII NUL) are left in
- * *cap and *len.
- *
- * Basic algorithm:
- *	+ Allocate memory incrementally as needed in chunks of size BFRAG
- *	  for capability buffer.
- *	+ Recurse for each tc=name and interpolate result.  Stop when all
- *	  names interpolated, a name can't be found, or depth exceeds
- *	  MAX_RECURSION.
- */
-static int
-getent(char **cap, size_t *len, char **db_array, int fd, 
-       const char *name, int depth, char *nfield)
-{
-    char *r_end, *rp = NULL, **db_p;	/* pacify gcc */
-    int myfd = 0, eof, foundit;
-    char *record;
-    int tc_not_resolved;
-	
-    /*
-     * Return with ``loop detected'' error if we've recursed more than
-     * MAX_RECURSION times.
-     */
-    if (depth > MAX_RECURSION)
-	return (-3);
-
-    /*
-     * Check if we have a top record from cgetset().
-     */
-    if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
-	size_t len = topreclen + BFRAG;
-	if ((record = malloc (len)) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-	(void)strlcpy(record, toprec, len);
-	db_p = db_array;
-	rp = record + topreclen + 1;
-	r_end = rp + BFRAG;
-	goto tc_exp;
-    }
-    /*
-     * Allocate first chunk of memory.
-     */
-    if ((record = malloc(BFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);
-    }
-    r_end = record + BFRAG;
-    foundit = 0;
-    /*
-     * Loop through database array until finding the record.
-     */
-
-    for (db_p = db_array; *db_p != NULL; db_p++) {
-	eof = 0;
-
-	/*
-	 * Open database if not already open.
-	 */
-
-	if (fd >= 0) {
-	    (void)lseek(fd, (off_t)0, SEEK_SET);
-	} else {
-#ifdef USE_DB
-	    char pbuf[_POSIX_PATH_MAX];
-	    char *cbuf;
-	    size_t clen;
-	    int retval;
-	    DB *capdbp;
-
-	    (void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
-	    if ((capdbp = dbopen(pbuf, O_RDONLY, 0, DB_HASH, 0))
-		!= NULL) {
-		free(record);
-		retval = cdbget(capdbp, &record, name);
-		if (retval < 0) {
-		    /* no record available */
-		    (void)capdbp->close(capdbp);
-		    return (retval);
-		}
-				/* save the data; close frees it */
-		clen = strlen(record);
-		cbuf = malloc(clen + 1);
-		if (cbuf == NULL)
-		    return (-2);
-		memmove(cbuf, record, clen + 1);
-		if (capdbp->close(capdbp) < 0) {
-		    free(cbuf);
-		    return (-2);
-		}
-		*len = clen;
-		*cap = cbuf;
-		return (retval);
-	    } else
-#endif
-	    {
-		fd = open(*db_p, O_RDONLY, 0);
-		if (fd < 0) {
-		    /* No error on unfound file. */
-		    continue;
-		}
-		myfd = 1;
-	    }
-	}
-	/*
-	 * Find the requested capability record ...
-	 */
-	{
-	    char buf[BUFSIZ];
-	    char *b_end, *bp, *cp;
-	    int c, slash;
-
-	    /*
-	     * Loop invariants:
-	     *	There is always room for one more character in record.
-	     *	R_end always points just past end of record.
-	     *	Rp always points just past last character in record.
-	     *	B_end always points just past last character in buf.
-	     *	Bp always points at next character in buf.
-	     *	Cp remembers where the last colon was.
-	     */
-	    b_end = buf;
-	    bp = buf;
-	    cp = 0;
-	    slash = 0;
-	    for (;;) {
-
-		/*
-		 * Read in a line implementing (\, newline)
-		 * line continuation.
-		 */
-		rp = record;
-		for (;;) {
-		    if (bp >= b_end) {
-			int n;
-		
-			n = read(fd, buf, sizeof(buf));
-			if (n <= 0) {
-			    if (myfd)
-				(void)close(fd);
-			    if (n < 0) {
-				free(record);
-				return (-2);
-			    } else {
-				fd = -1;
-				eof = 1;
-				break;
-			    }
-			}
-			b_end = buf+n;
-			bp = buf;
-		    }
-	
-		    c = *bp++;
-		    if (c == '\n') {
-			if (slash) {
-			    slash = 0;
-			    rp--;
-			    continue;
-			} else
-			    break;
-		    }
-		    if (slash) {
-			slash = 0;
-			cp = 0;
-		    }
-		    if (c == ':') {
-			/*
-			 * If the field was `empty' (i.e.
-			 * contained only white space), back up
-			 * to the colon (eliminating the
-			 * field).
-			 */
-			if (cp)
-			    rp = cp;
-			else
-			    cp = rp;
-		    } else if (c == '\\') {
-			slash = 1;
-		    } else if (c != ' ' && c != '\t') {
-			/*
-			 * Forget where the colon was, as this
-			 * is not an empty field.
-			 */
-			cp = 0;
-		    }
-		    *rp++ = c;
-
-				/*
-				 * Enforce loop invariant: if no room 
-				 * left in record buffer, try to get
-				 * some more.
-				 */
-		    if (rp >= r_end) {
-			u_int pos;
-			size_t newsize;
-
-			pos = rp - record;
-			newsize = r_end - record + BFRAG;
-			record = realloc(record, newsize);
-			if (record == NULL) {
-			    errno = ENOMEM;
-			    if (myfd)
-				(void)close(fd);
-			    return (-2);
-			}
-			r_end = record + newsize;
-			rp = record + pos;
-		    }
-		}
-		/* Eliminate any white space after the last colon. */
-		if (cp)
-		    rp = cp + 1;
-		/* Loop invariant lets us do this. */
-		*rp++ = '\0';
-
-		/*
-		 * If encountered eof check next file.
-		 */
-		if (eof)
-		    break;
-				
-		/*
-		 * Toss blank lines and comments.
-		 */
-		if (*record == '\0' || *record == '#')
-		    continue;
-	
-		/*
-		 * See if this is the record we want ...
-		 */
-		if (cgetmatch(record, name) == 0) {
-		    if (nfield == NULL || !nfcmp(nfield, record)) {
-			foundit = 1;
-			break;	/* found it! */
-		    }
-		}
-	    }
-	}
-	if (foundit)
-	    break;
-    }
-
-    if (!foundit)
-	return (-1);
-
-    /*
-     * Got the capability record, but now we have to expand all tc=name
-     * references in it ...
-     */
- tc_exp:	{
-	char *newicap, *s;
-	size_t ilen, newilen;
-	int diff, iret, tclen;
-	char *icap, *scan, *tc, *tcstart, *tcend;
-
-	/*
-	 * Loop invariants:
-	 *	There is room for one more character in record.
-	 *	R_end points just past end of record.
-	 *	Rp points just past last character in record.
-	 *	Scan points at remainder of record that needs to be
-	 *	scanned for tc=name constructs.
-	 */
-	scan = record;
-	tc_not_resolved = 0;
-	for (;;) {
-	    if ((tc = cgetcap(scan, "tc", '=')) == NULL)
-		break;
-
-	    /*
-	     * Find end of tc=name and stomp on the trailing `:'
-	     * (if present) so we can use it to call ourselves.
-	     */
-	    s = tc;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':') {
-			*(s - 1) = '\0';
-			break;
-		    }
-	    tcstart = tc - 3;
-	    tclen = s - tcstart;
-	    tcend = s;
-
-	    iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, 
-			  NULL);
-	    newicap = icap;		/* Put into a register. */
-	    newilen = ilen;
-	    if (iret != 0) {
-				/* an error */
-		if (iret < -1) {
-		    if (myfd)
-			(void)close(fd);
-		    free(record);
-		    return (iret);
-		}
-		if (iret == 1)
-		    tc_not_resolved = 1;
-				/* couldn't resolve tc */
-		if (iret == -1) {
-		    *(s - 1) = ':';			
-		    scan = s - 1;
-		    tc_not_resolved = 1;
-		    continue;
-					
-		}
-	    }
-	    /* not interested in name field of tc'ed record */
-	    s = newicap;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':')
-			break;
-	    newilen -= s - newicap;
-	    newicap = s;
-
-	    /* make sure interpolated record is `:'-terminated */
-	    s += newilen;
-	    if (*(s-1) != ':') {
-		*s = ':';	/* overwrite NUL with : */
-		newilen++;
-	    }
-
-	    /*
-	     * Make sure there's enough room to insert the
-	     * new record.
-	     */
-	    diff = newilen - tclen;
-	    if (diff >= r_end - rp) {
-		u_int pos, tcpos, tcposend;
-		size_t newsize;
-
-		pos = rp - record;
-		newsize = r_end - record + diff + BFRAG;
-		tcpos = tcstart - record;
-		tcposend = tcend - record;
-		record = realloc(record, newsize);
-		if (record == NULL) {
-		    errno = ENOMEM;
-		    if (myfd)
-			(void)close(fd);
-		    free(icap);
-		    return (-2);
-		}
-		r_end = record + newsize;
-		rp = record + pos;
-		tcstart = record + tcpos;
-		tcend = record + tcposend;
-	    }
-
-	    /*
-	     * Insert tc'ed record into our record.
-	     */
-	    s = tcstart + newilen;
-	    memmove(s, tcend,  (size_t)(rp - tcend));
-	    memmove(tcstart, newicap, newilen);
-	    rp += diff;
-	    free(icap);
-
-	    /*
-	     * Start scan on `:' so next cgetcap works properly
-	     * (cgetcap always skips first field).
-	     */
-	    scan = s-1;
-	}
-	
-    }
-    /*
-     * Close file (if we opened it), give back any extra memory, and
-     * return capability, length and success.
-     */
-    if (myfd)
-	(void)close(fd);
-    *len = rp - record - 1;	/* don't count NUL */
-    if (r_end > rp)
-	if ((record = 
-	     realloc(record, (size_t)(rp - record))) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-		
-    *cap = record;
-    if (tc_not_resolved)
-	return (1);
-    return (0);
-}	
-
-#ifdef USE_DB
-static int
-cdbget(DB *capdbp, char **bp, const char *name)
-{
-	DBT key;
-	DBT data;
-
-	/* LINTED key is not modified */
-	key.data = (char *)name;
-	key.size = strlen(name);
-
-	for (;;) {
-		/* Get the reference. */
-		switch(capdbp->get(capdbp, &key, &data, 0)) {
-		case -1:
-			return (-2);
-		case 1:
-			return (-1);
-		}
-
-		/* If not an index to another record, leave. */
-		if (((char *)data.data)[0] != SHADOW)
-			break;
-
-		key.data = (char *)data.data + 1;
-		key.size = data.size - 1;
-	}
-	
-	*bp = (char *)data.data + 1;
-	return (((char *)(data.data))[0] == TCERR ? 1 : 0);
-}
-#endif /* USE_DB */
-
-/*
- * Cgetmatch will return 0 if name is one of the names of the capability
- * record buf, -1 if not.
- */
-int
-cgetmatch(const char *buf, const char *name)
-{
-    const char *np, *bp;
-
-    /*
-     * Start search at beginning of record.
-     */
-    bp = buf;
-    for (;;) {
-	/*
-	 * Try to match a record name.
-	 */
-	np = name;
-	for (;;)
-	    if (*np == '\0') {
-		if (*bp == '|' || *bp == ':' || *bp == '\0')
-		    return (0);
-		else
-		    break;
-	    } else
-		if (*bp++ != *np++)
-		    break;
-
-	/*
-	 * Match failed, skip to next name in record.
-	 */
-	bp--;	/* a '|' or ':' may have stopped the match */
-	for (;;)
-	    if (*bp == '\0' || *bp == ':')
-		return (-1);	/* match failed totally */
-	    else
-		if (*bp++ == '|')
-		    break;	/* found next name */
-    }
-}
-
-#if 0
-int
-cgetfirst(char **buf, char **db_array)
-{
-    (void)cgetclose();
-    return (cgetnext(buf, db_array));
-}
-#endif
-
-static FILE *pfp;
-static int slash;
-static char **dbp;
-
-int ROKEN_LIB_FUNCTION
-cgetclose(void)
-{
-    if (pfp != NULL) {
-	(void)fclose(pfp);
-	pfp = NULL;
-    }
-    dbp = NULL;
-    gottoprec = 0;
-    slash = 0;
-    return(0);
-}
-
-#if 0
-/*
- * Cgetnext() gets either the first or next entry in the logical database 
- * specified by db_array.  It returns 0 upon completion of the database, 1
- * upon returning an entry with more remaining, and -1 if an error occurs.
- */
-int
-cgetnext(char **bp, char **db_array)
-{
-    size_t len;
-    int status, done;
-    char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
-    size_t dummy;
-
-    if (dbp == NULL)
-	dbp = db_array;
-
-    if (pfp == NULL && (pfp = fopen(*dbp, "r")) == NULL) {
-	(void)cgetclose();
-	return (-1);
-    }
-    for(;;) {
-	if (toprec && !gottoprec) {
-	    gottoprec = 1;
-	    line = toprec;
-	} else {
-	    line = fgetln(pfp, &len);
-	    if (line == NULL && pfp) {
-		if (ferror(pfp)) {
-		    (void)cgetclose();
-		    return (-1);
-		} else {
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    if (*++dbp == NULL) {
-			(void)cgetclose();
-			return (0);
-		    } else if ((pfp =
-				fopen(*dbp, "r")) == NULL) {
-			(void)cgetclose();
-			return (-1);
-		    } else
-			continue;
-		}
-	    } else
-		line[len - 1] = '\0';
-	    if (len == 1) {
-		slash = 0;
-		continue;
-	    }
-	    if (isspace((unsigned char)*line) ||
-		*line == ':' || *line == '#' || slash) {
-		if (line[len - 2] == '\\')
-		    slash = 1;
-		else
-		    slash = 0;
-		continue;
-	    }
-	    if (line[len - 2] == '\\')
-		slash = 1;
-	    else
-		slash = 0;
-	}			
-
-
-	/* 
-	 * Line points to a name line.
-	 */
-	done = 0;
-	np = nbuf;
-	for (;;) {
-	    for (cp = line; *cp != '\0'; cp++) {
-		if (*cp == ':') {
-		    *np++ = ':';
-		    done = 1;
-		    break;
-		}
-		if (*cp == '\\')
-		    break;
-		*np++ = *cp;
-	    }
-	    if (done) {
-		*np = '\0';
-		break;
-	    } else { /* name field extends beyond the line */
-		line = fgetln(pfp, &len);
-		if (line == NULL && pfp) {
-		    if (ferror(pfp)) {
-			(void)cgetclose();
-			return (-1);
-		    }
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    *np = '\0';
-		    break;
-		} else
-		    line[len - 1] = '\0';
-	    }
-	}
-	rp = buf;
-	for(cp = nbuf; *cp != '\0'; cp++)
-	    if (*cp == '|' || *cp == ':')
-		break;
-	    else
-		*rp++ = *cp;
-
-	*rp = '\0';
-	/* 
-	 * XXX 
-	 * Last argument of getent here should be nbuf if we want true
-	 * sequential access in the case of duplicates.  
-	 * With NULL, getent will return the first entry found
-	 * rather than the duplicate entry record.  This is a 
-	 * matter of semantics that should be resolved.
-	 */
-	status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
-	if (status == -2 || status == -3)
-	    (void)cgetclose();
-
-	return (status + 1);
-    }
-    /* NOTREACHED */
-}
-#endif
-
-/*
- * Cgetstr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  A pointer to a decoded, NUL
- * terminated, malloc'd copy of the string is returned in the char *
- * pointed to by str.  The length of the string not including the trailing
- * NUL is returned on success, -1 if the requested string capability
- * couldn't be found, -2 if a system error was encountered (storage
- * allocation failure).
- */
-int ROKEN_LIB_FUNCTION
-cgetstr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    bp = cgetcap(buf, cap, '=');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	if (*bp == '^') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    *mp++ = *bp++ & 037;
-	} else if (*bp == '\\') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    if ('0' <= *bp && *bp <= '7') {
-		int n, i;
-
-		n = 0;
-		i = 3;	/* maximum of three octal digits */
-		do {
-		    n = n * 8 + (*bp++ - '0');
-		} while (--i && '0' <= *bp && *bp <= '7');
-		*mp++ = n;
-	    }
-	    else switch (*bp++) {
-	    case 'b': case 'B':
-		*mp++ = '\b';
-		break;
-	    case 't': case 'T':
-		*mp++ = '\t';
-		break;
-	    case 'n': case 'N':
-		*mp++ = '\n';
-		break;
-	    case 'f': case 'F':
-		*mp++ = '\f';
-		break;
-	    case 'r': case 'R':
-		*mp++ = '\r';
-		break;
-	    case 'e': case 'E':
-		*mp++ = ESC;
-		break;
-	    case 'c': case 'C':
-		*mp++ = ':';
-		break;
-	    default:
-		/*
-		 * Catches '\', '^', and
-		 *  everything else.
-		 */
-		*mp++ = *(bp-1);
-		break;
-	    }
-	} else
-	    *mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetustr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  The difference between cgetustr()
- * and cgetstr() is that cgetustr does not decode escapes but rather treats
- * all characters literally.  A pointer to a  NUL terminated malloc'd 
- * copy of the string is returned in the char pointed to by str.  The 
- * length of the string not including the trailing NUL is returned on success,
- * -1 if the requested string capability couldn't be found, -2 if a system 
- * error was encountered (storage allocation failure).
- */
-int ROKEN_LIB_FUNCTION
-cgetustr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    if ((bp = cgetcap(buf, cap, '=')) == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	*mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetnum retrieves the value of the numeric capability cap from the
- * capability record pointed to by buf.  The numeric value is returned in
- * the long pointed to by num.  0 is returned on success, -1 if the requested
- * numeric capability couldn't be found.
- */
-int ROKEN_LIB_FUNCTION
-cgetnum(char *buf, const char *cap, long *num)
-{
-    long n;
-    int base, digit;
-    const char *bp;
-
-    /*
-     * Find numeric capability cap
-     */
-    bp = cgetcap(buf, cap, '#');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Look at value and determine numeric base:
-     *	0x... or 0X...	hexadecimal,
-     * else	0...		octal,
-     * else			decimal.
-     */
-    if (*bp == '0') {
-	bp++;
-	if (*bp == 'x' || *bp == 'X') {
-	    bp++;
-	    base = 16;
-	} else
-	    base = 8;
-    } else
-	base = 10;
-
-    /*
-     * Conversion loop ...
-     */
-    n = 0;
-    for (;;) {
-	if ('0' <= *bp && *bp <= '9')
-	    digit = *bp - '0';
-	else if ('a' <= *bp && *bp <= 'f')
-	    digit = 10 + *bp - 'a';
-	else if ('A' <= *bp && *bp <= 'F')
-	    digit = 10 + *bp - 'A';
-	else
-	    break;
-
-	if (digit >= base)
-	    break;
-
-	n = n * base + digit;
-	bp++;
-    }
-
-    /*
-     * Return value and success.
-     */
-    *num = n;
-    return (0);
-}
-
-
-/*
- * Compare name field of record.
- */
-static int
-nfcmp(char *nf, char *rec)
-{
-    char *cp, tmp;
-    int ret;
-	
-    for (cp = rec; *cp != ':'; cp++)
-	;
-	
-    tmp = *(cp + 1);
-    *(cp + 1) = '\0';
-    ret = strcmp(nf, rec);
-    *(cp + 1) = tmp;
-
-    return (ret);
-}
diff --git a/crypto/heimdal/lib/roken/getcwd.c b/crypto/heimdal/lib/roken/getcwd.c
deleted file mode 100644
index a32149c..0000000
--- a/crypto/heimdal/lib/roken/getcwd.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getcwd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#include "roken.h"
-
-char* ROKEN_LIB_FUNCTION
-getcwd(char *path, size_t size)
-{
-    char xxx[MaxPathLen];
-    char *ret;
-    ret = getwd(xxx);
-    if(ret)
-	strlcpy(path, xxx, size);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getdtablesize.c b/crypto/heimdal/lib/roken/getdtablesize.c
deleted file mode 100644
index a6ef38b..0000000
--- a/crypto/heimdal/lib/roken/getdtablesize.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getdtablesize.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h>
-#endif
-
-int ROKEN_LIB_FUNCTION
-getdtablesize(void)
-{
-  int files = -1;
-#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
-  files = sysconf(_SC_OPEN_MAX);
-#else /* !defined(HAVE_SYSCONF) */
-#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
-  struct rlimit res;
-  if (getrlimit(RLIMIT_NOFILE, &res) == 0)
-    files = res.rlim_cur;
-#else /* !definded(HAVE_GETRLIMIT) */
-#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
-  int mib[2];
-  size_t len;
-    
-  mib[0] = CTL_KERN;
-  mib[1] = KERN_MAXFILES;
-  len = sizeof(files);
-  sysctl(&mib, 2, &files, sizeof(files), NULL, 0);
-#endif /* defined(HAVE_SYSCTL) */
-#endif /* !definded(HAVE_GETRLIMIT) */
-#endif /* !defined(HAVE_SYSCONF) */
-
-#ifdef OPEN_MAX
-  if (files < 0)
-    files = OPEN_MAX;
-#endif
-
-#ifdef NOFILE
-  if (files < 0)
-    files = NOFILE;
-#endif    
-    
-  return files;
-}
diff --git a/crypto/heimdal/lib/roken/getegid.c b/crypto/heimdal/lib/roken/getegid.c
deleted file mode 100644
index 57ea198..0000000
--- a/crypto/heimdal/lib/roken/getegid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEGID
-
-RCSID("$Id: getegid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getegid(void)
-{
-    return getgid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/geteuid.c b/crypto/heimdal/lib/roken/geteuid.c
deleted file mode 100644
index f2f771e..0000000
--- a/crypto/heimdal/lib/roken/geteuid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEUID
-
-RCSID("$Id: geteuid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-geteuid(void)
-{
-    return getuid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getgid.c b/crypto/heimdal/lib/roken/getgid.c
deleted file mode 100644
index fbe4f6d..0000000
--- a/crypto/heimdal/lib/roken/getgid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETGID
-
-RCSID("$Id: getgid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getgid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/gethostname.c b/crypto/heimdal/lib/roken/gethostname.c
deleted file mode 100644
index f291ce2..0000000
--- a/crypto/heimdal/lib/roken/gethostname.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETHOSTNAME
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure.  (The calling
- * interface is identical to gethostname(2).)
- */
-
-int ROKEN_LIB_FUNCTION
-gethostname(char *name, int namelen)
-{
-#if defined(HAVE_UNAME)
-    {
-	struct utsname utsname;
-	int ret;
-
-	ret = uname (&utsname);
-	if (ret < 0)
-	    return ret;
-	strlcpy (name, utsname.nodename, namelen);
-	return 0;
-    }
-#else
-    strlcpy (name, "some.random.host", namelen);
-    return 0;
-#endif
-}
-
-#endif /* GETHOSTNAME */
diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c
deleted file mode 100644
index 485c0d6..0000000
--- a/crypto/heimdal/lib/roken/getifaddrs.c
+++ /dev/null
@@ -1,1250 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getifaddrs.c 21745 2007-07-31 16:11:25Z lha $");
-#endif
-#include "roken.h"
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif /* HAVE_SYS_SOCKIO_H */
-
-#ifdef HAVE_NETINET_IN6_VAR_H
-#include <netinet/in6_var.h>
-#endif /* HAVE_NETINET_IN6_VAR_H */
-
-#include <ifaddrs.h>
-
-#ifdef __hpux
-#define lifconf if_laddrconf
-#define lifc_len iflc_len
-#define lifc_buf iflc_buf
-#define lifc_req iflc_req
-
-#define lifreq if_laddrreq
-#define lifr_addr iflr_addr
-#define lifr_name iflr_name
-#define lifr_dstaddr iflr_dstaddr
-#define lifr_broadaddr iflr_broadaddr
-#define lifr_flags iflr_flags
-#define lifr_index iflr_index
-#endif
-
-#ifdef AF_NETLINK
-
-/*
- * The linux - AF_NETLINK version of getifaddrs - from Usagi.
- * Linux does not return v6 addresses from SIOCGIFCONF.
- */
-
-/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */
-
-/**************************************************************************
- * ifaddrs.c
- * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <string.h>
-#include <time.h>
-#include <malloc.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/socket.h>
-#include <asm/types.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/poll.h>
-#include <netpacket/packet.h>
-#include <net/ethernet.h>     /* the L2 protocols */
-#include <sys/uio.h>
-#include <net/if.h>
-#include <net/if_arp.h>
-#include <ifaddrs.h>
-#include <netinet/in.h>
-
-#define __set_errno(e) (errno = (e))
-#define __close(fd) (close(fd))
-#undef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#define IFA_NETMASK
-
-/* ====================================================================== */
-struct nlmsg_list{
-    struct nlmsg_list *nlm_next;
-    struct nlmsghdr *nlh;
-    int size;
-    time_t seq;
-};
-
-struct rtmaddr_ifamap {
-  void *address;
-  void *local;
-#ifdef IFA_NETMASK
-  void *netmask;
-#endif
-  void *broadcast;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  void *anycast;
-#endif
-  int address_len;
-  int local_len;
-#ifdef IFA_NETMASK
-  int netmask_len;
-#endif
-  int broadcast_len;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  int anycast_len;
-#endif
-};
-
-/* ====================================================================== */
-static size_t
-ifa_sa_len(sa_family_t family, int len)
-{
-  size_t size;
-  switch(family){
-  case AF_INET:
-    size = sizeof(struct sockaddr_in);
-    break;
-  case AF_INET6:
-    size = sizeof(struct sockaddr_in6);
-    break;
-  case AF_PACKET:
-    size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len;
-    if (size < sizeof(struct sockaddr_ll))
-      size = sizeof(struct sockaddr_ll);
-    break;
-  default:
-    size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len;
-    if (size < sizeof(struct sockaddr))
-      size = sizeof(struct sockaddr);
-    break;
-  }
-  return size;
-}
-
-static void 
-ifa_make_sockaddr(sa_family_t family, 
-		  struct sockaddr *sa, 
-		  void *p, size_t len,
-		  uint32_t scope, uint32_t scopeid)
-{
-  if (sa == NULL) return;
-  switch(family){
-  case AF_INET:
-    memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len);
-    break;
-  case AF_INET6:
-    memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len);
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-    break;
-  case AF_PACKET:
-    memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len);
-    ((struct sockaddr_ll*)sa)->sll_halen = len;
-    break;
-  default:
-    memcpy(sa->sa_data, p, len);	/*XXX*/
-    break;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-}
-
-#ifndef IFA_NETMASK
-static struct sockaddr *
-ifa_make_sockaddr_mask(sa_family_t family, 
-		       struct sockaddr *sa, 
-		       uint32_t prefixlen)
-{
-  int i;
-  char *p = NULL, c;
-  uint32_t max_prefixlen = 0;
-
-  if (sa == NULL) return NULL;
-  switch(family){
-  case AF_INET:
-    memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr));
-    p = (char *)&((struct sockaddr_in*)sa)->sin_addr;
-    max_prefixlen = 32;
-    break;
-  case AF_INET6:
-    memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr));
-    p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr;
-#if 0	/* XXX: fill scope-id? */
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-#endif
-    max_prefixlen = 128;
-    break;
-  default:
-    return NULL;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-  if (p){
-    if (prefixlen > max_prefixlen)
-      prefixlen = max_prefixlen;
-    for (i=0; i<(prefixlen / 8); i++)
-      *p++ = 0xff;
-    c = 0xff;
-    c <<= (8 - (prefixlen % 8));
-    *p = c;
-  }
-  return sa;
-}
-#endif
-
-/* ====================================================================== */
-static int 
-nl_sendreq(int sd, int request, int flags, int *seq)
-{
-  char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
-	      NLMSG_ALIGN(sizeof(struct rtgenmsg))];
-  struct sockaddr_nl nladdr;
-  struct nlmsghdr *req_hdr;
-  struct rtgenmsg *req_msg;
-  time_t t = time(NULL);
-
-  if (seq) *seq = t;
-  memset(&reqbuf, 0, sizeof(reqbuf));
-  req_hdr = (struct nlmsghdr *)reqbuf;
-  req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr);
-  req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg));
-  req_hdr->nlmsg_type = request;
-  req_hdr->nlmsg_flags = flags | NLM_F_REQUEST;
-  req_hdr->nlmsg_pid = 0;
-  req_hdr->nlmsg_seq = t;
-  req_msg->rtgen_family = AF_UNSPEC;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0,
-		 (struct sockaddr *)&nladdr, sizeof(nladdr)));
-}
-
-static int 
-nl_recvmsg(int sd, int request, int seq, 
-	   void *buf, size_t buflen, 
-	   int *flags)
-{
-  struct msghdr msg;
-  struct iovec iov = { buf, buflen };
-  struct sockaddr_nl nladdr;
-  int read_len;
-
-  for (;;){
-    msg.msg_name = (void *)&nladdr;
-    msg.msg_namelen = sizeof(nladdr);
-    msg.msg_iov = &iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = NULL;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-    read_len = recvmsg(sd, &msg, 0);
-    if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC))
-      continue;
-    if (flags) *flags = msg.msg_flags;
-    break;
-  }
-  return read_len;
-}
-
-static int 
-nl_getmsg(int sd, int request, int seq, 
-	  struct nlmsghdr **nlhp,
-	  int *done)
-{
-  struct nlmsghdr *nh;
-  size_t bufsize = 65536, lastbufsize = 0;
-  void *buff = NULL;
-  int result = 0, read_size;
-  int msg_flags;
-  pid_t pid = getpid();
-  for (;;){
-    void *newbuff = realloc(buff, bufsize);
-    if (newbuff == NULL || bufsize < lastbufsize) {
-      result = -1;
-      break;
-    }
-    buff = newbuff;
-    result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags);
-    if (read_size < 0 || (msg_flags & MSG_TRUNC)){
-      lastbufsize = bufsize;
-      bufsize *= 2;
-      continue;
-    }
-    if (read_size == 0) break;
-    nh = (struct nlmsghdr *)buff;
-    for (nh = (struct nlmsghdr *)buff;
-	 NLMSG_OK(nh, read_size);
-	 nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){
-      if (nh->nlmsg_pid != pid ||
-	  nh->nlmsg_seq != seq)
-	continue;
-      if (nh->nlmsg_type == NLMSG_DONE){
-	(*done)++;
-	break; /* ok */
-      }
-      if (nh->nlmsg_type == NLMSG_ERROR){
-	struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh);
-	result = -1;
-	if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
-	  __set_errno(EIO);
-	else
-	  __set_errno(-nlerr->error);
-	break;
-      }
-    }
-    break;
-  }
-  if (result < 0)
-    if (buff){
-      int saved_errno = errno;
-      free(buff);
-      __set_errno(saved_errno);
-    }
-  *nlhp = (struct nlmsghdr *)buff;
-  return result;
-}
-
-static int
-nl_getlist(int sd, int seq,
-	   int request,
-	   struct nlmsg_list **nlm_list,
-	   struct nlmsg_list **nlm_end)
-{
-  struct nlmsghdr *nlh = NULL;
-  int status;
-  int done = 0;
-  int tries = 3;
-
- try_again:
-  status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq);
-  if (status < 0)
-    return status;
-  if (seq == 0)
-    seq = (int)time(NULL);
-  while(!done){
-    struct pollfd pfd;
-
-    pfd.fd = sd;
-    pfd.events = POLLIN | POLLPRI;
-    pfd.revents = 0;
-    status = poll(&pfd, 1, 1000);
-    if (status < 0)
-	return status;
-    else if (status == 0) {
-	seq++;
-	if (tries-- > 0)
-	    goto try_again;
-	return -1;
-    }
-
-    status = nl_getmsg(sd, request, seq, &nlh, &done);
-    if (status < 0)
-      return status;
-    if (nlh){
-      struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list));
-      if (nlm_next == NULL){
-	int saved_errno = errno;
-	free(nlh);
-	__set_errno(saved_errno);
-	status = -1;
-      } else {
-	nlm_next->nlm_next = NULL;
-	nlm_next->nlh = (struct nlmsghdr *)nlh;
-	nlm_next->size = status;
-	nlm_next->seq = seq;
-	if (*nlm_list == NULL){
-	  *nlm_list = nlm_next;
-	  *nlm_end = nlm_next;
-	} else {
-	  (*nlm_end)->nlm_next = nlm_next;
-	  *nlm_end = nlm_next;
-	}
-      }
-    }
-  }
-  return status >= 0 ? seq : status;
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-free_nlmsglist(struct nlmsg_list *nlm0)
-{
-  struct nlmsg_list *nlm, *nlm_next;
-  int saved_errno;
-  if (!nlm0)
-    return;
-  saved_errno = errno;
-  for (nlm=nlm0; nlm; nlm=nlm_next){
-    if (nlm->nlh)
-      free(nlm->nlh);
-    nlm_next=nlm->nlm_next;
-    free(nlm);
-  }
-  __set_errno(saved_errno);
-}
-
-static void 
-free_data(void *data, void *ifdata)
-{
-  int saved_errno = errno;
-  if (data != NULL) free(data);
-  if (ifdata != NULL) free(ifdata);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-nl_close(int sd)
-{
-  int saved_errno = errno;
-  if (sd >= 0) __close(sd);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static int 
-nl_open(void)
-{
-  struct sockaddr_nl nladdr;
-  int sd;
-
-  sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-  if (sd < 0) return -1;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){
-    nl_close(sd);
-    return -1;
-  }
-  return sd;
-}
-
-/* ====================================================================== */
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs **ifap)
-{
-  int sd;
-  struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm;
-  /* - - - - - - - - - - - - - - - */
-  int icnt;
-  size_t dlen, xlen, nlen;
-  uint32_t max_ifindex = 0;
-
-  pid_t pid = getpid();
-  int seq;
-  int result;
-  int build     ; /* 0 or 1 */
-
-/* ---------------------------------- */
-  /* initialize */
-  icnt = dlen = xlen = nlen = 0;
-  nlmsg_list = nlmsg_end = NULL;
-
-  if (ifap)
-    *ifap = NULL;
-
-/* ---------------------------------- */
-  /* open socket and bind */
-  sd = nl_open();
-  if (sd < 0)
-    return -1;
-
-/* ---------------------------------- */
-   /* gather info */
-  if ((seq = nl_getlist(sd, 0, RTM_GETLINK,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-  if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-
-/* ---------------------------------- */
-  /* Estimate size of result buffer and fill it */
-  for (build=0; build<=1; build++){
-    struct ifaddrs *ifl = NULL, *ifa = NULL;
-    struct nlmsghdr *nlh, *nlh0;
-    char *data = NULL, *xdata = NULL;
-    void *ifdata = NULL;
-    char *ifname = NULL, **iflist = NULL;
-    uint16_t *ifflist = NULL;
-    struct rtmaddr_ifamap ifamap;
-
-    if (build){
-      data = calloc(1,
-		    NLMSG_ALIGN(sizeof(struct ifaddrs[icnt]))
-		    + dlen + xlen + nlen);
-      ifa = (struct ifaddrs *)data;
-      ifdata = calloc(1, 
-		      NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))
-		      + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1])));
-      if (ifap != NULL)
-	*ifap = (ifdata != NULL) ? ifa : NULL;
-      else{
-	free_data(data, ifdata);
-	result = 0;
-	break;
-      }
-      if (data == NULL || ifdata == NULL){
-	free_data(data, ifdata);
-	result = -1;
-	break;
-      }
-      ifl = NULL;
-      data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt;
-      xdata = data + dlen;
-      ifname = xdata + xlen;
-      iflist = ifdata;
-      ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])));
-    }
-
-    for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){
-      int nlmlen = nlm->size;
-      if (!(nlh0 = nlm->nlh))
-	continue;
-      for (nlh = nlh0; 
-	   NLMSG_OK(nlh, nlmlen); 
-	   nlh=NLMSG_NEXT(nlh,nlmlen)){
-	struct ifinfomsg *ifim = NULL;
-	struct ifaddrmsg *ifam = NULL;
-	struct rtattr *rta;
-
-	size_t nlm_struct_size = 0;
-	sa_family_t nlm_family = 0;
-	uint32_t nlm_scope = 0, nlm_index = 0;
-	size_t sockaddr_size = 0;
-	uint32_t nlm_prefixlen = 0;
-	size_t rtasize;
-
-	memset(&ifamap, 0, sizeof(ifamap));
-
-	/* check if the message is what we want */
-	if (nlh->nlmsg_pid != pid ||
-	    nlh->nlmsg_seq != nlm->seq)
-	  continue;
-	if (nlh->nlmsg_type == NLMSG_DONE){
-	  break; /* ok */
-	}
-	switch (nlh->nlmsg_type){
-	case RTM_NEWLINK:
-	  ifim = (struct ifinfomsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifim);
-	  nlm_family = ifim->ifi_family;
-	  nlm_scope = 0;
-	  nlm_index = ifim->ifi_index;
-	  nlm_prefixlen = 0;
-	  if (build)
-	    ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags;
-	  break;
-	case RTM_NEWADDR:
-	  ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifam);
-	  nlm_family = ifam->ifa_family;
-	  nlm_scope = ifam->ifa_scope;
-	  nlm_index = ifam->ifa_index;
-	  nlm_prefixlen = ifam->ifa_prefixlen;
-	  if (build)
-	    ifa->ifa_flags = ifflist[nlm_index];
-	  break;
-	default:
-	  continue;
-	}
-	
-	if (!build){
-	  if (max_ifindex < nlm_index)
-	    max_ifindex = nlm_index;
-	} else {
-	  if (ifl != NULL)
-	    ifl->ifa_next = ifa;
-	}
-
-	rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size);
-	for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size));
-	     RTA_OK(rta, rtasize);
-	     rta = RTA_NEXT(rta, rtasize)){
-	  struct sockaddr **sap = NULL;
-	  void *rtadata = RTA_DATA(rta);
-	  size_t rtapayload = RTA_PAYLOAD(rta);
-	  socklen_t sa_len;
-
-	  switch(nlh->nlmsg_type){
-	  case RTM_NEWLINK:
-	    switch(rta->rta_type){
-	    case IFLA_ADDRESS:
-	    case IFLA_BROADCAST:
-	      if (build){
-		sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr;
-		*sap = (struct sockaddr *)data;
-	      }
-	      sa_len = ifa_sa_len(AF_PACKET, rtapayload);
-	      if (rta->rta_type == IFLA_ADDRESS)
-		sockaddr_size = NLMSG_ALIGN(sa_len);
-	      if (!build){
-		dlen += NLMSG_ALIGN(sa_len);
-	      } else {
-		memset(*sap, 0, sa_len);
-		ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0);
-		((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index;
-		((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type;
-		data += NLMSG_ALIGN(sa_len);
-	      }
-	      break;
-	    case IFLA_IFNAME:/* Name of Interface */
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifa->ifa_name;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFLA_STATS:/* Statistics of Interface */
-	      if (!build)
-		xlen += NLMSG_ALIGN(rtapayload);
-	      else{
-		ifa->ifa_data = xdata;
-		memcpy(ifa->ifa_data, rtadata, rtapayload);
-		xdata += NLMSG_ALIGN(rtapayload);
-	      }
-	      break;
-	    case IFLA_UNSPEC:
-	      break;
-	    case IFLA_MTU:
-	      break;
-	    case IFLA_LINK:
-	      break;
-	    case IFLA_QDISC:
-	      break;
-	    default:
-	      break;
-	    }
-	    break;
-	  case RTM_NEWADDR:
-	    if (nlm_family == AF_PACKET) break;
-	    switch(rta->rta_type){
-	    case IFA_ADDRESS:
-		ifamap.address = rtadata;
-		ifamap.address_len = rtapayload;
-		break;
-	    case IFA_LOCAL:
-		ifamap.local = rtadata;
-		ifamap.local_len = rtapayload;
-		break;
-	    case IFA_BROADCAST:
-		ifamap.broadcast = rtadata;
-		ifamap.broadcast_len = rtapayload;
-		break;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	    case IFA_ANYCAST:
-		ifamap.anycast = rtadata;
-		ifamap.anycast_len = rtapayload;
-		break;
-#endif
-	    case IFA_LABEL:
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifname;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFA_UNSPEC:
-	      break;
-	    case IFA_CACHEINFO:
-	      break;
-	    default:
-	      break;
-	    }
-	  }
-	}
-	if (nlh->nlmsg_type == RTM_NEWADDR &&
-	    nlm_family != AF_PACKET) {
-	  if (!ifamap.local) {
-	    ifamap.local = ifamap.address;
-	    ifamap.local_len = ifamap.address_len;
-	  }
-	  if (!ifamap.address) {
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address_len != ifamap.local_len ||
-	      (ifamap.address != NULL &&
-	       memcmp(ifamap.address, ifamap.local, ifamap.address_len))) {
-	    /* p2p; address is peer and local is ours */
-	    ifamap.broadcast = ifamap.address;
-	    ifamap.broadcast_len = ifamap.address_len;
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address) {
-#ifndef IFA_NETMASK
-	    sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-#endif
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-	    else {
-	      ifa->ifa_addr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len));
-	    }
-	  }
-#ifdef IFA_NETMASK
-	  if (ifamap.netmask) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len));
-	    else {
-	      ifa->ifa_netmask = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len));
-	    }
-	  }
-#endif
-	  if (ifamap.broadcast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len));
-	    else {
-	      ifa->ifa_broadaddr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len));
-	    }
-	  }
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	  if (ifamap.anycast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len));
-	    else {
-	      ifa->ifa_anycast = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len));
-	    }
-	  }
-#endif
-	}
-	if (!build){
-#ifndef IFA_NETMASK
-	  dlen += sockaddr_size;
-#endif
-	  icnt++;
-	} else {
-	  if (ifa->ifa_name == NULL)
-	    ifa->ifa_name = iflist[nlm_index];
-#ifndef IFA_NETMASK
-	  if (ifa->ifa_addr && 
-	      ifa->ifa_addr->sa_family != AF_UNSPEC && 
-	      ifa->ifa_addr->sa_family != AF_PACKET){
-	    ifa->ifa_netmask = (struct sockaddr *)data;
-	    ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen);
-	  }
-	  data += sockaddr_size;
-#endif
-	  ifl = ifa++;
-	}
-      }
-    }
-    if (!build){
-      if (icnt == 0 && (dlen + nlen + xlen == 0)){
-	if (ifap != NULL)
-	  *ifap = NULL;
-	break; /* cannot found any addresses */
-      }
-    }
-    else
-      free_data(NULL, ifdata);
-  }
-
-/* ---------------------------------- */
-  /* Finalize */
-  free_nlmsglist(nlmsg_list);
-  nl_close(sd);
-  return 0;
-}
-
-#else /* !AF_NETLINK */
-
-/*
- * The generic SIOCGIFCONF version.
- */
-
-static int
-getifaddrs2(struct ifaddrs **ifap, 
-	    int af, int siocgifconf, int siocgifflags,
-	    size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct ifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct ifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	ifconf.ifc_len = buf_size;
-	ifconf.ifc_buf = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.ifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.ifc_buf;
-	 p < ifconf.ifc_buf + ifconf.ifc_len;
-	 p += sz) {
-	struct ifreq ifreq;
-	struct sockaddr *sa;
-	size_t salen;
-
-	ifr = (struct ifreq *)p;
-	sa  = &ifr->ifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-	if (*end == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->ifr_name);
-	if ((*end)->ifa_name == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	(*end)->ifa_flags = ifreq.ifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	if ((*end)->ifa_addr == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    if ((*end)->ifa_broadaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    if ((*end)->ifa_dstaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    rk_freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-static int
-getlifaddrs2(struct ifaddrs **ifap, 
-	     int af, int siocgifconf, int siocgifflags,
-	     size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct lifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct lifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-#ifndef __hpux
-	ifconf.lifc_family = AF_UNSPEC;
-	ifconf.lifc_flags  = 0;
-#endif
-	ifconf.lifc_len    = buf_size;
-	ifconf.lifc_buf    = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.lifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.lifc_buf;
-	 p < ifconf.lifc_buf + ifconf.lifc_len;
-	 p += sz) {
-	struct lifreq ifreq;
-	struct sockaddr_storage *sa;
-	size_t salen;
-
-	ifr = (struct lifreq *)p;
-	sa  = &ifr->lifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr_storage);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-	if (*end == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->lifr_name);
-	if ((*end)->ifa_name == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	(*end)->ifa_flags = ifreq.lifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	if ((*end)->ifa_addr == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    if ((*end)->ifa_broadaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    if ((*end)->ifa_dstaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    rk_freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
-
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs **ifap) 
-{
-    int ret = -1;
-    errno = ENXIO;
-#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS,
-			   sizeof(struct in6_ifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-    if (ret)
-	ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
-			    sizeof(struct lifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-    return ret;
-}
-
-#endif /* !AF_NETLINK */
-
-void ROKEN_LIB_FUNCTION
-rk_freeifaddrs(struct ifaddrs *ifp)
-{
-    struct ifaddrs *p, *q;
-    
-    for(p = ifp; p; ) {
-	free(p->ifa_name);
-	if(p->ifa_addr)
-	    free(p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    free(p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    free(p->ifa_netmask);
-	if(p->ifa_data)
-	    free(p->ifa_data);
-	q = p;
-	p = p->ifa_next;
-	free(q);
-    }
-}
-
-#ifdef TEST
-
-void
-print_addr(const char *s, struct sockaddr *sa)
-{
-    int i;
-    printf("  %s=%d/", s, sa->sa_family);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-    for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++)
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#else
-    for(i = 0; i < sizeof(sa->sa_data); i++) 
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#endif
-    printf("\n");
-}
-
-void 
-print_ifaddrs(struct ifaddrs *x)
-{
-    struct ifaddrs *p;
-    
-    for(p = x; p; p = p->ifa_next) {
-	printf("%s\n", p->ifa_name);
-	printf("  flags=%x\n", p->ifa_flags);
-	if(p->ifa_addr)
-	    print_addr("addr", p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    print_addr("dstaddr", p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    print_addr("netmask", p->ifa_netmask);
-	printf("  %p\n", p->ifa_data);
-    }
-}
-
-int
-main()
-{
-    struct ifaddrs *a = NULL, *b;
-    getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq));
-    print_ifaddrs(a);
-    printf("---\n");
-    getifaddrs(&b);
-    print_ifaddrs(b);
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getipnodebyaddr.c b/crypto/heimdal/lib/roken/getipnodebyaddr.c
deleted file mode 100644
index 56ae860..0000000
--- a/crypto/heimdal/lib/roken/getipnodebyaddr.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * lookup `src, len' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
-{
-    struct hostent *tmp;
-
-    tmp = gethostbyaddr (src, len, af);
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getipnodebyname.c b/crypto/heimdal/lib/roken/getipnodebyname.c
deleted file mode 100644
index 739b329..0000000
--- a/crypto/heimdal/lib/roken/getipnodebyname.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE_H_ERRNO
-static int h_errno = NO_RECOVERY;
-#endif
-
-/*
- * lookup `name' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyname (const char *name, int af, int flags, int *error_num)
-{
-    struct hostent *tmp;
-
-#ifdef HAVE_GETHOSTBYNAME2
-    tmp = gethostbyname2 (name, af);
-#else
-    if (af != AF_INET) {
-	*error_num = NO_ADDRESS;
-	return NULL;
-    }
-    tmp = gethostbyname (name);
-#endif
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo.c b/crypto/heimdal/lib/roken/getnameinfo.c
deleted file mode 100644
index 4f820f0..0000000
--- a/crypto/heimdal/lib/roken/getnameinfo.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $");
-#endif
-
-#include "roken.h"
-
-static int
-doit (int af,
-      const void *addr,
-      size_t addrlen,
-      int port,
-      char *host, size_t hostlen,
-      char *serv, size_t servlen,
-      int flags)
-{
-    if (host != NULL) {
-	if (flags & NI_NUMERICHOST) {
-	    if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	} else {
-	    struct hostent *he = gethostbyaddr (addr,
-						addrlen,
-						af);
-	    if (he != NULL) {
-		strlcpy (host, hostent_find_fqdn(he), hostlen);
-		if (flags & NI_NOFQDN) {
-		    char *dot = strchr (host, '.');
-		    if (dot != NULL)
-			*dot = '\0';
-		}
-	    } else if (flags & NI_NAMEREQD) {
-		return EAI_NONAME;
-	    } else if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	}
-    }
-
-    if (serv != NULL) {
-	if (flags & NI_NUMERICSERV) {
-	    snprintf (serv, servlen, "%u", ntohs(port));
-	} else {
-	    const char *proto = "tcp";
-	    struct servent *se;
-
-	    if (flags & NI_DGRAM)
-		proto = "udp";
-
-	    se = getservbyport (port, proto);
-	    if (se == NULL) {
-		snprintf (serv, servlen, "%u", ntohs(port));
-	    } else {
-		strlcpy (serv, se->s_name, servlen);
-	    }
-	}
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-int ROKEN_LIB_FUNCTION
-getnameinfo(const struct sockaddr *sa, socklen_t salen,
-	    char *host, size_t hostlen,
-	    char *serv, size_t servlen,
-	    int flags)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-	return doit (AF_INET6, &sin6->sin6_addr, sizeof(sin6->sin6_addr),
-		     sin6->sin6_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-#endif
-    case AF_INET : {
-	const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-	return doit (AF_INET, &sin4->sin_addr, sizeof(sin4->sin_addr),
-		     sin4->sin_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-    default :
-	return EAI_FAMILY;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c
deleted file mode 100644
index 91f938a..0000000
--- a/crypto/heimdal/lib/roken/getnameinfo_verified.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo_verified.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to obtain a verified name for the address in `sa, salen' (much
- * similar to getnameinfo).
- * Verified in this context means that forwards and backwards lookups
- * in DNS are consistent.  If that fails, return an error if the
- * NI_NAMEREQD flag is set or return the numeric address as a string.
- */
-
-int ROKEN_LIB_FUNCTION
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags)
-{
-    int ret;
-    struct addrinfo *ai, *a;
-    char servbuf[NI_MAXSERV];
-    struct addrinfo hints;
-
-    if (host == NULL)
-	return EAI_NONAME;
-
-    if (serv == NULL) {
-	serv = servbuf;
-	servlen = sizeof(servbuf);
-    }
-
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV);
-    if (ret)
-	goto fail;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    ret = getaddrinfo (host, serv, &hints, &ai);
-    if (ret)
-	goto fail;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_addrlen == salen
-	    && memcmp (a->ai_addr, sa, salen) == 0) {
-	    freeaddrinfo (ai);
-	    return 0;
-	}
-    }
-    freeaddrinfo (ai);
- fail:
-    if (flags & NI_NAMEREQD)
-	return EAI_NONAME;
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV | NI_NUMERICHOST);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getopt.c b/crypto/heimdal/lib/roken/getopt.c
deleted file mode 100644
index 12bf138..0000000
--- a/crypto/heimdal/lib/roken/getopt.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)getopt.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifndef __STDC__
-#define const
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * get option letter from argument vector
- */
-int	opterr = 1,		/* if error message should be printed */
-	optind = 1,		/* index into parent argv vector */
-	optopt,			/* character checked for validity */
-	optreset;		/* reset getopt */
-char	*optarg;		/* argument associated with option */
-
-#define	BADCH	(int)'?'
-#define	BADARG	(int)':'
-#define	EMSG	""
-
-int ROKEN_LIB_FUNCTION
-getopt(nargc, nargv, ostr)
-	int nargc;
-	char * const *nargv;
-	const char *ostr;
-{
-	static char *place = EMSG;		/* option letter processing */
-	char *oli;			/* option letter list index */
-	char *p;
-
-	if (optreset || !*place) {		/* update scanning pointer */
-		optreset = 0;
-		if (optind >= nargc || *(place = nargv[optind]) != '-') {
-			place = EMSG;
-			return(-1);
-		}
-		if (place[1] && *++place == '-') {	/* found "--" */
-			++optind;
-			place = EMSG;
-			return(-1);
-		}
-	}					/* option letter okay? */
-	if ((optopt = (int)*place++) == (int)':' ||
-	    !(oli = strchr(ostr, optopt))) {
-		/*
-		 * if the user didn't specify '-' as an option,
-		 * assume it means -1 (EOF).
-		 */
-		if (optopt == (int)'-')
-			return(-1);
-		if (!*place)
-			++optind;
-		if (opterr && *ostr != ':') {
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			fprintf(stderr, "%s: illegal option -- %c\n",
-			    p, optopt);
-		}
-		return(BADCH);
-	}
-	if (*++oli != ':') {			/* don't need argument */
-		optarg = NULL;
-		if (!*place)
-			++optind;
-	}
-	else {					/* need an argument */
-		if (*place)			/* no white space */
-			optarg = place;
-		else if (nargc <= ++optind) {	/* no arg */
-			place = EMSG;
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			if (*ostr == ':')
-				return(BADARG);
-			if (opterr)
-				fprintf(stderr,
-				    "%s: option requires an argument -- %c\n",
-				    p, optopt);
-			return(BADCH);
-		}
-	 	else				/* white space */
-			optarg = nargv[optind];
-		place = EMSG;
-		++optind;
-	}
-	return(optopt);				/* dump back option letter */
-}
diff --git a/crypto/heimdal/lib/roken/getprogname.c b/crypto/heimdal/lib/roken/getprogname.c
deleted file mode 100644
index 6d0bfee..0000000
--- a/crypto/heimdal/lib/roken/getprogname.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-const char *__progname;
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char * ROKEN_LIB_FUNCTION
-getprogname(void)
-{
-    return __progname;
-}
-#endif /* HAVE_GETPROGNAME */
diff --git a/crypto/heimdal/lib/roken/gettimeofday.c b/crypto/heimdal/lib/roken/gettimeofday.c
deleted file mode 100644
index d8e4e75..0000000
--- a/crypto/heimdal/lib/roken/gettimeofday.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifndef HAVE_GETTIMEOFDAY
-
-RCSID("$Id: gettimeofday.c 14773 2005-04-12 11:29:18Z lha $");
-
-/*
- * Simple gettimeofday that only returns seconds.
- */
-int ROKEN_LIB_FUNCTION
-gettimeofday (struct timeval *tp, void *ignore)
-{
-     time_t t;
-
-     t = time(NULL);
-     tp->tv_sec  = t;
-     tp->tv_usec = 0;
-     return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getuid.c b/crypto/heimdal/lib/roken/getuid.c
deleted file mode 100644
index f558ab6..0000000
--- a/crypto/heimdal/lib/roken/getuid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETUID
-
-RCSID("$Id: getuid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getuid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getusershell.c b/crypto/heimdal/lib/roken/getusershell.c
deleted file mode 100644
index 8def1ca..0000000
--- a/crypto/heimdal/lib/roken/getusershell.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: getusershell.c 21005 2007-06-08 01:54:35Z lha $");
-
-#ifndef HAVE_GETUSERSHELL
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_USERSEC_H
-struct aud_rec;
-#include <usersec.h>
-#endif
-#ifdef HAVE_USERCONF_H
-#include <userconf.h>
-#endif
-#include "roken.h"
-
-#ifndef _PATH_SHELLS
-#define _PATH_SHELLS "/etc/shells"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_CSHELL
-#define _PATH_CSHELL "/bin/csh"
-#endif
-
-/*
- * Local shells should NOT be added here.  They should be added in
- * /etc/shells.
- */
-
-static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
-static char **curshell, **shells, *strings;
-static char **initshells (void);
-
-/*
- * Get a list of shells from _PATH_SHELLS, if it exists.
- */
-char * ROKEN_LIB_FUNCTION
-getusershell()
-{
-    char *ret;
-
-    if (curshell == NULL)
-	curshell = initshells();
-    ret = *curshell;
-    if (ret != NULL)
-	curshell++;
-    return (ret);
-}
-
-void ROKEN_LIB_FUNCTION
-endusershell()
-{
-    if (shells != NULL)
-	free(shells);
-    shells = NULL;
-    if (strings != NULL)
-	free(strings);
-    strings = NULL;
-    curshell = NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-setusershell()
-{
-    curshell = initshells();
-}
-
-static char **
-initshells()
-{
-    char **sp, *cp;
-#ifdef HAVE_GETCONFATTR
-    char *tmp;
-    int nsh;
-#else
-    FILE *fp;
-#endif
-    struct stat statb;
-
-    free(shells);
-    shells = NULL;
-    free(strings);
-    strings = NULL;
-#ifdef HAVE_GETCONFATTR
-    if(getconfattr(SC_SYS_LOGIN, SC_SHELLS, &tmp, SEC_LIST) != 0)
-	return okshells;
-
-    for(cp = tmp, nsh = 0; *cp; cp += strlen(cp) + 1, nsh++);
-
-    shells = calloc(nsh + 1, sizeof(*shells));
-    if(shells == NULL)
-	return okshells;
-
-    strings = malloc(cp - tmp);
-    if(strings == NULL) {
-	free(shells);
-	shells = NULL;
-	return okshells;
-    }
-    memcpy(strings, tmp, cp - tmp);
-    for(sp = shells, cp = strings; *cp; cp += strlen(cp) + 1, sp++)
-	*sp = cp;
-#else
-    if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
-	return (okshells);
-    if (fstat(fileno(fp), &statb) == -1) {
-	fclose(fp);
-	return (okshells);
-    }
-    if ((strings = malloc((u_int)statb.st_size)) == NULL) {
-	fclose(fp);
-	return (okshells);
-    }
-    shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
-    if (shells == NULL) {
-	fclose(fp);
-	free(strings);
-	strings = NULL;
-	return (okshells);
-    }
-    sp = shells;
-    cp = strings;
-    while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
-	while (*cp != '#' && *cp != '/' && *cp != '\0')
-	    cp++;
-	if (*cp == '#' || *cp == '\0')
-	    continue;
-	*sp++ = cp;
-	while (!isspace((unsigned char)*cp) && *cp != '#' && *cp != '\0')
-	    cp++;
-	*cp++ = '\0';
-    }
-    fclose(fp);
-#endif
-    *sp = NULL;
-    return (shells);
-}
-#endif /* HAVE_GETUSERSHELL */
diff --git a/crypto/heimdal/lib/roken/glob.c b/crypto/heimdal/lib/roken/glob.c
deleted file mode 100644
index 803eda1..0000000
--- a/crypto/heimdal/lib/roken/glob.c
+++ /dev/null
@@ -1,850 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * glob(3) -- a superset of the one defined in POSIX 1003.2.
- *
- * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
- *
- * Optional extra services, controlled by flags not defined by POSIX:
- *
- * GLOB_QUOTE:
- *	Escaping convention: \ inhibits any special meaning the following
- *	character might have (except \ at end of string is retained).
- * GLOB_MAGCHAR:
- *	Set in gl_flags if pattern contained a globbing character.
- * GLOB_NOMAGIC:
- *	Same as GLOB_NOCHECK, but it will only append pattern if it did
- *	not contain any magic characters.  [Used in csh style globbing]
- * GLOB_ALTDIRFUNC:
- *	Use alternately specified directory access functions.
- * GLOB_TILDE:
- *	expand ~user/foo to the /home/dir/of/user/foo
- * GLOB_BRACE:
- *	expand {1,2}{a,b} to 1a 1b 2a 2b 
- * gl_matchc:
- *	Number of matches in the current invocation of glob.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#include <ctype.h>
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#include "glob.h"
-#include "roken.h"
-
-#ifndef ARG_MAX
-#define ARG_MAX _POSIX_ARG_MAX
-#endif
-
-#define	CHAR_DOLLAR		'$'
-#define	CHAR_DOT		'.'
-#define	CHAR_EOS		'\0'
-#define	CHAR_LBRACKET		'['
-#define	CHAR_NOT		'!'
-#define	CHAR_QUESTION		'?'
-#define	CHAR_QUOTE		'\\'
-#define	CHAR_RANGE		'-'
-#define	CHAR_RBRACKET		']'
-#define	CHAR_SEP		'/'
-#define	CHAR_STAR		'*'
-#define	CHAR_TILDE		'~'
-#define	CHAR_UNDERSCORE		'_'
-#define	CHAR_LBRACE		'{'
-#define	CHAR_RBRACE		'}'
-#define	CHAR_SLASH		'/'
-#define	CHAR_COMMA		','
-
-#ifndef DEBUG
-
-#define	M_QUOTE		0x8000
-#define	M_PROTECT	0x4000
-#define	M_MASK		0xffff
-#define	M_ASCII		0x00ff
-
-typedef u_short Char;
-
-#else
-
-#define	M_QUOTE		0x80
-#define	M_PROTECT	0x40
-#define	M_MASK		0xff
-#define	M_ASCII		0x7f
-
-typedef char Char;
-
-#endif
-
-
-#define	CHAR(c)		((Char)((c)&M_ASCII))
-#define	META(c)		((Char)((c)|M_QUOTE))
-#define	M_ALL		META('*')
-#define	M_END		META(']')
-#define	M_NOT		META('!')
-#define	M_ONE		META('?')
-#define	M_RNG		META('-')
-#define	M_SET		META('[')
-#define	ismeta(c)	(((c)&M_QUOTE) != 0)
-
-
-static int	 compare (const void *, const void *);
-static void	 g_Ctoc (const Char *, char *);
-static int	 g_lstat (Char *, struct stat *, glob_t *);
-static DIR	*g_opendir (Char *, glob_t *);
-static Char	*g_strchr (const Char *, int);
-#ifdef notdef
-static Char	*g_strcat (Char *, const Char *);
-#endif
-static int	 g_stat (Char *, struct stat *, glob_t *);
-static int	 glob0 (const Char *, glob_t *);
-static int	 glob1 (Char *, glob_t *, size_t *);
-static int	 glob2 (Char *, Char *, Char *, glob_t *, size_t *);
-static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *, size_t *);
-static int	 globextend (const Char *, glob_t *, size_t *);
-static const Char *	 globtilde (const Char *, Char *, glob_t *);
-static int	 globexp1 (const Char *, glob_t *);
-static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
-static int	 match (Char *, Char *, Char *);
-#ifdef DEBUG
-static void	 qprintf (const char *, Char *);
-#endif
-
-int ROKEN_LIB_FUNCTION
-glob(const char *pattern, 
-     int flags, 
-     int (*errfunc)(const char *, int), 
-     glob_t *pglob)
-{
-	const u_char *patnext;
-	int c;
-	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
-
-	patnext = (const u_char *) pattern;
-	if (!(flags & GLOB_APPEND)) {
-		pglob->gl_pathc = 0;
-		pglob->gl_pathv = NULL;
-		if (!(flags & GLOB_DOOFFS))
-			pglob->gl_offs = 0;
-	}
-	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
-	pglob->gl_errfunc = errfunc;
-	pglob->gl_matchc = 0;
-
-	bufnext = patbuf;
-	bufend = bufnext + MaxPathLen;
-	if (flags & GLOB_QUOTE) {
-		/* Protect the quoted characters. */
-		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-			if (c == CHAR_QUOTE) {
-				if ((c = *patnext++) == CHAR_EOS) {
-					c = CHAR_QUOTE;
-					--patnext;
-				}
-				*bufnext++ = c | M_PROTECT;
-			}
-			else
-				*bufnext++ = c;
-	}
-	else 
-	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-		    *bufnext++ = c;
-	*bufnext = CHAR_EOS;
-
-	if (flags & GLOB_BRACE)
-	    return globexp1(patbuf, pglob);
-	else
-	    return glob0(patbuf, pglob);
-}
-
-/*
- * Expand recursively a glob {} pattern. When there is no more expansion
- * invoke the standard globbing routine to glob the rest of the magic
- * characters
- */
-static int globexp1(const Char *pattern, glob_t *pglob)
-{
-	const Char* ptr = pattern;
-	int rv;
-
-	/* Protect a single {}, for find(1), like csh */
-	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
-		return glob0(pattern, pglob);
-
-	while ((ptr = (const Char *) g_strchr(ptr, CHAR_LBRACE)) != NULL)
-		if (!globexp2(ptr, pattern, pglob, &rv))
-			return rv;
-
-	return glob0(pattern, pglob);
-}
-
-
-/*
- * Recursive brace globbing helper. Tries to expand a single brace.
- * If it succeeds then it invokes globexp1 with the new pattern.
- * If it fails then it tries to glob the rest of the pattern and returns.
- */
-static int globexp2(const Char *ptr, const Char *pattern, 
-		    glob_t *pglob, int *rv)
-{
-	int     i;
-	Char   *lm, *ls;
-	const Char *pe, *pm, *pl;
-	Char    patbuf[MaxPathLen + 1];
-
-	/* copy part up to the brace */
-	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
-		continue;
-	ls = lm;
-
-	/* Find the balanced brace */
-	for (i = 0, pe = ++ptr; *pe; pe++)
-		if (*pe == CHAR_LBRACKET) {
-			/* Ignore everything between [] */
-			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
-				continue;
-			if (*pe == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pe = pm;
-			}
-		}
-		else if (*pe == CHAR_LBRACE)
-			i++;
-		else if (*pe == CHAR_RBRACE) {
-			if (i == 0)
-				break;
-			i--;
-		}
-
-	/* Non matching braces; just glob the pattern */
-	if (i != 0 || *pe == CHAR_EOS) {
-		*rv = glob0(patbuf, pglob);
-		return 0;
-	}
-
-	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
-		switch (*pm) {
-		case CHAR_LBRACKET:
-			/* Ignore everything between [] */
-			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
-				continue;
-			if (*pm == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pm = pl;
-			}
-			break;
-
-		case CHAR_LBRACE:
-			i++;
-			break;
-
-		case CHAR_RBRACE:
-			if (i) {
-			    i--;
-			    break;
-			}
-			/* FALLTHROUGH */
-		case CHAR_COMMA:
-			if (i && *pm == CHAR_COMMA)
-				break;
-			else {
-				/* Append the current string */
-				for (lm = ls; (pl < pm); *lm++ = *pl++)
-					continue;
-				/* 
-				 * Append the rest of the pattern after the
-				 * closing brace
-				 */
-				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
-					continue;
-
-				/* Expand the current pattern */
-#ifdef DEBUG
-				qprintf("globexp2:", patbuf);
-#endif
-				*rv = globexp1(patbuf, pglob);
-
-				/* move after the comma, to the next string */
-				pl = pm + 1;
-			}
-			break;
-
-		default:
-			break;
-		}
-	*rv = 0;
-	return 0;
-}
-
-
-
-/*
- * expand tilde from the passwd file.
- */
-static const Char *
-globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
-{
-	struct passwd *pwd;
-	char *h;
-	const Char *p;
-	Char *b;
-
-	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
-		return pattern;
-
-	/* Copy up to the end of the string or / */
-	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
-	     *h++ = *p++)
-		continue;
-
-	*h = CHAR_EOS;
-
-	if (((char *) patbuf)[0] == CHAR_EOS) {
-		/* 
-		 * handle a plain ~ or ~/ by expanding $HOME 
-		 * first and then trying the password file
-		 */
-		if ((h = getenv("HOME")) == NULL) {
-			if ((pwd = k_getpwuid(getuid())) == NULL)
-				return pattern;
-			else
-				h = pwd->pw_dir;
-		}
-	}
-	else {
-		/*
-		 * Expand a ~user
-		 */
-		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
-			return pattern;
-		else
-			h = pwd->pw_dir;
-	}
-
-	/* Copy the home directory */
-	for (b = patbuf; *h; *b++ = *h++)
-		continue;
-	
-	/* Append the rest of the pattern */
-	while ((*b++ = *p++) != CHAR_EOS)
-		continue;
-
-	return patbuf;
-}
-	
-
-/*
- * The main glob() routine: compiles the pattern (optionally processing
- * quotes), calls glob1() to do the real pattern matching, and finally
- * sorts the list (unless unsorted operation is requested).  Returns 0
- * if things went well, nonzero if errors occurred.  It is not an error
- * to find no matches.
- */
-static int
-glob0(const Char *pattern, glob_t *pglob)
-{
-	const Char *qpatnext;
-	int c, err, oldpathc;
-	Char *bufnext, patbuf[MaxPathLen+1];
-	size_t limit = 0;
-
-	qpatnext = globtilde(pattern, patbuf, pglob);
-	oldpathc = pglob->gl_pathc;
-	bufnext = patbuf;
-
-	/* We don't need to check for buffer overflow any more. */
-	while ((c = *qpatnext++) != CHAR_EOS) {
-		switch (c) {
-		case CHAR_LBRACKET:
-			c = *qpatnext;
-			if (c == CHAR_NOT)
-				++qpatnext;
-			if (*qpatnext == CHAR_EOS ||
-			    g_strchr(qpatnext+1, CHAR_RBRACKET) == NULL) {
-				*bufnext++ = CHAR_LBRACKET;
-				if (c == CHAR_NOT)
-					--qpatnext;
-				break;
-			}
-			*bufnext++ = M_SET;
-			if (c == CHAR_NOT)
-				*bufnext++ = M_NOT;
-			c = *qpatnext++;
-			do {
-				*bufnext++ = CHAR(c);
-				if (*qpatnext == CHAR_RANGE &&
-				    (c = qpatnext[1]) != CHAR_RBRACKET) {
-					*bufnext++ = M_RNG;
-					*bufnext++ = CHAR(c);
-					qpatnext += 2;
-				}
-			} while ((c = *qpatnext++) != CHAR_RBRACKET);
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_END;
-			break;
-		case CHAR_QUESTION:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_ONE;
-			break;
-		case CHAR_STAR:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			/* collapse adjacent stars to one, 
-			 * to avoid exponential behavior
-			 */
-			if (bufnext == patbuf || bufnext[-1] != M_ALL)
-			    *bufnext++ = M_ALL;
-			break;
-		default:
-			*bufnext++ = CHAR(c);
-			break;
-		}
-	}
-	*bufnext = CHAR_EOS;
-#ifdef DEBUG
-	qprintf("glob0:", patbuf);
-#endif
-
-	if ((err = glob1(patbuf, pglob, &limit)) != 0)
-		return(err);
-
-	/*
-	 * If there was no match we are going to append the pattern 
-	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
-	 * and the pattern did not contain any magic characters
-	 * GLOB_NOMAGIC is there just for compatibility with csh.
-	 */
-	if (pglob->gl_pathc == oldpathc && 
-	    ((pglob->gl_flags & GLOB_NOCHECK) || 
-	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
-	       !(pglob->gl_flags & GLOB_MAGCHAR))))
-		return(globextend(pattern, pglob, &limit));
-	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
-		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
-		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
-	return(0);
-}
-
-static int
-compare(const void *p, const void *q)
-{
-	return(strcmp(*(char **)p, *(char **)q));
-}
-
-static int
-glob1(Char *pattern, glob_t *pglob, size_t *limit)
-{
-	Char pathbuf[MaxPathLen+1];
-
-	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
-	if (*pattern == CHAR_EOS)
-		return(0);
-	return(glob2(pathbuf, pathbuf, pattern, pglob, limit));
-}
-
-/*
- * The functions glob2 and glob3 are mutually recursive; there is one level
- * of recursion for each segment in the pattern that contains one or more
- * meta characters.
- */
-
-#ifndef S_ISLNK
-#if defined(S_IFLNK) && defined(S_IFMT)
-#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
-#else
-#define S_ISLNK(mode) 0
-#endif
-#endif
-
-static int
-glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob,
-      size_t *limit)
-{
-	struct stat sb;
-	Char *p, *q;
-	int anymeta;
-
-	/*
-	 * Loop over pattern segments until end of pattern or until
-	 * segment with meta character found.
-	 */
-	for (anymeta = 0;;) {
-		if (*pattern == CHAR_EOS) {		/* End of pattern? */
-			*pathend = CHAR_EOS;
-			if (g_lstat(pathbuf, &sb, pglob))
-				return(0);
-		
-			if (((pglob->gl_flags & GLOB_MARK) &&
-			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
-			    || (S_ISLNK(sb.st_mode) &&
-			    (g_stat(pathbuf, &sb, pglob) == 0) &&
-			    S_ISDIR(sb.st_mode)))) {
-				*pathend++ = CHAR_SEP;
-				*pathend = CHAR_EOS;
-			}
-			++pglob->gl_matchc;
-			return(globextend(pathbuf, pglob, limit));
-		}
-
-		/* Find end of next segment, copy tentatively to pathend. */
-		q = pathend;
-		p = pattern;
-		while (*p != CHAR_EOS && *p != CHAR_SEP) {
-			if (ismeta(*p))
-				anymeta = 1;
-			*q++ = *p++;
-		}
-
-		if (!anymeta) {		/* No expansion, do next segment. */
-			pathend = q;
-			pattern = p;
-			while (*pattern == CHAR_SEP)
-				*pathend++ = *pattern++;
-		} else			/* Need expansion, recurse. */
-			return(glob3(pathbuf, pathend, pattern, p, pglob,
-			    limit));
-	}
-	/* NOTREACHED */
-}
-
-static int
-glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
-      glob_t *pglob, size_t *limit)
-{
-	struct dirent *dp;
-	DIR *dirp;
-	int err;
-	char buf[MaxPathLen];
-
-	/*
-	 * The readdirfunc declaration can't be prototyped, because it is
-	 * assigned, below, to two functions which are prototyped in glob.h
-	 * and dirent.h as taking pointers to differently typed opaque
-	 * structures.
-	 */
-	struct dirent *(*readdirfunc)(void *);
-
-	*pathend = CHAR_EOS;
-	errno = 0;
-	    
-	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
-		/* TODO: don't call for ENOENT or ENOTDIR? */
-		if (pglob->gl_errfunc) {
-			g_Ctoc(pathbuf, buf);
-			if (pglob->gl_errfunc(buf, errno) ||
-			    pglob->gl_flags & GLOB_ERR)
-				return (GLOB_ABEND);
-		}
-		return(0);
-	}
-
-	err = 0;
-
-	/* Search directory for matching names. */
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		readdirfunc = pglob->gl_readdir;
-	else
-		readdirfunc = (struct dirent *(*)(void *))readdir;
-	while ((dp = (*readdirfunc)(dirp))) {
-		u_char *sc;
-		Char *dc;
-
-		/* Initial CHAR_DOT must be matched literally. */
-		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
-			continue;
-		for (sc = (u_char *) dp->d_name, dc = pathend; 
-		     (*dc++ = *sc++) != CHAR_EOS;)
-			continue;
-		if (!match(pathend, pattern, restpattern)) {
-			*pathend = CHAR_EOS;
-			continue;
-		}
-		err = glob2(pathbuf, --dc, restpattern, pglob, limit);
-		if (err)
-			break;
-	}
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		(*pglob->gl_closedir)(dirp);
-	else
-		closedir(dirp);
-	return(err);
-}
-
-
-/*
- * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
- * add the new item, and update gl_pathc.
- *
- * This assumes the BSD realloc, which only copies the block when its size
- * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
- * behavior.
- *
- * Return 0 if new item added, error code if memory couldn't be allocated.
- *
- * Invariant of the glob_t structure:
- *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
- *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
- */
-static int
-globextend(const Char *path, glob_t *pglob, size_t *limit)
-{
-	char **pathv;
-	int i;
-	size_t newsize, len;
-	char *copy;
-	const Char *p;
-
-	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
-	pathv = pglob->gl_pathv ? 
-		    realloc(pglob->gl_pathv, newsize) :
-		    malloc(newsize);
-	if (pathv == NULL)
-		return(GLOB_NOSPACE);
-
-	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
-		/* first time around -- clear initial gl_offs items */
-		pathv += pglob->gl_offs;
-		for (i = pglob->gl_offs; --i >= 0; )
-			*--pathv = NULL;
-	}
-	pglob->gl_pathv = pathv;
-
-	for (p = path; *p++;)
-		continue;
-	len = (size_t)(p - path);
-	*limit += len;
-	if ((copy = malloc(len)) != NULL) {
-		g_Ctoc(path, copy);
-		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
-	}
-	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
-
-	if ((pglob->gl_flags & GLOB_LIMIT) && (newsize + *limit) >= ARG_MAX) {
-		errno = 0;
-		return(GLOB_NOSPACE);
-	}
-
-	return(copy == NULL ? GLOB_NOSPACE : 0);
-}
-
-
-/*
- * pattern matching function for filenames.  Each occurrence of the *
- * pattern causes a recursion level.
- */
-static int
-match(Char *name, Char *pat, Char *patend)
-{
-	int ok, negate_range;
-	Char c, k;
-
-	while (pat < patend) {
-		c = *pat++;
-		switch (c & M_MASK) {
-		case M_ALL:
-			if (pat == patend)
-				return(1);
-			do 
-			    if (match(name, pat, patend))
-				    return(1);
-			while (*name++ != CHAR_EOS);
-			return(0);
-		case M_ONE:
-			if (*name++ == CHAR_EOS)
-				return(0);
-			break;
-		case M_SET:
-			ok = 0;
-			if ((k = *name++) == CHAR_EOS)
-				return(0);
-			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
-				++pat;
-			while (((c = *pat++) & M_MASK) != M_END)
-				if ((*pat & M_MASK) == M_RNG) {
-					if (c <= k && k <= pat[1])
-						ok = 1;
-					pat += 2;
-				} else if (c == k)
-					ok = 1;
-			if (ok == negate_range)
-				return(0);
-			break;
-		default:
-			if (*name++ != c)
-				return(0);
-			break;
-		}
-	}
-	return(*name == CHAR_EOS);
-}
-
-/* Free allocated data belonging to a glob_t structure. */
-void ROKEN_LIB_FUNCTION
-globfree(glob_t *pglob)
-{
-	int i;
-	char **pp;
-
-	if (pglob->gl_pathv != NULL) {
-		pp = pglob->gl_pathv + pglob->gl_offs;
-		for (i = pglob->gl_pathc; i--; ++pp)
-			if (*pp)
-				free(*pp);
-		free(pglob->gl_pathv);
-		pglob->gl_pathv = NULL;
-	}
-}
-
-static DIR *
-g_opendir(Char *str, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	if (!*str)
-		strlcpy(buf, ".", sizeof(buf));
-	else
-		g_Ctoc(str, buf);
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_opendir)(buf));
-
-	return(opendir(buf));
-}
-
-static int
-g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_lstat)(buf, sb));
-	return(lstat(buf, sb));
-}
-
-static int
-g_stat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_stat)(buf, sb));
-	return(stat(buf, sb));
-}
-
-static Char *
-g_strchr(const Char *str, int ch)
-{
-	do {
-		if (*str == ch)
-			return (Char *)str;
-	} while (*str++);
-	return (NULL);
-}
-
-#ifdef notdef
-static Char *
-g_strcat(Char *dst, const Char *src)
-{
-	Char *sdst = dst;
-
-	while (*dst++)
-		continue;
-	--dst;
-	while((*dst++ = *src++) != CHAR_EOS)
-	    continue;
-
-	return (sdst);
-}
-#endif
-
-static void
-g_Ctoc(const Char *str, char *buf)
-{
-	char *dc;
-
-	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
-		continue;
-}
-
-#ifdef DEBUG
-static void 
-qprintf(const Char *str, Char *s)
-{
-	Char *p;
-
-	printf("%s:\n", str);
-	for (p = s; *p; p++)
-		printf("%c", CHAR(*p));
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", *p & M_PROTECT ? '"' : ' ');
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", ismeta(*p) ? '_' : ' ');
-	printf("\n");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/glob.hin b/crypto/heimdal/lib/roken/glob.hin
deleted file mode 100644
index ffb6081..0000000
--- a/crypto/heimdal/lib/roken/glob.hin
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)glob.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _GLOB_H_
-#define	_GLOB_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define glob_t rk_glob_t
-#define	glob rk_glob
-#define	globfree rk_globfree
-
-struct stat;
-typedef struct {
-	int gl_pathc;		/* Count of total paths so far. */
-	int gl_matchc;		/* Count of paths matching pattern. */
-	int gl_offs;		/* Reserved at beginning of gl_pathv. */
-	int gl_flags;		/* Copy of flags parameter to glob. */
-	char **gl_pathv;	/* List of paths matching pattern. */
-				/* Copy of errfunc parameter to glob. */
-	int (*gl_errfunc) (const char *, int);
-
-	/*
-	 * Alternate filesystem access methods for glob; replacement
-	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
-	 * and lstat(2).
-	 */
-	void (*gl_closedir) (void *);
-	struct dirent *(*gl_readdir) (void *);	
-	void *(*gl_opendir) (const char *);
-	int (*gl_lstat) (const char *, struct stat *);
-	int (*gl_stat) (const char *, struct stat *);
-} glob_t;
-
-#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
-#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
-#define	GLOB_ERR	0x0004	/* Return on error. */
-#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
-#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
-#define	GLOB_NOSORT	0x0020	/* Don't sort. */
-
-#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
-#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
-#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
-#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
-#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
-#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
-#define GLOB_LIMIT	0x1000	/* Limit memory used by matches to ARG_MAX */
-
-#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
-#define	GLOB_ABEND	(-2)	/* Unignored error. */
-
-int ROKEN_LIB_FUNCTION
-glob (const char *, int, int (*)(const char *, int), glob_t *);
-
-void ROKEN_LIB_FUNCTION
-globfree (glob_t *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_GLOB_H_ */
diff --git a/crypto/heimdal/lib/roken/h_errno.c b/crypto/heimdal/lib/roken/h_errno.c
deleted file mode 100644
index 11dcb08..0000000
--- a/crypto/heimdal/lib/roken/h_errno.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $");
-#endif
-
-#ifndef HAVE_H_ERRNO
-int h_errno = -17; /* Some magic number */
-#endif
diff --git a/crypto/heimdal/lib/roken/hex-test.c b/crypto/heimdal/lib/roken/hex-test.c
deleted file mode 100644
index 72aea1e..0000000
--- a/crypto/heimdal/lib/roken/hex-test.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-
-RCSID("$Id: hex-test.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <hex.h>
-
-int
-main(int argc, char **argv)
-{
-    int numerr = 0;
-    int numtest = 1;
-    struct test {
-	void *data;
-	size_t len;
-	const char *result;
-    } *t, tests[] = {
-	{ "", 0 , "" },
-	{ "a", 1, "61" },
-	{ "ab", 2, "6162" },
-	{ "abc", 3, "616263" },
-	{ "abcd", 4, "61626364" },
-	{ "abcde", 5, "6162636465" },
-	{ "abcdef", 6, "616263646566" },
-	{ "abcdefg", 7, "61626364656667" },
-	{ "=", 1, "3D" },
-	{ NULL }
-    };
-    for(t = tests; t->data; t++) {
-	char *str;
-	int len;
-	len = hex_encode(t->data, t->len, &str);
-	if(strcmp(str, t->result) != 0) {
-	    fprintf(stderr, "failed test %d: %s != %s\n", numtest, 
-		    str, t->result);
-	    numerr++;
-	}
-	free(str);
-	str = strdup(t->result);
-	len = strlen(str);
-	len = hex_decode(t->result, str, len);
-	if(len != t->len) {
-	    fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
-		    (unsigned long)len, (unsigned long)t->len);
-	    numerr++;
-	} else if(memcmp(str, t->data, t->len) != 0) {
-	    fprintf(stderr, "failed test %d: data\n", numtest);
-	    numerr++;
-	}
-	free(str);
-	numtest++;
-    }
-
-    {
-	unsigned char buf[2] = { 0, 0xff } ;
-	int len;
-
-	len = hex_decode("A", buf, 1);
-	if (len != 1) {
-	    fprintf(stderr, "len != 1");
-	    numerr++;
-	}
-	if (buf[0] != 10) {
-	    fprintf(stderr, "buf != 10");
-	    numerr++;
-	}
-	if (buf[1] != 0xff) {
-	    fprintf(stderr, "buf != 0xff");
-	    numerr++;
-	}
-
-    }
-
-    return numerr;
-}
diff --git a/crypto/heimdal/lib/roken/hex.c b/crypto/heimdal/lib/roken/hex.c
deleted file mode 100644
index 89fb0e1..0000000
--- a/crypto/heimdal/lib/roken/hex.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2004-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $");
-#endif
-#include "roken.h"
-#include <ctype.h>
-#include "hex.h"
-
-const static char hexchar[] = "0123456789ABCDEF";
-
-static int 
-pos(char c)
-{
-    const char *p;
-    c = toupper((unsigned char)c);
-    for (p = hexchar; *p; p++)
-	if (*p == c)
-	    return p - hexchar;
-    return -1;
-}
-
-ssize_t ROKEN_LIB_FUNCTION
-hex_encode(const void *data, size_t size, char **str)
-{
-    const unsigned char *q = data;
-    size_t i;
-    char *p;
-
-    /* check for overflow */
-    if (size * 2 < size)
-	return -1;
-
-    p = malloc(size * 2 + 1);
-    if (p == NULL)
-	return -1;
-    
-    for (i = 0; i < size; i++) {
-	p[i * 2] = hexchar[(*q >> 4) & 0xf];
-	p[i * 2 + 1] = hexchar[*q & 0xf];
-	q++;
-    }
-    p[i * 2] = '\0';
-    *str = p;
-
-    return i * 2;
-}
-
-ssize_t ROKEN_LIB_FUNCTION
-hex_decode(const char *str, void *data, size_t len)
-{
-    size_t l;
-    unsigned char *p = data;
-    size_t i;
-	
-    l = strlen(str);
-    
-    /* check for overflow, same as (l+1)/2 but overflow safe */
-    if ((l/2) + (l&1) > len)
-	return -1;
-
-    i = 0;
-    if (l & 1) {
-	p[0] = pos(str[0]);
-	str++;
-	p++;
-    }
-    for (i = 0; i < l / 2; i++)
-	p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]);
-    return i + (l & 1);
-}
diff --git a/crypto/heimdal/lib/roken/hex.h b/crypto/heimdal/lib/roken/hex.h
deleted file mode 100644
index 4c4b850..0000000
--- a/crypto/heimdal/lib/roken/hex.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef _rk_HEX_H_
-#define _rk_HEX_H_ 1
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#define hex_encode rk_hex_encode
-#define hex_decode rk_hex_decode
-
-ssize_t	ROKEN_LIB_FUNCTION
-	hex_encode(const void *, size_t, char **);
-ssize_t ROKEN_LIB_FUNCTION
-	hex_decode(const char *, void *, size_t);
-
-#endif /* _rk_HEX_H_ */
diff --git a/crypto/heimdal/lib/roken/hostent_find_fqdn.c b/crypto/heimdal/lib/roken/hostent_find_fqdn.c
deleted file mode 100644
index 299ed6d3..0000000
--- a/crypto/heimdal/lib/roken/hostent_find_fqdn.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to find a fqdn (with `.') in he if possible, else return h_name
- */
-
-const char * ROKEN_LIB_FUNCTION
-hostent_find_fqdn (const struct hostent *he)
-{
-    const char *ret = he->h_name;
-    const char **h;
-
-    if (strchr (ret, '.') == NULL)
-	for (h = (const char **)he->h_aliases; *h != NULL; ++h) {
-	    if (strchr (*h, '.') != NULL) {
-		ret = *h;
-		break;
-	    }
-	}
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/hstrerror.c b/crypto/heimdal/lib/roken/hstrerror.c
deleted file mode 100644
index 32dab23..0000000
--- a/crypto/heimdal/lib/roken/hstrerror.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hstrerror.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifndef HAVE_HSTRERROR
-
-#if (defined(SunOS) && (SunOS >= 50))
-#define hstrerror broken_proto
-#endif
-#include "roken.h"
-#if (defined(SunOS) && (SunOS >= 50))
-#undef hstrerror
-#endif
-
-#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
-static const char *const h_errlist[] = {
-    "Resolver Error 0 (no error)",
-    "Unknown host",		/* 1 HOST_NOT_FOUND */
-    "Host name lookup failure",	/* 2 TRY_AGAIN */
-    "Unknown server error",	/* 3 NO_RECOVERY */
-    "No address associated with name", /* 4 NO_ADDRESS */
-};
-
-static
-const
-int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
-#else
-
-#if !HAVE_DECL_H_ERRLIST
-extern const char *h_errlist[];
-extern int h_nerr;
-#endif
-
-#endif
-
-const char * ROKEN_LIB_FUNCTION
-hstrerror(int herr)
-{
-    if (0 <= herr && herr < h_nerr)
-	return h_errlist[herr];
-    else if(herr == -17)
-	return "unknown error";
-    else
-	return "Error number out of range (hstrerror)";
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ifaddrs.hin b/crypto/heimdal/lib/roken/ifaddrs.hin
deleted file mode 100644
index 0951c8c..0000000
--- a/crypto/heimdal/lib/roken/ifaddrs.hin
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ifaddrs.hin 19309 2006-12-11 18:58:15Z lha $ */
-
-#ifndef __ifaddrs_h__
-#define __ifaddrs_h__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * the interface is defined in terms of the fields below, and this is
- * sometimes #define'd, so there seems to be no simple way of solving
- * this and this seemed the best. */
-
-#undef ifa_dstaddr
-
-struct ifaddrs {
-    struct ifaddrs *ifa_next;
-    char *ifa_name;
-    unsigned int ifa_flags;
-    struct sockaddr *ifa_addr;
-    struct sockaddr *ifa_netmask;
-    struct sockaddr *ifa_dstaddr;
-    void *ifa_data;
-};
-
-#ifndef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#endif
-
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs**);
-
-void ROKEN_LIB_FUNCTION
-rk_freeifaddrs(struct ifaddrs*);
-
-#define getifaddrs(a) rk_getifaddrs(a)
-#define freeifaddrs(a) rk_freeifaddrs(a)
-
-#endif /* __ifaddrs_h__ */
diff --git a/crypto/heimdal/lib/roken/inet_aton.c b/crypto/heimdal/lib/roken/inet_aton.c
deleted file mode 100644
index 3010935..0000000
--- a/crypto/heimdal/lib/roken/inet_aton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/* Minimal implementation of inet_aton.
- * Cannot distinguish between failure and a local broadcast address. */
-
-int ROKEN_LIB_FUNCTION
-inet_aton(const char *cp, struct in_addr *addr)
-{
-  addr->s_addr = inet_addr(cp);
-  return (addr->s_addr == INADDR_NONE) ? 0 : 1;
-}
diff --git a/crypto/heimdal/lib/roken/inet_ntop.c b/crypto/heimdal/lib/roken/inet_ntop.c
deleted file mode 100644
index 7433c37..0000000
--- a/crypto/heimdal/lib/roken/inet_ntop.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- *
- */
-
-static const char *
-inet_ntop_v4 (const void *src, char *dst, size_t size)
-{
-    const char digits[] = "0123456789";
-    int i;
-    struct in_addr *addr = (struct in_addr *)src;
-    u_long a = ntohl(addr->s_addr);
-    const char *orig_dst = dst;
-
-    if (size < INET_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 4; ++i) {
-	int n = (a >> (24 - i * 8)) & 0xFF;
-	int non_zerop = 0;
-
-	if (non_zerop || n / 100 > 0) {
-	    *dst++ = digits[n / 100];
-	    n %= 100;
-	    non_zerop = 1;
-	}
-	if (non_zerop || n / 10 > 0) {
-	    *dst++ = digits[n / 10];
-	    n %= 10;
-	    non_zerop = 1;
-	}
-	*dst++ = digits[n];
-	if (i != 3)
-	    *dst++ = '.';
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-
-#ifdef HAVE_IPV6
-static const char *
-inet_ntop_v6 (const void *src, char *dst, size_t size)
-{
-    const char xdigits[] = "0123456789abcdef";
-    int i;
-    const struct in6_addr *addr = (struct in6_addr *)src;
-    const u_char *ptr = addr->s6_addr;
-    const char *orig_dst = dst;
-
-    if (size < INET6_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 8; ++i) {
-	int non_zerop = 0;
-
-	if (non_zerop || (ptr[0] >> 4)) {
-	    *dst++ = xdigits[ptr[0] >> 4];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[0] & 0x0F)) {
-	    *dst++ = xdigits[ptr[0] & 0x0F];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[1] >> 4)) {
-	    *dst++ = xdigits[ptr[1] >> 4];
-	    non_zerop = 1;
-	}
-	*dst++ = xdigits[ptr[1] & 0x0F];
-	if (i != 7)
-	    *dst++ = ':';
-	ptr += 2;
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-#endif /* HAVE_IPV6 */
-
-const char * ROKEN_LIB_FUNCTION
-inet_ntop(int af, const void *src, char *dst, size_t size)
-{
-    switch (af) {
-    case AF_INET :
-	return inet_ntop_v4 (src, dst, size);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return inet_ntop_v6 (src, dst, size);
-#endif
-    default :
-	errno = EAFNOSUPPORT;
-	return NULL;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/inet_pton.c b/crypto/heimdal/lib/roken/inet_pton.c
deleted file mode 100644
index 390233a..0000000
--- a/crypto/heimdal/lib/roken/inet_pton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-inet_pton(int af, const char *src, void *dst)
-{
-    if (af != AF_INET) {
-	errno = EAFNOSUPPORT;
-	return -1;
-    }
-    return inet_aton (src, dst);
-}
diff --git a/crypto/heimdal/lib/roken/initgroups.c b/crypto/heimdal/lib/roken/initgroups.c
deleted file mode 100644
index f326e5f..0000000
--- a/crypto/heimdal/lib/roken/initgroups.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: initgroups.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-initgroups(const char *name, gid_t basegid)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/innetgr.c b/crypto/heimdal/lib/roken/innetgr.c
deleted file mode 100644
index 598bad2..0000000
--- a/crypto/heimdal/lib/roken/innetgr.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_INNETGR
-
-RCSID("$Id: innetgr.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-innetgr(const char *netgroup, const char *machine, 
-	const char *user, const char *domain)
-{
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/roken/install-sh b/crypto/heimdal/lib/roken/install-sh
deleted file mode 100755
index e9de238..0000000
--- a/crypto/heimdal/lib/roken/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	true
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-		chmodcmd=""
-	else
-		instcmd=mkdir
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		true
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/iruserok.c b/crypto/heimdal/lib/roken/iruserok.c
deleted file mode 100644
index ca93e1c..0000000
--- a/crypto/heimdal/lib/roken/iruserok.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1983, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: iruserok.c 17879 2006-08-08 21:50:40Z lha $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
-
-#include "roken.h"
-
-int     __check_rhosts_file = 1;
-char    *__rcmd_errstr = 0;
-
-/*
- * Returns "true" if match, 0 if no match.
- */
-static
-int
-__icheckhost(unsigned raddr, const char *lhost)
-{
-	struct hostent *hp;
-	u_long laddr;
-	char **pp;
-
-	/* Try for raw ip address first. */
-	if (isdigit((unsigned char)*lhost)
-	    && (long)(laddr = inet_addr(lhost)) != -1)
-		return (raddr == laddr);
-
-	/* Better be a hostname. */
-	if ((hp = gethostbyname(lhost)) == NULL)
-		return (0);
-
-	/* Spin through ip addresses. */
-	for (pp = hp->h_addr_list; *pp; ++pp)
-	        if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
-			return (1);
-
-	/* No match. */
-	return (0);
-}
-
-/*
- * Returns 0 if ok, -1 if not ok.
- */
-static
-int
-__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
-	     const char *ruser)
-{
-	char *user, *p;
-	int ch;
-	char buf[MaxHostNameLen + 128];		/* host + login */
-	char hname[MaxHostNameLen];
-	struct hostent *hp;
-	/* Presumed guilty until proven innocent. */
-	int userok = 0, hostok = 0;
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-	char *ypdomain;
-
-	if (yp_get_default_domain(&ypdomain))
-		ypdomain = NULL;
-#else
-#define	ypdomain NULL
-#endif
-	/* We need to get the damn hostname back for netgroup matching. */
-	if ((hp = gethostbyaddr((char *)&raddr,
-				sizeof(u_long),
-				AF_INET)) == NULL)
-		return (-1);
-	strlcpy(hname, hp->h_name, sizeof(hname));
-
-	while (fgets(buf, sizeof(buf), hostf)) {
-		p = buf;
-		/* Skip lines that are too long. */
-		if (strchr(p, '\n') == NULL) {
-			while ((ch = getc(hostf)) != '\n' && ch != EOF);
-			continue;
-		}
-		if (*p == '\n' || *p == '#') {
-			/* comment... */
-			continue;
-		}
-		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
-		        if (isupper((unsigned char)*p))
-			    *p = tolower((unsigned char)*p);
-			p++;
-		}
-		if (*p == ' ' || *p == '\t') {
-			*p++ = '\0';
-			while (*p == ' ' || *p == '\t')
-				p++;
-			user = p;
-			while (*p != '\n' && *p != ' ' &&
-			    *p != '\t' && *p != '\0')
-				p++;
-		} else
-			user = p;
-		*p = '\0';
-		/*
-		 * Do +/- and +@/-@ checking. This looks really nasty,
-		 * but it matches SunOS's behavior so far as I can tell.
-		 */
-		switch(buf[0]) {
-		case '+':
-			if (!buf[1]) {     /* '+' matches all hosts */
-				hostok = 1;
-				break;
-			}
-			if (buf[1] == '@')  /* match a host by netgroup */
-				hostok = innetgr((char *)&buf[2],
-					(char *)&hname, NULL, ypdomain);
-			else		/* match a host by addr */
-				hostok = __icheckhost(raddr,(char *)&buf[1]);
-			break;
-		case '-':     /* reject '-' hosts and all their users */
-			if (buf[1] == '@') {
-				if (innetgr((char *)&buf[2],
-					      (char *)&hname, NULL, ypdomain))
-					return(-1);
-			} else {
-				if (__icheckhost(raddr,(char *)&buf[1]))
-					return(-1);
-			}
-			break;
-		default:  /* if no '+' or '-', do a simple match */
-			hostok = __icheckhost(raddr, buf);
-			break;
-		}
-		switch(*user) {
-		case '+':
-			if (!*(user+1)) {      /* '+' matches all users */
-				userok = 1;
-				break;
-			}
-			if (*(user+1) == '@')  /* match a user by netgroup */
-				userok = innetgr(user+2, NULL, (char *)ruser,
-						 ypdomain);
-			else	   /* match a user by direct specification */
-				userok = !(strcmp(ruser, user+1));
-			break;
-		case '-': 		/* if we matched a hostname, */
-			if (hostok) {   /* check for user field rejections */
-				if (!*(user+1))
-					return(-1);
-				if (*(user+1) == '@') {
-					if (innetgr(user+2, NULL,
-						    (char *)ruser, ypdomain))
-						return(-1);
-				} else {
-					if (!strcmp(ruser, user+1))
-						return(-1);
-				}
-			}
-			break;
-		default:	/* no rejections: try to match the user */
-			if (hostok)
-				userok = !(strcmp(ruser,*user ? user : luser));
-			break;
-		}
-		if (hostok && userok)
-			return(0);
-	}
-	return (-1);
-}
-
-/*
- * New .rhosts strategy: We are passed an ip address. We spin through
- * hosts.equiv and .rhosts looking for a match. When the .rhosts only
- * has ip addresses, we don't have to trust a nameserver.  When it
- * contains hostnames, we spin through the list of addresses the nameserver
- * gives us and look for a match.
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int ROKEN_LIB_FUNCTION
-iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
-{
-	char *cp;
-	struct stat sbuf;
-	struct passwd *pwd;
-	FILE *hostf;
-	uid_t uid;
-	int first;
-	char pbuf[MaxPathLen];
-
-	first = 1;
-	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
-again:
-	if (hostf) {
-		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
-			fclose(hostf);
-			return (0);
-		}
-		fclose(hostf);
-	}
-	if (first == 1 && (__check_rhosts_file || superuser)) {
-		first = 0;
-		if ((pwd = k_getpwnam((char*)luser)) == NULL)
-			return (-1);
-		snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
-
-		/*
-		 * Change effective uid while opening .rhosts.  If root and
-		 * reading an NFS mounted file system, can't read files that
-		 * are protected read/write owner only.
-		 */
-		uid = geteuid();
-		if (seteuid(pwd->pw_uid) < 0)
-			return (-1);
-		hostf = fopen(pbuf, "r");
-		seteuid(uid);
-
-		if (hostf == NULL)
-			return (-1);
-		/*
-		 * If not a regular file, or is owned by someone other than
-		 * user or root or if writeable by anyone but the owner, quit.
-		 */
-		cp = NULL;
-		if (lstat(pbuf, &sbuf) < 0)
-			cp = ".rhosts lstat failed";
-		else if (!S_ISREG(sbuf.st_mode))
-			cp = ".rhosts not regular file";
-		else if (fstat(fileno(hostf), &sbuf) < 0)
-			cp = ".rhosts fstat failed";
-		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
-			cp = "bad .rhosts owner";
-		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
-			cp = ".rhosts writeable by other than owner";
-		/* If there were any problems, quit. */
-		if (cp) {
-			__rcmd_errstr = cp;
-			fclose(hostf);
-			return (-1);
-		}
-		goto again;
-	}
-	return (-1);
-}
diff --git a/crypto/heimdal/lib/roken/issuid.c b/crypto/heimdal/lib/roken/issuid.c
deleted file mode 100644
index 46bde77..0000000
--- a/crypto/heimdal/lib/roken/issuid.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-issuid(void)
-{
-#if defined(HAVE_ISSETUGID)
-    return issetugid();
-#else /* !HAVE_ISSETUGID */
-
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-    if(getuid() != geteuid())
-	return 1;
-#endif
-#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
-    if(getgid() != getegid())
-	return 2;
-#endif
-
-    return 0;
-#endif /* HAVE_ISSETUGID */
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwnam.c b/crypto/heimdal/lib/roken/k_getpwnam.c
deleted file mode 100644
index 81eba28..0000000
--- a/crypto/heimdal/lib/roken/k_getpwnam.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwnam.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd * ROKEN_LIB_FUNCTION
-k_getpwnam (const char *user)
-{
-     struct passwd *p;
-
-     p = getpwnam (user);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if(p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (user);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwuid.c b/crypto/heimdal/lib/roken/k_getpwuid.c
deleted file mode 100644
index 7fe03b9..0000000
--- a/crypto/heimdal/lib/roken/k_getpwuid.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwuid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd * ROKEN_LIB_FUNCTION
-k_getpwuid (uid_t uid)
-{
-     struct passwd *p;
-
-     p = getpwuid (uid);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if (p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (p->pw_name);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/localtime_r.c b/crypto/heimdal/lib/roken/localtime_r.c
deleted file mode 100644
index ad515c14..0000000
--- a/crypto/heimdal/lib/roken/localtime_r.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: localtime_r.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include "roken.h"
-
-#ifndef HAVE_LOCALTIME_R
-
-struct tm * ROKEN_LIB_FUNCTION
-localtime_r(const time_t *timer, struct tm *result)
-{
-    struct tm *tm;
-    
-    tm = localtime((time_t *)timer);
-    if (tm == NULL)
-	return NULL;
-    *result = *tm;
-    return result;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/lstat.c b/crypto/heimdal/lib/roken/lstat.c
deleted file mode 100644
index 9357e12..0000000
--- a/crypto/heimdal/lib/roken/lstat.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: lstat.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-lstat(const char *path, struct stat *buf)
-{
-  return stat(path, buf);
-}
diff --git a/crypto/heimdal/lib/roken/memmove.c b/crypto/heimdal/lib/roken/memmove.c
deleted file mode 100644
index 5f78ac2..0000000
--- a/crypto/heimdal/lib/roken/memmove.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: memmove.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-/* 
- * memmove for systems that doesn't have it 
- */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-void* ROKEN_LIB_FUNCTION
-memmove(void *s1, const void *s2, size_t n)
-{
-  char *s=(char*)s2, *d=(char*)s1;
-
-  if(d > s){
-    s+=n-1;
-    d+=n-1;
-    while(n){
-      *d--=*s--;
-      n--;
-    }
-  }else if(d < s)
-    while(n){
-      *d++=*s++;
-      n--;
-    }
-  return s1;
-}
diff --git a/crypto/heimdal/lib/roken/mini_inetd.c b/crypto/heimdal/lib/roken/mini_inetd.c
deleted file mode 100644
index 9eb114d..0000000
--- a/crypto/heimdal/lib/roken/mini_inetd.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: mini_inetd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <err.h>
-#include "roken.h"
-
-/*
- * accept a connection on `s' and pretend it's served by inetd.
- */
-
-static void
-accept_it (int s)
-{
-    int s2;
-
-    s2 = accept(s, NULL, NULL);
-    if(s2 < 0)
-	err (1, "accept");
-    close(s);
-    dup2(s2, STDIN_FILENO);
-    dup2(s2, STDOUT_FILENO);
-    /* dup2(s2, STDERR_FILENO); */
-    close(s2);
-}
-
-/*
- * Listen on a specified port, emulating inetd.
- */
-
-void ROKEN_LIB_FUNCTION
-mini_inetd_addrinfo (struct addrinfo *ai)
-{
-    int ret;
-    struct addrinfo *a;
-    int n, nalloc, i;
-    int *fds;
-    fd_set orig_read_set, read_set;
-    int max_fd = -1;
-
-    for (nalloc = 0, a = ai; a != NULL; a = a->ai_next)
-	++nalloc;
-
-    fds = malloc (nalloc * sizeof(*fds));
-    if (fds == NULL)
-	errx (1, "mini_inetd: out of memory");
-
-    FD_ZERO(&orig_read_set);
-
-    for (i = 0, a = ai; a != NULL; a = a->ai_next) {
-	fds[i] = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (fds[i] < 0) {
-	    warn ("socket af = %d", a->ai_family);
-	    continue;
-	}
-	socket_set_reuseaddr (fds[i], 1);
-	if (bind (fds[i], a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("bind af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (listen (fds[i], SOMAXCONN) < 0) {
-	    warn ("listen af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (fds[i] >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(fds[i], &orig_read_set);
-	max_fd = max(max_fd, fds[i]);
-	++i;
-    }
-    if (i == 0)
-	errx (1, "no sockets");
-    n = i;
-
-    do {
-	read_set = orig_read_set;
-
-	ret = select (max_fd + 1, &read_set, NULL, NULL, NULL);
-	if (ret < 0 && errno != EINTR)
-	    err (1, "select");
-    } while (ret <= 0);
-
-    for (i = 0; i < n; ++i)
-	if (FD_ISSET (fds[i], &read_set)) {
-	    accept_it (fds[i]);
-	    return;
-	}
-    abort ();
-}
-
-void ROKEN_LIB_FUNCTION
-mini_inetd (int port)
-{
-    int error;
-    struct addrinfo *ai, hints;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = AI_PASSIVE;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_family   = PF_UNSPEC;
-
-    snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
-
-    error = getaddrinfo (NULL, portstr, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo: %s", gai_strerror (error));
-
-    mini_inetd_addrinfo(ai);
-    
-    freeaddrinfo(ai);
-}
diff --git a/crypto/heimdal/lib/roken/missing b/crypto/heimdal/lib/roken/missing
deleted file mode 100755
index 7789652..0000000
--- a/crypto/heimdal/lib/roken/missing
+++ /dev/null
@@ -1,190 +0,0 @@
-#! /bin/sh
-# Common stub for a few missing GNU programs while installing.
-# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
-# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
-  exit 1
-fi
-
-case "$1" in
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-
-Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]"
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing - GNU libit 0.0"
-    ;;
-
-  -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
-    exit 1
-    ;;
-
-  aclocal)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acinclude.m4' or \`configure.in'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`configure.in'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acconfig.h' or \`configure.in'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case "$f" in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  bison|yacc)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f y.tab.h ]; then
-	echo >y.tab.h
-    fi
-    if [ ! -f y.tab.c ]; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex|flex)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f lex.yy.c ]; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  makeinfo)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
-    if test -z "$file"; then
-      file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
-    fi
-    touch $file
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and you do not seem to have it handy on your
-         system.  You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequirements for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
-    ;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/mkinstalldirs b/crypto/heimdal/lib/roken/mkinstalldirs
deleted file mode 100755
index 6b3b5fc..0000000
--- a/crypto/heimdal/lib/roken/mkinstalldirs
+++ /dev/null
@@ -1,40 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-# Author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain
-
-# $Id$
-
-errstatus=0
-
-for file
-do
-   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
-   shift
-
-   pathcomp=
-   for d
-   do
-     pathcomp="$pathcomp$d"
-     case "$pathcomp" in
-       -* ) pathcomp=./$pathcomp ;;
-     esac
-
-     if test ! -d "$pathcomp"; then
-        echo "mkdir $pathcomp"
-
-        mkdir "$pathcomp" || lasterr=$?
-
-        if test ! -d "$pathcomp"; then
-  	  errstatus=$lasterr
-        fi
-     fi
-
-     pathcomp="$pathcomp/"
-   done
-done
-
-exit $errstatus
-
-# mkinstalldirs ends here
diff --git a/crypto/heimdal/lib/roken/mkstemp.c b/crypto/heimdal/lib/roken/mkstemp.c
deleted file mode 100644
index ccb2e700..0000000
--- a/crypto/heimdal/lib/roken/mkstemp.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <errno.h>
-
-RCSID("$Id: mkstemp.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_MKSTEMP
-
-int ROKEN_LIB_FUNCTION
-mkstemp(char *template)
-{
-    int start, i;
-    pid_t val;
-    val = getpid();
-    start = strlen(template) - 1;
-    while(template[start] == 'X') {
-	template[start] = '0' + val % 10;
-	val /= 10;
-	start--;
-    }
-    
-    do{
-	int fd;
-	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
-	if(fd >= 0 || errno != EEXIST)
-	    return fd;
-	i = start + 1;
-	do{
-	    if(template[i] == 0)
-		return -1;
-	    template[i]++;
-	    if(template[i] == '9' + 1)
-		template[i] = 'a';
-	    if(template[i] <= 'z')
-		break;
-	    template[i] = 'a';
-	    i++;
-	}while(1);
-    }while(1);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.c b/crypto/heimdal/lib/roken/ndbm_wrap.c
deleted file mode 100644
index 8bc5d93..0000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ndbm_wrap.c 21634 2007-07-17 11:30:36Z lha $");
-#endif
-
-#include "ndbm_wrap.h"
-#if defined(HAVE_DB4_DB_H)
-#include <db4/db.h>
-#elif defined(HAVE_DB3_DB_H)
-#include <db3/db.h>
-#else
-#include <db.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <fcntl.h>
-
-/* XXX undefine open so this works on Solaris with large file support */
-#undef open
-
-#define DBT2DATUM(DBT, DATUM) do { (DATUM)->dptr = (DBT)->data; (DATUM)->dsize = (DBT)->size; } while(0)
-#define DATUM2DBT(DATUM, DBT) do { (DBT)->data = (DATUM)->dptr; (DBT)->size = (DATUM)->dsize; } while(0)
-#define RETURN(X) return ((X) == 0) ? 0 : -1
-
-#ifdef HAVE_DB3
-static DBC *cursor;
-#endif
-
-#define D(X) ((DB*)(X))
-
-void ROKEN_LIB_FUNCTION
-dbm_close (DBM *db)
-{
-#ifdef HAVE_DB3
-    D(db)->close(D(db), 0);
-    cursor = NULL;
-#else
-    D(db)->close(D(db));
-#endif
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_delete (DBM *db, datum dkey)
-{
-    DBT key;
-    DATUM2DBT(&dkey, &key);
-#ifdef HAVE_DB3
-    RETURN(D(db)->del(D(db), NULL, &key, 0));
-#else
-    RETURN(D(db)->del(D(db), &key, 0));
-#endif
-}
-
-datum
-dbm_fetch (DBM *db, datum dkey)
-{
-    datum dvalue;
-    DBT key, value;
-    DATUM2DBT(&dkey, &key);
-    if(D(db)->get(D(db), 
-#ifdef HAVE_DB3
-	       NULL, 
-#endif
-	       &key, &value, 0) != 0) {
-	dvalue.dptr = NULL;
-	dvalue.dsize = 0;
-    }
-    else
-	DBT2DATUM(&value, &dvalue);
-
-    return dvalue;
-}
-
-static datum
-dbm_get (DB *db, int flags)
-{
-    DBT key, value;
-    datum datum;
-#ifdef HAVE_DB3
-    if(cursor == NULL) 
-	db->cursor(db, NULL, &cursor, 0);
-    if(cursor->c_get(cursor, &key, &value, flags) != 0) {
-	datum.dptr = NULL;
-	datum.dsize = 0;
-    } else 
-	DBT2DATUM(&value, &datum);
-#else
-    db->seq(db, &key, &value, flags);
-#endif
-    return datum;
-}
-
-#ifndef DB_FIRST
-#define DB_FIRST	R_FIRST
-#define DB_NEXT		R_NEXT
-#define DB_NOOVERWRITE	R_NOOVERWRITE
-#define DB_KEYEXIST	1
-#endif
-
-datum ROKEN_LIB_FUNCTION
-dbm_firstkey (DBM *db)
-{
-    return dbm_get(D(db), DB_FIRST);
-}
-
-datum ROKEN_LIB_FUNCTION
-dbm_nextkey (DBM *db)
-{
-    return dbm_get(D(db), DB_NEXT);
-}
-
-DBM* ROKEN_LIB_FUNCTION
-dbm_open (const char *file, int flags, mode_t mode)
-{
-    DB *db;
-    int myflags = 0;
-    char *fn = malloc(strlen(file) + 4);
-    if(fn == NULL)
-	return NULL;
-    strcpy(fn, file);
-    strcat(fn, ".db");
-#ifdef HAVE_DB3
-    if (flags & O_CREAT)
-	myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-	myflags |= DB_EXCL;
-
-    if (flags & O_RDONLY)
-	myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-	myflags |= DB_TRUNCATE;
-    if(db_create(&db, NULL, 0) != 0) {
-	free(fn);
-	return NULL;
-    }
-
-#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
-    if(db->open(db, NULL, fn, NULL, DB_BTREE, myflags, mode) != 0) {
-#else
-    if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) {
-#endif
-	free(fn);
-	db->close(db, 0);
-	return NULL;
-    }
-#else
-    db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-#endif
-    free(fn);
-    return (DBM*)db;
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_store (DBM *db, datum dkey, datum dvalue, int flags)
-{
-    int ret;
-    DBT key, value;
-    int myflags = 0;
-    if((flags & DBM_REPLACE) == 0)
-	myflags |= DB_NOOVERWRITE;
-    DATUM2DBT(&dkey, &key);
-    DATUM2DBT(&dvalue, &value);    
-    ret = D(db)->put(D(db), 
-#ifdef HAVE_DB3
-		     NULL, 
-#endif
-&key, &value, myflags);
-    if(ret == DB_KEYEXIST)
-	return 1;
-    RETURN(ret);
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_error (DBM *db)
-{
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_clearerr (DBM *db)
-{
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.h b/crypto/heimdal/lib/roken/ndbm_wrap.h
deleted file mode 100644
index 4149402..0000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ndbm_wrap.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __ndbm_wrap_h__
-#define __ndbm_wrap_h__
-
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifndef dbm_rename
-#define dbm_rename(X)	__roken_ ## X
-#endif
-
-#define dbm_open	dbm_rename(dbm_open)
-#define dbm_close	dbm_rename(dbm_close)
-#define dbm_delete	dbm_rename(dbm_delete)
-#define dbm_fetch	dbm_rename(dbm_fetch)
-#define dbm_get		dbm_rename(dbm_get)
-#define dbm_firstkey	dbm_rename(dbm_firstkey)
-#define dbm_nextkey	dbm_rename(dbm_nextkey)
-#define dbm_store	dbm_rename(dbm_store)
-#define dbm_error	dbm_rename(dbm_error)
-#define dbm_clearerr	dbm_rename(dbm_clearerr)
-
-#define datum		dbm_rename(datum)
-
-typedef struct {
-    void *dptr;
-    size_t dsize;
-} datum;
-
-#define DBM_REPLACE 1
-typedef struct DBM DBM;
-
-#if 0
-typedef struct {
-    int dummy;
-} DBM;
-#endif
-
-int ROKEN_LIB_FUNCTION dbm_clearerr (DBM*);
-void ROKEN_LIB_FUNCTION dbm_close (DBM*);
-int ROKEN_LIB_FUNCTION dbm_delete (DBM*, datum);
-int ROKEN_LIB_FUNCTION dbm_error (DBM*);
-datum ROKEN_LIB_FUNCTION dbm_fetch (DBM*, datum);
-datum ROKEN_LIB_FUNCTION dbm_firstkey (DBM*);
-datum ROKEN_LIB_FUNCTION dbm_nextkey (DBM*);
-DBM* ROKEN_LIB_FUNCTION dbm_open (const char*, int, mode_t);
-int ROKEN_LIB_FUNCTION dbm_store (DBM*, datum, datum, int);
-
-#endif /* __ndbm_wrap_h__ */
diff --git a/crypto/heimdal/lib/roken/net_read.c b/crypto/heimdal/lib/roken/net_read.c
deleted file mode 100644
index effc001..0000000
--- a/crypto/heimdal/lib/roken/net_read.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "roken.h"
-
-/*
- * Like read but never return partial data.
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-net_read (int fd, void *buf, size_t nbytes)
-{
-    char *cbuf = (char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = recv (fd, cbuf, rem, 0);
-#else
-	count = read (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	} else if (count == 0) {
-	    return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/net_write.c b/crypto/heimdal/lib/roken/net_write.c
deleted file mode 100644
index a68317f..0000000
--- a/crypto/heimdal/lib/roken/net_write.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "roken.h"
-
-/*
- * Like write but never return partial data.
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-net_write (int fd, const void *buf, size_t nbytes)
-{
-    const char *cbuf = (const char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = send (fd, cbuf, rem, 0);
-#else
-	count = write (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes-test.c b/crypto/heimdal/lib/roken/parse_bytes-test.c
deleted file mode 100644
index 5e55b30..0000000
--- a/crypto/heimdal/lib/roken/parse_bytes-test.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes-test.c 10655 2001-09-04 09:56:00Z assar $");
-#endif
-
-#include "roken.h"
-#include "parse_bytes.h"
-
-static struct testcase {
-    int canonicalp;
-    int val;
-    const char *def_unit;
-    const char *str;
-} tests[] = {
-    {0, 0, NULL, "0 bytes"},
-    {1, 0, NULL, "0"},
-    {0, 1, NULL, "1"},
-    {1, 1, NULL, "1 byte"},
-    {0, 0, "kilobyte", "0"},
-    {0, 1024, "kilobyte", "1"},
-    {1, 1024, "kilobyte", "1 kilobyte"},
-    {1, 1024 * 1024, NULL, "1 megabyte"},
-    {0, 1025, NULL, "1 kilobyte 1"},
-    {1, 1025, NULL, "1 kilobyte 1 byte"},
-};
-
-int
-main(int argc, char **argv)
-{
-    int i;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	char buf[256];
-	int val = parse_bytes (tests[i].str, tests[i].def_unit);
-	int len;
-
-	if (val != tests[i].val) {
-	    printf ("parse_bytes (%s, %s) = %d != %d\n",
-		    tests[i].str,
-		    tests[i].def_unit ? tests[i].def_unit : "none",
-		    val, tests[i].val);
-	    ++ret;
-	}
-	if (tests[i].canonicalp) {
-	    len = unparse_bytes (tests[i].val, buf, sizeof(buf));
-	    if (strcmp (tests[i].str, buf) != 0) {
-		printf ("unparse_bytes (%d) = \"%s\" != \"%s\"\n",
-			tests[i].val, buf, tests[i].str);
-		++ret;
-	    }
-	}    
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c
deleted file mode 100644
index 4ab02b4..0000000
--- a/crypto/heimdal/lib/roken/parse_bytes.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <parse_units.h>
-#include "parse_bytes.h"
-
-static struct units bytes_units[] = {
-    { "gigabyte", 1024 * 1024 * 1024 },
-    { "gbyte", 1024 * 1024 * 1024 },
-    { "GB", 1024 * 1024 * 1024 },
-    { "megabyte", 1024 * 1024 },
-    { "mbyte", 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "kilobyte", 1024 },
-    { "KB", 1024 },
-    { "byte", 1 },
-    { NULL, 0 }
-};
-
-static struct units bytes_short_units[] = {
-    { "GB", 1024 * 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "KB", 1024 },
-    { NULL, 0 }
-};
-
-int ROKEN_LIB_FUNCTION
-parse_bytes (const char *s, const char *def_unit)
-{
-    return parse_units (s, bytes_units, def_unit);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes (int t, char *s, size_t len)
-{
-    return unparse_units (t, bytes_units, s, len);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes_short (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, bytes_short_units, s, len);
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.h b/crypto/heimdal/lib/roken/parse_bytes.h
deleted file mode 100644
index 1998f70..0000000
--- a/crypto/heimdal/lib/roken/parse_bytes.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */
-
-#ifndef __PARSE_BYTES_H__
-#define __PARSE_BYTES_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-parse_bytes (const char *s, const char *def_unit);
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes (int t, char *s, size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes_short (int t, char *s, size_t len);
-
-#endif /* __PARSE_BYTES_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c
deleted file mode 100644
index f6342ef..0000000
--- a/crypto/heimdal/lib/roken/parse_reply-test.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_reply-test.c 15287 2005-05-29 21:21:12Z lha $");
-#endif
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <fcntl.h>
-
-#include "roken.h"
-#include "resolve.h"
-
-struct dns_reply*
-parse_reply(const unsigned char *, size_t);
-
-enum { MAX_BUF = 36};
-
-static struct testcase {
-    unsigned char buf[MAX_BUF];
-    size_t buf_len;
-} tests[] = {
-    {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-      0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36}
-};
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-static sig_atomic_t val = 0;
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    val = 1;
-}
-
-int
-main(int argc, char **argv)
-{
-#ifndef HAVE_MMAP
-    return 77;			/* signal to automake that this test
-                                   cannot be run */
-#else /* HAVE_MMAP */
-    int ret;
-    int i;
-    struct sigaction sa;
-
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = segv_handler;
-    sigaction (SIGSEGV, &sa, NULL);
-
-    for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	const struct testcase *t = &tests[i];
-	unsigned char *p1, *p2;
-	int flags;
-	int fd;
-	size_t pagesize = getpagesize();
-	unsigned char *buf;
-
-#ifdef MAP_ANON
-	flags = MAP_ANON;
-	fd = -1;
-#else
-	flags = 0;
-	fd = open ("/dev/zero", O_RDONLY);
-	if(fd < 0)
-	    err (1, "open /dev/zero");
-#endif
-	flags |= MAP_PRIVATE;
-
-	p1 = (unsigned char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE,
-		  flags, fd, 0);
-	if (p1 == (unsigned char *)MAP_FAILED)
-	    err (1, "mmap");
-	p2 = p1 + pagesize;
-	ret = mprotect ((void *)p2, pagesize, 0);
-	if (ret < 0)
-	    err (1, "mprotect");
-	buf = p2 - t->buf_len;
-	memcpy (buf, t->buf, t->buf_len);
-	parse_reply (buf, t->buf_len);
-	ret = munmap ((void *)p1, 2 * pagesize);
-	if (ret < 0)
-	    err (1, "munmap");
-    }
-    return val;
-#endif /* HAVE_MMAP */
-}
diff --git a/crypto/heimdal/lib/roken/parse_time-test.c b/crypto/heimdal/lib/roken/parse_time-test.c
deleted file mode 100644
index 0ce7063..0000000
--- a/crypto/heimdal/lib/roken/parse_time-test.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_time-test.c 15028 2005-04-30 14:48:29Z lha $");
-#endif
-
-#include "roken.h"
-#include "parse_time.h"
-#include "test-mem.h"
-#include "err.h"
-
-static struct testcase {
-    size_t size;
-    time_t val;
-    char *str;
-} tests[] = {
-    { 8, 1,		"1 second" },
-    { 17, 61,		"1 minute 1 second" },
-    { 18, 62,		"1 minute 2 seconds" },
-    { 8, 60,		"1 minute" },
-    { 6, 3600,	 	"1 hour" },
-    { 15, 3601,	 	"1 hour 1 second" },
-    { 16, 3602,	 	"1 hour 2 seconds" }
-};
-
-int
-main(int argc, char **argv)
-{
-    size_t sz;
-    size_t buf_sz;
-    int i, j;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	char *buf;
-
-	sz = unparse_time(tests[i].val, NULL, 0);
-	if  (sz != tests[i].size)
-	    errx(1, "sz (%lu) != tests[%d].size (%lu)",
-		 (unsigned long)sz, i, (unsigned long)tests[i].size);
-	
-	for (buf_sz = 0; buf_sz < tests[i].size + 2; buf_sz++) {
-
-	    buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
-				    NULL, buf_sz);
-	    sz = unparse_time(tests[i].val, buf, buf_sz);
-	    if (sz != tests[i].size)
-		errx(1, "sz (%lu) != tests[%d].size (%lu) with in size %lu",
-		     (unsigned long)sz, i, 
-		     (unsigned long)tests[i].size,
-		     (unsigned long)buf_sz);
-	    if (buf_sz > 0 && memcmp(buf, tests[i].str, buf_sz - 1) != 0)
-		errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
-	    if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
-		errx(1, "test %i not zero terminated", i);
-	    rk_test_mem_free("overrun");
-
-	    buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun", 
-				    NULL, tests[i].size);
-	    sz = unparse_time(tests[i].val, buf, buf_sz);
-	    if (sz != tests[i].size)
-		errx(1, "sz (%lu) != tests[%d].size (%lu) with insize %lu",
-		     (unsigned long)sz, i,
-		     (unsigned long)tests[i].size,
-		     (unsigned long)buf_sz);
-	    if (buf_sz > 0 && strncmp(buf, tests[i].str, buf_sz - 1) != 0)
-		errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
-	    if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
-		errx(1, "test %i not zero terminated", i);
-	    rk_test_mem_free("underrun");
-	}
-	buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
-				tests[i].str, tests[i].size + 1);
-	j = parse_time(buf, "s");
-	if (j != tests[i].val)
-	    errx(1, "parse_time failed for test %d", i);
-	rk_test_mem_free("overrun");
-
-	buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun",
-				tests[i].str, tests[i].size + 1);
-	j = parse_time(buf, "s");
-	if (j != tests[i].val)
-	    errx(1, "parse_time failed for test %d", i);
-	rk_test_mem_free("underrun");
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.3 b/crypto/heimdal/lib/roken/parse_time.3
deleted file mode 100644
index f7a801b..0000000
--- a/crypto/heimdal/lib/roken/parse_time.3
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" $Id: parse_time.3 14325 2004-10-30 22:34:28Z lha $
-.\"
-.Dd October 31, 2004
-.Dt PARSE_TIME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm parse_time ,
-.Nm print_time_table ,
-.Nm unparse_time ,
-.Nm unparse_time_approx ,
-.Nd parse and unparse time intervals
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.Fd #include <parse_time.h>
-.Ft int
-.Fn parse_time "const char *timespec" "const char *def_unit"
-.Ft void
-.Fn print_time_table "FILE *f"
-.Ft size_t
-.Fn unparse_time "int seconds" "char *buf" "size_t len"
-.Ft size_t
-.Fn unparse_time_approx "int seconds" "char *buf" "size_t len"
-.Sh DESCRIPTION
-The 
-.Fn parse_time
-function converts a the period of time specified in
-into a number of seconds.
-The 
-.Fa timespec
-can be any number of 
-.Aq number unit
-pairs separated by comma and whitespace. The number can be
-negative. Number without explicit units are taken as being
-.Fa def_unit .
-.Pp
-The
-.Fn unparse_time
-and
-.Fn unparse_time_approx
-does the opposite of 
-.Fn parse_time ,
-that is they take a number of seconds and express that as human
-readable string. 
-.Fa unparse_time
-produces an exact time, while 
-.Fa unparse_time_approx
-restricts the result to only include one units.
-.Pp
-.Fn print_time_table
-prints a descriptive list of available units on the passed file
-descriptor.
-.Pp
-The possible units include:
-.Bl -tag -width "month" -compact -offset indent
-.It Li second , s
-.It Li minute , m
-.It Li hour , h
-.It day
-.It week
-seven days
-.It month
-30 days
-.It year
-365 days
-.El
-.Pp
-Units names can be arbitrarily abbreviated (as long as they are
-unique).
-.Sh RETURN VALUES
-.Fn parse_time
-returns the number of seconds that represents the expression in 
-.Fa timespec
-or -1 on error.
-.Fn unparse_time
-and 
-.Fn unparse_time_approx 
-return the number of characters written to 
-.Fa buf .
-if the return value is greater than or equal to the
-.Fa len
-argument, the string was too short and some of the printed characters
-were discarded.
-.Sh EXAMPLES
-.Bd -literal
-#include <stdio.h>
-#include <parse_time.h>
-
-int
-main(int argc, char **argv)
-{
-    int i;
-    int result;
-    char buf[128];
-    print_time_table(stdout);
-    for (i = 1; i < argc; i++) {
-	result = parse_time(argv[i], "second");
-	if(result == -1) {
-	    fprintf(stderr, "%s: parse error\\n", argv[i]);
-	    continue;
-	}
-	printf("--\\n");
-	printf("parse_time = %d\\n", result);
-	unparse_time(result, buf, sizeof(buf));
-	printf("unparse_time = %s\\n", buf);
-	unparse_time_approx(result, buf, sizeof(buf));
-	printf("unparse_time_approx = %s\\n", buf);
-    }
-    return 0;
-}
-.Ed
-.Bd -literal
-$ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s"     
-1   year = 365 days
-1  month = 30 days
-1   week = 7 days
-1    day = 24 hours
-1   hour = 60 minutes
-1 minute = 60 seconds
-1 second
---
-parse_time = 90
-unparse_time = 1 minute 30 seconds
-unparse_time_approx = 1 minute
---
-parse_time = 90
-unparse_time = 1 minute 30 seconds
-unparse_time_approx = 1 minute
---
-parse_time = 31535999
-unparse_time = 12 months 4 days 23 hours 59 minutes 59 seconds
-unparse_time_approx = 12 months
-.Ed
-.Sh BUGS
-Since
-.Fn parse_time
-returns -1 on error there is no way to parse "minus one second".
-Currently "s" at the end of units is ignored. This is a hack for
-English plural forms. If these functions are ever localised, this
-scheme will have to change.
-.\".Sh SEE ALSO
-.\".Xr parse_bytes 3
-.\".Xr parse_units 3
diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c
deleted file mode 100644
index 1c39bde..0000000
--- a/crypto/heimdal/lib/roken/parse_time.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <parse_units.h>
-#include "parse_time.h"
-
-static struct units time_units[] = {
-    {"year",	365 * 24 * 60 * 60},
-    {"month",	30 * 24 * 60 * 60},
-    {"week",	7 * 24 * 60 * 60},
-    {"day",	24 * 60 * 60},
-    {"hour",	60 * 60},
-    {"h",	60 * 60},
-    {"minute",	60},
-    {"m",	60},
-    {"second",	1},
-    {"s",	1},
-    {NULL, 0},
-};
-
-int ROKEN_LIB_FUNCTION
-parse_time (const char *s, const char *def_unit)
-{
-    return parse_units (s, time_units, def_unit);
-}
-
-size_t ROKEN_LIB_FUNCTION
-unparse_time (int t, char *s, size_t len)
-{
-    return unparse_units (t, time_units, s, len);
-}
-
-size_t ROKEN_LIB_FUNCTION
-unparse_time_approx (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, time_units, s, len);
-}
-
-void ROKEN_LIB_FUNCTION
-print_time_table (FILE *f)
-{
-    print_units_table (time_units, f);
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.h b/crypto/heimdal/lib/roken/parse_time.h
deleted file mode 100644
index 4dc2da0..0000000
--- a/crypto/heimdal/lib/roken/parse_time.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __PARSE_TIME_H__
-#define __PARSE_TIME_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int
-parse_time (const char *s, const char *def_unit);
-
-size_t
-unparse_time (int t, char *s, size_t len);
-
-size_t
-unparse_time_approx (int t, char *s, size_t len);
-
-void
-print_time_table (FILE *f);
-
-#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_units.c b/crypto/heimdal/lib/roken/parse_units.c
deleted file mode 100644
index 1960bec..0000000
--- a/crypto/heimdal/lib/roken/parse_units.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "roken.h"
-#include "parse_units.h"
-
-/*
- * Parse string in `s' according to `units' and return value.
- * def_unit defines the default unit.
- */
-
-static int
-parse_something (const char *s, const struct units *units,
-		 const char *def_unit,
-		 int (*func)(int res, int val, unsigned mult),
-		 int init,
-		 int accept_no_val_p)
-{
-    const char *p;
-    int res = init;
-    unsigned def_mult = 1;
-
-    if (def_unit != NULL) {
-	const struct units *u;
-
-	for (u = units; u->name; ++u) {
-	    if (strcasecmp (u->name, def_unit) == 0) {
-		def_mult = u->mult;
-		break;
-	    }
-	}
-	if (u->name == NULL)
-	    return -1;
-    }
-
-    p = s;
-    while (*p) {
-	double val;
-	char *next;
-	const struct units *u, *partial_unit;
-	size_t u_len;
-	unsigned partial;
-	int no_val_p = 0;
-
-	while(isspace((unsigned char)*p) || *p == ',')
-	    ++p;
-
-	val = strtod (p, &next); /* strtol(p, &next, 0); */
-	if (p == next) {
-	    val = 0;
-	    if(!accept_no_val_p)
-		return -1;
-	    no_val_p = 1;
-	}
-	p = next;
-	while (isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '\0') {
-	    res = (*func)(res, val, def_mult);
-	    if (res < 0)
-		return res;
-	    break;
-	} else if (*p == '+') {
-	    ++p;
-	    val = 1;
-	} else if (*p == '-') {
-	    ++p;
-	    val = -1;
-	}
-	if (no_val_p && val == 0)
-	    val = 1;
-	u_len = strcspn (p, ", \t");
-	partial = 0;
-	partial_unit = NULL;
-	if (u_len > 1 && p[u_len - 1] == 's')
-	    --u_len;
-	for (u = units; u->name; ++u) {
-	    if (strncasecmp (p, u->name, u_len) == 0) {
-		if (u_len == strlen (u->name)) {
-		    p += u_len;
-		    res = (*func)(res, val, u->mult);
-		    if (res < 0)
-			return res;
-		    break;
-		} else {
-		    ++partial;
-		    partial_unit = u;
-		}
-	    }
-	}
-	if (u->name == NULL) {
-	    if (partial == 1) {
-		p += u_len;
-		res = (*func)(res, val, partial_unit->mult);
-		if (res < 0)
-		    return res;
-	    } else {
-		return -1;
-	    }
-	}
-	if (*p == 's')
-	    ++p;
-    }
-    return res;
-}
-
-/*
- * The string consists of a sequence of `n unit'
- */
-
-static int
-acc_units(int res, int val, unsigned mult)
-{
-    return res + val * mult;
-}
-
-int ROKEN_LIB_FUNCTION
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit)
-{
-    return parse_something (s, units, def_unit, acc_units, 0, 0);
-}
-
-/*
- * The string consists of a sequence of `[+-]flag'.  `orig' consists
- * the original set of flags, those are then modified and returned as
- * the function value.
- */
-
-static int
-acc_flags(int res, int val, unsigned mult)
-{
-    if(val == 1)
-	return res | mult;
-    else if(val == -1)
-	return res & ~mult;
-    else if (val == 0)
-	return mult;
-    else
-	return -1;
-}
-
-int ROKEN_LIB_FUNCTION
-parse_flags (const char *s, const struct units *units,
-	     int orig)
-{
-    return parse_something (s, units, NULL, acc_flags, orig, 1);
-}
-
-/*
- * Return a string representation according to `units' of `num' in `s'
- * with maximum length `len'.  The actual length is the function value.
- */
-
-static int
-unparse_something (int num, const struct units *units, char *s, size_t len,
-		   int (*print) (char *, size_t, int, const char *, int),
-		   int (*update) (int, unsigned),
-		   const char *zero_string)
-{
-    const struct units *u;
-    int ret = 0, tmp;
-
-    if (num == 0)
-	return snprintf (s, len, "%s", zero_string);
-
-    for (u = units; num > 0 && u->name; ++u) {
-	int divisor;
-
-	divisor = num / u->mult;
-	if (divisor) {
-	    num = (*update) (num, u->mult);
-	    tmp = (*print) (s, len, divisor, u->name, num);
-	    if (tmp < 0)
-		return tmp;
-	    if (tmp > len) {
-		len = 0;
-		s = NULL;
-	    } else {
-		len -= tmp;
-		s += tmp;
-	    }
-	    ret += tmp;
-	}
-    }
-    return ret;
-}
-
-static int
-print_unit (char *s, size_t len, int divisor, const char *name, int rem)
-{
-    return snprintf (s, len, "%u %s%s%s",
-		     divisor, name,
-		     divisor == 1 ? "" : "s",
-		     rem > 0 ? " " : "");
-}
-
-static int
-update_unit (int in, unsigned mult)
-{
-    return in % mult;
-}
-
-static int
-update_unit_approx (int in, unsigned mult)
-{
-    if (in / mult > 0)
-	return 0;
-    else
-	return update_unit (in, mult);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_units (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit,
-			      "0");
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_units_approx (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit_approx,
-			      "0");
-}
-
-void ROKEN_LIB_FUNCTION
-print_units_table (const struct units *units, FILE *f)
-{
-    const struct units *u, *u2;
-    unsigned max_sz = 0;
-
-    for (u = units; u->name; ++u) {
-	max_sz = max(max_sz, strlen(u->name));
-    }
-
-    for (u = units; u->name;) {
-	char buf[1024];
-	const struct units *next;
-
-	for (next = u + 1; next->name && next->mult == u->mult; ++next)
-	    ;
-
-	if (next->name) {
-	    for (u2 = next;
-		 u2->name && u->mult % u2->mult != 0;
-		 ++u2)
-		;
-	    if (u2->name == NULL)
-		--u2;
-	    unparse_units (u->mult, u2, buf, sizeof(buf));
-	    fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
-	} else {
-	    fprintf (f, "1 %s\n", u->name);
-	}
-	u = next;
-    }
-}
-
-static int
-print_flag (char *s, size_t len, int divisor, const char *name, int rem)
-{
-    return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
-}
-
-static int
-update_flag (int in, unsigned mult)
-{
-    return in - mult;
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_flags (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_flag,
-			      update_flag,
-			      "");
-}
-
-void ROKEN_LIB_FUNCTION
-print_flags_table (const struct units *units, FILE *f)
-{
-    const struct units *u;
-
-    for(u = units; u->name; ++u)
-	fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
-}
diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h
deleted file mode 100644
index a42154d..0000000
--- a/crypto/heimdal/lib/roken/parse_units.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __PARSE_UNITS_H__
-#define __PARSE_UNITS_H__
-
-#include <stdio.h>
-#include <stddef.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-struct units {
-    const char *name;
-    unsigned mult;
-};
-
-int ROKEN_LIB_FUNCTION
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit);
-
-void ROKEN_LIB_FUNCTION
-print_units_table (const struct units *units, FILE *f);
-
-int ROKEN_LIB_FUNCTION
-parse_flags (const char *s, const struct units *units,
-	     int orig);
-
-int ROKEN_LIB_FUNCTION
-unparse_units (int num, const struct units *units, char *s, size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_units_approx (int num, const struct units *units, char *s,
-		      size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_flags (int num, const struct units *units, char *s, size_t len);
-
-void ROKEN_LIB_FUNCTION
-print_flags_table (const struct units *units, FILE *f);
-
-#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c
deleted file mode 100644
index b5ce816..0000000
--- a/crypto/heimdal/lib/roken/print_version.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *arg[] = VERSIONLIST;
-    const int num_args = sizeof(arg) / sizeof(arg[0]);
-    char *msg;
-    size_t len = 0;
-    int i;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(num_args == 0)
-	msg = "no version information";
-    else {
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		len += 2;
-	    len += strlen(arg[i]);
-	}
-	msg = malloc(len + 1);
-	if(msg == NULL) {
-	    fprintf(stderr, "%s: out of memory\n", progname);
-	    return;
-	}
-	msg[0] = '\0';
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		strcat(msg, ", ");
-	    strcat(msg, arg[i]);
-	}
-    }
-    fprintf(stderr, "%s (%s)\n", progname, msg);
-    fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan\n");
-    if(num_args != 0)
-	free(msg);
-}
diff --git a/crypto/heimdal/lib/roken/putenv.c b/crypto/heimdal/lib/roken/putenv.c
deleted file mode 100644
index 5e501dc..0000000
--- a/crypto/heimdal/lib/roken/putenv.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: putenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdlib.h>
-
-extern char **environ;
-
-/*
- * putenv --
- *	String points to a string of the form name=value.
- *
- *      Makes the value of the environment variable name equal to
- *      value by altering an existing variable or creating a new one.
- */
-
-int ROKEN_LIB_FUNCTION
-putenv(const char *string)
-{
-    int i;
-    const char *eq = (const char *)strchr(string, '=');
-    int len;
-    
-    if (eq == NULL)
-	return 1;
-    len = eq - string;
-
-    if(environ == NULL) {
-	environ = malloc(sizeof(char*));
-	if(environ == NULL)
-	    return 1;
-	environ[0] = NULL;
-    }
-
-    for(i = 0; environ[i] != NULL; i++)
-	if(strncmp(string, environ[i], len) == 0) {
-	    environ[i] = string;
-	    return 0;
-	}
-    environ = realloc(environ, sizeof(char*) * (i + 2));
-    if(environ == NULL)
-	return 1;
-    environ[i]   = string;
-    environ[i+1] = NULL;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/rcmd.c b/crypto/heimdal/lib/roken/rcmd.c
deleted file mode 100644
index e732fe3..0000000
--- a/crypto/heimdal/lib/roken/rcmd.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: rcmd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <stdio.h>
-
-int ROKEN_LIB_FUNCTION
-rcmd(char **ahost,
-     unsigned short inport,
-     const char *locuser,
-     const char *remuser,
-     const char *cmd,
-     int *fd2p)
-{
-  fprintf(stderr, "Only kerberized services are implemented\n");
-  return -1;
-}
diff --git a/crypto/heimdal/lib/roken/readv.c b/crypto/heimdal/lib/roken/readv.c
deleted file mode 100644
index b49890e..0000000
--- a/crypto/heimdal/lib/roken/readv.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: readv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-readv(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = read (d, buf, tot);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/realloc.c b/crypto/heimdal/lib/roken/realloc.c
deleted file mode 100644
index 33e898c..0000000
--- a/crypto/heimdal/lib/roken/realloc.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#undef realloc
-#endif
-#include <stdlib.h>
-#include "roken.h"
-
-RCSID("$Id");
-
-
-void * ROKEN_LIB_FUNCTION
-rk_realloc(void *ptr, size_t size)
-{
-    if (ptr == NULL)
-	return malloc(size);
-    return realloc(ptr, size);
-}
diff --git a/crypto/heimdal/lib/roken/recvmsg.c b/crypto/heimdal/lib/roken/recvmsg.c
deleted file mode 100644
index d92186c..0000000
--- a/crypto/heimdal/lib/roken/recvmsg.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: recvmsg.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-recvmsg(int s, struct msghdr *msg, int flags)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-	++iov;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/resolve-test.c b/crypto/heimdal/lib/roken/resolve-test.c
deleted file mode 100644
index 106cfd7..0000000
--- a/crypto/heimdal/lib/roken/resolve-test.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#include "getarg.h"
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include "resolve.h"
-
-RCSID("$Id: resolve-test.c 15415 2005-06-16 16:58:45Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "dns-record resource-record-type");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    struct dns_reply *r;
-    struct resource_record *rr;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	printf("some version\n");
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 2)
-	usage(1);
-
-    r = dns_lookup(argv[0], argv[1]);
-    if(r == NULL){
-	printf("No reply.\n");
-	return 1;
-    }
-    if(r->q.type == rk_ns_t_srv)
-	dns_srv_order(r);
-
-    for(rr = r->head; rr;rr=rr->next){
-	printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl);
-	switch(rr->type){
-	case rk_ns_t_ns:
-	case rk_ns_t_cname:
-	case rk_ns_t_ptr:
-	    printf("%s\n", (char*)rr->u.data);
-	    break;
-	case rk_ns_t_a:
-	    printf("%s\n", inet_ntoa(*rr->u.a));
-	    break;
-	case rk_ns_t_mx:
-	case rk_ns_t_afsdb:{
-	    printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain);
-	    break;
-	}
-	case rk_ns_t_srv:{
-	    struct srv_record *srv = rr->u.srv;
-	    printf("%d %d %d %s\n", srv->priority, srv->weight, 
-		   srv->port, srv->target);
-	    break;
-	}
-	case rk_ns_t_txt: {
-	    printf("%s\n", rr->u.txt);
-	    break;
-	}
-	case rk_ns_t_sig : {
-	    struct sig_record *sig = rr->u.sig;
-	    const char *type_string = dns_type_to_string (sig->type);
-
-	    printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n",
-		    sig->type, type_string ? type_string : "",
-		    sig->algorithm, sig->labels, sig->orig_ttl,
-		    sig->sig_expiration, sig->sig_inception, sig->key_tag,
-		    sig->signer);
-	    break;
-	}
-	case rk_ns_t_key : {
-	    struct key_record *key = rr->u.key;
-
-	    printf ("flags %u, protocol %u, algorithm %u\n",
-		    key->flags, key->protocol, key->algorithm);
-	    break;
-	}
-	case rk_ns_t_sshfp : {
-	    struct sshfp_record *sshfp = rr->u.sshfp;
-	    int i;
-
-	    printf ("alg %u type %u length %lu data ", sshfp->algorithm, 
-		    sshfp->type,  (unsigned long)sshfp->sshfp_len);
-	    for (i = 0; i < sshfp->sshfp_len; i++)
-		printf("%02X", sshfp->sshfp_data[i]);
-	    printf("\n");
-
-	    break;
-	}
-	case rk_ns_t_ds : {
-	    struct ds_record *ds = rr->u.ds;
-	    int i;
-
-	    printf ("key tag %u alg %u type %u length %u data ",
-		    ds->key_tag, ds->algorithm, ds->digest_type, 
-		    ds->digest_len);
-	    for (i = 0; i < ds->digest_len; i++)
-		printf("%02X", ds->digest_data[i]);
-	    printf("\n");
-
-	    break;
-	}
-	default:
-	    printf("\n");
-	    break;
-	}
-    }
-    
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c
deleted file mode 100644
index 8f8fec7..0000000
--- a/crypto/heimdal/lib/roken/resolve.c
+++ /dev/null
@@ -1,711 +0,0 @@
-/*
- * Copyright (c) 1995 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include "resolve.h"
-
-#include <assert.h>
-
-RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $");
-
-#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
-#undef HAVE_RES_NSEARCH
-#endif
-
-#define DECL(X) {#X, rk_ns_t_##X}
-
-static struct stot{
-    const char *name;
-    int type;
-}stot[] = {
-    DECL(a),
-    DECL(aaaa),
-    DECL(ns),
-    DECL(cname),
-    DECL(soa),
-    DECL(ptr),
-    DECL(mx),
-    DECL(txt),
-    DECL(afsdb),
-    DECL(sig),
-    DECL(key),
-    DECL(srv),
-    DECL(naptr),
-    DECL(sshfp),
-    DECL(ds),
-    {NULL, 	0}
-};
-
-int _resolve_debug = 0;
-
-int ROKEN_LIB_FUNCTION
-dns_string_to_type(const char *name)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(strcasecmp(name, p->name) == 0)
-	    return p->type;
-    return -1;
-}
-
-const char * ROKEN_LIB_FUNCTION
-dns_type_to_string(int type)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(type == p->type)
-	    return p->name;
-    return NULL;
-}
-
-#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
-
-static void
-dns_free_rr(struct resource_record *rr)
-{
-    if(rr->domain)
-	free(rr->domain);
-    if(rr->u.data)
-	free(rr->u.data);
-    free(rr);
-}
-
-void ROKEN_LIB_FUNCTION
-dns_free_data(struct dns_reply *r)
-{
-    struct resource_record *rr;
-    if(r->q.domain)
-	free(r->q.domain);
-    for(rr = r->head; rr;){
-	struct resource_record *tmp = rr;
-	rr = rr->next;
-	dns_free_rr(tmp);
-    }
-    free (r);
-}
-
-static int
-parse_record(const unsigned char *data, const unsigned char *end_data, 
-	     const unsigned char **pp, struct resource_record **ret_rr)
-{
-    struct resource_record *rr;
-    int type, class, ttl, size;
-    int status;
-    char host[MAXDNAME];
-    const unsigned char *p = *pp;
-
-    *ret_rr = NULL;
-
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0) 
-	return -1;
-    if (p + status + 10 > end_data)
-	return -1;
-
-    p += status;
-    type = (p[0] << 8) | p[1];
-    p += 2;
-    class = (p[0] << 8) | p[1];
-    p += 2;
-    ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-    p += 4;
-    size = (p[0] << 8) | p[1];
-    p += 2;
-
-    if (p + size > end_data)
-	return -1;
-
-    rr = calloc(1, sizeof(*rr));
-    if(rr == NULL) 
-	return -1;
-    rr->domain = strdup(host);
-    if(rr->domain == NULL) {
-	dns_free_rr(rr);
-	return -1;
-    }
-    rr->type = type;
-    rr->class = class;
-    rr->ttl = ttl;
-    rr->size = size;
-    switch(type){
-    case rk_ns_t_ns:
-    case rk_ns_t_cname:
-    case rk_ns_t_ptr:
-	status = dn_expand(data, end_data, p, host, sizeof(host));
-	if(status < 0) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.txt = strdup(host);
-	if(rr->u.txt == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	break;
-    case rk_ns_t_mx:
-    case rk_ns_t_afsdb:{
-	size_t hostlen;
-
-	status = dn_expand(data, end_data, p + 2, host, sizeof(host));
-	if(status < 0){
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 2 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + 
-						hostlen);
-	if(rr->u.mx == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.mx->preference = (p[0] << 8) | p[1];
-	strlcpy(rr->u.mx->domain, host, hostlen + 1);
-	break;
-    }
-    case rk_ns_t_srv:{
-	size_t hostlen;
-	status = dn_expand(data, end_data, p + 6, host, sizeof(host));
-	if(status < 0){
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 6 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	rr->u.srv = 
-	    (struct srv_record*)malloc(sizeof(struct srv_record) + 
-				       hostlen);
-	if(rr->u.srv == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.srv->priority = (p[0] << 8) | p[1];
-	rr->u.srv->weight = (p[2] << 8) | p[3];
-	rr->u.srv->port = (p[4] << 8) | p[5];
-	strlcpy(rr->u.srv->target, host, hostlen + 1);
-	break;
-    }
-    case rk_ns_t_txt:{
-	if(size == 0 || size < *p + 1) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.txt = (char*)malloc(*p + 1);
-	if(rr->u.txt == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	strncpy(rr->u.txt, (const char*)(p + 1), *p);
-	rr->u.txt[*p] = '\0';
-	break;
-    }
-    case rk_ns_t_key : {
-	size_t key_len;
-
-	if (size < 4) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	key_len = size - 4;
-	rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1);
-	if (rr->u.key == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.key->flags     = (p[0] << 8) | p[1];
-	rr->u.key->protocol  = p[2];
-	rr->u.key->algorithm = p[3];
-	rr->u.key->key_len   = key_len;
-	memcpy (rr->u.key->key_data, p + 4, key_len);
-	break;
-    }
-    case rk_ns_t_sig : {
-	size_t sig_len, hostlen;
-
-	if(size <= 18) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	status = dn_expand (data, end_data, p + 18, host, sizeof(host));
-	if (status < 0) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 18 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	/* the signer name is placed after the sig_data, to make it
-           easy to free this structure; the size calculation below
-           includes the zero-termination if the structure itself.
-	   don't you just love C?
-	*/
-	sig_len = size - 18 - status;
-	hostlen = strlen(host);
-	rr->u.sig = malloc(sizeof(*rr->u.sig)
-			      + hostlen + sig_len);
-	if (rr->u.sig == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.sig->type           = (p[0] << 8) | p[1];
-	rr->u.sig->algorithm      = p[2];
-	rr->u.sig->labels         = p[3];
-	rr->u.sig->orig_ttl       = (p[4] << 24) | (p[5] << 16)
-	    | (p[6] << 8) | p[7];
-	rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
-	    | (p[10] << 8) | p[11];
-	rr->u.sig->sig_inception  = (p[12] << 24) | (p[13] << 16)
-	    | (p[14] << 8) | p[15];
-	rr->u.sig->key_tag        = (p[16] << 8) | p[17];
-	rr->u.sig->sig_len        = sig_len;
-	memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len);
-	rr->u.sig->signer         = &rr->u.sig->sig_data[sig_len];
-	strlcpy(rr->u.sig->signer, host, hostlen + 1);
-	break;
-    }
-
-    case rk_ns_t_cert : {
-	size_t cert_len;
-
-	if (size < 5) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	cert_len = size - 5;
-	rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1);
-	if (rr->u.cert == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.cert->type      = (p[0] << 8) | p[1];
-	rr->u.cert->tag       = (p[2] << 8) | p[3];
-	rr->u.cert->algorithm = p[4];
-	rr->u.cert->cert_len  = cert_len;
-	memcpy (rr->u.cert->cert_data, p + 5, cert_len);
-	break;
-    }
-    case rk_ns_t_sshfp : {
-	size_t sshfp_len;
-
-	if (size < 2) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	sshfp_len = size - 2;
-
-	rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1);
-	if (rr->u.sshfp == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.sshfp->algorithm = p[0];
-	rr->u.sshfp->type      = p[1];
-	rr->u.sshfp->sshfp_len  = sshfp_len;
-	memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len);
-	break;
-    }
-    case rk_ns_t_ds: {
-	size_t digest_len;
-
-	if (size < 4) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	digest_len = size - 4;
-
-	rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1);
-	if (rr->u.ds == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.ds->key_tag     = (p[0] << 8) | p[1];
-	rr->u.ds->algorithm   = p[2];
-	rr->u.ds->digest_type = p[3];
-	rr->u.ds->digest_len  = digest_len;
-	memcpy (rr->u.ds->digest_data, p + 4, digest_len);
-	break;
-    }
-    default:
-	rr->u.data = (unsigned char*)malloc(size);
-	if(size != 0 && rr->u.data == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (size)
-	    memcpy(rr->u.data, p, size);
-    }
-    *pp = p + size;
-    *ret_rr = rr;
-
-    return 0;
-}
-
-#ifndef TEST_RESOLVE
-static
-#endif
-struct dns_reply*
-parse_reply(const unsigned char *data, size_t len)
-{
-    const unsigned char *p;
-    int status;
-    int i;
-    char host[MAXDNAME];
-    const unsigned char *end_data = data + len;
-    struct dns_reply *r;
-    struct resource_record **rr;
-    
-    r = calloc(1, sizeof(*r));
-    if (r == NULL)
-	return NULL;
-
-    p = data;
-
-    r->h.id = (p[0] << 8) | p[1];
-    r->h.flags = 0;
-    if (p[2] & 0x01)
-	r->h.flags |= rk_DNS_HEADER_RESPONSE_FLAG;
-    r->h.opcode = (p[2] >> 1) & 0xf;
-    if (p[2] & 0x20)
-	r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
-    if (p[2] & 0x40)
-	r->h.flags |= rk_DNS_HEADER_TRUNCATED_MESSAGE;
-    if (p[2] & 0x80)
-	r->h.flags |= rk_DNS_HEADER_RECURSION_DESIRED;
-    if (p[3] & 0x01)
-	r->h.flags |= rk_DNS_HEADER_RECURSION_AVAILABLE;
-    if (p[3] & 0x04)
-	r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
-    if (p[3] & 0x08)
-	r->h.flags |= rk_DNS_HEADER_CHECKING_DISABLED;
-    r->h.response_code = (p[3] >> 4) & 0xf;
-    r->h.qdcount = (p[4] << 8) | p[5];
-    r->h.ancount = (p[6] << 8) | p[7];
-    r->h.nscount = (p[8] << 8) | p[9];
-    r->h.arcount = (p[10] << 8) | p[11];
-
-    p += 12;
-
-    if(r->h.qdcount != 1) {
-	free(r);
-	return NULL;
-    }
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0){
-	dns_free_data(r);
-	return NULL;
-    }
-    r->q.domain = strdup(host);
-    if(r->q.domain == NULL) {
-	dns_free_data(r);
-	return NULL;
-    }
-    if (p + status + 4 > end_data) {
-	dns_free_data(r);
-	return NULL;
-    }
-    p += status;
-    r->q.type = (p[0] << 8 | p[1]);
-    p += 2;
-    r->q.class = (p[0] << 8 | p[1]);
-    p += 2;
-    
-    rr = &r->head;
-    for(i = 0; i < r->h.ancount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < r->h.nscount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < r->h.arcount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    *rr = NULL;
-    return r;
-}
-
-#ifdef HAVE_RES_NSEARCH
-#ifdef HAVE_RES_NDESTROY
-#define rk_res_free(x) res_ndestroy(x)
-#else
-#define rk_res_free(x) res_nclose(x)
-#endif
-#endif
-
-static struct dns_reply *
-dns_lookup_int(const char *domain, int rr_class, int rr_type)
-{
-    struct dns_reply *r;
-    unsigned char *reply = NULL;
-    int size;
-    int len;
-#ifdef HAVE_RES_NSEARCH
-    struct __res_state state;
-    memset(&state, 0, sizeof(state));
-    if(res_ninit(&state))
-	return NULL; /* is this the best we can do? */
-#elif defined(HAVE__RES)
-    u_long old_options = 0;
-#endif
-    
-    size = 0;
-    len = 1000;
-    do {
-	if (reply) {
-	    free(reply);
-	    reply = NULL;
-	}
-	if (size <= len)
-	    size = len;
-	if (_resolve_debug) {
-#ifdef HAVE_RES_NSEARCH
-	    state.options |= RES_DEBUG;
-#elif defined(HAVE__RES)
-	    old_options = _res.options;
-	    _res.options |= RES_DEBUG;
-#endif
-	    fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain,
-		    rr_class, dns_type_to_string(rr_type), size);
-	}
-	reply = malloc(size);
-	if (reply == NULL) {
-#ifdef HAVE_RES_NSEARCH
-	    rk_res_free(&state);
-#endif
-	    return NULL;
-	}
-#ifdef HAVE_RES_NSEARCH
-	len = res_nsearch(&state, domain, rr_class, rr_type, reply, size);
-#else
-	len = res_search(domain, rr_class, rr_type, reply, size);
-#endif
-	if (_resolve_debug) {
-#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH)
-	    _res.options = old_options;
-#endif
-	    fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
-		    domain, rr_class, dns_type_to_string(rr_type), len);
-	}
-	if (len < 0) {
-#ifdef HAVE_RES_NSEARCH
-	    rk_res_free(&state);
-#endif
-	    free(reply);
-	    return NULL;
-	}
-    } while (size < len && len < rk_DNS_MAX_PACKET_SIZE);
-#ifdef HAVE_RES_NSEARCH
-    rk_res_free(&state);
-#endif
-
-    len = min(len, size);
-    r = parse_reply(reply, len);
-    free(reply);
-    return r;
-}
-
-struct dns_reply * ROKEN_LIB_FUNCTION
-dns_lookup(const char *domain, const char *type_name)
-{
-    int type;
-    
-    type = dns_string_to_type(type_name);
-    if(type == -1) {
-	if(_resolve_debug)
-	    fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", 
-		    type_name);
-	return NULL;
-    }
-    return dns_lookup_int(domain, C_IN, type);
-}
-
-static int
-compare_srv(const void *a, const void *b)
-{
-    const struct resource_record *const* aa = a, *const* bb = b;
-
-    if((*aa)->u.srv->priority == (*bb)->u.srv->priority)
-	return ((*aa)->u.srv->weight - (*bb)->u.srv->weight);
-    return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
-}
-
-#ifndef HAVE_RANDOM
-#define random() rand()
-#endif
-
-/* try to rearrange the srv-records by the algorithm in RFC2782 */
-void ROKEN_LIB_FUNCTION
-dns_srv_order(struct dns_reply *r)
-{
-    struct resource_record **srvs, **ss, **headp;
-    struct resource_record *rr;
-    int num_srv = 0;
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    int state[256 / sizeof(int)];
-    char *oldstate;
-#endif
-
-    for(rr = r->head; rr; rr = rr->next) 
-	if(rr->type == rk_ns_t_srv)
-	    num_srv++;
-
-    if(num_srv == 0)
-	return;
-
-    srvs = malloc(num_srv * sizeof(*srvs));
-    if(srvs == NULL)
-	return; /* XXX not much to do here */
-    
-    /* unlink all srv-records from the linked list and put them in
-       a vector */
-    for(ss = srvs, headp = &r->head; *headp; )
-	if((*headp)->type == rk_ns_t_srv) {
-	    *ss = *headp;
-	    *headp = (*headp)->next;
-	    (*ss)->next = NULL;
-	    ss++;
-	} else
-	    headp = &(*headp)->next;
-    
-    /* sort them by priority and weight */
-    qsort(srvs, num_srv, sizeof(*srvs), compare_srv);
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    oldstate = initstate(time(NULL), (char*)state, sizeof(state));
-#endif
-
-    headp = &r->head;
-    
-    for(ss = srvs; ss < srvs + num_srv; ) {
-	int sum, rnd, count;
-	struct resource_record **ee, **tt;
-	/* find the last record with the same priority and count the
-           sum of all weights */
-	for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
-	    assert(*tt != NULL);
-	    if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
-		break;
-	    sum += (*tt)->u.srv->weight;
-	}
-	ee = tt;
-	/* ss is now the first record of this priority and ee is the
-           first of the next */
-	while(ss < ee) {
-	    rnd = random() % (sum + 1);
-	    for(count = 0, tt = ss; ; tt++) {
-		if(*tt == NULL)
-		    continue;
-		count += (*tt)->u.srv->weight;
-		if(count >= rnd)
-		    break;
-	    }
-
-	    assert(tt < ee);
-
-	    /* insert the selected record at the tail (of the head) of
-               the list */
-	    (*tt)->next = *headp;
-	    *headp = *tt;
-	    headp = &(*tt)->next;
-	    sum -= (*tt)->u.srv->weight;
-	    *tt = NULL;
-	    while(ss < ee && *ss == NULL)
-		ss++;
-	}
-    }
-    
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    setstate(oldstate);
-#endif
-    free(srvs);
-    return;
-}
-
-#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
-
-struct dns_reply * ROKEN_LIB_FUNCTION
-dns_lookup(const char *domain, const char *type_name)
-{
-    return NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-dns_free_data(struct dns_reply *r)
-{
-}
-
-void ROKEN_LIB_FUNCTION
-dns_srv_order(struct dns_reply *r)
-{
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/resolve.h b/crypto/heimdal/lib/roken/resolve.h
deleted file mode 100644
index fe83115..0000000
--- a/crypto/heimdal/lib/roken/resolve.h
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-typedef enum {
-	rk_ns_t_invalid = 0,	/* Cookie. */
-	rk_ns_t_a = 1,		/* Host address. */
-	rk_ns_t_ns = 2,		/* Authoritative server. */
-	rk_ns_t_md = 3,		/* Mail destination. */
-	rk_ns_t_mf = 4,		/* Mail forwarder. */
-	rk_ns_t_cname = 5,	/* Canonical name. */
-	rk_ns_t_soa = 6,	/* Start of authority zone. */
-	rk_ns_t_mb = 7,		/* Mailbox domain name. */
-	rk_ns_t_mg = 8,		/* Mail group member. */
-	rk_ns_t_mr = 9,		/* Mail rename name. */
-	rk_ns_t_null = 10,	/* Null resource record. */
-	rk_ns_t_wks = 11,	/* Well known service. */
-	rk_ns_t_ptr = 12,	/* Domain name pointer. */
-	rk_ns_t_hinfo = 13,	/* Host information. */
-	rk_ns_t_minfo = 14,	/* Mailbox information. */
-	rk_ns_t_mx = 15,	/* Mail routing information. */
-	rk_ns_t_txt = 16,	/* Text strings. */
-	rk_ns_t_rp = 17,	/* Responsible person. */
-	rk_ns_t_afsdb = 18,	/* AFS cell database. */
-	rk_ns_t_x25 = 19,	/* X_25 calling address. */
-	rk_ns_t_isdn = 20,	/* ISDN calling address. */
-	rk_ns_t_rt = 21,	/* Router. */
-	rk_ns_t_nsap = 22,	/* NSAP address. */
-	rk_ns_t_nsap_ptr = 23,	/* Reverse NSAP lookup (deprecated). */
-	rk_ns_t_sig = 24,	/* Security signature. */
-	rk_ns_t_key = 25,	/* Security key. */
-	rk_ns_t_px = 26,	/* X.400 mail mapping. */
-	rk_ns_t_gpos = 27,	/* Geographical position (withdrawn). */
-	rk_ns_t_aaaa = 28,	/* Ip6 Address. */
-	rk_ns_t_loc = 29,	/* Location Information. */
-	rk_ns_t_nxt = 30,	/* Next domain (security). */
-	rk_ns_t_eid = 31,	/* Endpoint identifier. */
-	rk_ns_t_nimloc = 32,	/* Nimrod Locator. */
-	rk_ns_t_srv = 33,	/* Server Selection. */
-	rk_ns_t_atma = 34,	/* ATM Address */
-	rk_ns_t_naptr = 35,	/* Naming Authority PoinTeR */
-	rk_ns_t_kx = 36,	/* Key Exchange */
-	rk_ns_t_cert = 37,	/* Certification record */
-	rk_ns_t_a6 = 38,	/* IPv6 address (deprecates AAAA) */
-	rk_ns_t_dname = 39,	/* Non-terminal DNAME (for IPv6) */
-	rk_ns_t_sink = 40,	/* Kitchen sink (experimentatl) */
-	rk_ns_t_opt = 41,	/* EDNS0 option (meta-RR) */
-	rk_ns_t_apl = 42,	/* Address prefix list (RFC 3123) */
-	rk_ns_t_ds = 43,	/* Delegation Signer (RFC 3658) */
-	rk_ns_t_sshfp = 44,	/* SSH fingerprint */
-	rk_ns_t_tkey = 249,	/* Transaction key */
-	rk_ns_t_tsig = 250,	/* Transaction signature. */
-	rk_ns_t_ixfr = 251,	/* Incremental zone transfer. */
-	rk_ns_t_axfr = 252,	/* Transfer zone of authority. */
-	rk_ns_t_mailb = 253,	/* Transfer mailbox records. */
-	rk_ns_t_maila = 254,	/* Transfer mail agent records. */
-	rk_ns_t_any = 255,	/* Wildcard match. */
-	rk_ns_t_zxfr = 256,	/* BIND-specific, nonstandard. */
-	rk_ns_t_max = 65536
-} rk_ns_type;
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-#ifndef C_IN
-#define C_IN		1
-#endif
-
-#ifndef T_A
-#define T_A		1
-#endif
-#ifndef T_NS
-#define T_NS		2
-#endif
-#ifndef T_CNAME
-#define T_CNAME		5
-#endif
-#ifndef T_SOA
-#define T_SOA		5
-#endif
-#ifndef T_PTR
-#define T_PTR		12
-#endif
-#ifndef T_MX
-#define T_MX		15
-#endif
-#ifndef T_TXT
-#define T_TXT		16
-#endif
-#ifndef T_AFSDB
-#define T_AFSDB		18
-#endif
-#ifndef T_SIG
-#define T_SIG		24
-#endif
-#ifndef T_KEY
-#define T_KEY		25
-#endif
-#ifndef T_AAAA
-#define T_AAAA		28
-#endif
-#ifndef T_SRV
-#define T_SRV		33
-#endif
-#ifndef T_NAPTR
-#define T_NAPTR		35
-#endif
-#ifndef T_CERT
-#define T_CERT		37
-#endif
-#ifndef T_SSHFP
-#define T_SSHFP		44
-#endif
-
-#ifndef MAXDNAME
-#define MAXDNAME	1025
-#endif
-
-#define dns_query		rk_dns_query
-#define mx_record		rk_mx_record
-#define srv_record		rk_srv_record
-#define key_record		rk_key_record
-#define sig_record		rk_sig_record
-#define cert_record		rk_cert_record
-#define sshfp_record		rk_sshfp_record
-#define resource_record		rk_resource_record
-#define dns_reply		rk_dns_reply
-
-#define dns_lookup		rk_dns_lookup
-#define dns_free_data		rk_dns_free_data
-#define dns_string_to_type	rk_dns_string_to_type
-#define dns_type_to_string	rk_dns_type_to_string
-#define dns_srv_order		rk_dns_srv_order
-
-struct dns_query{
-    char *domain;
-    unsigned type;
-    unsigned class;
-};
-
-struct mx_record{
-    unsigned  preference;
-    char domain[1];
-};
-
-struct srv_record{
-    unsigned priority;
-    unsigned weight;
-    unsigned port;
-    char target[1];
-};
-
-struct key_record {
-    unsigned flags;
-    unsigned protocol;
-    unsigned algorithm;
-    size_t   key_len;
-    u_char   key_data[1];
-};
-
-struct sig_record {
-    unsigned type;
-    unsigned algorithm;
-    unsigned labels;
-    unsigned orig_ttl;
-    unsigned sig_expiration;
-    unsigned sig_inception;
-    unsigned key_tag;
-    char     *signer;
-    unsigned sig_len;
-    char     sig_data[1];	/* also includes signer */
-};
-
-struct cert_record {
-    unsigned type;
-    unsigned tag;
-    unsigned algorithm;
-    size_t   cert_len;
-    u_char   cert_data[1];
-};
-
-struct sshfp_record {
-    unsigned algorithm;
-    unsigned type;
-    size_t   sshfp_len;
-    u_char   sshfp_data[1];
-};
-
-struct ds_record {
-    unsigned key_tag;
-    unsigned algorithm;
-    unsigned digest_type;
-    unsigned digest_len;
-    u_char digest_data[1];
-};
-
-struct resource_record{
-    char *domain;
-    unsigned type;
-    unsigned class;
-    unsigned ttl;
-    unsigned size;
-    union {
-	void *data;
-	struct mx_record *mx;
-	struct mx_record *afsdb; /* mx and afsdb are identical */
-	struct srv_record *srv;
-	struct in_addr *a;
-	char *txt;
-	struct key_record *key;
-	struct cert_record *cert;
-	struct sig_record *sig;
-	struct sshfp_record *sshfp;
-	struct ds_record *ds;
-    }u;
-    struct resource_record *next;
-};
-
-#define rk_DNS_MAX_PACKET_SIZE		0xffff
-
-struct dns_header {
-    unsigned id;
-    unsigned flags;
-#define rk_DNS_HEADER_RESPONSE_FLAG		1
-#define rk_DNS_HEADER_AUTHORITIVE_ANSWER	2
-#define rk_DNS_HEADER_TRUNCATED_MESSAGE		4
-#define rk_DNS_HEADER_RECURSION_DESIRED		8
-#define rk_DNS_HEADER_RECURSION_AVAILABLE	16
-#define rk_DNS_HEADER_AUTHENTIC_DATA		32
-#define rk_DNS_HEADER_CHECKING_DISABLED		64
-    unsigned opcode;
-    unsigned response_code;
-    unsigned qdcount;
-    unsigned ancount;
-    unsigned nscount;
-    unsigned arcount;
-};
-
-struct dns_reply{
-    struct dns_header h;
-    struct dns_query q;
-    struct resource_record *head;
-};
-
-
-struct dns_reply* ROKEN_LIB_FUNCTION
-	dns_lookup(const char *, const char *);
-void ROKEN_LIB_FUNCTION
-	dns_free_data(struct dns_reply *);
-int ROKEN_LIB_FUNCTION
-	dns_string_to_type(const char *name);
-const char *ROKEN_LIB_FUNCTION
-	dns_type_to_string(int type);
-void ROKEN_LIB_FUNCTION
-	dns_srv_order(struct dns_reply*);
-
-#endif /* __RESOLVE_H__ */
diff --git a/crypto/heimdal/lib/roken/resource.h b/crypto/heimdal/lib/roken/resource.h
deleted file mode 100644
index 01cd01d..0000000
--- a/crypto/heimdal/lib/roken/resource.h
+++ /dev/null
@@ -1,15 +0,0 @@
-//{{NO_DEPENDENCIES}}
-// Microsoft Developer Studio generated include file.
-// Used by roken.rc
-//
-
-// Next default values for new objects
-// 
-#ifdef APSTUDIO_INVOKED
-#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        101
-#define _APS_NEXT_COMMAND_VALUE         40001
-#define _APS_NEXT_CONTROL_VALUE         1000
-#define _APS_NEXT_SYMED_VALUE           101
-#endif
-#endif
diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h
deleted file mode 100644
index b835e88..0000000
--- a/crypto/heimdal/lib/roken/roken-common.h
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright (c) 1995 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken-common.h 20867 2007-06-03 21:00:45Z lha $ */
-
-#ifndef __ROKEN_COMMON_H__
-#define __ROKEN_COMMON_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-#define ROKEN_CPP_START	extern "C" {
-#define ROKEN_CPP_END	}
-#else
-#define ROKEN_CPP_START
-#define ROKEN_CPP_END
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
-#ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK 0x7f000001
-#endif
-
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-#ifndef STDOUT_FILENO
-#define STDOUT_FILENO 1
-#endif
-
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
-#ifndef max
-#define max(a,b) (((a)>(b))?(a):(b))
-#endif
-
-#ifndef min
-#define min(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef LOG_DAEMON
-#define openlog(id,option,facility) openlog((id),(option))
-#define	LOG_DAEMON	0
-#endif
-#ifndef LOG_ODELAY
-#define LOG_ODELAY 0
-#endif
-#ifndef LOG_NDELAY
-#define LOG_NDELAY 0x08
-#endif
-#ifndef LOG_CONS
-#define LOG_CONS 0
-#endif
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-
-#ifndef F_OK
-#define F_OK 0
-#endif
-
-#ifndef O_ACCMODE
-#define O_ACCMODE	003
-#endif
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_HEQUIV
-#define _PATH_HEQUIV "/etc/hosts.equiv"
-#endif
-
-#ifndef _PATH_VARRUN
-#define _PATH_VARRUN "/var/run/"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN (1024+4)
-#endif
-
-#ifndef SIG_ERR
-#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
-#endif
-
-/*
- * error code for getipnodeby{name,addr}
- */
-
-#ifndef HOST_NOT_FOUND
-#define HOST_NOT_FOUND 1
-#endif
-
-#ifndef TRY_AGAIN
-#define TRY_AGAIN 2
-#endif
-
-#ifndef NO_RECOVERY
-#define NO_RECOVERY 3
-#endif
-
-#ifndef NO_DATA
-#define NO_DATA 4
-#endif
-
-#ifndef NO_ADDRESS
-#define NO_ADDRESS NO_DATA
-#endif
-
-/*
- * error code for getaddrinfo
- */
-
-#ifndef EAI_NOERROR
-#define EAI_NOERROR	0	/* no error */
-#endif
-
-#ifndef EAI_NONAME
-
-#define EAI_ADDRFAMILY	1	/* address family for nodename not supported */
-#define EAI_AGAIN	2	/* temporary failure in name resolution */
-#define EAI_BADFLAGS	3	/* invalid value for ai_flags */
-#define EAI_FAIL	4	/* non-recoverable failure in name resolution */
-#define EAI_FAMILY	5	/* ai_family not supported */
-#define EAI_MEMORY	6	/* memory allocation failure */
-#define EAI_NODATA	7	/* no address associated with nodename */
-#define EAI_NONAME	8	/* nodename nor servname provided, or not known */
-#define EAI_SERVICE	9	/* servname not supported for ai_socktype */
-#define EAI_SOCKTYPE   10	/* ai_socktype not supported */
-#define EAI_SYSTEM     11	/* system error returned in errno */
-
-#endif /* EAI_NONAME */
-
-/* flags for getaddrinfo() */
-
-#ifndef AI_PASSIVE
-#define AI_PASSIVE	0x01
-#define AI_CANONNAME	0x02
-#endif /* AI_PASSIVE */
-
-#ifndef AI_NUMERICHOST
-#define AI_NUMERICHOST	0x04
-#endif
-
-/* flags for getnameinfo() */
-
-#ifndef NI_DGRAM
-#define NI_DGRAM	0x01
-#define NI_NAMEREQD	0x02
-#define NI_NOFQDN	0x04
-#define NI_NUMERICHOST	0x08
-#define NI_NUMERICSERV	0x10
-#endif
-
-/*
- * constants for getnameinfo
- */
-
-#ifndef NI_MAXHOST
-#define NI_MAXHOST  1025
-#define NI_MAXSERV    32
-#endif
-
-/*
- * constants for inet_ntop
- */
-
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN    16
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN   46
-#endif
-
-/*
- * for shutdown(2)
- */
-
-#ifndef SHUT_RD
-#define SHUT_RD 0
-#endif
-
-#ifndef SHUT_WR
-#define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-ROKEN_CPP_START
-
-#ifndef IRIX4 /* fix for compiler bug */
-#ifdef RETSIGTYPE
-typedef RETSIGTYPE (*SigAction)(int);
-SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-simple_execve(const char*, char*const[], char*const[]);
-
-int ROKEN_LIB_FUNCTION
-simple_execve_timed(const char *, char *const[], 
-		    char *const [], time_t (*)(void *), 
-		    void *, time_t);
-int ROKEN_LIB_FUNCTION
-simple_execvp(const char*, char *const[]);
-
-int ROKEN_LIB_FUNCTION
-simple_execvp_timed(const char *, char *const[], 
-		    time_t (*)(void *), void *, time_t);
-int ROKEN_LIB_FUNCTION
-simple_execlp(const char*, ...);
-
-int ROKEN_LIB_FUNCTION
-simple_execle(const char*, ...);
-
-int ROKEN_LIB_FUNCTION
-simple_execl(const char *file, ...);
-
-int ROKEN_LIB_FUNCTION
-wait_for_process(pid_t);
-
-int ROKEN_LIB_FUNCTION
-wait_for_process_timed(pid_t, time_t (*)(void *), 
-					      void *, time_t);
-int ROKEN_LIB_FUNCTION
-pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
-
-void ROKEN_LIB_FUNCTION
-print_version(const char *);
-
-ssize_t ROKEN_LIB_FUNCTION
-eread (int fd, void *buf, size_t nbytes);
-
-ssize_t ROKEN_LIB_FUNCTION
-ewrite (int fd, const void *buf, size_t nbytes);
-
-struct hostent;
-
-const char * ROKEN_LIB_FUNCTION
-hostent_find_fqdn (const struct hostent *);
-
-void ROKEN_LIB_FUNCTION
-esetenv(const char *, const char *, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_address_and_port (struct sockaddr *, const void *, int);
-
-size_t ROKEN_LIB_FUNCTION
-socket_addr_size (const struct sockaddr *);
-
-void ROKEN_LIB_FUNCTION
-socket_set_any (struct sockaddr *, int);
-
-size_t ROKEN_LIB_FUNCTION
-socket_sockaddr_size (const struct sockaddr *);
-
-void * ROKEN_LIB_FUNCTION
-socket_get_address (struct sockaddr *);
-
-int ROKEN_LIB_FUNCTION
-socket_get_port (const struct sockaddr *);
-
-void ROKEN_LIB_FUNCTION
-socket_set_port (struct sockaddr *, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int, int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int, int);
-
-char ** ROKEN_LIB_FUNCTION
-vstrcollect(va_list *ap);
-
-char ** ROKEN_LIB_FUNCTION
-strcollect(char *first, ...);
-
-void ROKEN_LIB_FUNCTION
-timevalfix(struct timeval *t1);
-
-void ROKEN_LIB_FUNCTION
-timevaladd(struct timeval *t1, const struct timeval *t2);
-
-void ROKEN_LIB_FUNCTION
-timevalsub(struct timeval *t1, const struct timeval *t2);
-
-char *ROKEN_LIB_FUNCTION
-pid_file_write (const char *progname);
-
-void ROKEN_LIB_FUNCTION
-pid_file_delete (char **);
-
-int ROKEN_LIB_FUNCTION
-read_environment(const char *file, char ***env);
-
-void ROKEN_LIB_FUNCTION
-free_environment(char **);
-
-void ROKEN_LIB_FUNCTION
-warnerr(int doerrno, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 2, 0)));
-
-void * ROKEN_LIB_FUNCTION
-rk_realloc(void *, size_t);
-
-struct rk_strpool;
-
-char * ROKEN_LIB_FUNCTION
-rk_strpoolcollect(struct rk_strpool *);
-
-struct rk_strpool * ROKEN_LIB_FUNCTION
-rk_strpoolprintf(struct rk_strpool *, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-
-void ROKEN_LIB_FUNCTION
-rk_strpoolfree(struct rk_strpool *);
-
-void ROKEN_LIB_FUNCTION
-rk_dumpdata (const char *, const void *, size_t);
-
-ROKEN_CPP_END
-
-#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk
deleted file mode 100644
index e0c19d7..0000000
--- a/crypto/heimdal/lib/roken/roken.awk
+++ /dev/null
@@ -1,40 +0,0 @@
-# $Id: roken.awk 15409 2005-06-16 16:29:58Z lha $
-
-BEGIN {
-	print "#ifdef HAVE_CONFIG_H"
-	print "#include <config.h>"
-	print "#endif"
-	print "#include <stdio.h>"
-	print ""
-	print "int main(int argc, char **argv)"
-	print "{"
-	    print "puts(\"/* This is an OS dependent, generated file */\");"
-	print "puts(\"\\n\");"
-	print "puts(\"#ifndef __ROKEN_H__\");"
-	print "puts(\"#define __ROKEN_H__\");"
-	print "puts(\"\");"
-}
-
-$1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
-	print $0;
-	next
-}
-
-{
-	s = ""
-	for(i = 1; i <= length; i++){
-		x = substr($0, i, 1)
-		if(x == "\"" || x == "\\")
-			s = s "\\";
-		s = s x;
-	}
-	print "puts(\"" s "\");"
-}
-
-END {
-	print "puts(\"#define ROKEN_VERSION \" VERSION );"
-	print "puts(\"\");"
-	print "puts(\"#endif /* __ROKEN_H__ */\");"
-	print "return 0;"
-	print "}"
-}
diff --git a/crypto/heimdal/lib/roken/roken.h.in b/crypto/heimdal/lib/roken/roken.h.in
deleted file mode 100644
index cf2ee9e..0000000
--- a/crypto/heimdal/lib/roken/roken.h.in
+++ /dev/null
@@ -1,706 +0,0 @@
-/* -*- C -*- */
-/*
- * Copyright (c) 1995-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-#include <string.h>
-#include <signal.h>
-
-#ifdef _AIX
-struct ether_addr;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#include <err.h>
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifndef HAVE_SSIZE_T
-typedef int ssize_t;
-#endif
-
-#include <roken-common.h>
-
-ROKEN_CPP_START
-
-#ifdef HAVE_UINTPTR_T
-#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x))
-#else
-#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x))
-#endif
-
-#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
-#define setsid _setsid
-#endif
-
-#ifndef HAVE_PUTENV
-int ROKEN_LIB_FUNCTION putenv(const char *);
-#endif
-
-#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
-int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int);
-#endif
-
-#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
-void ROKEN_LIB_FUNCTION unsetenv(const char *);
-#endif
-
-#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
-char * ROKEN_LIB_FUNCTION getusershell(void);
-void ROKEN_LIB_FUNCTION endusershell(void);
-#endif
-
-#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION 
-     vsnprintf (char *, size_t, const char *, va_list)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-     asprintf (char **, const char *, ...)
-     __attribute__ ((format (printf, 2, 3)));
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    vasprintf (char **, const char *, va_list)
-     __attribute__((format (printf, 2, 0)));
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    asnprintf (char **, size_t, const char *, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    vasnprintf (char **, size_t, const char *, va_list)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#ifndef HAVE_STRDUP
-char * ROKEN_LIB_FUNCTION strdup(const char *);
-#endif
-
-#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
-char * ROKEN_LIB_FUNCTION strndup(const char *, size_t);
-#endif
-
-#ifndef HAVE_STRLWR
-char * ROKEN_LIB_FUNCTION strlwr(char *);
-#endif
-
-#ifndef HAVE_STRNLEN
-size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t);
-#endif
-
-#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
-char * ROKEN_LIB_FUNCTION strsep(char**, const char*);
-#endif
-
-#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
-ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t);
-#endif
-
-#ifndef HAVE_STRCASECMP
-int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *);
-#endif
-
-#ifdef NEED_FCLOSE_PROTO
-int ROKEN_LIB_FUNCTION fclose(FILE *);
-#endif
-
-#ifdef NEED_STRTOK_R_PROTO
-char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **);
-#endif
-
-#ifndef HAVE_STRUPR
-char * ROKEN_LIB_FUNCTION strupr(char *);
-#endif
-
-#ifndef HAVE_STRLCPY
-size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t);
-#endif
-
-#ifndef HAVE_STRLCAT
-size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t);
-#endif
-
-#ifndef HAVE_GETDTABLESIZE
-int ROKEN_LIB_FUNCTION getdtablesize(void);
-#endif
-
-#if !defined(HAVE_STRERROR) && !defined(strerror)
-char * ROKEN_LIB_FUNCTION strerror(int);
-#endif
-
-#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
-/* This causes a fatal error under Psoriasis */
-#if !(defined(SunOS) && (SunOS >= 50))
-const char * ROKEN_LIB_FUNCTION hstrerror(int);
-#endif
-#endif
-
-#if !HAVE_DECL_H_ERRNO
-extern int h_errno;
-#endif
-
-#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
-int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *);
-#endif
-
-#ifndef HAVE_INET_NTOP
-const char * ROKEN_LIB_FUNCTION
-inet_ntop(int af, const void *src, char *dst, size_t size);
-#endif
-
-#ifndef HAVE_INET_PTON
-int ROKEN_LIB_FUNCTION
-inet_pton(int, const char *, void *);
-#endif
-
-#if !defined(HAVE_GETCWD)
-char* ROKEN_LIB_FUNCTION getcwd(char *, size_t);
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *);
-struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t);
-#endif
-
-const char * ROKEN_LIB_FUNCTION get_default_username (void);
-
-#ifndef HAVE_SETEUID
-int ROKEN_LIB_FUNCTION seteuid(uid_t);
-#endif
-
-#ifndef HAVE_SETEGID
-int ROKEN_LIB_FUNCTION setegid(gid_t);
-#endif
-
-#ifndef HAVE_LSTAT
-int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *);
-#endif
-
-#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
-int ROKEN_LIB_FUNCTION mkstemp(char *);
-#endif
-
-#ifndef HAVE_CGETENT
-int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *);
-int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **);
-#endif
-
-#ifndef HAVE_INITGROUPS
-int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t);
-#endif
-
-#ifndef HAVE_FCHOWN
-int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t);
-#endif
-
-#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO)
-int ROKEN_LIB_FUNCTION daemon(int, int);
-#endif
-
-#ifndef HAVE_INNETGR
-int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, 
-	    const char *, const char *);
-#endif
-
-#ifndef HAVE_CHOWN
-int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t);
-#endif
-
-#ifndef HAVE_RCMD
-int ROKEN_LIB_FUNCTION
-    rcmd(char **, unsigned short, const char *,
-	 const char *, const char *, int *);
-#endif
-
-#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
-int ROKEN_LIB_FUNCTION innetgr(const char*, const char*,
-    const char*, const char*);
-#endif
-
-#ifndef HAVE_IRUSEROK
-int ROKEN_LIB_FUNCTION iruserok(unsigned, int, 
-    const char *, const char *);
-#endif
-
-#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
-int ROKEN_LIB_FUNCTION gethostname(char *, int);
-#endif
-
-#ifndef HAVE_WRITEV
-ssize_t ROKEN_LIB_FUNCTION
-writev(int, const struct iovec *, int);
-#endif
-
-#ifndef HAVE_READV
-ssize_t ROKEN_LIB_FUNCTION
-readv(int, const struct iovec *, int);
-#endif
-
-#ifndef HAVE_MKSTEMP
-int ROKEN_LIB_FUNCTION
-mkstemp(char *);
-#endif
-
-#ifndef HAVE_PIDFILE
-void ROKEN_LIB_FUNCTION pidfile (const char*);
-#endif
-
-#ifndef HAVE_BSWAP32
-unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int);
-#endif
-
-#ifndef HAVE_BSWAP16
-unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short);
-#endif
-
-#ifndef HAVE_FLOCK
-#ifndef LOCK_SH
-#define LOCK_SH   1		/* Shared lock */
-#endif
-#ifndef	LOCK_EX
-#define LOCK_EX   2		/* Exclusive lock */
-#endif
-#ifndef LOCK_NB
-#define LOCK_NB   4		/* Don't block when locking */
-#endif
-#ifndef LOCK_UN
-#define LOCK_UN   8		/* Unlock */
-#endif
-
-int flock(int fd, int operation);
-#endif /* HAVE_FLOCK */
-
-time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int);
-
-int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *);
-
-int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...);
-
-size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...);
-
-int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list);
-
-size_t ROKEN_LIB_FUNCTION
-    roken_vmconcat (char **, size_t, va_list);
-
-ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t);
-
-ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t);
-
-int ROKEN_LIB_FUNCTION issuid(void);
-
-#ifndef HAVE_STRUCT_WINSIZE
-struct winsize {
-	unsigned short ws_row, ws_col;
-	unsigned short ws_xpixel, ws_ypixel;
-};
-#endif
-
-int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *);
-
-#ifndef HAVE_VSYSLOG
-void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list);
-#endif
-
-#if !HAVE_DECL_OPTARG
-extern char *optarg;
-#endif
-#if !HAVE_DECL_OPTIND
-extern int optind;
-#endif
-#if !HAVE_DECL_OPTERR
-extern int opterr;
-#endif
-
-#if !HAVE_DECL_ENVIRON
-extern char **environ;
-#endif
-
-#ifndef HAVE_GETIPNODEBYNAME
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyname (const char *, int, int, int *);
-#endif
-
-#ifndef HAVE_GETIPNODEBYADDR
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyaddr (const void *, size_t, int, int *);
-#endif
-
-#ifndef HAVE_FREEHOSTENT
-void ROKEN_LIB_FUNCTION
-freehostent (struct hostent *);
-#endif
-
-#ifndef HAVE_COPYHOSTENT
-struct hostent * ROKEN_LIB_FUNCTION
-copyhostent (const struct hostent *);
-#endif
-
-#ifndef HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-
-#ifndef HAVE_SA_FAMILY_T
-typedef unsigned short sa_family_t;
-#endif
-
-#ifdef HAVE_IPV6
-#define _SS_MAXSIZE sizeof(struct sockaddr_in6)
-#else
-#define _SS_MAXSIZE sizeof(struct sockaddr_in)
-#endif
-
-#define _SS_ALIGNSIZE	sizeof(unsigned long)
-
-#if HAVE_STRUCT_SOCKADDR_SA_LEN
-
-typedef unsigned char roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    unsigned char	ss_len;
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-typedef unsigned short roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
-
-#ifndef HAVE_STRUCT_ADDRINFO
-struct addrinfo {
-    int    ai_flags;
-    int    ai_family;
-    int    ai_socktype;
-    int    ai_protocol;
-    size_t ai_addrlen;
-    char  *ai_canonname;
-    struct sockaddr *ai_addr;
-    struct addrinfo *ai_next;
-};
-#endif
-
-#ifndef HAVE_GETADDRINFO
-int ROKEN_LIB_FUNCTION
-getaddrinfo(const char *,
-	    const char *,
-	    const struct addrinfo *,
-	    struct addrinfo **);
-#endif
-
-#ifndef HAVE_GETNAMEINFO
-int ROKEN_LIB_FUNCTION
-getnameinfo(const struct sockaddr *, socklen_t,
-		char *, size_t,
-		char *, size_t,
-		int);
-#endif
-
-#ifndef HAVE_FREEADDRINFO
-void ROKEN_LIB_FUNCTION
-freeaddrinfo(struct addrinfo *);
-#endif
-
-#ifndef HAVE_GAI_STRERROR
-const char * ROKEN_LIB_FUNCTION
-gai_strerror(int);
-#endif
-
-int ROKEN_LIB_FUNCTION
-getnameinfo_verified(const struct sockaddr *, socklen_t,
-		     char *, size_t,
-		     char *, size_t,
-		     int);
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); 
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
-
-#ifndef HAVE_STRFTIME
-size_t ROKEN_LIB_FUNCTION
-strftime (char *, size_t, const char *, const struct tm *);
-#endif
-
-#ifndef HAVE_STRPTIME
-char * ROKEN_LIB_FUNCTION
-strptime (const char *, const char *, struct tm *);
-#endif
-
-#ifndef HAVE_EMALLOC
-void * ROKEN_LIB_FUNCTION emalloc (size_t);
-#endif
-#ifndef HAVE_ECALLOC
-void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t);
-#endif
-#ifndef HAVE_EREALLOC
-void * ROKEN_LIB_FUNCTION erealloc (void *, size_t);
-#endif
-#ifndef HAVE_ESTRDUP
-char * ROKEN_LIB_FUNCTION estrdup (const char *);
-#endif
-
-/*
- * kludges and such
- */
-
-#if 1
-int ROKEN_LIB_FUNCTION
-roken_gethostby_setup(const char*, const char*);
-struct hostent* ROKEN_LIB_FUNCTION
-roken_gethostbyname(const char*);
-struct hostent* ROKEN_LIB_FUNCTION 
-roken_gethostbyaddr(const void*, size_t, int);
-#else
-#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
-#define roken_gethostbyname(x) gethostbyname(x)
-#else
-#define roken_gethostbyname(x) gethostbyname((char *)x)
-#endif
-
-#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
-#else
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
-#endif
-#endif
-
-#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
-#define roken_getservbyname(x,y) getservbyname(x,y)
-#else
-#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
-#endif
-
-#ifdef OPENLOG_PROTO_COMPATIBLE
-#define roken_openlog(a,b,c) openlog(a,b,c)
-#else
-#define roken_openlog(a,b,c) openlog((char *)a,b,c)
-#endif
-
-#ifdef GETSOCKNAME_PROTO_COMPATIBLE
-#define roken_getsockname(a,b,c) getsockname(a,b,c)
-#else
-#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void ROKEN_LIB_FUNCTION setprogname(const char *);
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char * ROKEN_LIB_FUNCTION getprogname(void);
-#endif
-
-#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME
-extern const char *__progname;
-#endif
-
-void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*);
-void ROKEN_LIB_FUNCTION mini_inetd (int);
-
-#ifndef HAVE_LOCALTIME_R
-struct tm * ROKEN_LIB_FUNCTION
-localtime_r(const time_t *, struct tm *);
-#endif
-
-#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strsvis(char *, const char *, int, const char *);
-#endif
-
-#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strunvis(char *, const char *);
-#endif
-
-#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strvis(char *, const char *, int);
-#endif
-
-#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO)
-int ROKEN_LIB_FUNCTION
-strvisx(char *, const char *, size_t, int);
-#endif
-
-#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO)
-char * ROKEN_LIB_FUNCTION
-svis(char *, int, int, int, const char *);
-#endif
-
-#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-unvis(char *, int, int *, int);
-#endif
-
-#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO)
-char * ROKEN_LIB_FUNCTION
-vis(char *, int, int, int);
-#endif
-
-#if !defined(HAVE_CLOSEFROM)
-int ROKEN_LIB_FUNCTION
-closefrom(int);
-#endif
-
-#if !defined(HAVE_TIMEGM)
-#define timegm rk_timegm
-time_t ROKEN_LIB_FUNCTION
-rk_timegm(struct tm *tm);
-#endif
-
-#ifdef SOCKET_WRAPPER_REPLACE
-#include <socket_wrapper.h>
-#endif
-
-ROKEN_CPP_END
diff --git a/crypto/heimdal/lib/roken/roken_gethostby.c b/crypto/heimdal/lib/roken/roken_gethostby.c
deleted file mode 100644
index ff0af86..0000000
--- a/crypto/heimdal/lib/roken/roken_gethostby.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $");
-#endif
-
-#include "roken.h"
-
-#undef roken_gethostbyname
-#undef roken_gethostbyaddr
-
-static struct sockaddr_in dns_addr;
-static char *dns_req;
-
-static int
-make_address(const char *address, struct in_addr *ip)
-{
-    if(inet_aton(address, ip) == 0){
-	/* try to resolve as hostname, it might work if the address we
-           are trying to lookup is local, for instance a web proxy */
-	struct hostent *he = gethostbyname(address);
-	if(he) {
-	    unsigned char *p = (unsigned char*)he->h_addr;
-	    ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-	} else {
-	    return -1;
-	}
-    }
-    return 0;
-}
-
-static int
-setup_int(const char *proxy_host, short proxy_port,
-	  const char *dns_host, short dns_port,
-	  const char *dns_path)
-{
-    memset(&dns_addr, 0, sizeof(dns_addr));
-    if(dns_req)
-	free(dns_req);
-    if(proxy_host) {
-	if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(proxy_port);
-	asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
-    } else {
-	if(make_address(dns_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(dns_port);
-	asprintf(&dns_req, "%s", dns_path);
-    }
-    dns_addr.sin_family = AF_INET;
-    return 0;
-}
-
-static void
-split_spec(const char *spec, char **host, int *port, char **path, int def_port)
-{
-    char *p;
-    *host = strdup(spec);
-    p = strchr(*host, ':');
-    if(p) {
-	*p++ = '\0';
-	if(sscanf(p, "%d", port) != 1)
-	    *port = def_port;
-    } else
-	*port = def_port;
-    p = strchr(p ? p : *host, '/');
-    if(p) {
-	if(path) 
-	    *path = strdup(p);
-	*p = '\0';
-    }else
-	if(path) 
-	    *path = NULL;
-}
-
-
-int ROKEN_LIB_FUNCTION
-roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
-{
-    char *proxy_host = NULL;
-    int proxy_port = 0;
-    char *dns_host, *dns_path;
-    int dns_port;
-    
-    int ret = -1;
-    
-    split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
-    if(dns_path == NULL)
-	goto out;
-    if(proxy_spec)
-	split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
-    ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
-out:
-    free(proxy_host);
-    free(dns_host);
-    free(dns_path);
-    return ret;
-}
-    
-
-/* Try to lookup a name or an ip-address using http as transport
-   mechanism. See the end of this file for an example program. */
-static struct hostent*
-roken_gethostby(const char *hostname)
-{
-    int s;
-    struct sockaddr_in addr;
-    char *request;
-    char buf[1024];
-    int offset = 0;
-    int n;
-    char *p, *foo;
-    
-    if(dns_addr.sin_family == 0)
-	return NULL; /* no configured host */
-    addr = dns_addr;
-    asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
-    if(request == NULL)
-	return NULL;
-    s  = socket(AF_INET, SOCK_STREAM, 0);
-    if(s < 0) {
-	free(request);
-	return NULL;
-    }
-    if(connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    if(write(s, request, strlen(request)) != strlen(request)) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    free(request);
-    while(1) {
-	n = read(s, buf + offset, sizeof(buf) - offset);
-	if(n <= 0)
-	    break;
-	offset += n;
-    }
-    buf[offset] = '\0';
-    close(s);
-    p = strstr(buf, "\r\n\r\n"); /* find end of header */
-    if(p) p += 4;
-    else return NULL;
-    foo = NULL;
-    p = strtok_r(p, " \t\r\n", &foo);
-    if(p == NULL)
-	return NULL;
-    {
-	/* make a hostent to return */
-#define MAX_ADDRS 16
-	static struct hostent he;
-	static char addrs[4 * MAX_ADDRS];
-	static char *addr_list[MAX_ADDRS + 1];
-	int num_addrs = 0;
-	
-	he.h_name = p;
-	he.h_aliases = NULL;
-	he.h_addrtype = AF_INET;
-	he.h_length = 4;
-	
-	while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
-	    struct in_addr ip;
-	    inet_aton(p, &ip);
-	    ip.s_addr = ntohl(ip.s_addr);
-	    addr_list[num_addrs] = &addrs[num_addrs * 4];
-	    addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
-	    addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
-	    addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
-	    addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
-	    addr_list[++num_addrs] = NULL;
-	}
-	he.h_addr_list = addr_list;
-	return &he;
-    }
-}
-
-struct hostent*
-roken_gethostbyname(const char *hostname)
-{
-    struct hostent *he;
-    he = gethostbyname(hostname);
-    if(he)
-	return he;
-    return roken_gethostby(hostname);
-}
-
-struct hostent* ROKEN_LIB_FUNCTION
-roken_gethostbyaddr(const void *addr, size_t len, int type)
-{
-    struct in_addr a;
-    const char *p;
-    struct hostent *he;
-    he = gethostbyaddr(addr, len, type);
-    if(he)
-	return he;
-    if(type != AF_INET || len != 4)
-	return NULL;
-    p = addr;
-    a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-    return roken_gethostby(inet_ntoa(a));
-}
-
-#if 0
-
-/* this program can be used as a cgi `script' to lookup names and
-   ip-addresses */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <netdb.h>
-#include <sys/param.h>
-
-int
-main(int argc, char **argv)
-{
-    char *query = getenv("QUERY_STRING");
-    char host[MAXHOSTNAMELEN];
-    int i;
-    struct hostent *he;
-    
-    printf("Content-type: text/plain\n\n");
-    if(query == NULL)
-	exit(0);
-    he = gethostbyname(query);
-    strncpy(host, he->h_name, sizeof(host));
-    host[sizeof(host) - 1] = '\0';
-    he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
-    printf("%s\n", he->h_name);
-    for(i = 0; he->h_addr_list[i]; i++) {
-	struct in_addr ip;
-	unsigned char *p = (unsigned char*)he->h_addr_list[i];
-	ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-	printf("%s\n", inet_ntoa(ip));
-    }
-    exit(0);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/rtbl.3 b/crypto/heimdal/lib/roken/rtbl.3
deleted file mode 100644
index ccdc73f..0000000
--- a/crypto/heimdal/lib/roken/rtbl.3
+++ /dev/null
@@ -1,201 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" $Id: rtbl.3 22088 2007-11-25 14:10:15Z lha $
-.\"
-.Dd June 26, 2004
-.Dt RTBL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm rtbl_create ,
-.Nm rtbl_destroy ,
-.Nm rtbl_set_flags ,
-.Nm rtbl_get_flags ,
-.Nm rtbl_set_prefix ,
-.Nm rtbl_set_separator ,
-.Nm rtbl_set_column_prefix ,
-.Nm rtbl_set_column_affix_by_id ,
-.Nm rtbl_add_column ,
-.Nm rtbl_add_column_by_id ,
-.Nm rtbl_add_column_entry ,
-.Nm rtbl_add_column_entry_by_id ,
-.Nm rtbl_new_row ,
-.Nm rtbl_format
-.Nd format data in simple tables
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.In rtbl.h
-.Ft int
-.Fn rtbl_add_column "rtbl_t table" "const char *column_name" "unsigned int flags"
-.Ft int
-.Fn rtbl_add_column_by_id "rtbl_t table" "unsigned int column_id" "const char *column_header" "unsigned int flags"
-.Ft int
-.Fn rtbl_add_column_entry "rtbl_t table" "const char *column_name" "const char *cell_entry"
-.Ft int
-.Fn rtbl_add_column_entry_by_id "rtbl_t table" "unsigned int column_id" "const char *cell_entry"
-.Ft rtbl_t
-.Fn rtbl_create "void"
-.Ft void
-.Fn rtbl_destroy "rtbl_t table"
-.Ft int
-.Fn rtbl_new_row "rtbl_t table"
-.Ft int
-.Fn rtbl_set_column_affix_by_id "rtbl_t table" "unsigned int column_id "const char *prefix" "const char *suffix"
-.Ft int
-.Fn rtbl_set_column_prefix "rtbl_t table" "const char *column_name" "const char *prefix"
-.Ft "unsigned int"
-.Fn rtbl_get_flags "rtbl_t table"
-.Ft void
-.Fn rtbl_set_flags "rtbl_t table" "unsigned int flags"
-.Ft int
-.Fn rtbl_set_prefix "rtbl_t table" "const char *prefix"
-.Ft int
-.Fn rtbl_set_separator "rtbl_t table" "const char *separator"
-.Ft int
-.Fn rtbl_format "rtbl_t table "FILE *file"
-.Sh DESCRIPTION
-This set of functions assemble a simple table consisting of rows and
-columns, allowing it to be printed with certain options. Typical use
-would be output from tools such as
-.Xr ls 1
-or
-.Xr netstat 1 ,
-where you have a fixed number of columns, but don't know the column
-widthds before hand.
-.Pp
-A table is created with
-.Fn rtbl_create
-and destroyed with
-.Fn rtbl_destroy .
-.Pp
-Global flags on the table are set with
-.Fa rtbl_set_flags
-and retrieved with
-.Fa rtbl_get_flags .
-At present the only defined flag is
-.Dv RTBL_HEADER_STYLE_NONE
-which suppresses printing the header.
-.Pp
-Before adding data to the table, one or more columns need to be
-created. This would normally be done with
-.Fn rtbl_add_column_by_id ,
-.Fa column_id
-is any number of your choice (it's used only to identify columns),
-.Fa column_header
-is the header to print at the top of the column, and
-.Fa flags
-are flags specific to this column. Currently the only defined flag is
-.Dv RTBL_ALIGN_RIGHT ,
-aligning column entries to the right. Columns are printed in the order
-they are added.
-.Pp
-There's also a way to add columns by column name with
-.Fn rtbl_add_column ,
-but this is less flexible (you need unique header names), and is
-considered deprecated.
-.Pp
-To add data to a column you use
-.Fn rtbl_add_column_entry_by_id ,
-where the
-.Fa column_id
-is the same as when the column was added (adding data to a
-non-existent column is undefined), and
-.Fa cell_entry
-is whatever string you wish to include in that cell. It should not
-include newlines.
-For columns added with
-.Fn rtbl_add_column
-you must use
-.Fn rtbl_add_column_entry
-instead.
-.Pp
-.Fn rtbl_new_row
-fills all columns with blank entries until they all have the same
-number of rows.
-.Pp
-Each column can have a separate prefix and suffix, set with
-.Fa rtbl_set_column_affix_by_id ;
-.Fa rtbl_set_column_prefix
-allows setting the prefix only by column name. In addition to this,
-columns may be separated by a string set with
-.Fa rtbl_set_separator ( Ns
-by default columns are not seprated by anything).
-.Pp
-The finished table is printed to
-.Fa file
-with
-.Fa rtbl_format .
-.Sh EXAMPLES
-This program:
-.Bd -literal -offset xxxx
-#include <stdio.h>
-#include <rtbl.h>
-int
-main(int argc, char **argv)
-{
-    rtbl_t table;
-    table = rtbl_create();
-    rtbl_set_separator(table, "  ");
-    rtbl_add_column_by_id(table, 0, "Column A", 0);
-    rtbl_add_column_by_id(table, 1, "Column B", RTBL_ALIGN_RIGHT);
-    rtbl_add_column_by_id(table, 2, "Column C", 0);
-    rtbl_add_column_entry_by_id(table, 0, "A-1");
-    rtbl_add_column_entry_by_id(table, 0, "A-2");
-    rtbl_add_column_entry_by_id(table, 0, "A-3");
-    rtbl_add_column_entry_by_id(table, 1, "B-1");
-    rtbl_add_column_entry_by_id(table, 2, "C-1");
-    rtbl_add_column_entry_by_id(table, 2, "C-2");
-    rtbl_add_column_entry_by_id(table, 1, "B-2");
-    rtbl_add_column_entry_by_id(table, 1, "B-3");
-    rtbl_add_column_entry_by_id(table, 2, "C-3");
-    rtbl_add_column_entry_by_id(table, 0, "A-4");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id(table, 1, "B-4");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id(table, 2, "C-4");
-    rtbl_new_row(table);
-    rtbl_format(table, stdout);
-    rtbl_destroy(table);
-    return 0;
-}
-.Ed
-.Pp
-will output the following:
-.Bd -literal -offset xxxx
-Column A  Column B  Column C
-A-1            B-1  C-1
-A-2            B-2  C-2
-A-3            B-3  C-3
-A-4
-               B-4
-                    C-4
-.Ed
-.\" .Sh SEE ALSO
diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c
deleted file mode 100644
index dd4328f..0000000
--- a/crypto/heimdal/lib/roken/rtbl.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $");
-#endif
-#include "roken.h"
-#include "rtbl.h"
-
-struct column_entry {
-    char *data;
-};
-
-struct column_data {
-    char *header;
-    char *prefix;
-    int width;
-    unsigned flags;
-    size_t num_rows;
-    struct column_entry *rows;
-    unsigned int column_id;
-    char *suffix;
-};
-
-struct rtbl_data {
-    char *column_prefix;
-    size_t num_columns;
-    struct column_data **columns;
-    unsigned int flags;
-    char *column_separator;
-};
-
-rtbl_t ROKEN_LIB_FUNCTION
-rtbl_create (void)
-{
-    return calloc (1, sizeof (struct rtbl_data));
-}
-
-void ROKEN_LIB_FUNCTION
-rtbl_set_flags (rtbl_t table, unsigned int flags)
-{
-    table->flags = flags;
-}
-
-unsigned int ROKEN_LIB_FUNCTION
-rtbl_get_flags (rtbl_t table)
-{
-    return table->flags;
-}
-
-static struct column_data *
-rtbl_get_column_by_id (rtbl_t table, unsigned int id)
-{
-    int i;
-    for(i = 0; i < table->num_columns; i++)
-	if(table->columns[i]->column_id == id)
-	    return table->columns[i];
-    return NULL;
-}
-
-static struct column_data *
-rtbl_get_column (rtbl_t table, const char *column)
-{
-    int i;
-    for(i = 0; i < table->num_columns; i++)
-	if(strcmp(table->columns[i]->header, column) == 0)
-	    return table->columns[i];
-    return NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-rtbl_destroy (rtbl_t table)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++) {
-	struct column_data *c = table->columns[i];
-
-	for (j = 0; j < c->num_rows; j++)
-	    free (c->rows[j].data);
-	free (c->rows);
-	free (c->header);
-	free (c->prefix);
-	free (c->suffix);
-	free (c);
-    }
-    free (table->column_prefix);
-    free (table->column_separator);
-    free (table->columns);
-    free (table);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_by_id (rtbl_t table, unsigned int id, 
-		       const char *header, unsigned int flags)
-{
-    struct column_data *col, **tmp;
-
-    tmp = realloc (table->columns, (table->num_columns + 1) * sizeof (*tmp));
-    if (tmp == NULL)
-	return ENOMEM;
-    table->columns = tmp;
-    col = malloc (sizeof (*col));
-    if (col == NULL)
-	return ENOMEM;
-    col->header = strdup (header);
-    if (col->header == NULL) {
-	free (col);
-	return ENOMEM;
-    }
-    col->prefix = NULL;
-    col->width = 0;
-    col->flags = flags;
-    col->num_rows = 0;
-    col->rows = NULL;
-    col->column_id = id;
-    col->suffix = NULL;
-    table->columns[table->num_columns++] = col;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column (rtbl_t table, const char *header, unsigned int flags)
-{
-    return rtbl_add_column_by_id(table, 0, header, flags);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_new_row(rtbl_t table)
-{
-    size_t max_rows = 0;
-    size_t c;
-    for (c = 0; c < table->num_columns; c++)
-	if(table->columns[c]->num_rows > max_rows)
-	    max_rows = table->columns[c]->num_rows;
-    for (c = 0; c < table->num_columns; c++) {
-	struct column_entry *tmp;
-
-	if(table->columns[c]->num_rows == max_rows)
-	    continue;
-	tmp = realloc(table->columns[c]->rows, 
-		      max_rows * sizeof(table->columns[c]->rows));
-	if(tmp == NULL)
-	    return ENOMEM;
-	table->columns[c]->rows = tmp;
-	while(table->columns[c]->num_rows < max_rows) {
-	    if((tmp[table->columns[c]->num_rows++].data = strdup("")) == NULL)
-		return ENOMEM;
-	}
-    }
-    return 0;
-}
-
-static void
-column_compute_width (rtbl_t table, struct column_data *column)
-{
-    int i;
-
-    if(table->flags & RTBL_HEADER_STYLE_NONE)
-	column->width = 0;
-    else
-	column->width = strlen (column->header);
-    for (i = 0; i < column->num_rows; i++)
-	column->width = max (column->width, strlen (column->rows[i].data));
-}
-
-/* DEPRECATED */
-int ROKEN_LIB_FUNCTION
-rtbl_set_prefix (rtbl_t table, const char *prefix)
-{
-    if (table->column_prefix)
-	free (table->column_prefix);
-    table->column_prefix = strdup (prefix);
-    if (table->column_prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_separator (rtbl_t table, const char *separator)
-{
-    if (table->column_separator)
-	free (table->column_separator);
-    table->column_separator = strdup (separator);
-    if (table->column_separator == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_prefix (rtbl_t table, const char *column,
-			const char *prefix)
-{
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-    if (c->prefix)
-	free (c->prefix);
-    c->prefix = strdup (prefix);
-    if (c->prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id,
-			    const char *prefix, const char *suffix)
-{
-    struct column_data *c = rtbl_get_column_by_id (table, id);
-
-    if (c == NULL)
-	return -1;
-    if (c->prefix)
-	free (c->prefix);
-    if(prefix == NULL)
-	c->prefix = NULL;
-    else {
-	c->prefix = strdup (prefix);
-	if (c->prefix == NULL)
-	    return ENOMEM;
-    }
-
-    if (c->suffix)
-	free (c->suffix);
-    if(suffix == NULL)
-	c->suffix = NULL;
-    else {
-	c->suffix = strdup (suffix);
-	if (c->suffix == NULL)
-	    return ENOMEM;
-    }
-    return 0;
-}
-
-
-static const char *
-get_column_prefix (rtbl_t table, struct column_data *c)
-{
-    if (c == NULL)
-	return "";
-    if (c->prefix)
-	return c->prefix;
-    if (table->column_prefix)
-	return table->column_prefix;
-    return "";
-}
-
-static const char *
-get_column_suffix (rtbl_t table, struct column_data *c)
-{
-    if (c && c->suffix)
-	return c->suffix;
-    return "";
-}
-
-static int
-add_column_entry (struct column_data *c, const char *data)
-{
-    struct column_entry row, *tmp;
-
-    row.data = strdup (data);
-    if (row.data == NULL)
-	return ENOMEM;
-    tmp = realloc (c->rows, (c->num_rows + 1) * sizeof (*tmp));
-    if (tmp == NULL) {
-	free (row.data);
-	return ENOMEM;
-    }
-    c->rows = tmp;
-    c->rows[c->num_rows++] = row;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data)
-{
-    struct column_data *c = rtbl_get_column_by_id (table, id);
-
-    if (c == NULL)
-	return -1;
-
-    return add_column_entry(c, data);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
-			      const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-    int ret;
-
-    va_start(ap, fmt);
-    ret = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (ret == -1)
-	return -1;
-    ret = rtbl_add_column_entry_by_id(table, id, str);
-    free(str);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
-{
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-
-    return add_column_entry(c, data);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-    int ret;
-
-    va_start(ap, fmt);
-    ret = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (ret == -1)
-	return -1;
-    ret = rtbl_add_column_entry(table, column, str);
-    free(str);
-    return ret;
-}
-
-
-int ROKEN_LIB_FUNCTION
-rtbl_format (rtbl_t table, FILE * f)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++)
-	column_compute_width (table, table->columns[i]);
-    if((table->flags & RTBL_HEADER_STYLE_NONE) == 0) {
-	for (i = 0; i < table->num_columns; i++) {
-	    struct column_data *c = table->columns[i];
-
-	    if(table->column_separator != NULL && i > 0)
-		fprintf (f, "%s", table->column_separator);
-	    fprintf (f, "%s", get_column_prefix (table, c));
-	    if(i == table->num_columns - 1 && c->suffix == NULL)
-		/* last column, so no need to pad with spaces */
-		fprintf (f, "%-*s", 0, c->header);
-	    else
-		fprintf (f, "%-*s", (int)c->width, c->header);
-	    fprintf (f, "%s", get_column_suffix (table, c));
-	}
-	fprintf (f, "\n");
-    }
-
-    for (j = 0;; j++) {
-	int flag = 0;
-
-	/* are there any more rows left? */
-	for (i = 0; flag == 0 && i < table->num_columns; ++i) {
-	    struct column_data *c = table->columns[i];
-
-	    if (c->num_rows > j) {
-		++flag;
-		break;
-	    }
-	}
-	if (flag == 0)
-	    break;
-
-	for (i = 0; i < table->num_columns; i++) {
-	    int w;
-	    struct column_data *c = table->columns[i];
-
-	    if(table->column_separator != NULL && i > 0)
-		fprintf (f, "%s", table->column_separator);
-
-	    w = c->width;
-
-	    if ((c->flags & RTBL_ALIGN_RIGHT) == 0) {
-		if(i == table->num_columns - 1 && c->suffix == NULL)
-		    /* last column, so no need to pad with spaces */
-		    w = 0;
-		else
-		    w = -w;
-	    }
-	    fprintf (f, "%s", get_column_prefix (table, c));
-	    if (c->num_rows <= j)
-		fprintf (f, "%*s", w, "");
-	    else
-		fprintf (f, "%*s", w, c->rows[j].data);
-	    fprintf (f, "%s", get_column_suffix (table, c));
-	}
-	fprintf (f, "\n");
-    }
-    return 0;
-}
-
-#ifdef TEST
-int
-main (int argc, char **argv)
-{
-    rtbl_t table;
-
-    table = rtbl_create ();
-    rtbl_add_column_by_id (table, 0, "Issued", 0);
-    rtbl_add_column_by_id (table, 1, "Expires", 0);
-    rtbl_add_column_by_id (table, 2, "Foo", RTBL_ALIGN_RIGHT);
-    rtbl_add_column_by_id (table, 3, "Principal", 0);
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 2, "73");
-    rtbl_add_column_entry_by_id (table, 2, "0");
-    rtbl_add_column_entry_by_id (table, 2, "-2000");
-    rtbl_add_column_entry_by_id (table, 3, "krbtgt/NADA.KTH.SE@NADA.KTH.SE");
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 3, "afs/pdc.kth.se@NADA.KTH.SE");
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 3, "afs@NADA.KTH.SE");
-
-    rtbl_set_separator (table, "  ");
-
-    rtbl_format (table, stdout);
-
-    rtbl_destroy (table);
-
-    printf("\n");
-
-    table = rtbl_create ();
-    rtbl_add_column_by_id (table, 0, "Column A", 0);
-    rtbl_set_column_affix_by_id (table, 0, "<", ">");
-    rtbl_add_column_by_id (table, 1, "Column B", 0);
-    rtbl_set_column_affix_by_id (table, 1, "[", "]");
-    rtbl_add_column_by_id (table, 2, "Column C", 0);
-    rtbl_set_column_affix_by_id (table, 2, "(", ")");
-
-    rtbl_add_column_entry_by_id (table, 0, "1");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id (table, 1, "2");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id (table, 2, "3");
-    rtbl_new_row(table);
-
-    rtbl_set_separator (table, "  ");
-    rtbl_format (table, stdout);
-
-    rtbl_destroy (table);
-
-    return 0;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/rtbl.h b/crypto/heimdal/lib/roken/rtbl.h
deleted file mode 100644
index 9b168c7..0000000
--- a/crypto/heimdal/lib/roken/rtbl.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2000,2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */
-
-#ifndef __rtbl_h__
-#define __rtbl_h__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct rtbl_data;
-typedef struct rtbl_data *rtbl_t;
-
-#define RTBL_ALIGN_LEFT		0
-#define RTBL_ALIGN_RIGHT	1
-
-/* flags */
-#define RTBL_HEADER_STYLE_NONE	1
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column (rtbl_t, const char*, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
-			      const char *fmt, ...)
-	__attribute__ ((format (printf, 3, 0)));
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry (rtbl_t, const char*, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...)
-	__attribute__ ((format (printf, 3, 0)));
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*);
-
-rtbl_t ROKEN_LIB_FUNCTION
-rtbl_create (void);
-
-void ROKEN_LIB_FUNCTION
-rtbl_destroy (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_format (rtbl_t, FILE*);
-
-unsigned int ROKEN_LIB_FUNCTION
-rtbl_get_flags (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_new_row (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_prefix (rtbl_t, const char*, const char*);
-
-void ROKEN_LIB_FUNCTION
-rtbl_set_flags (rtbl_t, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_prefix (rtbl_t, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_separator (rtbl_t, const char*);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __rtbl_h__ */
diff --git a/crypto/heimdal/lib/roken/sendmsg.c b/crypto/heimdal/lib/roken/sendmsg.c
deleted file mode 100644
index e7478bf..0000000
--- a/crypto/heimdal/lib/roken/sendmsg.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sendmsg.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-sendmsg(int s, const struct msghdr *msg, int flags)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < msg->msg_iovlen; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/setegid.c b/crypto/heimdal/lib/roken/setegid.c
deleted file mode 100644
index 14d99ee..0000000
--- a/crypto/heimdal/lib/roken/setegid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setegid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-setegid(gid_t egid)
-{
-#ifdef HAVE_SETREGID
-    return setregid(-1, egid);
-#endif
-
-#ifdef HAVE_SETRESGID
-    return setresgid(-1, egid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setenv.c b/crypto/heimdal/lib/roken/setenv.c
deleted file mode 100644
index 2bf09be..0000000
--- a/crypto/heimdal/lib/roken/setenv.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * This is the easy way out, use putenv to implement setenv. We might
- * leak some memory but that is ok since we are usally about to exec
- * anyway.
- */
-
-int ROKEN_LIB_FUNCTION
-setenv(const char *var, const char *val, int rewrite)
-{
-    char *t;
-
-    if (!rewrite && getenv(var) != 0)
-	return 0;
-  
-    asprintf (&t, "%s=%s", var, val);
-    if (t == NULL)
-	return -1;
-
-    if (putenv(t) == 0)
-	return 0;
-    else
-	return -1;
-}
diff --git a/crypto/heimdal/lib/roken/seteuid.c b/crypto/heimdal/lib/roken/seteuid.c
deleted file mode 100644
index 4f786bb..0000000
--- a/crypto/heimdal/lib/roken/seteuid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: seteuid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-seteuid(uid_t euid)
-{
-#ifdef HAVE_SETREUID
-    return setreuid(-1, euid);
-#endif
-
-#ifdef HAVE_SETRESUID
-    return setresuid(-1, euid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setprogname.c b/crypto/heimdal/lib/roken/setprogname.c
deleted file mode 100644
index b24c785..0000000
--- a/crypto/heimdal/lib/roken/setprogname.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-extern const char *__progname;
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void ROKEN_LIB_FUNCTION
-setprogname(const char *argv0)
-{
-#ifndef HAVE___PROGNAME
-    const char *p;
-    if(argv0 == NULL)
-	return;
-    p = strrchr(argv0, '/');
-    if(p == NULL)
-	p = argv0;
-    else
-	p++;
-    __progname = p;
-#endif
-}
-#endif /* HAVE_SETPROGNAME */
diff --git a/crypto/heimdal/lib/roken/signal.c b/crypto/heimdal/lib/roken/signal.c
deleted file mode 100644
index e184390..0000000
--- a/crypto/heimdal/lib/roken/signal.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <signal.h>
-#include "roken.h"
-
-/*
- * We would like to always use this signal but there is a link error
- * on NEXTSTEP
- */
-#if !defined(NeXT) && !defined(__APPLE__)
-/*
- * Bugs:
- *
- * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
- */
-
-SigAction ROKEN_LIB_FUNCTION
-signal(int iSig, SigAction pAction)
-{
-    struct sigaction saNew, saOld;
-
-    saNew.sa_handler = pAction;
-    sigemptyset(&saNew.sa_mask);
-    saNew.sa_flags = 0;
-
-    if (iSig == SIGALRM)
-	{
-#ifdef SA_INTERRUPT
-	    saNew.sa_flags |= SA_INTERRUPT;
-#endif
-	}
-    else
-	{
-#ifdef SA_RESTART
-	    saNew.sa_flags |= SA_RESTART;
-#endif
-	}
-
-    if (sigaction(iSig, &saNew, &saOld) < 0)
-	return(SIG_ERR);
-
-    return(saOld.sa_handler);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/simple_exec.c b/crypto/heimdal/lib/roken/simple_exec.c
deleted file mode 100644
index 447b5bf..0000000
--- a/crypto/heimdal/lib/roken/simple_exec.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <errno.h>
-
-#include "roken.h"
-
-#define EX_NOEXEC	126
-#define EX_NOTFOUND	127
-
-/* return values:
-   -1   on `unspecified' system errors
-   -2   on fork failures
-   -3   on waitpid errors
-   -4   exec timeout
-   0-   is return value from subprocess
-   126  if the program couldn't be executed
-   127  if the program couldn't be found
-   128- is 128 + signal that killed subprocess
-
-   possible values `func' can return:
-   ((time_t)-2)		exit loop w/o killing child and return
-   			`exec timeout'/-4 from simple_exec
-   ((time_t)-1)		kill child with SIGTERM and wait for child to exit
-   0			don't timeout again
-   n			seconds to next timeout
-   */
-
-static int sig_alarm;
-
-static RETSIGTYPE
-sigtimeout(int sig)
-{
-    sig_alarm = 1;
-    SIGRETURN(0);
-}
-
-int ROKEN_LIB_FUNCTION
-wait_for_process_timed(pid_t pid, time_t (*func)(void *), 
-		       void *ptr, time_t timeout)
-{
-    RETSIGTYPE (*old_func)(int sig) = NULL;
-    unsigned int oldtime = 0;
-    int ret;
-
-    sig_alarm = 0;
-
-    if (func) {
-	old_func = signal(SIGALRM, sigtimeout);
-	oldtime = alarm(timeout);
-    }
-
-    while(1) {
-	int status;
-
-	while(waitpid(pid, &status, 0) < 0) {
-	    if (errno != EINTR) {
-		ret = -3;
-		goto out;
-	    }
-	    if (func == NULL)
-		continue;
-	    if (sig_alarm == 0)
-		continue;
-	    timeout = (*func)(ptr);
-	    if (timeout == (time_t)-1) {
-		kill(pid, SIGTERM);
-		continue;
-	    } else if (timeout == (time_t)-2) {
-		ret = -4;
-		goto out;
-	    }
-	    alarm(timeout);
-	}
-	if(WIFSTOPPED(status))
-	    continue;
-	if(WIFEXITED(status)) {
-	    ret = WEXITSTATUS(status);
-	    break;
-	}
-	if(WIFSIGNALED(status)) {
-	    ret = WTERMSIG(status) + 128;
-	    break;
-	}
-    }
- out:
-    if (func) {
-	signal(SIGALRM, old_func);
-	alarm(oldtime);
-    }
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-wait_for_process(pid_t pid)
-{
-    return wait_for_process_timed(pid, NULL, NULL, 0);
-}
-
-int ROKEN_LIB_FUNCTION
-pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, 
-	   const char *file, ...)
-{
-    int in_fd[2], out_fd[2], err_fd[2];
-    pid_t pid;
-    va_list ap;
-    char **argv;
-
-    if(stdin_fd != NULL)
-	pipe(in_fd);
-    if(stdout_fd != NULL)
-	pipe(out_fd);
-    if(stderr_fd != NULL)
-	pipe(err_fd);
-    pid = fork();
-    switch(pid) {
-    case 0:
-	va_start(ap, file);
-	argv = vstrcollect(&ap);
-	va_end(ap);
-	if(argv == NULL)
-	    exit(-1);
-
-	/* close pipes we're not interested in */
-	if(stdin_fd != NULL)
-	    close(in_fd[1]);
-	if(stdout_fd != NULL)
-	    close(out_fd[0]);
-	if(stderr_fd != NULL)
-	    close(err_fd[0]);
-
-	/* pipe everything caller doesn't care about to /dev/null */
-	if(stdin_fd == NULL)
-	    in_fd[0] = open(_PATH_DEVNULL, O_RDONLY);
-	if(stdout_fd == NULL)
-	    out_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-	if(stderr_fd == NULL)
-	    err_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-
-	/* move to proper descriptors */
-	if(in_fd[0] != STDIN_FILENO) {
-	    dup2(in_fd[0], STDIN_FILENO);
-	    close(in_fd[0]);
-	}
-	if(out_fd[1] != STDOUT_FILENO) {
-	    dup2(out_fd[1], STDOUT_FILENO);
-	    close(out_fd[1]);
-	}
-	if(err_fd[1] != STDERR_FILENO) {
-	    dup2(err_fd[1], STDERR_FILENO);
-	    close(err_fd[1]);
-	}
-
-	closefrom(3);
-
-	execv(file, argv);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    case -1:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    close(in_fd[1]);
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[0]);
-	    close(out_fd[1]);
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[0]);
-	    close(err_fd[1]);
-	}
-	return -2;
-    default:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    *stdin_fd = fdopen(in_fd[1], "w");
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[1]);
-	    *stdout_fd = fdopen(out_fd[0], "r");
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[1]);
-	    *stderr_fd = fdopen(err_fd[0], "r");
-	}
-    }
-    return pid;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execvp_timed(const char *file, char *const args[], 
-		    time_t (*func)(void *), void *ptr, time_t timeout)
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execvp(file, args);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process_timed(pid, func, ptr, timeout);
-    }
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execvp(const char *file, char *const args[])
-{
-    return simple_execvp_timed(file, args, NULL, NULL, 0);
-}
-
-/* gee, I'd like a execvpe */
-int ROKEN_LIB_FUNCTION
-simple_execve_timed(const char *file, char *const args[], char *const envp[],
-		    time_t (*func)(void *), void *ptr, time_t timeout)
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execve(file, args, envp);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process_timed(pid, func, ptr, timeout);
-    }
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execve(const char *file, char *const args[], char *const envp[])
-{
-    return simple_execve_timed(file, args, envp, NULL, NULL, 0);
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execlp(const char *file, ...)
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execvp(file, argv);
-    free(argv);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execle(const char *file, ... /* ,char *const envp[] */)
-{
-    va_list ap;
-    char **argv;
-    char *const* envp;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    envp = va_arg(ap, char **);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, envp);
-    free(argv);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execl(const char *file, ...) 
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, environ);
-    free(argv);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/snprintf-test.c b/crypto/heimdal/lib/roken/snprintf-test.c
deleted file mode 100644
index 047d54b..0000000
--- a/crypto/heimdal/lib/roken/snprintf-test.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "snprintf-test.h"
-#include "roken.h"
-#include <limits.h>
-
-RCSID("$Id: snprintf-test.c 21627 2007-07-17 10:53:17Z lha $");
-
-static int
-try (const char *format, ...)
-{
-    int ret;
-    va_list ap;
-    char buf1[256], buf2[256];
-
-    va_start (ap, format);
-    ret = vsnprintf (buf1, sizeof(buf1), format, ap);
-    if (ret >= sizeof(buf1))
-	errx (1, "increase buf and try again");
-    va_end (ap);
-    va_start (ap, format);
-    vsprintf (buf2, format, ap);
-    ret = strcmp (buf1, buf2);
-    if (ret)
-	printf ("failed: format = \"%s\", \"%s\" != \"%s\"\n",
-		format, buf1, buf2);
-    va_end (ap);
-    return ret;
-}
-
-static int
-cmp_with_sprintf_int (void)
-{
-    int tot = 0;
-    int int_values[] = {INT_MIN, -17, -1, 0, 1, 17, 4711, 65535, INT_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(int_values) / sizeof(int_values[0]); ++i) {
-	tot += try ("%d", int_values[i]);
-	tot += try ("%x", int_values[i]);
-	tot += try ("%X", int_values[i]);
-	tot += try ("%o", int_values[i]);
-	tot += try ("%#x", int_values[i]);
-	tot += try ("%#X", int_values[i]);
-	tot += try ("%#o", int_values[i]);
-	tot += try ("%10d", int_values[i]);
-	tot += try ("%10x", int_values[i]);
-	tot += try ("%10X", int_values[i]);
-	tot += try ("%10o", int_values[i]);
-	tot += try ("%#10x", int_values[i]);
-	tot += try ("%#10X", int_values[i]);
-	tot += try ("%#10o", int_values[i]);
-	tot += try ("%-10d", int_values[i]);
-	tot += try ("%-10x", int_values[i]);
-	tot += try ("%-10X", int_values[i]);
-	tot += try ("%-10o", int_values[i]);
-	tot += try ("%-#10x", int_values[i]);
-	tot += try ("%-#10X", int_values[i]);
-	tot += try ("%-#10o", int_values[i]);
-    }
-    return tot;
-}
-
-static int
-cmp_with_sprintf_long (void)
-{
-    int tot = 0;
-    long long_values[] = {LONG_MIN, -17, -1, 0, 1, 17, 4711, 65535, LONG_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(long_values) / sizeof(long_values[0]); ++i) {
-	tot += try ("%ld", long_values[i]);
-	tot += try ("%lx", long_values[i]);
-	tot += try ("%lX", long_values[i]);
-	tot += try ("%lo", long_values[i]);
-	tot += try ("%#lx", long_values[i]);
-	tot += try ("%#lX", long_values[i]);
-	tot += try ("%#lo", long_values[i]);
-	tot += try ("%10ld", long_values[i]);
-	tot += try ("%10lx", long_values[i]);
-	tot += try ("%10lX", long_values[i]);
-	tot += try ("%10lo", long_values[i]);
-	tot += try ("%#10lx", long_values[i]);
-	tot += try ("%#10lX", long_values[i]);
-	tot += try ("%#10lo", long_values[i]);
-	tot += try ("%-10ld", long_values[i]);
-	tot += try ("%-10lx", long_values[i]);
-	tot += try ("%-10lX", long_values[i]);
-	tot += try ("%-10lo", long_values[i]);
-	tot += try ("%-#10lx", long_values[i]);
-	tot += try ("%-#10lX", long_values[i]);
-	tot += try ("%-#10lo", long_values[i]);
-    }
-    return tot;
-}
-
-#ifdef HAVE_LONG_LONG
-
-/* XXX doesn't work as expected on lp64 platforms with sizeof(long
- * long) == sizeof(long) */
-
-static int
-cmp_with_sprintf_long_long (void)
-{
-    int tot = 0;
-    long long long_long_values[] = {
-	((long long)LONG_MIN) -1, LONG_MIN, -17, -1,
-	0,
-	1, 17, 4711, 65535, LONG_MAX, ((long long)LONG_MAX) + 1};
-    int i;
-
-    for (i = 0; i < sizeof(long_long_values) / sizeof(long_long_values[0]); ++i) {
-	tot += try ("%lld", long_long_values[i]);
-	tot += try ("%llx", long_long_values[i]);
-	tot += try ("%llX", long_long_values[i]);
-	tot += try ("%llo", long_long_values[i]);
-	tot += try ("%#llx", long_long_values[i]);
-	tot += try ("%#llX", long_long_values[i]);
-	tot += try ("%#llo", long_long_values[i]);
-	tot += try ("%10lld", long_long_values[i]);
-	tot += try ("%10llx", long_long_values[i]);
-	tot += try ("%10llX", long_long_values[i]);
-	tot += try ("%10llo", long_long_values[i]);
-	tot += try ("%#10llx", long_long_values[i]);
-	tot += try ("%#10llX", long_long_values[i]);
-	tot += try ("%#10llo", long_long_values[i]);
-	tot += try ("%-10lld", long_long_values[i]);
-	tot += try ("%-10llx", long_long_values[i]);
-	tot += try ("%-10llX", long_long_values[i]);
-	tot += try ("%-10llo", long_long_values[i]);
-	tot += try ("%-#10llx", long_long_values[i]);
-	tot += try ("%-#10llX", long_long_values[i]);
-	tot += try ("%-#10llo", long_long_values[i]);
-    }
-    return tot;
-}
-
-#endif
-
-#if 0
-static int
-cmp_with_sprintf_float (void)
-{
-    int tot = 0;
-    double double_values[] = {-99999, -999, -17.4, -4.3, -3.0, -1.5, -1,
-			      0, 0.1, 0.2342374852, 0.2340007,
-			      3.1415926, 14.7845, 34.24758, 9999, 9999999};
-    int i;
-
-    for (i = 0; i < sizeof(double_values) / sizeof(double_values[0]); ++i) {
-	tot += try ("%f", double_values[i]);
-	tot += try ("%10f", double_values[i]);
-	tot += try ("%.2f", double_values[i]);
-	tot += try ("%7.0f", double_values[i]);
-	tot += try ("%5.2f", double_values[i]);
-	tot += try ("%0f", double_values[i]);
-	tot += try ("%#f", double_values[i]);
-	tot += try ("%e", double_values[i]);
-	tot += try ("%10e", double_values[i]);
-	tot += try ("%.2e", double_values[i]);
-	tot += try ("%7.0e", double_values[i]);
-	tot += try ("%5.2e", double_values[i]);
-	tot += try ("%0e", double_values[i]);
-	tot += try ("%#e", double_values[i]);
-	tot += try ("%E", double_values[i]);
-	tot += try ("%10E", double_values[i]);
-	tot += try ("%.2E", double_values[i]);
-	tot += try ("%7.0E", double_values[i]);
-	tot += try ("%5.2E", double_values[i]);
-	tot += try ("%0E", double_values[i]);
-	tot += try ("%#E", double_values[i]);
-	tot += try ("%g", double_values[i]);
-	tot += try ("%10g", double_values[i]);
-	tot += try ("%.2g", double_values[i]);
-	tot += try ("%7.0g", double_values[i]);
-	tot += try ("%5.2g", double_values[i]);
-	tot += try ("%0g", double_values[i]);
-	tot += try ("%#g", double_values[i]);
-	tot += try ("%G", double_values[i]);
-	tot += try ("%10G", double_values[i]);
-	tot += try ("%.2G", double_values[i]);
-	tot += try ("%7.0G", double_values[i]);
-	tot += try ("%5.2G", double_values[i]);
-	tot += try ("%0G", double_values[i]);
-	tot += try ("%#G", double_values[i]);
-    }
-    return tot;
-}
-#endif
-
-static int
-test_null (void)
-{
-    return snprintf (NULL, 0, "foo") != 3;
-}
-
-static int
-test_sizet (void)
-{
-    int tot = 0;
-    size_t sizet_values[] = { 0, 1, 2, 200, 4294967295u }; /* SIZE_MAX */
-    char *result[] = { "0", "1", "2", "200", "4294967295" };
-    int i;
-
-    for (i = 0; i < sizeof(sizet_values) / sizeof(sizet_values[0]); ++i) {
-#if 0
-	tot += try("%zu", sizet_values[i]);
-	tot += try("%zx", sizet_values[i]);
-	tot += try("%zX", sizet_values[i]);
-#else
-	char buf[256];
-	snprintf(buf, sizeof(buf), "%zu", sizet_values[i]);
-	if (strcmp(buf, result[i]) != 0) {
-	    printf("%s != %s", buf, result[i]);
-	    tot++;
-	}
-#endif
-    }
-    return tot;
-}
-
-
-int
-main (int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += cmp_with_sprintf_int ();
-    ret += cmp_with_sprintf_long ();
-#ifdef HAVE_LONG_LONG
-    ret += cmp_with_sprintf_long_long ();
-#endif
-    ret += test_null ();
-    ret += test_sizet ();
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/snprintf-test.h b/crypto/heimdal/lib/roken/snprintf-test.h
deleted file mode 100644
index d672873..0000000
--- a/crypto/heimdal/lib/roken/snprintf-test.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: snprintf-test.h 10377 2001-07-19 18:39:14Z assar $ */
-
-#ifndef __SNPRINTF_TEST_H__
-#define __SNPRINTF_TEST_H__
-
-/*
- * we cannot use the real names of the functions when testing, since
- * they might have different prototypes as the system functions, hence
- * these evil hacks
- */
-
-#define snprintf test_snprintf
-#define asprintf test_asprintf
-#define asnprintf test_asnprintf
-#define vasprintf test_vasprintf
-#define vasnprintf test_vasnprintf
-#define vsnprintf test_vsnprintf
-
-#endif /* __SNPRINTF_TEST_H__ */
diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c
deleted file mode 100644
index 6b3352f..0000000
--- a/crypto/heimdal/lib/roken/snprintf.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: snprintf.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#if defined(TEST_SNPRINTF)
-#include "snprintf-test.h"
-#endif /* TEST_SNPRINTF */
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include "roken.h"
-#include <assert.h>
-
-enum format_flags {
-    minus_flag     =  1,
-    plus_flag      =  2,
-    space_flag     =  4,
-    alternate_flag =  8,
-    zero_flag      = 16
-};
-
-/*
- * Common state
- */
-
-struct snprintf_state {
-    unsigned char *str;
-    unsigned char *s;
-    unsigned char *theend;
-    size_t sz;
-    size_t max_sz;
-    void (*append_char)(struct snprintf_state *, unsigned char);
-    /* XXX - methods */
-};
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-static int
-sn_reserve (struct snprintf_state *state, size_t n)
-{
-    return state->s + n > state->theend;
-}
-
-static void
-sn_append_char (struct snprintf_state *state, unsigned char c)
-{
-    if (!sn_reserve (state, 1))
-	*state->s++ = c;
-}
-#endif
-
-static int
-as_reserve (struct snprintf_state *state, size_t n)
-{
-    if (state->s + n > state->theend) {
-	int off = state->s - state->str;
-	unsigned char *tmp;
-
-	if (state->max_sz && state->sz >= state->max_sz)
-	    return 1;
-
-	state->sz = max(state->sz * 2, state->sz + n);
-	if (state->max_sz)
-	    state->sz = min(state->sz, state->max_sz);
-	tmp = realloc (state->str, state->sz);
-	if (tmp == NULL)
-	    return 1;
-	state->str = tmp;
-	state->s = state->str + off;
-	state->theend = state->str + state->sz - 1;
-    }
-    return 0;
-}
-
-static void
-as_append_char (struct snprintf_state *state, unsigned char c)
-{
-    if(!as_reserve (state, 1))
-	*state->s++ = c;
-}
-
-/* longest integer types */
-
-#ifdef HAVE_LONG_LONG
-typedef unsigned long long u_longest;
-typedef long long longest;
-#else
-typedef unsigned long u_longest;
-typedef long longest;
-#endif
-
-
-
-static int
-pad(struct snprintf_state *state, int width, char c)
-{
-    int len = 0;
-    while(width-- > 0){
-	(*state->append_char)(state,  c);
-	++len;
-    }
-    return len;
-}
-
-/* return true if we should use alternatve hex form */
-static int
-use_alternative (int flags, u_longest num, unsigned base)
-{
-    return (flags & alternate_flag) && base == 16 && num != 0;
-}
-
-static int
-append_number(struct snprintf_state *state,
-	      u_longest num, unsigned base, const char *rep,
-	      int width, int prec, int flags, int minusp)
-{
-    int len = 0;
-    u_longest n = num;
-    char nstr[64]; /* enough for <192 bit octal integers */
-    int nstart, nlen;
-    char signchar;
-
-    /* given precision, ignore zero flag */
-    if(prec != -1)
-	flags &= ~zero_flag;
-    else
-	prec = 1;
-
-    /* format number as string */
-    nstart = sizeof(nstr);
-    nlen = 0;
-    nstr[--nstart] = '\0';
-    do {
-	assert(nstart > 0);
-	nstr[--nstart] = rep[n % base];
-	++nlen;
-	n /= base;
-    } while(n);
-
-    /* zero value with zero precision should produce no digits */
-    if(prec == 0 && num == 0) {
-	nlen--;
-	nstart++;
-    }
-
-    /* figure out what char to use for sign */
-    if(minusp)
-	signchar = '-';
-    else if((flags & plus_flag))
-	signchar = '+';
-    else if((flags & space_flag))
-	signchar = ' ';
-    else
-	signchar = '\0';
-    
-    if((flags & alternate_flag) && base == 8) {
-	/* if necessary, increase the precision to 
-	   make first digit a zero */
-
-	/* XXX C99 claims (regarding # and %o) that "if the value and
-           precision are both 0, a single 0 is printed", but there is
-           no such wording for %x. This would mean that %#.o would
-           output "0", but %#.x "". This does not make sense, and is
-           also not what other printf implementations are doing. */
-	
-	if(prec <= nlen && nstr[nstart] != '0' && nstr[nstart] != '\0')
-	    prec = nlen + 1;
-    }
-
-    /* possible formats:
-       pad | sign | alt | zero | digits
-       sign | alt | zero | digits | pad   minus_flag
-       sign | alt | zero | digits zero_flag */
-
-    /* if not right justifying or padding with zeros, we need to
-       compute the length of the rest of the string, and then pad with
-       spaces */
-    if(!(flags & (minus_flag | zero_flag))) {
-	if(prec > nlen)
-	    width -= prec;
-	else
-	    width -= nlen;
-	
-	if(use_alternative(flags, num, base))
-	    width -= 2;
-	
-	if(signchar != '\0')
-	    width--;
-	
-	/* pad to width */
-	len += pad(state, width, ' ');
-    }
-    if(signchar != '\0') {
-	(*state->append_char)(state, signchar);
-	++len;
-    }
-    if(use_alternative(flags, num, base)) {
-	(*state->append_char)(state, '0');
-	(*state->append_char)(state, rep[10] + 23); /* XXX */
-	len += 2;
-    }
-    if(flags & zero_flag) {
-	/* pad to width with zeros */
-	if(prec - nlen > width - len - nlen)
-	    len += pad(state, prec - nlen, '0');
-	else
-	    len += pad(state, width - len - nlen, '0');
-    } else
-	/* pad to prec with zeros */
-	len += pad(state, prec - nlen, '0');
-	
-    while(nstr[nstart] != '\0') {
-	(*state->append_char)(state, nstr[nstart++]);
-	++len;
-    }
-	
-    if(flags & minus_flag)
-	len += pad(state, width - len, ' ');
-
-    return len;
-}
-
-/*
- * return length
- */
-
-static int
-append_string (struct snprintf_state *state,
-	       const unsigned char *arg,
-	       int width,
-	       int prec,
-	       int flags)
-{
-    int len = 0;
-
-    if(arg == NULL)
-	arg = (const unsigned char*)"(null)";
-
-    if(prec != -1)
-	width -= prec;
-    else
-	width -= strlen((const char *)arg);
-    if(!(flags & minus_flag))
-	len += pad(state, width, ' ');
-
-    if (prec != -1) {
-	while (*arg && prec--) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    } else {
-	while (*arg) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    }
-    if(flags & minus_flag)
-	len += pad(state, width, ' ');
-    return len;
-}
-
-static int
-append_char(struct snprintf_state *state,
-	    unsigned char arg,
-	    int width,
-	    int flags)
-{
-    int len = 0;
-
-    while(!(flags & minus_flag) && --width > 0) {
-	(*state->append_char) (state, ' ')    ;
-	++len;
-    }
-    (*state->append_char) (state, arg);
-    ++len;
-    while((flags & minus_flag) && --width > 0) {
-	(*state->append_char) (state, ' ');
-	++len;
-    }
-    return 0;
-}
-
-/*
- * This can't be made into a function...
- */
-
-#ifdef HAVE_LONG_LONG
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_long_flag) \
-     res = (unsig long long)va_arg(arg, unsig long long); \
-else if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (size_t_flag) \
-     res = (unsig long)va_arg(arg, size_t); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#else
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (size_t_flag) \
-     res = (unsig long)va_arg(arg, size_t); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#endif
-
-/*
- * zyxprintf - return length, as snprintf
- */
-
-static int
-xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap)
-{
-    const unsigned char *format = (const unsigned char *)char_format;
-    unsigned char c;
-    int len = 0;
-
-    while((c = *format++)) {
-	if (c == '%') {
-	    int flags          = 0;
-	    int width          = 0;
-	    int prec           = -1;
-	    int size_t_flag    = 0;
-	    int long_long_flag = 0;
-	    int long_flag      = 0;
-	    int short_flag     = 0;
-
-	    /* flags */
-	    while((c = *format++)){
-		if(c == '-')
-		    flags |= minus_flag;
-		else if(c == '+')
-		    flags |= plus_flag;
-		else if(c == ' ')
-		    flags |= space_flag;
-		else if(c == '#')
-		    flags |= alternate_flag;
-		else if(c == '0')
-		    flags |= zero_flag;
-		else if(c == '\'')
-		    ; /* just ignore */
-		else
-		    break;
-	    }
-      
-	    if((flags & space_flag) && (flags & plus_flag))
-		flags ^= space_flag;
-
-	    if((flags & minus_flag) && (flags & zero_flag))
-		flags ^= zero_flag;
-
-	    /* width */
-	    if (isdigit(c))
-		do {
-		    width = width * 10 + c - '0';
-		    c = *format++;
-		} while(isdigit(c));
-	    else if(c == '*') {
-		width = va_arg(ap, int);
-		c = *format++;
-	    }
-
-	    /* precision */
-	    if (c == '.') {
-		prec = 0;
-		c = *format++;
-		if (isdigit(c))
-		    do {
-			prec = prec * 10 + c - '0';
-			c = *format++;
-		    } while(isdigit(c));
-		else if (c == '*') {
-		    prec = va_arg(ap, int);
-		    c = *format++;
-		}
-	    }
-
-	    /* size */
-
-	    if (c == 'h') {
-		short_flag = 1;
-		c = *format++;
-	    } else if (c == 'z') {
-		size_t_flag = 1;
-		c = *format++;
-	    } else if (c == 'l') {
-		long_flag = 1;
-		c = *format++;
-		if (c == 'l') {
-		    long_long_flag = 1;
-		    c = *format++;
-		}
-	    }
-
-	    if(c != 'd' && c != 'i')
-		flags &= ~(plus_flag | space_flag);
-
-	    switch (c) {
-	    case 'c' :
-		append_char(state, va_arg(ap, int), width, flags);
-		++len;
-		break;
-	    case 's' :
-		len += append_string(state,
-				     va_arg(ap, unsigned char*),
-				     width,
-				     prec, 
-				     flags);
-		break;
-	    case 'd' :
-	    case 'i' : {
-		longest arg;
-		u_longest num;
-		int minusp = 0;
-
-		PARSE_INT_FORMAT(arg, ap, signed);
-
-		if (arg < 0) {
-		    minusp = 1;
-		    num = -arg;
-		} else
-		    num = arg;
-
-		len += append_number (state, num, 10, "0123456789",
-				      width, prec, flags, minusp);
-		break;
-	    }
-	    case 'u' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 10, "0123456789",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'o' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 010, "01234567",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'x' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 0x10, "0123456789abcdef",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'X' :{
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'p' : {
-		unsigned long arg = (unsigned long)va_arg(ap, void*);
-
-		len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'n' : {
-		int *arg = va_arg(ap, int*);
-		*arg = state->s - state->str;
-		break;
-	    }
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		(*state->append_char)(state, c);
-		++len;
-		break;
-	    default :
-		(*state->append_char)(state, '%');
-		(*state->append_char)(state, c);
-		len += 2;
-		break;
-	    }
-	} else {
-	    (*state->append_char) (state, c);
-	    ++len;
-	}
-    }
-    return len;
-}
-
-#if !defined(HAVE_SNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-snprintf (char *str, size_t sz, const char *format, ...)
-{
-    va_list args;
-    int ret;
-
-    va_start(args, format);
-    ret = vsnprintf (str, sz, format, args);
-    va_end(args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-
-	tmp = malloc (sz);
-	if (tmp == NULL)
-	    abort ();
-
-	va_start(args, format);
-	ret2 = vsprintf (tmp, format, args);
-	va_end(args);
-	if (ret != ret2 || strcmp(str, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    return ret;
-}
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-asprintf (char **ret, const char *format, ...)
-{
-    va_list args;
-    int val;
-
-    va_start(args, format);
-    val = vasprintf (ret, format, args);
-    va_end(args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-	tmp = malloc (val + 1);
-	if (tmp == NULL)
-	    abort ();
-
-	va_start(args, format);
-	ret2 = vsprintf (tmp, format, args);
-	va_end(args);
-	if (val != ret2 || strcmp(*ret, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    return val;
-}
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-asnprintf (char **ret, size_t max_sz, const char *format, ...)
-{
-    va_list args;
-    int val;
-
-    va_start(args, format);
-    val = vasnprintf (ret, max_sz, format, args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-	tmp = malloc (val + 1);
-	if (tmp == NULL)
-	    abort ();
-
-	ret2 = vsprintf (tmp, format, args);
-	if (val != ret2 || strcmp(*ret, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    va_end(args);
-    return val;
-}
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vasprintf (char **ret, const char *format, va_list args)
-{
-    return vasnprintf (ret, 0, format, args);
-}
-#endif
-
-
-#if !defined(HAVE_VASNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
-{
-    int st;
-    struct snprintf_state state;
-
-    state.max_sz = max_sz;
-    state.sz     = 1;
-    state.str    = malloc(state.sz);
-    if (state.str == NULL) {
-	*ret = NULL;
-	return -1;
-    }
-    state.s = state.str;
-    state.theend = state.s + state.sz - 1;
-    state.append_char = as_append_char;
-
-    st = xyzprintf (&state, format, args);
-    if (st > state.sz) {
-	free (state.str);
-	*ret = NULL;
-	return -1;
-    } else {
-	char *tmp;
-
-	*state.s = '\0';
-	tmp = realloc (state.str, st+1);
-	if (tmp == NULL) {
-	    free (state.str);
-	    *ret = NULL;
-	    return -1;
-	}
-	*ret = tmp;
-	return st;
-    }
-}
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vsnprintf (char *str, size_t sz, const char *format, va_list args)
-{
-    struct snprintf_state state;
-    int ret;
-    unsigned char *ustr = (unsigned char *)str;
-
-    state.max_sz = 0;
-    state.sz     = sz;
-    state.str    = ustr;
-    state.s      = ustr;
-    state.theend = ustr + sz - (sz > 0);
-    state.append_char = sn_append_char;
-
-    ret = xyzprintf (&state, format, args);
-    if (state.s != NULL && sz != 0)
-	*state.s = '\0';
-    return ret;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c
deleted file mode 100644
index a82dd01..0000000
--- a/crypto/heimdal/lib/roken/socket.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-/*
- * Set `sa' to the unitialized address of address family `af'
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_any (struct sockaddr *sa, int af)
-{
-    switch (af) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	memset (sin4, 0, sizeof(*sin4));
-	sin4->sin_family = AF_INET;
-	sin4->sin_port   = 0;
-	sin4->sin_addr.s_addr = INADDR_ANY;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = 0;
-	sin6->sin6_addr   = in6addr_any;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * set `sa' to (`ptr', `port')
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	memset (sin4, 0, sizeof(*sin4));
-	sin4->sin_family = AF_INET;
-	sin4->sin_port   = port;
-	memcpy (&sin4->sin_addr, ptr, sizeof(struct in_addr));
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = port;
-	memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr));
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of an address of the type in `sa'
- */
-
-size_t ROKEN_LIB_FUNCTION
-socket_addr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct in_addr);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct in6_addr);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of a `struct sockaddr' in `sa'.
- */
-
-size_t ROKEN_LIB_FUNCTION
-socket_sockaddr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct sockaddr_in);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct sockaddr_in6);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the binary address of `sa'.
- */
-
-void * ROKEN_LIB_FUNCTION
-socket_get_address (struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-	return &sin4->sin_addr;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	return &sin6->sin6_addr;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the port number from `sa'.
- */
-
-int ROKEN_LIB_FUNCTION
-socket_get_port (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-	return sin4->sin_port;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-	return sin6->sin6_port;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the port in `sa' to `port'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_port (struct sockaddr *sa, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-	sin4->sin_port = port;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	sin6->sin6_port = port;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the range of ports to use when binding with port = 0.
- */
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int sock, int restr, int af)
-{
-#if defined(IP_PORTRANGE)
-	if (af == AF_INET) {
-		int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IP_PORTRANGE (ignored)");
-	}
-#endif
-#if defined(IPV6_PORTRANGE)
-	if (af == AF_INET6) {
-		int on = restr ? IPV6_PORTRANGE_HIGH : 
-		    IPV6_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IPV6_PORTRANGE (ignored)");
-	}
-#endif
-}
-	
-/*
- * Enable debug on `sock'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int sock)
-{
-#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
-    int on = 1;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
-	warn ("setsockopt SO_DEBUG (ignored)");
-#endif
-}
-
-/*
- * Set the type-of-service of `sock' to `tos'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int sock, int tos)
-{
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
-	if (errno != EINVAL)
-	    warn ("setsockopt TOS (ignored)");
-#endif
-}
-
-/*
- * set the reuse of addresses on `sock' to `val'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int sock, int val)
-{
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
-    if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
-		  sizeof(val)) < 0)
-	err (1, "setsockopt SO_REUSEADDR");
-#endif
-}
-
-/*
- * Set the that the `sock' should bind to only IPv6 addresses.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int sock, int val)
-{
-#if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT)
-    setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val));
-#endif
-}
diff --git a/crypto/heimdal/lib/roken/socket_wrapper.c b/crypto/heimdal/lib/roken/socket_wrapper.c
deleted file mode 100644
index 9e6bfdd..0000000
--- a/crypto/heimdal/lib/roken/socket_wrapper.c
+++ /dev/null
@@ -1,1913 +0,0 @@
-/*
- * Copyright (C) Jelmer Vernooij 2005 <jelmer@samba.org>
- * Copyright (C) Stefan Metzmacher 2006 <metze@samba.org>
- *
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-/*
-   Socket wrapper library. Passes all socket communication over
-   unix domain sockets if the environment variable SOCKET_WRAPPER_DIR
-   is set.
-*/
-
-#define SOCKET_WRAPPER_NOT_REPLACE
-
-#ifdef _SAMBA_BUILD_
-
-#include "includes.h"
-#include "system/network.h"
-#include "system/filesys.h"
-
-#ifdef malloc
-#undef malloc
-#endif
-#ifdef calloc
-#undef calloc
-#endif
-#ifdef strdup
-#undef strdup
-#endif
-
-#else /* _SAMBA_BUILD_ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#undef SOCKET_WRAPPER_REPLACE
-
-#include <sys/types.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#include <errno.h>
-#include <sys/un.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdio.h>
-#include "roken.h"
-
-#include "socket_wrapper.h"
-
-#define HAVE_GETTIMEOFDAY_TZ 1
-
-#define _PUBLIC_
-
-#endif
-
-#define SWRAP_DLIST_ADD(list,item) do { \
-	if (!(list)) { \
-		(item)->prev	= NULL; \
-		(item)->next	= NULL; \
-		(list)		= (item); \
-	} else { \
-		(item)->prev	= NULL; \
-		(item)->next	= (list); \
-		(list)->prev	= (item); \
-		(list)		= (item); \
-	} \
-} while (0)
-
-#define SWRAP_DLIST_REMOVE(list,item) do { \
-	if ((list) == (item)) { \
-		(list)		= (item)->next; \
-		if (list) { \
-			(list)->prev	= NULL; \
-		} \
-	} else { \
-		if ((item)->prev) { \
-			(item)->prev->next	= (item)->next; \
-		} \
-		if ((item)->next) { \
-			(item)->next->prev	= (item)->prev; \
-		} \
-	} \
-	(item)->prev	= NULL; \
-	(item)->next	= NULL; \
-} while (0)
-
-/* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support
- * for now */
-#define REWRITE_CALLS 
-
-#ifdef REWRITE_CALLS
-#define real_accept accept
-#define real_connect connect
-#define real_bind bind
-#define real_listen listen
-#define real_getpeername getpeername
-#define real_getsockname getsockname
-#define real_getsockopt getsockopt
-#define real_setsockopt setsockopt
-#define real_recvfrom recvfrom
-#define real_sendto sendto
-#define real_ioctl ioctl
-#define real_recv recv
-#define real_send send
-#define real_socket socket
-#define real_close close
-#define real_dup dup
-#define real_dup2 dup2
-#endif
-
-#ifdef HAVE_GETTIMEOFDAY_TZ
-#define swrapGetTimeOfDay(tval) gettimeofday(tval,NULL)
-#else
-#define swrapGetTimeOfDay(tval)	gettimeofday(tval)
-#endif
-
-/* we need to use a very terse format here as IRIX 6.4 silently
-   truncates names to 16 chars, so if we use a longer name then we
-   can't tell which port a packet came from with recvfrom() 
-   
-   with this format we have 8 chars left for the directory name
-*/
-#define SOCKET_FORMAT "%c%02X%04X"
-#define SOCKET_TYPE_CHAR_TCP		'T'
-#define SOCKET_TYPE_CHAR_UDP		'U'
-#define SOCKET_TYPE_CHAR_TCP_V6		'X'
-#define SOCKET_TYPE_CHAR_UDP_V6		'Y'
-
-#define MAX_WRAPPED_INTERFACES 16
-
-#define SW_IPV6_ADDRESS 1
-
-static struct sockaddr *sockaddr_dup(const void *data, socklen_t len)
-{
-	struct sockaddr *ret = (struct sockaddr *)malloc(len);
-	memcpy(ret, data, len);
-	return ret;
-}
-
-static void set_port(int family, int prt, struct sockaddr *addr)
-{
-	switch (family) {
-	case AF_INET:
-		((struct sockaddr_in *)addr)->sin_port = htons(prt);
-		break;
-#ifdef HAVE_IPV6
-	case AF_INET6:
-		((struct sockaddr_in6 *)addr)->sin6_port = htons(prt);
-		break;
-#endif
-	}
-}
-
-static int socket_length(int family)
-{
-	switch (family) {
-	case AF_INET:
-		return sizeof(struct sockaddr_in);
-#ifdef HAVE_IPV6
-	case AF_INET6:
-		return sizeof(struct sockaddr_in6);
-#endif
-	}
-	return -1;
-}
-
-
-
-struct socket_info
-{
-	int fd;
-
-	int family;
-	int type;
-	int protocol;
-	int bound;
-	int bcast;
-	int is_server;
-
-	char *path;
-	char *tmp_path;
-
-	struct sockaddr *myname;
-	socklen_t myname_len;
-
-	struct sockaddr *peername;
-	socklen_t peername_len;
-
-	struct {
-		unsigned long pck_snd;
-		unsigned long pck_rcv;
-	} io;
-
-	struct socket_info *prev, *next;
-};
-
-static struct socket_info *sockets;
-
-
-static const char *socket_wrapper_dir(void)
-{
-	const char *s = getenv("SOCKET_WRAPPER_DIR");
-	if (s == NULL) {
-		return NULL;
-	}
-	if (strncmp(s, "./", 2) == 0) {
-		s += 2;
-	}
-	return s;
-}
-
-static unsigned int socket_wrapper_default_iface(void)
-{
-	const char *s = getenv("SOCKET_WRAPPER_DEFAULT_IFACE");
-	if (s) {
-		unsigned int iface;
-		if (sscanf(s, "%u", &iface) == 1) {
-			if (iface >= 1 && iface <= MAX_WRAPPED_INTERFACES) {
-				return iface;
-			}
-		}
-	}
-
-	return 1;/* 127.0.0.1 */
-}
-
-static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, socklen_t *len)
-{
-	unsigned int iface;
-	unsigned int prt;
-	const char *p;
-	char type;
-
-	p = strrchr(un->sun_path, '/');
-	if (p) p++; else p = un->sun_path;
-
-	if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (prt > 0xFFFF) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	switch(type) {
-	case SOCKET_TYPE_CHAR_TCP:
-	case SOCKET_TYPE_CHAR_UDP: {
-		struct sockaddr_in *in2 = (struct sockaddr_in *)in;
-		
-		if ((*len) < sizeof(*in2)) {
-		    errno = EINVAL;
-		    return -1;
-		}
-
-		memset(in2, 0, sizeof(*in2));
-		in2->sin_family = AF_INET;
-		in2->sin_addr.s_addr = htonl((127<<24) | iface);
-		in2->sin_port = htons(prt);
-
-		*len = sizeof(*in2);
-		break;
-	}
-#ifdef HAVE_IPV6
-	case SOCKET_TYPE_CHAR_TCP_V6:
-	case SOCKET_TYPE_CHAR_UDP_V6: {
-		struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)in;
-		
-		if ((*len) < sizeof(*in2)) {
-			errno = EINVAL;
-			return -1;
-		}
-
-		memset(in2, 0, sizeof(*in2));
-		in2->sin6_family = AF_INET6;
-		in2->sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
-		in2->sin6_port = htons(prt);
-
-		*len = sizeof(*in2);
-		break;
-	}
-#endif
-	default:
-		errno = EINVAL;
-		return -1;
-	}
-
-	return 0;
-}
-
-static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
-				int *bcast)
-{
-	char type = '\0';
-	unsigned int prt;
-	unsigned int iface;
-	int is_bcast = 0;
-
-	if (bcast) *bcast = 0;
-
-	switch (si->family) {
-	case AF_INET: {
-		const struct sockaddr_in *in = 
-		    (const struct sockaddr_in *)inaddr;
-		unsigned int addr = ntohl(in->sin_addr.s_addr);
-		char u_type = '\0';
-		char b_type = '\0';
-		char a_type = '\0';
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			u_type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-			u_type = SOCKET_TYPE_CHAR_UDP;
-			a_type = SOCKET_TYPE_CHAR_UDP;
-			b_type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		}
-
-		prt = ntohs(in->sin_port);
-		if (a_type && addr == 0xFFFFFFFF) {
-			/* 255.255.255.255 only udp */
-			is_bcast = 2;
-			type = a_type;
-			iface = socket_wrapper_default_iface();
-		} else if (b_type && addr == 0x7FFFFFFF) {
-			/* 127.255.255.255 only udp */
-			is_bcast = 1;
-			type = b_type;
-			iface = socket_wrapper_default_iface();
-		} else if ((addr & 0xFFFFFF00) == 0x7F000000) {
-			/* 127.0.0.X */
-			is_bcast = 0;
-			type = u_type;
-			iface = (addr & 0x000000FF);
-		} else {
-			errno = ENETUNREACH;
-			return -1;
-		}
-		if (bcast) *bcast = is_bcast;
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		const struct sockaddr_in6 *in = 
-		    (const struct sockaddr_in6 *)inaddr;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-			type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		}
-
-		/* XXX no multicast/broadcast */
-
-		prt = ntohs(in->sin6_port);
-		iface = SW_IPV6_ADDRESS;
-		
-		break;
-	}
-#endif
-	default:
-		errno = ENETUNREACH;
-		return -1;
-	}
-
-	if (prt == 0) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (is_bcast) {
-		snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL", 
-			 socket_wrapper_dir());
-		/* the caller need to do more processing */
-		return 0;
-	}
-
-	snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-		 socket_wrapper_dir(), type, iface, prt);
-
-	return 0;
-}
-
-static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
-			       int *bcast)
-{
-	char type = '\0';
-	unsigned int prt;
-	unsigned int iface;
-	struct stat st;
-	int is_bcast = 0;
-
-	if (bcast) *bcast = 0;
-
-	switch (si->family) {
-	case AF_INET: {
-		const struct sockaddr_in *in = 
-		    (const struct sockaddr_in *)inaddr;
-		unsigned int addr = ntohl(in->sin_addr.s_addr);
-		char u_type = '\0';
-		char d_type = '\0';
-		char b_type = '\0';
-		char a_type = '\0';
-
-		prt = ntohs(in->sin_port);
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			u_type = SOCKET_TYPE_CHAR_TCP;
-			d_type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-			u_type = SOCKET_TYPE_CHAR_UDP;
-			d_type = SOCKET_TYPE_CHAR_UDP;
-			a_type = SOCKET_TYPE_CHAR_UDP;
-			b_type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		}
-
-		if (addr == 0) {
-			/* 0.0.0.0 */
-		 	is_bcast = 0;
-			type = d_type;
-			iface = socket_wrapper_default_iface();
-		} else if (a_type && addr == 0xFFFFFFFF) {
-			/* 255.255.255.255 only udp */
-			is_bcast = 2;
-			type = a_type;
-			iface = socket_wrapper_default_iface();
-		} else if (b_type && addr == 0x7FFFFFFF) {
-			/* 127.255.255.255 only udp */
-			is_bcast = 1;
-			type = b_type;
-			iface = socket_wrapper_default_iface();
-		} else if ((addr & 0xFFFFFF00) == 0x7F000000) {
-			/* 127.0.0.X */
-			is_bcast = 0;
-			type = u_type;
-			iface = (addr & 0x000000FF);
-		} else {
-			errno = EADDRNOTAVAIL;
-			return -1;
-		}
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		const struct sockaddr_in6 *in = 
-		    (const struct sockaddr_in6 *)inaddr;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-			type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		}
-
-		/* XXX no multicast/broadcast */
-
-		prt = ntohs(in->sin6_port);
-		iface = SW_IPV6_ADDRESS;
-		
-		break;
-	}
-#endif
-	default:
-		errno = ENETUNREACH;
-		return -1;
-	}
-
-
-	if (bcast) *bcast = is_bcast;
-
-	if (prt == 0) {
-		/* handle auto-allocation of ephemeral ports */
-		for (prt = 5001; prt < 10000; prt++) {
-			snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-				 socket_wrapper_dir(), type, iface, prt);
-			if (stat(un->sun_path, &st) == 0) continue;
-
-			set_port(si->family, prt, si->myname);
-		}
-	}
-
-	snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-		 socket_wrapper_dir(), type, iface, prt);
-	return 0;
-}
-
-static struct socket_info *find_socket_info(int fd)
-{
-	struct socket_info *i;
-	for (i = sockets; i; i = i->next) {
-		if (i->fd == fd) 
-			return i;
-	}
-
-	return NULL;
-}
-
-static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len, 
-				  struct sockaddr_un *out_addr, int alloc_sock, int *bcast)
-{
-	if (!out_addr)
-		return 0;
-
-	out_addr->sun_family = AF_UNIX;
-
-	switch (in_addr->sa_family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		switch (si->type) {
-		case SOCK_STREAM:
-		case SOCK_DGRAM:
-			break;
-		default:
-			errno = ESOCKTNOSUPPORT;
-			return -1;
-		}
-		if (alloc_sock) {
-			return convert_in_un_alloc(si, in_addr, out_addr, bcast);
-		} else {
-			return convert_in_un_remote(si, in_addr, out_addr, bcast);
-		}
-	default:
-		break;
-	}
-	
-	errno = EAFNOSUPPORT;
-	return -1;
-}
-
-static int sockaddr_convert_from_un(const struct socket_info *si, 
-				    const struct sockaddr_un *in_addr, 
-				    socklen_t un_addrlen,
-				    int family,
-				    struct sockaddr *out_addr,
-				    socklen_t *out_addrlen)
-{
-	if (out_addr == NULL || out_addrlen == NULL) 
-		return 0;
-
-	if (un_addrlen == 0) {
-		*out_addrlen = 0;
-		return 0;
-	}
-
-	switch (family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		switch (si->type) {
-		case SOCK_STREAM:
-		case SOCK_DGRAM:
-			break;
-		default:
-			errno = ESOCKTNOSUPPORT;
-			return -1;
-		}
-		return convert_un_in(in_addr, out_addr, out_addrlen);
-	default:
-		break;
-	}
-
-	errno = EAFNOSUPPORT;
-	return -1;
-}
-
-enum swrap_packet_type {
-	SWRAP_CONNECT_SEND,
-	SWRAP_CONNECT_UNREACH,
-	SWRAP_CONNECT_RECV,
-	SWRAP_CONNECT_ACK,
-	SWRAP_ACCEPT_SEND,
-	SWRAP_ACCEPT_RECV,
-	SWRAP_ACCEPT_ACK,
-	SWRAP_RECVFROM,
-	SWRAP_SENDTO,
-	SWRAP_SENDTO_UNREACH,
-	SWRAP_PENDING_RST,
-	SWRAP_RECV,
-	SWRAP_RECV_RST,
-	SWRAP_SEND,
-	SWRAP_SEND_RST,
-	SWRAP_CLOSE_SEND,
-	SWRAP_CLOSE_RECV,
-	SWRAP_CLOSE_ACK
-};
-
-struct swrap_file_hdr {
-	unsigned long	magic;
-	unsigned short	version_major;	
-	unsigned short	version_minor;
-	long		timezone;
-	unsigned long	sigfigs;
-	unsigned long	frame_max_len;
-#define SWRAP_FRAME_LENGTH_MAX 0xFFFF
-	unsigned long	link_type;
-};
-#define SWRAP_FILE_HDR_SIZE 24
-
-struct swrap_packet {
-	struct {
-		unsigned long seconds;
-		unsigned long micro_seconds;
-		unsigned long recorded_length;
-		unsigned long full_length;
-	} frame;
-#define SWRAP_PACKET__FRAME_SIZE 16
-
-	struct {
-		struct {
-			unsigned char	ver_hdrlen;
-			unsigned char	tos;
-			unsigned short	packet_length;
-			unsigned short	identification;
-			unsigned char	flags;
-			unsigned char	fragment;
-			unsigned char	ttl;
-			unsigned char	protocol;
-			unsigned short	hdr_checksum;
-			unsigned long	src_addr;
-			unsigned long	dest_addr;
-		} hdr;
-#define SWRAP_PACKET__IP_HDR_SIZE 20
-
-		union {
-			struct {
-				unsigned short	source_port;
-				unsigned short	dest_port;
-				unsigned long	seq_num;
-				unsigned long	ack_num;
-				unsigned char	hdr_length;
-				unsigned char	control;
-				unsigned short	window;
-				unsigned short	checksum;
-				unsigned short	urg;
-			} tcp;
-#define SWRAP_PACKET__IP_P_TCP_SIZE 20
-			struct {
-				unsigned short	source_port;
-				unsigned short	dest_port;
-				unsigned short	length;
-				unsigned short	checksum;
-			} udp;
-#define SWRAP_PACKET__IP_P_UDP_SIZE 8
-			struct {
-				unsigned char	type;
-				unsigned char	code;
-				unsigned short	checksum;
-				unsigned long	unused;
-			} icmp;
-#define SWRAP_PACKET__IP_P_ICMP_SIZE 8
-		} p;
-	} ip;
-};
-#define SWRAP_PACKET_SIZE 56
-
-static const char *socket_wrapper_pcap_file(void)
-{
-	static int initialized = 0;
-	static const char *s = NULL;
-	static const struct swrap_file_hdr h;
-	static const struct swrap_packet p;
-
-	if (initialized == 1) {
-		return s;
-	}
-	initialized = 1;
-
-	/*
-	 * TODO: don't use the structs use plain buffer offsets
-	 *       and PUSH_U8(), PUSH_U16() and PUSH_U32()
-	 * 
-	 * for now make sure we disable PCAP support
-	 * if the struct has alignment!
-	 */
-	if (sizeof(h) != SWRAP_FILE_HDR_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p) != SWRAP_PACKET_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.frame) != SWRAP_PACKET__FRAME_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.hdr) != SWRAP_PACKET__IP_HDR_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.tcp) != SWRAP_PACKET__IP_P_TCP_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.udp) != SWRAP_PACKET__IP_P_UDP_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.icmp) != SWRAP_PACKET__IP_P_ICMP_SIZE) {
-		return NULL;
-	}
-
-	s = getenv("SOCKET_WRAPPER_PCAP_FILE");
-	if (s == NULL) {
-		return NULL;
-	}
-	if (strncmp(s, "./", 2) == 0) {
-		s += 2;
-	}
-	return s;
-}
-
-static struct swrap_packet *swrap_packet_init(struct timeval *tval,
-					      const struct sockaddr_in *src_addr,
-					      const struct sockaddr_in *dest_addr,
-					      int socket_type,
-					      const unsigned char *payload,
-					      size_t payload_len,
-					      unsigned long tcp_seq,
-					      unsigned long tcp_ack,
-					      unsigned char tcp_ctl,
-					      int unreachable,
-					      size_t *_packet_len)
-{
-	struct swrap_packet *ret;
-	struct swrap_packet *packet;
-	size_t packet_len;
-	size_t alloc_len;
-	size_t nonwire_len = sizeof(packet->frame);
-	size_t wire_hdr_len = 0;
-	size_t wire_len = 0;
-	size_t icmp_hdr_len = 0;
-	size_t icmp_truncate_len = 0;
-	unsigned char protocol = 0, icmp_protocol = 0;
-	unsigned short src_port = src_addr->sin_port;
-	unsigned short dest_port = dest_addr->sin_port;
-
-	switch (socket_type) {
-	case SOCK_STREAM:
-		protocol = 0x06; /* TCP */
-		wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.tcp);
-		wire_len = wire_hdr_len + payload_len;
-		break;
-
-	case SOCK_DGRAM:
-		protocol = 0x11; /* UDP */
-		wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.udp);
-		wire_len = wire_hdr_len + payload_len;
-		break;
-	}
-
-	if (unreachable) {
-		icmp_protocol = protocol;
-		protocol = 0x01; /* ICMP */
-		if (wire_len > 64 ) {
-			icmp_truncate_len = wire_len - 64;
-		}
-		icmp_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.icmp);
-		wire_hdr_len += icmp_hdr_len;
-		wire_len += icmp_hdr_len;
-	}
-
-	packet_len = nonwire_len + wire_len;
-	alloc_len = packet_len;
-	if (alloc_len < sizeof(struct swrap_packet)) {
-		alloc_len = sizeof(struct swrap_packet);
-	}
-	ret = (struct swrap_packet *)malloc(alloc_len);
-	if (!ret) return NULL;
-
-	packet = ret;
-
-	packet->frame.seconds		= tval->tv_sec;
-	packet->frame.micro_seconds	= tval->tv_usec;
-	packet->frame.recorded_length	= wire_len - icmp_truncate_len;
-	packet->frame.full_length	= wire_len - icmp_truncate_len;
-
-	packet->ip.hdr.ver_hdrlen	= 0x45; /* version 4 and 5 * 32 bit words */
-	packet->ip.hdr.tos		= 0x00;
-	packet->ip.hdr.packet_length	= htons(wire_len - icmp_truncate_len);
-	packet->ip.hdr.identification	= htons(0xFFFF);
-	packet->ip.hdr.flags		= 0x40; /* BIT 1 set - means don't fraqment */
-	packet->ip.hdr.fragment		= htons(0x0000);
-	packet->ip.hdr.ttl		= 0xFF;
-	packet->ip.hdr.protocol		= protocol;
-	packet->ip.hdr.hdr_checksum	= htons(0x0000);
-	packet->ip.hdr.src_addr		= src_addr->sin_addr.s_addr;
-	packet->ip.hdr.dest_addr	= dest_addr->sin_addr.s_addr;
-
-	if (unreachable) {
-		packet->ip.p.icmp.type		= 0x03; /* destination unreachable */
-		packet->ip.p.icmp.code		= 0x01; /* host unreachable */
-		packet->ip.p.icmp.checksum	= htons(0x0000);
-		packet->ip.p.icmp.unused	= htonl(0x00000000);
-
-		/* set the ip header in the ICMP payload */
-		packet = (struct swrap_packet *)(((unsigned char *)ret) + icmp_hdr_len);
-		packet->ip.hdr.ver_hdrlen	= 0x45; /* version 4 and 5 * 32 bit words */
-		packet->ip.hdr.tos		= 0x00;
-		packet->ip.hdr.packet_length	= htons(wire_len - icmp_hdr_len);
-		packet->ip.hdr.identification	= htons(0xFFFF);
-		packet->ip.hdr.flags		= 0x40; /* BIT 1 set - means don't fraqment */
-		packet->ip.hdr.fragment		= htons(0x0000);
-		packet->ip.hdr.ttl		= 0xFF;
-		packet->ip.hdr.protocol		= icmp_protocol;
-		packet->ip.hdr.hdr_checksum	= htons(0x0000);
-		packet->ip.hdr.src_addr		= dest_addr->sin_addr.s_addr;
-		packet->ip.hdr.dest_addr	= src_addr->sin_addr.s_addr;
-
-		src_port = dest_addr->sin_port;
-		dest_port = src_addr->sin_port;
-	}
-
-	switch (socket_type) {
-	case SOCK_STREAM:
-		packet->ip.p.tcp.source_port	= src_port;
-		packet->ip.p.tcp.dest_port	= dest_port;
-		packet->ip.p.tcp.seq_num	= htonl(tcp_seq);
-		packet->ip.p.tcp.ack_num	= htonl(tcp_ack);
-		packet->ip.p.tcp.hdr_length	= 0x50; /* 5 * 32 bit words */
-		packet->ip.p.tcp.control	= tcp_ctl;
-		packet->ip.p.tcp.window		= htons(0x7FFF);
-		packet->ip.p.tcp.checksum	= htons(0x0000);
-		packet->ip.p.tcp.urg		= htons(0x0000);
-
-		break;
-
-	case SOCK_DGRAM:
-		packet->ip.p.udp.source_port	= src_addr->sin_port;
-		packet->ip.p.udp.dest_port	= dest_addr->sin_port;
-		packet->ip.p.udp.length		= htons(8 + payload_len);
-		packet->ip.p.udp.checksum	= htons(0x0000);
-
-		break;
-	}
-
-	if (payload && payload_len > 0) {
-		unsigned char *p = (unsigned char *)ret;
-		p += nonwire_len;
-		p += wire_hdr_len;
-		memcpy(p, payload, payload_len);
-	}
-
-	*_packet_len = packet_len - icmp_truncate_len;
-	return ret;
-}
-
-static int swrap_get_pcap_fd(const char *fname)
-{
-	static int fd = -1;
-
-	if (fd != -1) return fd;
-
-	fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
-	if (fd != -1) {
-		struct swrap_file_hdr file_hdr;
-		file_hdr.magic		= 0xA1B2C3D4;
-		file_hdr.version_major	= 0x0002;	
-		file_hdr.version_minor	= 0x0004;
-		file_hdr.timezone	= 0x00000000;
-		file_hdr.sigfigs	= 0x00000000;
-		file_hdr.frame_max_len	= SWRAP_FRAME_LENGTH_MAX;
-		file_hdr.link_type	= 0x0065; /* 101 RAW IP */
-
-		write(fd, &file_hdr, sizeof(file_hdr));
-		return fd;
-	}
-
-	fd = open(fname, O_WRONLY|O_APPEND, 0644);
-
-	return fd;
-}
-
-static void swrap_dump_packet(struct socket_info *si, const struct sockaddr *addr,
-			      enum swrap_packet_type type,
-			      const void *buf, size_t len)
-{
-	const struct sockaddr_in *src_addr;
-	const struct sockaddr_in *dest_addr;
-	const char *file_name;
-	unsigned long tcp_seq = 0;
-	unsigned long tcp_ack = 0;
-	unsigned char tcp_ctl = 0;
-	int unreachable = 0;
-	struct timeval tv;
-	struct swrap_packet *packet;
-	size_t packet_len = 0;
-	int fd;
-
-	file_name = socket_wrapper_pcap_file();
-	if (!file_name) {
-		return;
-	}
-
-	switch (si->family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		break;
-	default:
-		return;
-	}
-
-	switch (type) {
-	case SWRAP_CONNECT_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x02; /* SYN */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_CONNECT_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x12; /** SYN,ACK */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_CONNECT_UNREACH:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		/* Unreachable: resend the data of SWRAP_CONNECT_SEND */
-		tcp_seq = si->io.pck_snd - 1;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x02; /* SYN */
-		unreachable = 1;
-
-		break;
-
-	case SWRAP_CONNECT_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-
-	case SWRAP_ACCEPT_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x02; /* SYN */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_ACCEPT_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x12; /* SYN,ACK */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_ACCEPT_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-
-	case SWRAP_SEND:
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x18; /* PSH,ACK */
-
-		si->io.pck_snd += len;
-
-		break;
-
-	case SWRAP_SEND_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			swrap_dump_packet(si, si->peername,
-					  SWRAP_SENDTO_UNREACH,
-			      		  buf, len);
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /** RST,ACK */
-
-		break;
-
-	case SWRAP_PENDING_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /* RST,ACK */
-
-		break;
-
-	case SWRAP_RECV:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x18; /* PSH,ACK */
-
-		si->io.pck_rcv += len;
-
-		break;
-
-	case SWRAP_RECV_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /* RST,ACK */
-
-		break;
-
-	case SWRAP_SENDTO:
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		si->io.pck_snd += len;
-
-		break;
-
-	case SWRAP_SENDTO_UNREACH:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		unreachable = 1;
-
-		break;
-
-	case SWRAP_RECVFROM:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		si->io.pck_rcv += len;
-
-		break;
-
-	case SWRAP_CLOSE_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x11; /* FIN, ACK */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_CLOSE_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x11; /* FIN,ACK */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_CLOSE_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-	default:
-		return;
-	}
-
-	swrapGetTimeOfDay(&tv);
-
-	packet = swrap_packet_init(&tv, src_addr, dest_addr, si->type,
-				   (const unsigned char *)buf, len,
-				   tcp_seq, tcp_ack, tcp_ctl, unreachable,
-				   &packet_len);
-	if (!packet) {
-		return;
-	}
-
-	fd = swrap_get_pcap_fd(file_name);
-	if (fd != -1) {
-		write(fd, packet, packet_len);
-	}
-
-	free(packet);
-}
-
-_PUBLIC_ int swrap_socket(int family, int type, int protocol)
-{
-	struct socket_info *si;
-	int fd;
-
-	if (!socket_wrapper_dir()) {
-		return real_socket(family, type, protocol);
-	}
-
-	switch (family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		break;
-	case AF_UNIX:
-		return real_socket(family, type, protocol);
-	default:
-		errno = EAFNOSUPPORT;
-		return -1;
-	}
-
-	switch (type) {
-	case SOCK_STREAM:
-		break;
-	case SOCK_DGRAM:
-		break;
-	default:
-		errno = EPROTONOSUPPORT;
-		return -1;
-	}
-
-#if 0
-	switch (protocol) {
-	case 0:
-		break;
-	default:
-		errno = EPROTONOSUPPORT;
-		return -1;
-	}
-#endif
-
-	fd = real_socket(AF_UNIX, type, 0);
-
-	if (fd == -1) return -1;
-
-	si = (struct socket_info *)calloc(1, sizeof(struct socket_info));
-
-	si->family = family;
-	si->type = type;
-	si->protocol = protocol;
-	si->fd = fd;
-
-	SWRAP_DLIST_ADD(sockets, si);
-
-	return si->fd;
-}
-
-_PUBLIC_ int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen)
-{
-	struct socket_info *parent_si, *child_si;
-	int fd;
-	struct sockaddr_un un_addr;
-	socklen_t un_addrlen = sizeof(un_addr);
-	struct sockaddr_un un_my_addr;
-	socklen_t un_my_addrlen = sizeof(un_my_addr);
-	struct sockaddr *my_addr;
-	socklen_t my_addrlen, len;
-	int ret;
-
-	parent_si = find_socket_info(s);
-	if (!parent_si) {
-		return real_accept(s, addr, addrlen);
-	}
-
-	/* 
-	 * assume out sockaddr have the same size as the in parent
-	 * socket family
-	 */
-	my_addrlen = socket_length(parent_si->family);
-	if (my_addrlen < 0) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	my_addr = malloc(my_addrlen);
-	if (my_addr == NULL) {
-		return -1;
-	}
-
-	memset(&un_addr, 0, sizeof(un_addr));
-	memset(&un_my_addr, 0, sizeof(un_my_addr));
-
-	ret = real_accept(s, (struct sockaddr *)&un_addr, &un_addrlen);
-	if (ret == -1) {
-		free(my_addr);
-		return ret;
-	}
-
-	fd = ret;
-
-	len = my_addrlen;
-	ret = sockaddr_convert_from_un(parent_si, &un_addr, un_addrlen,
-				       parent_si->family, my_addr, &len);
-	if (ret == -1) {
-		free(my_addr);
-		close(fd);
-		return ret;
-	}
-
-	child_si = (struct socket_info *)malloc(sizeof(struct socket_info));
-	memset(child_si, 0, sizeof(*child_si));
-
-	child_si->fd = fd;
-	child_si->family = parent_si->family;
-	child_si->type = parent_si->type;
-	child_si->protocol = parent_si->protocol;
-	child_si->bound = 1;
-	child_si->is_server = 1;
-
-	child_si->peername_len = len;
-	child_si->peername = sockaddr_dup(my_addr, len);
-
-	if (addr != NULL && addrlen != NULL) {
-	    *addrlen = len;
-	    if (*addrlen >= len)
-		memcpy(addr, my_addr, len);
-	    *addrlen = 0;
-	}
-
-	ret = real_getsockname(fd, (struct sockaddr *)&un_my_addr, &un_my_addrlen);
-	if (ret == -1) {
-		free(child_si);
-		close(fd);
-		return ret;
-	}
-
-	len = my_addrlen;
-	ret = sockaddr_convert_from_un(child_si, &un_my_addr, un_my_addrlen,
-				       child_si->family, my_addr, &len);
-	if (ret == -1) {
-		free(child_si);
-		free(my_addr);
-		close(fd);
-		return ret;
-	}
-
-	child_si->myname_len = len;
-	child_si->myname = sockaddr_dup(my_addr, len);
-	free(my_addr);
-
-	SWRAP_DLIST_ADD(sockets, child_si);
-
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
-
-	return fd;
-}
-
-static int autobind_start_init;
-static int autobind_start;
-
-/* using sendto() or connect() on an unbound socket would give the
-   recipient no way to reply, as unlike UDP and TCP, a unix domain
-   socket can't auto-assign emphemeral port numbers, so we need to
-   assign it here */
-static int swrap_auto_bind(struct socket_info *si)
-{
-	struct sockaddr_un un_addr;
-	int i;
-	char type;
-	int ret;
-	int port;
-	struct stat st;
-
-	if (autobind_start_init != 1) {
-		autobind_start_init = 1;
-		autobind_start = getpid();
-		autobind_start %= 50000;
-		autobind_start += 10000;
-	}
-
-	un_addr.sun_family = AF_UNIX;
-
-	switch (si->family) {
-	case AF_INET: {
-		struct sockaddr_in in;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-		    	type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		default:
-		    errno = ESOCKTNOSUPPORT;
-		    return -1;
-		}
-
-		memset(&in, 0, sizeof(in));
-		in.sin_family = AF_INET;
-		in.sin_addr.s_addr = htonl(127<<24 | 
-					   socket_wrapper_default_iface());
-
-		si->myname_len = sizeof(in);
-		si->myname = sockaddr_dup(&in, si->myname_len);
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		struct sockaddr_in6 in6;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-		    	type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		default:
-		    errno = ESOCKTNOSUPPORT;
-		    return -1;
-		}
-
-		memset(&in6, 0, sizeof(in6));
-		in6.sin6_family = AF_INET6;
-		in6.sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
-		si->myname_len = sizeof(in6);
-		si->myname = sockaddr_dup(&in6, si->myname_len);
-		break;
-	}
-#endif
-	default:
-		errno = ESOCKTNOSUPPORT;
-		return -1;
-	}
-
-	if (autobind_start > 60000) {
-		autobind_start = 10000;
-	}
-
-	for (i=0;i<1000;i++) {
-		port = autobind_start + i;
-		snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), 
-			 "%s/"SOCKET_FORMAT, socket_wrapper_dir(),
-			 type, socket_wrapper_default_iface(), port);
-		if (stat(un_addr.sun_path, &st) == 0) continue;
-		
-		ret = real_bind(si->fd, (struct sockaddr *)&un_addr, sizeof(un_addr));
-		if (ret == -1) return ret;
-
-		si->tmp_path = strdup(un_addr.sun_path);
-		si->bound = 1;
-		autobind_start = port + 1;
-		break;
-	}
-	if (i == 1000) {
-		errno = ENFILE;
-		return -1;
-	}
-
-	set_port(si->family, port, si->myname);
-
-	return 0;
-}
-
-
-_PUBLIC_ int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen)
-{
-	int ret;
-	struct sockaddr_un un_addr;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_connect(s, serv_addr, addrlen);
-	}
-
-	if (si->bound == 0) {
-		ret = swrap_auto_bind(si);
-		if (ret == -1) return -1;
-	}
-
-	if (si->family != serv_addr->sa_family) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	ret = sockaddr_convert_to_un(si, (const struct sockaddr *)serv_addr, addrlen, &un_addr, 0, NULL);
-	if (ret == -1) return -1;
-
-	swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_SEND, NULL, 0);
-
-	ret = real_connect(s, (struct sockaddr *)&un_addr, 
-			   sizeof(struct sockaddr_un));
-
-	/* to give better errors */
-	if (ret == -1 && errno == ENOENT) {
-		errno = EHOSTUNREACH;
-	}
-
-	if (ret == 0) {
-		si->peername_len = addrlen;
-		si->peername = sockaddr_dup(serv_addr, addrlen);
-
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_RECV, NULL, 0);
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_ACK, NULL, 0);
-	} else {
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_UNREACH, NULL, 0);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen)
-{
-	int ret;
-	struct sockaddr_un un_addr;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_bind(s, myaddr, addrlen);
-	}
-
-	si->myname_len = addrlen;
-	si->myname = sockaddr_dup(myaddr, addrlen);
-
-	ret = sockaddr_convert_to_un(si, (const struct sockaddr *)myaddr, addrlen, &un_addr, 1, &si->bcast);
-	if (ret == -1) return -1;
-
-	unlink(un_addr.sun_path);
-
-	ret = real_bind(s, (struct sockaddr *)&un_addr,
-			sizeof(struct sockaddr_un));
-
-	if (ret == 0) {
-		si->bound = 1;
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_listen(int s, int backlog)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_listen(s, backlog);
-	}
-
-	ret = real_listen(s, backlog);
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getpeername(s, name, addrlen);
-	}
-
-	if (!si->peername)
-	{
-		errno = ENOTCONN;
-		return -1;
-	}
-
-	memcpy(name, si->peername, si->peername_len);
-	*addrlen = si->peername_len;
-
-	return 0;
-}
-
-_PUBLIC_ int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getsockname(s, name, addrlen);
-	}
-
-	memcpy(name, si->myname, si->myname_len);
-	*addrlen = si->myname_len;
-
-	return 0;
-}
-
-_PUBLIC_ int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getsockopt(s, level, optname, optval, optlen);
-	}
-
-	if (level == SOL_SOCKET) {
-		return real_getsockopt(s, level, optname, optval, optlen);
-	} 
-
-	errno = ENOPROTOOPT;
-	return -1;
-}
-
-_PUBLIC_ int swrap_setsockopt(int s, int  level,  int  optname,  const  void  *optval, socklen_t optlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_setsockopt(s, level, optname, optval, optlen);
-	}
-
-	if (level == SOL_SOCKET) {
-		return real_setsockopt(s, level, optname, optval, optlen);
-	}
-
-	switch (si->family) {
-	case AF_INET:
-		return 0;
-	default:
-		errno = ENOPROTOOPT;
-		return -1;
-	}
-}
-
-_PUBLIC_ ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
-{
-	struct sockaddr_un un_addr;
-	socklen_t un_addrlen = sizeof(un_addr);
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_recvfrom(s, buf, len, flags, from, fromlen);
-	}
-
-	/* irix 6.4 forgets to null terminate the sun_path string :-( */
-	memset(&un_addr, 0, sizeof(un_addr));
-	ret = real_recvfrom(s, buf, len, flags, (struct sockaddr *)&un_addr, &un_addrlen);
-	if (ret == -1) 
-		return ret;
-
-	if (sockaddr_convert_from_un(si, &un_addr, un_addrlen,
-				     si->family, from, fromlen) == -1) {
-		return -1;
-	}
-
-	swrap_dump_packet(si, from, SWRAP_RECVFROM, buf, ret);
-
-	return ret;
-}
-
-
-_PUBLIC_ ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen)
-{
-	struct sockaddr_un un_addr;
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-	int bcast = 0;
-
-	if (!si) {
-		return real_sendto(s, buf, len, flags, to, tolen);
-	}
-
-	switch (si->type) {
-	case SOCK_STREAM:
-		ret = real_send(s, buf, len, flags);
-		break;
-	case SOCK_DGRAM:
-		if (si->bound == 0) {
-			ret = swrap_auto_bind(si);
-			if (ret == -1) return -1;
-		}
-		
-		ret = sockaddr_convert_to_un(si, to, tolen, &un_addr, 0, &bcast);
-		if (ret == -1) return -1;
-		
-		if (bcast) {
-			struct stat st;
-			unsigned int iface;
-			unsigned int prt = ntohs(((const struct sockaddr_in *)to)->sin_port);
-			char type;
-			
-			type = SOCKET_TYPE_CHAR_UDP;
-			
-			for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
-				snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT, 
-					 socket_wrapper_dir(), type, iface, prt);
-				if (stat(un_addr.sun_path, &st) != 0) continue;
-				
-				/* ignore the any errors in broadcast sends */
-				real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
-			}
-			
-			swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
-			
-			return len;
-		}
-		
-		ret = real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
-		break;
-	default:
-		ret = -1;
-		errno = EHOSTUNREACH;
-		break;
-	}
-		
-	/* to give better errors */
-	if (ret == -1 && errno == ENOENT) {
-		errno = EHOSTUNREACH;
-	}
-
-	if (ret == -1) {
-		swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
-		swrap_dump_packet(si, to, SWRAP_SENDTO_UNREACH, buf, len);
-	} else {
-		swrap_dump_packet(si, to, SWRAP_SENDTO, buf, ret);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_ioctl(int s, int r, void *p)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-	int value;
-
-	if (!si) {
-		return real_ioctl(s, r, p);
-	}
-
-	ret = real_ioctl(s, r, p);
-
-	switch (r) {
-	case FIONREAD:
-		value = *((int *)p);
-		if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
-			swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
-		} else if (value == 0) { /* END OF FILE */
-			swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
-		}
-		break;
-	}
-
-	return ret;
-}
-
-_PUBLIC_ ssize_t swrap_recv(int s, void *buf, size_t len, int flags)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_recv(s, buf, len, flags);
-	}
-
-	ret = real_recv(s, buf, len, flags);
-	if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
-		swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
-	} else if (ret == 0) { /* END OF FILE */
-		swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
-	} else {
-		swrap_dump_packet(si, NULL, SWRAP_RECV, buf, ret);
-	}
-
-	return ret;
-}
-
-
-_PUBLIC_ ssize_t swrap_send(int s, const void *buf, size_t len, int flags)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_send(s, buf, len, flags);
-	}
-
-	ret = real_send(s, buf, len, flags);
-
-	if (ret == -1) {
-		swrap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
-		swrap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
-	} else {
-		swrap_dump_packet(si, NULL, SWRAP_SEND, buf, ret);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_close(int fd)
-{
-	struct socket_info *si = find_socket_info(fd);
-	int ret;
-
-	if (!si) {
-		return real_close(fd);
-	}
-
-	SWRAP_DLIST_REMOVE(sockets, si);
-
-	if (si->myname && si->peername) {
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
-	}
-
-	ret = real_close(fd);
-
-	if (si->myname && si->peername) {
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_RECV, NULL, 0);
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_ACK, NULL, 0);
-	}
-
-	if (si->path) free(si->path);
-	if (si->myname) free(si->myname);
-	if (si->peername) free(si->peername);
-	if (si->tmp_path) {
-		unlink(si->tmp_path);
-		free(si->tmp_path);
-	}
-	free(si);
-
-	return ret;
-}
-
-static int
-dup_internal(const struct socket_info *si_oldd, int fd)
-{
-	struct socket_info *si_newd;
-
-	si_newd = (struct socket_info *)calloc(1, sizeof(struct socket_info));
-
-	si_newd->fd = fd;
-
-	si_newd->family = si_oldd->family;
-	si_newd->type = si_oldd->type;
-	si_newd->protocol = si_oldd->protocol;
-	si_newd->bound = si_oldd->bound;
-	si_newd->bcast = si_oldd->bcast;
-	if (si_oldd->path)
-		si_newd->path = strdup(si_oldd->path);
-	if (si_oldd->tmp_path)
-		si_newd->tmp_path = strdup(si_oldd->tmp_path);
-	si_newd->myname =
-	    sockaddr_dup(si_oldd->myname, si_oldd->myname_len);
-	si_newd->myname_len = si_oldd->myname_len;
-	si_newd->peername = 
-	    sockaddr_dup(si_oldd->peername, si_oldd->peername_len);
-	si_newd->peername_len = si_oldd->peername_len;
-
-	si_newd->io = si_oldd->io;
-
-	SWRAP_DLIST_ADD(sockets, si_newd);
-
-	return fd;
-}
-
-
-_PUBLIC_ int swrap_dup(int oldd)
-{
-	struct socket_info *si;
-	int fd;
-
-	si = find_socket_info(oldd);
-	if (si == NULL)
-		return real_dup(oldd);
-
-	fd = real_dup(si->fd);
-	if (fd < 0)
-		return fd;
-
-	return dup_internal(si, fd);
-}
-
-
-_PUBLIC_ int swrap_dup2(int oldd, int newd)
-{
-	struct socket_info *si_newd, *si_oldd;
-	int fd;
-
-	if (newd == oldd)
-	    return newd;
-
-	si_oldd = find_socket_info(oldd);
-	si_newd = find_socket_info(newd);
-
-	if (si_oldd == NULL && si_newd == NULL)
-		return real_dup2(oldd, newd);
-
-	fd = real_dup2(si_oldd->fd, newd);
-	if (fd < 0)
-		return fd;
-
-	/* close new socket first */
-	if (si_newd)
-	       	swrap_close(newd);
-
-	return dup_internal(si_oldd, fd);
-}
diff --git a/crypto/heimdal/lib/roken/socket_wrapper.h b/crypto/heimdal/lib/roken/socket_wrapper.h
deleted file mode 100644
index 316b024..0000000
--- a/crypto/heimdal/lib/roken/socket_wrapper.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) Jelmer Vernooij 2005 <jelmer@samba.org>
- * Copyright (C) Stefan Metzmacher 2006 <metze@samba.org>
- *
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifndef __SOCKET_WRAPPER_H__
-#define __SOCKET_WRAPPER_H__
-
-int swrap_socket(int family, int type, int protocol);
-int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
-int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen);
-int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen);
-int swrap_listen(int s, int backlog);
-int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen);
-int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen);
-int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen);
-int swrap_setsockopt(int s, int  level,  int  optname,  const  void  *optval, socklen_t optlen);
-ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen);
-ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen);
-int swrap_ioctl(int s, int req, void *ptr);
-ssize_t swrap_recv(int s, void *buf, size_t len, int flags);
-ssize_t swrap_send(int s, const void *buf, size_t len, int flags);
-int swrap_close(int);
-int swrap_dup(int);
-int swrap_dup2(int, int);
-
-#ifdef SOCKET_WRAPPER_REPLACE
-
-#ifdef accept
-#undef accept
-#endif
-#define accept(s,addr,addrlen)		swrap_accept(s,addr,addrlen)
-
-#ifdef connect
-#undef connect
-#endif
-#define connect(s,serv_addr,addrlen)	swrap_connect(s,serv_addr,addrlen)
-
-#ifdef bind
-#undef bind
-#endif
-#define bind(s,myaddr,addrlen)		swrap_bind(s,myaddr,addrlen)
-
-#ifdef listen
-#undef listen
-#endif
-#define listen(s,blog)			swrap_listen(s,blog)
-
-#ifdef getpeername
-#undef getpeername
-#endif
-#define getpeername(s,name,addrlen)	swrap_getpeername(s,name,addrlen)
-
-#ifdef getsockname
-#undef getsockname
-#endif
-#define getsockname(s,name,addrlen)	swrap_getsockname(s,name,addrlen)
-
-#ifdef getsockopt
-#undef getsockopt
-#endif
-#define getsockopt(s,level,optname,optval,optlen) swrap_getsockopt(s,level,optname,optval,optlen)
-
-#ifdef setsockopt
-#undef setsockopt
-#endif
-#define setsockopt(s,level,optname,optval,optlen) swrap_setsockopt(s,level,optname,optval,optlen)
-
-#ifdef recvfrom
-#undef recvfrom
-#endif
-#define recvfrom(s,buf,len,flags,from,fromlen) 	  swrap_recvfrom(s,buf,len,flags,from,fromlen)
-
-#ifdef sendto
-#undef sendto
-#endif
-#define sendto(s,buf,len,flags,to,tolen)          swrap_sendto(s,buf,len,flags,to,tolen)
-
-#ifdef ioctl
-#undef ioctl
-#endif
-#define ioctl(s,req,ptr)		swrap_ioctl(s,req,ptr)
-
-#ifdef recv
-#undef recv
-#endif
-#define recv(s,buf,len,flags)		swrap_recv(s,buf,len,flags)
-
-#ifdef send
-#undef send
-#endif
-#define send(s,buf,len,flags)		swrap_send(s,buf,len,flags)
-
-#ifdef socket
-#undef socket
-#endif
-#define socket(domain,type,protocol)	swrap_socket(domain,type,protocol)
-
-#ifdef close
-#undef close
-#endif
-#define close(s)			swrap_close(s)
-
-#ifdef dup
-#undef dup
-#endif
-#define dup(oldd)			swrap_dup(oldd)
-
-#ifdef dup2
-#undef dup2
-#endif
-#define dup2(oldd, newd)		swrap_dup2(oldd, newd)
-
-#endif
-
-#endif /* __SOCKET_WRAPPER_H__ */
diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c
deleted file mode 100644
index 4788d4f..0000000
--- a/crypto/heimdal/lib/roken/strcasecmp.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcasecmp.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-#include "roken.h"
-
-#ifndef HAVE_STRCASECMP
-
-int ROKEN_LIB_FUNCTION
-strcasecmp(const char *s1, const char *s2)
-{
-    while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-    }
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strcollect.c b/crypto/heimdal/lib/roken/strcollect.c
deleted file mode 100644
index f291891..0000000
--- a/crypto/heimdal/lib/roken/strcollect.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "roken.h"
-
-enum { initial = 10, increment = 5 };
-
-static char **
-sub (char **argv, int i, int argc, va_list *ap)
-{
-    do {
-	if(i == argc) {
-	    /* realloc argv */
-	    char **tmp = realloc(argv, (argc + increment) * sizeof(*argv));
-	    if(tmp == NULL) {
-		free(argv);
-		errno = ENOMEM;
-		return NULL;
-	    }
-	    argv  = tmp;
-	    argc += increment;
-	}
-	argv[i++] = va_arg(*ap, char*);
-    } while(argv[i - 1] != NULL);
-    return argv;
-}
-
-/*
- * return a malloced vector of pointers to the strings in `ap'
- * terminated by NULL.
- */
-
-char ** ROKEN_LIB_FUNCTION
-vstrcollect(va_list *ap)
-{
-    return sub (NULL, 0, 0, ap);
-}
-
-/*
- *
- */
-
-char ** ROKEN_LIB_FUNCTION
-strcollect(char *first, ...)
-{
-    va_list ap;
-    char **ret = malloc (initial * sizeof(char *));
-
-    if (ret == NULL)
-	return ret;
-
-    ret[0] = first;
-    va_start(ap, first);
-    ret = sub (ret, 1, initial, &ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/strdup.c b/crypto/heimdal/lib/roken/strdup.c
deleted file mode 100644
index a832120..0000000
--- a/crypto/heimdal/lib/roken/strdup.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strdup.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef HAVE_STRDUP
-char * ROKEN_LIB_FUNCTION
-strdup(const char *old)
-{
-	char *t = malloc(strlen(old)+1);
-	if (t != 0)
-		strcpy(t, old);
-	return t;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strerror.c b/crypto/heimdal/lib/roken/strerror.c
deleted file mode 100644
index ca152f4..0000000
--- a/crypto/heimdal/lib/roken/strerror.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strerror.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-extern int sys_nerr;
-extern char *sys_errlist[];
-
-char* ROKEN_LIB_FUNCTION
-strerror(int eno)
-{
-    static char emsg[1024];
-
-    if(eno < 0 || eno >= sys_nerr)
-	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
-    else
-	snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
-
-    return emsg;
-}
diff --git a/crypto/heimdal/lib/roken/strftime.c b/crypto/heimdal/lib/roken/strftime.c
deleted file mode 100644
index b7176b6..0000000
--- a/crypto/heimdal/lib/roken/strftime.c
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include "roken.h"
-
-RCSID("$Id: strftime.c 21896 2007-08-09 08:46:08Z lha $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec"
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "Mars",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December"
-};
-
-static const char *ampm[] = {
-    "AM",
-    "PM"
-};
-
-/*
- * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12]
- */
-
-static int
-hour_24to12 (int hour)
-{
-    int ret = hour % 12;
-
-    if (ret == 0)
-	ret = 12;
-    return ret;
-}
-
-/*
- * Return AM or PM for `hour'
- */
-
-static const char *
-hour_to_ampm (int hour)
-{
-    return ampm[hour / 12];
-}
-
-/*
- * Return the week number of `tm' (Sunday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_sun (const struct tm *tm)
-{
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_mon (const struct tm *tm)
-{
-    int wday = (tm->tm_wday + 6) % 7;
-
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the
- * week) as [01, 53].  Week number one is the one that has four or more
- * days in that year.
- */
-
-static int
-week_number_mon4 (const struct tm *tm)
-{
-    int wday  = (tm->tm_wday + 6) % 7;
-    int w1day = (wday - tm->tm_yday % 7 + 7) % 7;
-    int ret;
-    
-    ret = (tm->tm_yday + w1day) / 7;
-    if (w1day >= 4)
-	--ret;
-    if (ret == -1)
-	ret = 53;
-    else
-	++ret;
-    return ret;
-}
-
-/*
- *
- */
-
-size_t ROKEN_LIB_FUNCTION
-strftime (char *buf, size_t maxsize, const char *format,
-	  const struct tm *tm)
-{
-    size_t n = 0;
-    int ret;
-
-    while (*format != '\0' && n < maxsize) {
-	if (*format == '%') {
-	    ++format;
-	    if(*format == 'E' || *format == 'O')
-		++format;
-	    switch (*format) {
-	    case 'a' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_weekdays[tm->tm_wday]);
-		break;
-	    case 'A' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_weekdays[tm->tm_wday]);
-		break;
-	    case 'h' :
-	    case 'b' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_month[tm->tm_mon]);
-		break;
-	    case 'B' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_month[tm->tm_mon]);
-		break;
-	    case 'c' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d %02d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'C' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) / 100);
-		break;
-	    case 'd' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mday);
-		break;
-	    case 'D' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d/%02d/%02d",
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				(tm->tm_year + 1900) % 100);
-		break;
-	    case 'e' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_mday);
-		break;
-	    case 'F':
-		ret = snprintf (buf, maxsize - n,
-				"%04d-%02d-%02d", tm->tm_year + 1900,
-				tm->tm_mon + 1, tm->tm_mday);
-		break;
-	    case 'g':
-		/* last two digits of week-based year */
-		abort();
-	    case 'G':
-		/* week-based year */
-		abort();
-	    case 'H' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_hour);
-		break;
-	    case 'I' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'j' :
-		ret = snprintf (buf, maxsize - n,
-				"%03d", tm->tm_yday + 1);
-		break;
-	    case 'k' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_hour);
-		break;
-	    case 'l' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'm' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mon + 1);
-		break;
-	    case 'M' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_min);
-		break;
-	    case 'n' :
-		ret = snprintf (buf, maxsize - n, "\n");
-		break;
-	    case 'p' :
-		ret = snprintf (buf, maxsize - n, "%s",
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'r' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d %s",
-				hour_24to12 (tm->tm_hour),
-				tm->tm_min,
-				tm->tm_sec,
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'R' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min);
-		    
-	    case 's' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (int)mktime(rk_UNCONST(tm)));
-		break;
-	    case 'S' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_sec);
-		break;
-	    case 't' :
-		ret = snprintf (buf, maxsize - n, "\t");
-		break;
-	    case 'T' :
-	    case 'X' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'u' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
-		break;
-	    case 'U' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_sun (tm));
-		break;
-	    case 'V' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon4 (tm));
-		break;
-	    case 'w' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_wday);
-		break;
-	    case 'W' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon (tm));
-		break;
-	    case 'x' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday);
-		break;
-	    case 'y' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) % 100);
-		break;
-	    case 'Y' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_year + 1900);
-		break;
-	    case 'z':
-		ret = snprintf (buf, maxsize - n,
-				"%ld",
-#if defined(HAVE_STRUCT_TM_TM_GMTOFF)
-				(long)tm->tm_gmtoff
-#elif defined(HAVE_TIMEZONE)
-#ifdef HAVE_ALTZONE
-				tm->tm_isdst ?
-				(long)altzone :
-#endif
-				(long)timezone
-#else
-#error Where in timezone chaos are you?
-#endif    
-				);
-		break;
-	    case 'Z' :
-		ret = snprintf (buf, maxsize - n,
-				"%s",
-
-#if defined(HAVE_STRUCT_TM_TM_ZONE)
-				tm->tm_zone
-#elif defined(HAVE_TIMEZONE)
-				tzname[tm->tm_isdst]
-#else
-#error what?
-#endif
-		    );
-		break;
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		ret = snprintf (buf, maxsize - n,
-				"%%");
-		break;
-	    default :
-		ret = snprintf (buf, maxsize - n,
-				"%%%c", *format);
-		break;
-	    }
-	    if (ret < 0 || ret >= maxsize - n)
-		return 0;
-	    n   += ret;
-	    buf += ret;
-	    ++format;
-	} else {
-	    *buf++ = *format++;
-	    ++n;
-	}
-    }
-    *buf++ = '\0';
-    return n;
-}
diff --git a/crypto/heimdal/lib/roken/strlcat.c b/crypto/heimdal/lib/roken/strlcat.c
deleted file mode 100644
index 3f9c085..0000000
--- a/crypto/heimdal/lib/roken/strlcat.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcat.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_STRLCAT
-
-size_t ROKEN_LIB_FUNCTION
-strlcat (char *dst, const char *src, size_t dst_sz)
-{
-    size_t len = strlen(dst);
-
-    if (dst_sz < len)
-	/* the total size of dst is less than the string it contains;
-           this could be considered bad input, but we might as well
-           handle it */
-	return len + strlen(src);
-
-    return len + strlcpy (dst + len, src, dst_sz - len);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strlcpy.c b/crypto/heimdal/lib/roken/strlcpy.c
deleted file mode 100644
index 6797317..0000000
--- a/crypto/heimdal/lib/roken/strlcpy.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcpy.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_STRLCPY
-
-size_t ROKEN_LIB_FUNCTION
-strlcpy (char *dst, const char *src, size_t dst_sz)
-{
-    size_t n;
-
-    for (n = 0; n < dst_sz; n++) {
-	if ((*dst++ = *src++) == '\0')
-	    break;
-    }
-
-    if (n < dst_sz)
-	return n;
-    if (n > 0)
-	*(dst - 1) = '\0';
-    return n + strlen (src);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c
deleted file mode 100644
index 9e5e973..0000000
--- a/crypto/heimdal/lib/roken/strlwr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRLWR
-char * ROKEN_LIB_FUNCTION
-strlwr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = tolower((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c
deleted file mode 100644
index e534393..0000000
--- a/crypto/heimdal/lib/roken/strncasecmp.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strncasecmp.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-
-#ifndef HAVE_STRNCASECMP
-
-int ROKEN_LIB_FUNCTION
-strncasecmp(const char *s1, const char *s2, size_t n)
-{
-    while(n > 0 
-	  && toupper((unsigned char)*s1) == toupper((unsigned char)*s2))
-    {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-	n--;
-    }
-    if(n == 0)
-	return 0;
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strndup.c b/crypto/heimdal/lib/roken/strndup.c
deleted file mode 100644
index 1960fd2..0000000
--- a/crypto/heimdal/lib/roken/strndup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strndup.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRNDUP
-char * ROKEN_LIB_FUNCTION
-strndup(const char *old, size_t sz)
-{
-    size_t len = strnlen (old, sz);
-    char *t    = malloc(len + 1);
-
-    if (t != NULL) {
-	memcpy (t, old, len);
-	t[len] = '\0';
-    }
-    return t;
-}
-#endif /* HAVE_STRNDUP */
diff --git a/crypto/heimdal/lib/roken/strnlen.c b/crypto/heimdal/lib/roken/strnlen.c
deleted file mode 100644
index 3ba61a5..0000000
--- a/crypto/heimdal/lib/roken/strnlen.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strnlen.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-size_t ROKEN_LIB_FUNCTION
-strnlen(const char *s, size_t len)
-{
-    size_t i;
-
-    for(i = 0; i < len && s[i]; i++)
-	;
-    return i;
-}
diff --git a/crypto/heimdal/lib/roken/strpftime-test.c b/crypto/heimdal/lib/roken/strpftime-test.c
deleted file mode 100644
index a1c13f3..0000000
--- a/crypto/heimdal/lib/roken/strpftime-test.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include "roken.h"
-
-RCSID("$Id: strpftime-test.c 21897 2007-08-09 08:46:34Z lha $");
-
-enum { MAXSIZE = 26 };
-
-static struct testcase {
-    time_t t;
-    struct {
-	const char *format;
-	const char *result;
-    } vals[MAXSIZE];
-} tests[] = {
-    {0,
-     {
-	 {"%A", "Thursday"},
-	 {"%a", "Thu"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "4"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {90000,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "02"},
-	 {"%e", " 2"},
-	 {"%H", "01"},
-	 {"%I", "01"},
-	 {"%j", "002"},
-	 {"%k", " 1"},
-	 {"%l", " 1"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {216306,
-     {
-	 {"%A", "Saturday"},
-	 {"%a", "Sat"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "03"},
-	 {"%e", " 3"},
-	 {"%H", "12"},
-	 {"%I", "12"},
-	 {"%j", "003"},
-	 {"%k", "12"},
-	 {"%l", "12"},
-	 {"%M", "05"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "06"},
-	 {"%t", "\t"},
-	 {"%w", "6"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {259200,
-     {
-	 {"%A", "Sunday"},
-	 {"%a", "Sun"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "04"},
-	 {"%e", " 4"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "004"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "0"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "01"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {915148800,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "53"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {942161105,
-     {
-
-	 {"%A", "Tuesday"},
-	 {"%a", "Tue"},
-	 {"%B", "November"},
-	 {"%b", "Nov"},
-	 {"%C", "19"},
-	 {"%d", "09"},
-	 {"%e", " 9"},
-	 {"%H", "15"},
-	 {"%I", "03"},
-	 {"%j", "313"},
-	 {"%k", "15"},
-	 {"%l", " 3"},
-	 {"%M", "25"},
-	 {"%m", "11"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "05"},
-	 {"%t", "\t"},
-	 {"%w", "2"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "45"},
-	 {"%W", "45"},
-	 {"%V", "45"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    }
-};
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	struct tm *tm;
-
-	tm = gmtime (&tests[i].t);
-
-	for (j = 0; tests[i].vals[j].format != NULL; ++j) {
-	    char buf[128];
-	    size_t len;
-	    struct tm tm2;
-	    char *ptr;
-
-	    len = strftime (buf, sizeof(buf), tests[i].vals[j].format, tm);
-	    if (len != strlen (buf)) {
-		printf ("length of strftime(\"%s\") = %lu (\"%s\")\n",
-			tests[i].vals[j].format, (unsigned long)len,
-			buf);
-		++ret;
-		continue;
-	    }
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("result of strftime(\"%s\") = \"%s\" != \"%s\"\n",
-			tests[i].vals[j].format, buf,
-			tests[i].vals[j].result);
-		++ret;
-		continue;
-	    }
-	    memset (&tm2, 0, sizeof(tm2));
-	    ptr = strptime (tests[i].vals[j].result,
-			    tests[i].vals[j].format,
-			    &tm2);
-	    if (ptr == NULL || *ptr != '\0') {
-		printf ("bad return value from strptime("
-			"\"%s\", \"%s\")\n",
-			tests[i].vals[j].result,
-			tests[i].vals[j].format);
-		++ret;
-	    }
-	    strftime (buf, sizeof(buf), tests[i].vals[j].format, &tm2);
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("reverse of \"%s\" failed: \"%s\" vs \"%s\"\n",
-			tests[i].vals[j].format,
-			buf, tests[i].vals[j].result);
-		++ret;
-	    }
-	}
-    }
-    {
-	struct tm tm;
-	memset(&tm, 0, sizeof(tm));
-	strptime ("200505", "%Y%m", &tm);
-	if (tm.tm_year != 105)
-	    ++ret;
-	if (tm.tm_mon != 4)
-	    ++ret;
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/strpftime-test.h b/crypto/heimdal/lib/roken/strpftime-test.h
deleted file mode 100644
index 546e552..0000000
--- a/crypto/heimdal/lib/roken/strpftime-test.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: snprintf-test.h 10377 2001-07-19 18:39:14Z assar $ */
-
-#ifndef __STRFTIME_TEST_H__
-#define __STRFTIME_TEST_H__
-
-/*
- * we cannot use the real names of the functions when testing, since
- * they might have different prototypes as the system functions, hence
- * these evil hacks
- */
-
-#define strftime test_strftime
-#define strptime test_strptime
-
-#endif /* __STRFTIME_TEST_H__ */
diff --git a/crypto/heimdal/lib/roken/strpool.c b/crypto/heimdal/lib/roken/strpool.c
deleted file mode 100644
index 6ebe0ce..0000000
--- a/crypto/heimdal/lib/roken/strpool.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include "roken.h"
-
-struct rk_strpool {
-    char *str;
-    size_t len;
-};
-
-/*
- *
- */
-
-void ROKEN_LIB_FUNCTION
-rk_strpoolfree(struct rk_strpool *p)
-{
-    if (p->str) {
-	free(p->str);
-	p->str = NULL;
-    }
-    free(p);
-}
-
-/*
- *
- */
-
-struct rk_strpool * ROKEN_LIB_FUNCTION
-rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...)
-{
-    va_list ap;
-    char *str, *str2;
-    int len;
-
-    if (p == NULL) {
-	p = malloc(sizeof(*p));
-	if (p == NULL)
-	    return NULL;
-	p->str = NULL;
-	p->len = 0;
-    }
-    va_start(ap, fmt);
-    len = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (str == NULL) {
-	rk_strpoolfree(p);
-	return NULL;
-    }
-    str2 = realloc(p->str, len + p->len + 1);
-    if (str2 == NULL) {
-	rk_strpoolfree(p);
-	return NULL;
-    }
-    p->str = str2;
-    memcpy(p->str + p->len, str, len + 1);
-    p->len += len;
-    free(str);
-    return p;
-}
-
-/*
- *
- */
-
-char * ROKEN_LIB_FUNCTION
-rk_strpoolcollect(struct rk_strpool *p)
-{
-    char *str = p->str;
-    p->str = NULL;
-    free(p);
-    return str;
-}
diff --git a/crypto/heimdal/lib/roken/strptime.c b/crypto/heimdal/lib/roken/strptime.c
deleted file mode 100644
index 9cd1333..0000000
--- a/crypto/heimdal/lib/roken/strptime.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Copyright (c) 1999, 2003, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include <ctype.h>
-#include "roken.h"
-
-RCSID("$Id: strptime.c 21895 2007-08-09 08:45:54Z lha $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-    NULL
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-    NULL
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec",
-    NULL
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "March",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December",
-    NULL,
-};
-
-static const char *ampm[] = {
-    "am",
-    "pm",
-    NULL
-};
-
-/*
- * Try to match `*buf' to one of the strings in `strs'.  Return the
- * index of the matching string (or -1 if none).  Also advance buf.
- */
-
-static int
-match_string (const char **buf, const char **strs)
-{
-    int i = 0;
-
-    for (i = 0; strs[i] != NULL; ++i) {
-	int len = strlen (strs[i]);
-
-	if (strncasecmp (*buf, strs[i], len) == 0) {
-	    *buf += len;
-	    return i;
-	}
-    }
-    return -1;
-}
-
-/*
- * Try to match `*buf' to at the most `n' characters and return the
- * resulting number in `num'. Returns 0 or an error.  Also advance
- * buf.
- */
-
-static int
-parse_number (const char **buf, int n, int *num)
-{
-    char *s, *str;
-    int i;
-
-    str = malloc(n + 1);
-    if (str == NULL)
-	return -1;
-
-    /* skip whitespace */
-    for (; **buf != '\0' && isspace((unsigned char)(**buf)); (*buf)++)
-	;
-
-    /* parse at least n characters */
-    for (i = 0; **buf != '\0' && i < n && isdigit((unsigned char)(**buf)); i++, (*buf)++)
-	str[i] = **buf;
-    str[i] = '\0';
-
-    *num = strtol (str, &s, 10);
-    free(str);
-    if (s == str)
-	return -1;
-
-    return 0;
-}
-
-/*
- * tm_year is relative this year
- */
-
-const int tm_year_base = 1900;
-
-/*
- * Return TRUE iff `year' was a leap year.
- */
-
-static int
-is_leap_year (int year)
-{
-    return (year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0);
-}
-
-/*
- * Return the weekday [0,6] (0 = Sunday) of the first day of `year'
- */
-
-static int
-first_day (int year)
-{
-    int ret = 4;
-
-    for (; year > 1970; --year)
-	ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7;
-    return ret;
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_sun (struct tm *timeptr, int wnum)
-{
-    int fday = first_day (timeptr->tm_year + tm_year_base);
-
-    timeptr->tm_yday = wnum * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-
-    timeptr->tm_yday = wnum * 7 + (timeptr->tm_wday + 6) % 7 - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = (fday + 1) % 7;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon4 (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-    int offset = 0;
-
-    if (fday < 4)
-	offset += 7;
-
-    timeptr->tm_yday = offset + (wnum - 1) * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- *
- */
-
-char * ROKEN_LIB_FUNCTION
-strptime (const char *buf, const char *format, struct tm *timeptr)
-{
-    char c;
-
-    for (; (c = *format) != '\0'; ++format) {
-	char *s;
-	int ret;
-
-	if (isspace ((unsigned char)c)) {
-	    while (isspace ((unsigned char)*buf))
-		++buf;
-	} else if (c == '%' && format[1] != '\0') {
-	    c = *++format;
-	    if (c == 'E' || c == 'O')
-		c = *++format;
-	    switch (c) {
-	    case 'A' :
-		ret = match_string (&buf, full_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'a' :
-		ret = match_string (&buf, abb_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'B' :
-		ret = match_string (&buf, full_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'b' :
-	    case 'h' :
-		ret = match_string (&buf, abb_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'C' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_year = (ret * 100) - tm_year_base;
-		break;
-	    case 'c' :
-		abort ();
-	    case 'D' :		/* %m/%d/%y */
-		s = strptime (buf, "%m/%d/%y", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'd' :
-	    case 'e' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_mday = ret;
-		break;
-	    case 'H' :
-	    case 'k' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_hour = ret;
-		break;
-	    case 'I' :
-	    case 'l' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret == 12)
-		    timeptr->tm_hour = 0;
-		else
-		    timeptr->tm_hour = ret;
-		break;
-	    case 'j' :
-		if (parse_number(&buf, 3, &ret))
-		    return NULL;
-		if (ret == 0)
-		    return NULL;
-		timeptr->tm_yday = ret - 1;
-		break;
-	    case 'm' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret == 0)
-		    return NULL;
-		timeptr->tm_mon = ret - 1;
-		break;
-	    case 'M' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_min = ret;
-		break;
-	    case 'n' :
-		while (isspace ((unsigned char)*buf))
-		    buf++;
-		break;
-	    case 'p' :
-		ret = match_string (&buf, ampm);
-		if (ret < 0)
-		    return NULL;
-		if (timeptr->tm_hour == 0) {
-		    if (ret == 1)
-			timeptr->tm_hour = 12;
-		} else
-		    timeptr->tm_hour += 12;
-		break;
-	    case 'r' :		/* %I:%M:%S %p */
-		s = strptime (buf, "%I:%M:%S %p", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'R' :		/* %H:%M */
-		s = strptime (buf, "%H:%M", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'S' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_sec = ret;
-		break;
-	    case 't' :
-		while (isspace ((unsigned char)*buf))
-		    buf++;
-		break;
-	    case 'T' :		/* %H:%M:%S */
-	    case 'X' :
-		s = strptime (buf, "%H:%M:%S", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'u' :
-		if (parse_number(&buf, 1, &ret))
-		    return NULL;
-		if (ret <= 0)
-		    return NULL;
-		timeptr->tm_wday = ret - 1;
-		break;
-	    case 'w' :
-		if (parse_number(&buf, 1, &ret))
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'U' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_sun (timeptr, ret);
-		break;
-	    case 'V' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_mon4 (timeptr, ret);
-		break;
-	    case 'W' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_mon (timeptr, ret);
-		break;
-	    case 'x' :
-		s = strptime (buf, "%Y:%m:%d", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'y' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret < 70)
-		    timeptr->tm_year = 100 + ret;
-		else
-		    timeptr->tm_year = ret;
-		break;
-	    case 'Y' :
-		if (parse_number(&buf, 4, &ret))
-		    return NULL;
-		timeptr->tm_year = ret - tm_year_base;
-		break;
-	    case 'Z' :
-		abort ();
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		if (*buf == '%')
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    default :
-		if (*buf == '%' || *++buf == c)
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    }
-	} else {
-	    if (*buf == c)
-		++buf;
-	    else
-		return NULL;
-	}
-    }
-    return rk_UNCONST(buf);
-}
diff --git a/crypto/heimdal/lib/roken/strsep.c b/crypto/heimdal/lib/roken/strsep.c
deleted file mode 100644
index dd191c4..0000000
--- a/crypto/heimdal/lib/roken/strsep.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP
-
-char * ROKEN_LIB_FUNCTION
-strsep(char **str, const char *delim)
-{
-    char *save = *str;
-    if(*str == NULL)
-	return NULL;
-    *str = *str + strcspn(*str, delim);
-    if(**str == 0)
-	*str = NULL;
-    else{
-	**str = 0;
-	(*str)++;
-    }
-    return save;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strsep_copy.c b/crypto/heimdal/lib/roken/strsep_copy.c
deleted file mode 100644
index 4a0a8b0..0000000
--- a/crypto/heimdal/lib/roken/strsep_copy.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP_COPY
-
-/* strsep, but with const stringp, so return string in buf */
-
-ssize_t ROKEN_LIB_FUNCTION
-strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
-{
-    const char *save = *stringp;
-    size_t l;
-    if(save == NULL)
-	return -1;
-    *stringp = *stringp + strcspn(*stringp, delim);
-    l = min(len, *stringp - save);
-    if(len > 0) {
-	memcpy(buf, save, l);
-	buf[l] = '\0';
-    }
-
-    l = *stringp - save;
-    if(**stringp == '\0')
-	*stringp = NULL;
-    else
-	(*stringp)++;
-    return l;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strtok_r.c b/crypto/heimdal/lib/roken/strtok_r.c
deleted file mode 100644
index fb72f5d..0000000
--- a/crypto/heimdal/lib/roken/strtok_r.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strtok_r.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRTOK_R
-
-char * ROKEN_LIB_FUNCTION
-strtok_r(char *s1, const char *s2, char **lasts)
-{
-  char *ret;
-
-  if (s1 == NULL)
-    s1 = *lasts;
-  while(*s1 && strchr(s2, *s1))
-    ++s1;
-  if(*s1 == '\0')
-    return NULL;
-  ret = s1;
-  while(*s1 && !strchr(s2, *s1))
-    ++s1;
-  if(*s1)
-    *s1++ = '\0';
-  *lasts = s1;
-  return ret;
-}
-
-#endif /* HAVE_STRTOK_R */
diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c
deleted file mode 100644
index 2a53226..0000000
--- a/crypto/heimdal/lib/roken/strupr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRUPR
-char * ROKEN_LIB_FUNCTION
-strupr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = toupper((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/swab.c b/crypto/heimdal/lib/roken/swab.c
deleted file mode 100644
index 20744ca..0000000
--- a/crypto/heimdal/lib/roken/swab.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_SWAB
-
-RCSID("$Id: swab.c 14773 2005-04-12 11:29:18Z lha $");
-
-void ROKEN_LIB_FUNCTION
-swab (char *from, char *to, int nbytes)
-{
-     while(nbytes >= 2) {
-	  *(to + 1) = *from;
-	  *to = *(from + 1);
-	  to += 2;
-	  from += 2;
-	  nbytes -= 2;
-     }
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/test-mem.c b/crypto/heimdal/lib/roken/test-mem.c
deleted file mode 100644
index d955c1a..0000000
--- a/crypto/heimdal/lib/roken/test-mem.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include "roken.h"
-
-#include "test-mem.h"
-
-RCSID("$Id: test-mem.c 21005 2007-06-08 01:54:35Z lha $");
-
-/* #undef HAVE_MMAP */
-
-struct {
-    void *start;
-    size_t size;
-    void *data_start;
-    size_t data_size;
-    enum rk_test_mem_type type;
-    int fd;
-} map;
-
-struct sigaction sa, osa;
-
-char *testname;
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    int fd;
-    char msg[] = "SIGSEGV i current test: ";
-    
-    fd = open("/dev/stdout", O_WRONLY, 0600);
-    if (fd >= 0) {
-	write(fd, msg, sizeof(msg) - 1);
-	write(fd, testname, strlen(testname));
-	write(fd, "\n", 1);
-	close(fd);
-    }
-    _exit(1);
-}
-
-#define TESTREC()							\
-    if (testname)							\
-	errx(1, "test %s run recursively on %s", name, testname);	\
-    testname = strdup(name);						\
-    if (testname == NULL)						\
-	errx(1, "malloc");
-
-
-void * ROKEN_LIB_FUNCTION
-rk_test_mem_alloc(enum rk_test_mem_type type, const char *name,
-		  void *buf, size_t size)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p;
-    
-    TESTREC();
-
-    p = malloc(size + 2);
-    if (p == NULL)
-	errx(1, "malloc");
-    map.type = type;
-    map.start = p;
-    map.size = size + 2;
-    p[0] = 0xff;
-    p[map.size] = 0xff;
-    map.data_start = p + 1;
-#else
-    unsigned char *p;
-    int flags, ret, fd;
-    size_t pagesize = getpagesize();
-
-    TESTREC();
-
-    map.type = type;
-
-#ifdef MAP_ANON
-    flags = MAP_ANON;
-    fd = -1;
-#else
-    flags = 0;
-    fd = open ("/dev/zero", O_RDONLY);
-    if(fd < 0)
-	err (1, "open /dev/zero");
-#endif
-    map.fd = fd;
-    flags |= MAP_PRIVATE;
-
-    map.size = size + pagesize - (size % pagesize) + pagesize * 2;
-
-    p = (unsigned char *)mmap(0, map.size, PROT_READ | PROT_WRITE,
-			      flags, fd, 0);
-    if (p == (unsigned char *)MAP_FAILED)
-	err (1, "mmap");
-
-    map.start = p;
-
-    ret = mprotect ((void *)p, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    ret = mprotect (p + map.size - pagesize, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    switch (type) {
-    case RK_TM_OVERRUN:
-	map.data_start = p + map.size - pagesize - size;
-	break;
-    case RK_TM_UNDERRUN:
-	map.data_start = p + pagesize;
-	break;
-    default:
-	abort();
-    }
-#endif
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-    sa.sa_flags |= SA_RESETHAND;
-#endif
-    sa.sa_handler = segv_handler;
-    sigaction (SIGSEGV, &sa, &osa);
-
-    map.data_size = size;
-    if (buf)
-	memcpy(map.data_start, buf, size);
-    return map.data_start;
-}
-
-void ROKEN_LIB_FUNCTION
-rk_test_mem_free(const char *map_name)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p = map.start;
-    
-    if (testname == NULL)
-	errx(1, "test_mem_free call on no free");
-
-    if (p[0] != 0xff)
-	errx(1, "%s: %s underrun %x\n", testname, map_name, p[0]);
-    if (p[map.size] != 0xff)
-	errx(1, "%s: %s overrun %x\n", testname, map_name, p[map.size - 1]);
-    free(map.start);
-#else
-    int ret;
-    
-    if (testname == NULL)
-	errx(1, "test_mem_free call on no free");
-
-    ret = munmap (map.start, map.size);
-    if (ret < 0)
-	err (1, "munmap");
-    if (map.fd > 0)
-	close(map.fd);
-#endif
-    free(testname);
-    testname = NULL;
-
-    sigaction (SIGSEGV, &osa, NULL);
-}
diff --git a/crypto/heimdal/lib/roken/test-mem.h b/crypto/heimdal/lib/roken/test-mem.h
deleted file mode 100644
index 896222f..0000000
--- a/crypto/heimdal/lib/roken/test-mem.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-enum rk_test_mem_type { RK_TM_OVERRUN, RK_TM_UNDERRUN };
-
-void * ROKEN_LIB_FUNCTION
-	rk_test_mem_alloc(enum rk_test_mem_type, const char *, void *, size_t);
-void ROKEN_LIB_FUNCTION
-	rk_test_mem_free(const char *);
diff --git a/crypto/heimdal/lib/roken/test-readenv.c b/crypto/heimdal/lib/roken/test-readenv.c
deleted file mode 100644
index 2cbf816..0000000
--- a/crypto/heimdal/lib/roken/test-readenv.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: test-readenv.c 20868 2007-06-03 21:02:04Z lha $");
-#endif
-
-#include "roken.h"
-#include "test-mem.h"
-
-char *s1 = "VAR1=VAL1#comment\n\
-VAR2=VAL2 VAL2 #comment\n\
-#this another comment\n\
-\n\
-VAR3=FOO";
-
-char *s2 = "VAR1=ENV2\n\
-";
-
-static void
-make_file(char *tmpl, size_t l)
-{
-    int fd;
-    strlcpy(tmpl, "env.XXXXXX", l);
-    fd = mkstemp(tmpl);
-    if(fd < 0)
-	err(1, "mkstemp");
-    close(fd);
-}
-
-static void
-write_file(const char *fn, const char *s)
-{
-    FILE *f;
-    f = fopen(fn, "w");
-    if(f == NULL) {
-	unlink(fn);
-	err(1, "fopen");
-    }
-    if(fwrite(s, 1, strlen(s), f) != strlen(s))
-	err(1, "short write");
-    if(fclose(f) != 0) {
-	unlink(fn);
-	err(1, "fclose");
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    char **env = NULL;
-    int count = 0;
-    char fn[MAXPATHLEN];
-    int error = 0;
-
-    make_file(fn, sizeof(fn));
-
-    write_file(fn, s1);
-    count = read_environment(fn, &env);
-    if(count != 3) {
-	warnx("test 1: variable count %d != 3", count);
-	error++;
-    }
-
-    write_file(fn, s2);
-    count = read_environment(fn, &env);
-    if(count != 1) {
-	warnx("test 2: variable count %d != 1", count);
-	error++;
-    }
-
-    unlink(fn);
-    count = read_environment(fn, &env);
-    if(count != 0) {
-	warnx("test 3: variable count %d != 0", count);
-	error++;
-    }
-    for(count = 0; env && env[count]; count++);
-    if(count != 3) {
-	warnx("total variable count %d != 3", count);
-	error++;
-    }
-    free_environment(env);
-    
-    
-    return error;
-}
diff --git a/crypto/heimdal/lib/roken/timegm.c b/crypto/heimdal/lib/roken/timegm.c
deleted file mode 100644
index 41eb487..0000000
--- a/crypto/heimdal/lib/roken/timegm.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1997, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: timegm.c 18606 2006-10-19 16:19:10Z lha $");
-#endif
-
-#include "roken.h"
-
-static int
-is_leap(unsigned y)
-{
-    y += 1900;
-    return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
-}
-
-/* 
- * XXX This is a simplifed version of timegm, it needs to support out of
- * bounds values.
- */
-
-time_t
-rk_timegm (struct tm *tm)
-{
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
-  time_t res = 0;
-  unsigned i;
-
-  if (tm->tm_year < 0) 
-      return -1;
-  if (tm->tm_mon < 0 || tm->tm_mon > 11) 
-      return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
-      return -1;
-  if (tm->tm_hour < 0 || tm->tm_hour > 23) 
-      return -1;
-  if (tm->tm_min < 0 || tm->tm_min > 59) 
-      return -1;
-  if (tm->tm_sec < 0 || tm->tm_sec > 59) 
-      return -1;
-
-  for (i = 70; i < tm->tm_year; ++i)
-    res += is_leap(i) ? 366 : 365;
-
-  for (i = 0; i < tm->tm_mon; ++i)
-    res += ndays[is_leap(tm->tm_year)][i];
-  res += tm->tm_mday - 1;
-  res *= 24;
-  res += tm->tm_hour;
-  res *= 60;
-  res += tm->tm_min;
-  res *= 60;
-  res += tm->tm_sec;
-  return res;
-}
diff --git a/crypto/heimdal/lib/roken/timeval.c b/crypto/heimdal/lib/roken/timeval.c
deleted file mode 100644
index b72e202..0000000
--- a/crypto/heimdal/lib/roken/timeval.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Timeval stuff
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: timeval.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Make `t1' consistent.
- */
-
-void ROKEN_LIB_FUNCTION
-timevalfix(struct timeval *t1)
-{
-    if (t1->tv_usec < 0) {
-        t1->tv_sec--;
-        t1->tv_usec += 1000000;
-    }
-    if (t1->tv_usec >= 1000000) {
-        t1->tv_sec++;
-        t1->tv_usec -= 1000000;
-    }
-}
- 
-/*
- * t1 += t2
- */
-
-void ROKEN_LIB_FUNCTION
-timevaladd(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  += t2->tv_sec;
-    t1->tv_usec += t2->tv_usec;
-    timevalfix(t1);
-}
- 
-/*
- * t1 -= t2
- */
-
-void ROKEN_LIB_FUNCTION
-timevalsub(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  -= t2->tv_sec;
-    t1->tv_usec -= t2->tv_usec;
-    timevalfix(t1);
-}
diff --git a/crypto/heimdal/lib/roken/tm2time.c b/crypto/heimdal/lib/roken/tm2time.c
deleted file mode 100644
index 7bcba83..0000000
--- a/crypto/heimdal/lib/roken/tm2time.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: tm2time.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#include "roken.h"
-
-time_t ROKEN_LIB_FUNCTION
-tm2time (struct tm tm, int local)
-{
-    time_t t;
-
-    tm.tm_isdst = local ? -1 : 0;
-
-    t = mktime (&tm);
-
-    if (!local)
-	t += t - mktime (gmtime (&t));
-    return t;
-}
diff --git a/crypto/heimdal/lib/roken/unsetenv.c b/crypto/heimdal/lib/roken/unsetenv.c
deleted file mode 100644
index 54cf7b7..0000000
--- a/crypto/heimdal/lib/roken/unsetenv.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unsetenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "roken.h"
-
-extern char **environ;
-
-/*
- * unsetenv --
- */
-void ROKEN_LIB_FUNCTION
-unsetenv(const char *name)
-{
-  int len;
-  const char *np;
-  char **p;
-
-  if (name == 0 || environ == 0)
-    return;
-
-  for (np = name; *np && *np != '='; np++)
-    /* nop */;
-  len = np - name;
-  
-  for (p = environ; *p != 0; p++)
-    if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
-      break;
-
-  for (; *p != 0; p++)
-    *p = *(p + 1);
-}
-
diff --git a/crypto/heimdal/lib/roken/unvis.c b/crypto/heimdal/lib/roken/unvis.c
deleted file mode 100644
index 72d5f16..0000000
--- a/crypto/heimdal/lib/roken/unvis.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*	$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $	*/
-
-/*-
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unvis.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include "roken.h"
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)unvis.c	8.1 (Berkeley) 6/4/93";
-#else
-__RCSID("$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $");
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-#define __LIBC12_SOURCE__
-
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strunvis,_strunvis)
-__weak_alias(unvis,_unvis)
-#endif
-
-__warn_references(unvis,
-    "warning: reference to compatibility unvis(); include <vis.h> for correct reference")
-#endif
-
-/*
- * decode driven by state machine
- */
-#define	S_GROUND	0	/* haven't seen escape char */
-#define	S_START		1	/* start decoding special sequence */
-#define	S_META		2	/* metachar started (M) */
-#define	S_META1		3	/* metachar more, regular char (-) */
-#define	S_CTRL		4	/* control char started (^) */
-#define	S_OCTAL2	5	/* octal digit 2 */
-#define	S_OCTAL3	6	/* octal digit 3 */
-
-#define	isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-/*
- * unvis - decode characters previously encoded by vis
- */
-
-int ROKEN_LIB_FUNCTION
-rk_unvis(char *cp, int c, int *astate, int flag)
-{
-
-	_DIAGASSERT(cp != NULL);
-	_DIAGASSERT(astate != NULL);
-
-	if (flag & UNVIS_END) {
-		if (*astate == S_OCTAL2 || *astate == S_OCTAL3) {
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		} 
-		return (*astate == S_GROUND ? UNVIS_NOCHAR : UNVIS_SYNBAD);
-	}
-
-	switch (*astate) {
-
-	case S_GROUND:
-		*cp = 0;
-		if (c == '\\') {
-			*astate = S_START;
-			return (0);
-		} 
-		*cp = c;
-		return (UNVIS_VALID);
-
-	case S_START:
-		switch(c) {
-		case '\\':
-			*cp = c;
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '0': case '1': case '2': case '3':
-		case '4': case '5': case '6': case '7':
-			*cp = (c - '0');
-			*astate = S_OCTAL2;
-			return (0);
-		case 'M':
-			*cp = (char)0200;
-			*astate = S_META;
-			return (0);
-		case '^':
-			*astate = S_CTRL;
-			return (0);
-		case 'n':
-			*cp = '\n';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'r':
-			*cp = '\r';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'b':
-			*cp = '\b';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'a':
-			*cp = '\007';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'v':
-			*cp = '\v';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 't':
-			*cp = '\t';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'f':
-			*cp = '\f';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 's':
-			*cp = ' ';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'E':
-			*cp = '\033';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '\n':
-			/*
-			 * hidden newline
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		case '$':
-			/*
-			 * hidden marker
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		}
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-		 
-	case S_META:
-		if (c == '-')
-			*astate = S_META1;
-		else if (c == '^')
-			*astate = S_CTRL;
-		else {
-			*astate = S_GROUND;
-			return (UNVIS_SYNBAD);
-		}
-		return (0);
-		 
-	case S_META1:
-		*astate = S_GROUND;
-		*cp |= c;
-		return (UNVIS_VALID);
-		 
-	case S_CTRL:
-		if (c == '?')
-			*cp |= 0177;
-		else
-			*cp |= c & 037;
-		*astate = S_GROUND;
-		return (UNVIS_VALID);
-
-	case S_OCTAL2:	/* second possible octal digit */
-		if (isoctal(c)) {
-			/* 
-			 * yes - and maybe a third 
-			 */
-			*cp = (*cp << 3) + (c - '0');
-			*astate = S_OCTAL3;	
-			return (0);
-		} 
-		/* 
-		 * no - done with current sequence, push back passed char 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_VALIDPUSH);
-
-	case S_OCTAL3:	/* third possible octal digit */
-		*astate = S_GROUND;
-		if (isoctal(c)) {
-			*cp = (*cp << 3) + (c - '0');
-			return (UNVIS_VALID);
-		}
-		/*
-		 * we were done, push back passed char
-		 */
-		return (UNVIS_VALIDPUSH);
-			
-	default:	
-		/* 
-		 * decoder in unknown state - (probably uninitialized) 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-	}
-}
-
-/*
- * strunvis - decode src into dst 
- *
- *	Number of chars decoded into dst is returned, -1 on error.
- *	Dst is null terminated.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strunvis(char *dst, const char *src)
-{
-	char c;
-	char *start = dst;
-	int state = 0;
-
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(dst != NULL);
-
-	while ((c = *src++) != '\0') {
-	again:
-		switch (rk_unvis(dst, (unsigned char)c, &state, 0)) {
-		case UNVIS_VALID:
-			dst++;
-			break;
-		case UNVIS_VALIDPUSH:
-			dst++;
-			goto again;
-		case 0:
-		case UNVIS_NOCHAR:
-			break;
-		default:
-			return (-1);
-		}
-	}
-	if (unvis(dst, (unsigned char)c, &state, UNVIS_END) == UNVIS_VALID)
-		dst++;
-	*dst = '\0';
-	return (dst - start);
-}
diff --git a/crypto/heimdal/lib/roken/verify.c b/crypto/heimdal/lib/roken/verify.c
deleted file mode 100644
index 54ad814..0000000
--- a/crypto/heimdal/lib/roken/verify.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-unix_verify_user(char *user, char *password)
-{
-    struct passwd *pw;
-    
-    pw = k_getpwnam(user);
-    if(pw == NULL)
-	return -1;
-    if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
-	return 0;
-    if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
-        return 0;
-    return -1;
-}
-
diff --git a/crypto/heimdal/lib/roken/verr.c b/crypto/heimdal/lib/roken/verr.c
deleted file mode 100644
index 3db3c1c..0000000
--- a/crypto/heimdal/lib/roken/verr.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-verr(int eval, const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/verrx.c b/crypto/heimdal/lib/roken/verrx.c
deleted file mode 100644
index a3a59d0..0000000
--- a/crypto/heimdal/lib/roken/verrx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verrx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-verrx(int eval, const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/vis.c b/crypto/heimdal/lib/roken/vis.c
deleted file mode 100644
index 1114223..0000000
--- a/crypto/heimdal/lib/roken/vis.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*	$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $	*/
-
-/*-
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*-
- * Copyright (c) 1999 The NetBSD Foundation, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include "roken.h"
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $");
-#endif /* not lint */
-#endif
-
-#if 0
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strsvis,_strsvis)
-__weak_alias(strsvisx,_strsvisx)
-__weak_alias(strvis,_strvis)
-__weak_alias(strvisx,_strvisx)
-__weak_alias(svis,_svis)
-__weak_alias(vis,_vis)
-#endif
-#endif
-
-#undef BELL
-#if defined(__STDC__)
-#define BELL '\a'
-#else
-#define BELL '\007'
-#endif
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-
-
-#define isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-#define iswhite(c)	(c == ' ' || c == '\t' || c == '\n')
-#define issafe(c)	(c == '\b' || c == BELL || c == '\r')
-
-#define MAXEXTRAS       5
-
-
-#define MAKEEXTRALIST(flag, extra)					      \
-do {									      \
-	char *pextra = extra;						      \
-	if (flag & VIS_SP) *pextra++ = ' ';				      \
-	if (flag & VIS_TAB) *pextra++ = '\t';				      \
-	if (flag & VIS_NL) *pextra++ = '\n';				      \
-	if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\';		      \
-	*pextra = '\0';							      \
-} while (/*CONSTCOND*/0)
-
-/*
- * This is SVIS, the central macro of vis.
- * dst:	      Pointer to the destination buffer
- * c:	      Character to encode
- * flag:      Flag word
- * nextc:     The character following 'c'
- * extra:     Pointer to the list of extra characters to be
- *	      backslash-protected.
- */
-#define SVIS(dst, c, flag, nextc, extra)				   \
-do {									   \
-	int isextra, isc;						   \
-	isextra = strchr(extra, c) != NULL;				   \
-	if (!isextra &&							   \
-	    isascii((unsigned char)c) &&				   \
-	    (isgraph((unsigned char)c) || iswhite(c) ||			   \
-	    ((flag & VIS_SAFE) && issafe(c)))) {			   \
-		*dst++ = c;						   \
-		break;							   \
-	}								   \
-	isc = 0;							   \
-	if (flag & VIS_CSTYLE) {					   \
-		switch (c) {						   \
-		case '\n':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'n';		   \
-			break;						   \
-		case '\r':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'r';		   \
-			break;						   \
-		case '\b':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'b';		   \
-			break;						   \
-		case BELL:						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'a';		   \
-			break;						   \
-		case '\v':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'v';		   \
-			break;						   \
-		case '\t':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 't';		   \
-			break;						   \
-		case '\f':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'f';		   \
-			break;						   \
-		case ' ':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 's';		   \
-			break;						   \
-		case '\0':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = '0';		   \
-			if (isoctal(nextc)) {				   \
-				*dst++ = '0';				   \
-				*dst++ = '0';				   \
-			}						   \
-		}							   \
-	}								   \
-	if (isc) break;							   \
-	if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) {	   \
-		*dst++ = '\\';						   \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0';  \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0';  \
-		*dst++ =			     (c	      & 07) + '0'; \
-	} else {							   \
-		if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\';		   \
-		if (c & 0200) {						   \
-			c &= 0177; *dst++ = 'M';			   \
-		}							   \
-		if (iscntrl((unsigned char)c)) {			   \
-			*dst++ = '^';					   \
-			if (c == 0177)					   \
-				*dst++ = '?';				   \
-			else						   \
-				*dst++ = c + '@';			   \
-		} else {						   \
-			*dst++ = '-'; *dst++ = c;			   \
-		}							   \
-	}								   \
-} while (/*CONSTCOND*/0)
-
-
-/*
- * svis - visually encode characters, also encoding the characters
- * 	  pointed to by `extra'
- */
-
-char * ROKEN_LIB_FUNCTION
-rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
-{
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return(dst);
-}
-
-
-/*
- * strsvis, strsvisx - visually encode characters from src into dst
- *
- *	Extra is a pointer to a \0-terminated list of characters to
- *	be encoded, too. These functions are useful e. g. to
- *	encode strings in such a way so that they are not interpreted
- *	by a shell.
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strsvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strsvis(char *dst, const char *src, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; (c = *src++) != '\0'; /* empty */)
-	    SVIS(dst, c, flag, *src, extra);
-	*dst = '\0';
-	return (dst - start);
-}
-
-
-int ROKEN_LIB_FUNCTION
-rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; len > 0; len--) {
-		c = *src++;
-		SVIS(dst, c, flag, len ? *src : '\0', extra);
-	}
-	*dst = '\0';
-	return (dst - start);
-}
-
-
-/*
- * vis - visually encode characters
- */
-char * ROKEN_LIB_FUNCTION
-rk_vis(char *dst, int c, int flag, int nextc)
-{
-	char extra[MAXEXTRAS];
-
-	_DIAGASSERT(dst != NULL);
-
-	MAKEEXTRALIST(flag, extra);
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return (dst);
-}
-
-
-/*
- * strvis, strvisx - visually encode characters from src into dst
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strvis(char *dst, const char *src, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (rk_strsvis(dst, src, flag, extra));
-}
-
-
-int ROKEN_LIB_FUNCTION
-rk_strvisx(char *dst, const char *src, size_t len, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (rk_strsvisx(dst, src, len, flag, extra));
-}
diff --git a/crypto/heimdal/lib/roken/vis.h b/crypto/heimdal/lib/roken/vis.h
deleted file mode 100644
index 224870b..0000000
--- a/crypto/heimdal/lib/roken/vis.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*	$NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $	*/
-/*	$Id: vis.hin 19341 2006-12-15 11:53:09Z lha $	*/
-
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)vis.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _VIS_H_
-#define	_VIS_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * to select alternate encoding format
- */
-#define	VIS_OCTAL	0x01	/* use octal \ddd format */
-#define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropiate */
-
-/*
- * to alter set of characters encoded (default is to encode all
- * non-graphic except space, tab, and newline).
- */
-#define	VIS_SP		0x04	/* also encode space */
-#define	VIS_TAB		0x08	/* also encode tab */
-#define	VIS_NL		0x10	/* also encode newline */
-#define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
-#define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
-
-/*
- * other
- */
-#define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
-
-/*
- * unvis return codes
- */
-#define	UNVIS_VALID	 1	/* character valid */
-#define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
-#define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
-#define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
-#define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
-
-/*
- * unvis flags
- */
-#define	UNVIS_END	1	/* no more characters */
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-#undef vis
-#define vis(a,b,c,d) rk_vis(a,b,c,d)
-#undef svis
-#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
-#undef strvis
-#define strvis(a,b,c) rk_strvis(a,b,c)
-#undef strsvis
-#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
-#undef strvisx
-#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
-#undef strsvisx
-#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
-#undef strunvis
-#define strunvis(a,b) rk_strunvis(a,b)
-#undef unvis
-#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
-
-#endif /* !_VIS_H_ */
diff --git a/crypto/heimdal/lib/roken/vis.hin b/crypto/heimdal/lib/roken/vis.hin
deleted file mode 100644
index 224870b..0000000
--- a/crypto/heimdal/lib/roken/vis.hin
+++ /dev/null
@@ -1,115 +0,0 @@
-/*	$NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $	*/
-/*	$Id: vis.hin 19341 2006-12-15 11:53:09Z lha $	*/
-
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)vis.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _VIS_H_
-#define	_VIS_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * to select alternate encoding format
- */
-#define	VIS_OCTAL	0x01	/* use octal \ddd format */
-#define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropiate */
-
-/*
- * to alter set of characters encoded (default is to encode all
- * non-graphic except space, tab, and newline).
- */
-#define	VIS_SP		0x04	/* also encode space */
-#define	VIS_TAB		0x08	/* also encode tab */
-#define	VIS_NL		0x10	/* also encode newline */
-#define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
-#define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
-
-/*
- * other
- */
-#define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
-
-/*
- * unvis return codes
- */
-#define	UNVIS_VALID	 1	/* character valid */
-#define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
-#define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
-#define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
-#define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
-
-/*
- * unvis flags
- */
-#define	UNVIS_END	1	/* no more characters */
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-#undef vis
-#define vis(a,b,c,d) rk_vis(a,b,c,d)
-#undef svis
-#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
-#undef strvis
-#define strvis(a,b,c) rk_strvis(a,b,c)
-#undef strsvis
-#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
-#undef strvisx
-#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
-#undef strsvisx
-#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
-#undef strunvis
-#define strunvis(a,b) rk_strunvis(a,b)
-#undef unvis
-#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
-
-#endif /* !_VIS_H_ */
diff --git a/crypto/heimdal/lib/roken/vsyslog.c b/crypto/heimdal/lib/roken/vsyslog.c
deleted file mode 100644
index 690eb7d..0000000
--- a/crypto/heimdal/lib/roken/vsyslog.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vsyslog.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifndef HAVE_VSYSLOG
-
-#include <stdio.h>
-#include <syslog.h>
-#include <stdarg.h>
-
-#include "roken.h"
-
-/*
- * the theory behind this is that we might be trying to call vsyslog
- * when there's no memory left, and we should try to be as useful as
- * possible.  And the format string should say something about what's
- * failing.
- */
-
-static void
-simple_vsyslog(int pri, const char *fmt, va_list ap)
-{
-    syslog (pri, "%s", fmt);
-}
-
-/*
- * do like syslog but with a `va_list'
- */
-
-void ROKEN_LIB_FUNCTION
-vsyslog(int pri, const char *fmt, va_list ap)
-{
-    char *fmt2;
-    const char *p;
-    char *p2;
-    int saved_errno = errno;
-    int fmt_len  = strlen (fmt);
-    int fmt2_len = fmt_len;
-    char *buf;
-
-    fmt2 = malloc (fmt_len + 1);
-    if (fmt2 == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-
-    for (p = fmt, p2 = fmt2; *p != '\0'; ++p) {
-	if (p[0] == '%' && p[1] == 'm') {
-	    const char *e = strerror (saved_errno);
-	    int e_len = strlen (e);
-	    char *tmp;
-	    int pos;
-
-	    pos = p2 - fmt2;
-	    fmt2_len += e_len - 2;
-	    tmp = realloc (fmt2, fmt2_len + 1);
-	    if (tmp == NULL) {
-		free (fmt2);
-		simple_vsyslog (pri, fmt, ap);
-		return;
-	    }
-	    fmt2 = tmp;
-	    p2   = fmt2 + pos;
-	    memmove (p2, e, e_len);
-	    p2 += e_len;
-	    ++p;
-	} else
-	    *p2++ = *p;
-    }
-    *p2 = '\0';
-
-    vasprintf (&buf, fmt2, ap);
-    free (fmt2);
-    if (buf == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-    syslog (pri, "%s", buf);
-    free (buf);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/vwarn.c b/crypto/heimdal/lib/roken/vwarn.c
deleted file mode 100644
index c25ca62..0000000
--- a/crypto/heimdal/lib/roken/vwarn.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarn.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-vwarn(const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-}
diff --git a/crypto/heimdal/lib/roken/vwarnx.c b/crypto/heimdal/lib/roken/vwarnx.c
deleted file mode 100644
index e35c0de..0000000
--- a/crypto/heimdal/lib/roken/vwarnx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarnx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-vwarnx(const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-}
-
diff --git a/crypto/heimdal/lib/roken/warn.c b/crypto/heimdal/lib/roken/warn.c
deleted file mode 100644
index 0924880..0000000
--- a/crypto/heimdal/lib/roken/warn.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warn.c 7463 1999-12-02 16:58:55Z joda $");
-#endif
-
-#include "err.h"
-
-void
-warn(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarn(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/warnerr.c b/crypto/heimdal/lib/roken/warnerr.c
deleted file mode 100644
index 6dee466..0000000
--- a/crypto/heimdal/lib/roken/warnerr.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnerr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-warnerr(int doerrno, const char *fmt, va_list ap)
-{
-    int sverrno = errno;
-    const char *progname = getprogname();
-
-    if(progname != NULL){
-	fprintf(stderr, "%s", progname);
-	if(fmt != NULL || doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if (fmt != NULL){
-	vfprintf(stderr, fmt, ap);
-	if(doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if(doerrno)
-	fprintf(stderr, "%s", strerror(sverrno));
-    fprintf(stderr, "\n");
-}
diff --git a/crypto/heimdal/lib/roken/warnx.c b/crypto/heimdal/lib/roken/warnx.c
deleted file mode 100644
index 7e1de7a..0000000
--- a/crypto/heimdal/lib/roken/warnx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-warnx(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarnx(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/write_pid.c b/crypto/heimdal/lib/roken/write_pid.c
deleted file mode 100644
index edadf5c..0000000
--- a/crypto/heimdal/lib/roken/write_pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: write_pid.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include "roken.h"
-
-#include "roken.h"
-
-char * ROKEN_LIB_FUNCTION
-pid_file_write (const char *progname)
-{
-    FILE *fp;
-    char *ret;
-
-    asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname);
-    if (ret == NULL)
-	return NULL;
-    fp = fopen (ret, "w");
-    if (fp == NULL) {
-	free (ret);
-	return NULL;
-    }
-    fprintf (fp, "%u", (unsigned)getpid());
-    fclose (fp);
-    return ret;
-}
-
-void ROKEN_LIB_FUNCTION
-pid_file_delete (char **filename)
-{
-    if (*filename != NULL) {
-	unlink (*filename);
-	free (*filename);
-	*filename = NULL;
-    }
-}
-
-#ifndef HAVE_PIDFILE
-static char *pidfile_path;
-
-static void
-pidfile_cleanup(void)
-{
-    if(pidfile_path != NULL)
-	pid_file_delete(&pidfile_path);
-}
-
-void
-pidfile(const char *basename)
-{
-    if(pidfile_path != NULL)
-	return;
-    if(basename == NULL)
-	basename = getprogname();
-    pidfile_path = pid_file_write(basename);
-#if defined(HAVE_ATEXIT)
-    atexit(pidfile_cleanup);
-#elif defined(HAVE_ON_EXIT)
-    on_exit(pidfile_cleanup);
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/writev.c b/crypto/heimdal/lib/roken/writev.c
deleted file mode 100644
index 2500e6d..0000000
--- a/crypto/heimdal/lib/roken/writev.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: writev.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-writev(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < iovcnt; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = write (d, buf, tot);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/xdbm.h b/crypto/heimdal/lib/roken/xdbm.h
deleted file mode 100644
index 618e074..0000000
--- a/crypto/heimdal/lib/roken/xdbm.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: xdbm.h 10986 2002-05-17 16:02:22Z joda $ */
-
-/* Generic *dbm include file */
-
-#ifndef __XDBM_H__
-#define __XDBM_H__
-
-#if HAVE_DB_NDBM
-#define DB_DBM_HSEARCH 1
-#include <db.h>
-#elif HAVE_NDBM
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#endif
-#endif /* HAVE_NDBM */
-
-#endif /* __XDBM_H__ */
diff --git a/crypto/heimdal/lib/sl/ChangeLog b/crypto/heimdal/lib/sl/ChangeLog
deleted file mode 100644
index 3937232b0..0000000
--- a/crypto/heimdal/lib/sl/ChangeLog
+++ /dev/null
@@ -1,325 +0,0 @@
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: roken_rename.h is a dist_ source k
-
-	* Makefile.am: split source files in dist and nodist.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* sl.c: make compile.
-
-	* sl.c: Pass in pointer to strlen().
-
-	* sl.c (sl_make_argv): use memmove since we are dealing with
-	overlapping strings.
-
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: don't clean yacc/lex files in CLEANFILES,
-	maintainers clean will do that for us.
-	
-2007-06-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* slc-gram.y (main): also fclose yyin.
-	
-2007-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add dependency on slc-gram.h for slc-lex.c, breaks
-	in disttree with make -j
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_sl.c: Fix caseing for case-sensitive filesystems
-	
-2006-12-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_sl.c: catch test that should fail but didn't
-
-	* test_sl.c: Test more quoting variants.
-
-	* sl_locl.h: Include <ctype.h>.
-
-	* test_sl.c: test sl_make_argv
-
-	* sl.c (sl_make_argv): Add quoting support (both "" and \ style).
-	
-2006-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c: Use strcspn to remove \n from fgets result. Prompted by
-	change by Ray Lai of OpenBSD via Bj�rn Sandell.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (ES): add roken_rename.h
-	
-2006-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c (sl_slc_help): remove return
-	
-2006-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.h: Add sl_slc_help.
-
-	* sl.c: Add sl_slc_help.
-	
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* slc-gram.y (gen_wrapper): use the generated version of name for
-	function, if no function is is used, also use the generated name
-	for the structure name.
-	
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: fix a merge error
-	
-	* slc-gram.y: rename optind to optidx, rename variables to avoid
-	shadowing
-
-	* make_cmds.c: rename optind to optidx, move variable define to
-	avoid shadowing
-
-	* ss.c: rename index to idx
-	
-	* sl.c: use rk_UNCONST to un-constify
-
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* slc-lex.l: Include <stdlib.h>.
-
-2005-05-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c (sl_command_loop): new return code -2 for EOF
-	(sl_loop): treat all return value from sl_command_loop >= 0 as ok, and
-	continue.
-
-2005-04-29  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (LDADD): Add libsl.la.
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: include <config.h> since defines _GNU_SOURCE if
-	needed, avoid asprintf warning
-
-2005-01-21  Dave Love  <d.love@dl.ac.uk>
-
-	* slc-gram.y: include <roken.h>
-
-2005-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: cast argument to isalnum to unsigned char
-
-2004-09-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* slc-gram.y: add support for "strings" and "negative-flag" types,
-	plus some usability tweaks and bug fixes
-	
-2004-07-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* slc-gram.y: add min_args/max_args checking
-	
-2004-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: pull in <stdlib.h> and <vers.h> to avoid warnings
-	
-2004-03-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.h: make it possible to use libsl from c++
-	From: Mattias Amnefelt <mattiasa@kth.se>
-	
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: just link mk_cmds against libsl; avoids libtool
-	problem
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getprogname.c libss.la:add libcom_err.la noted
-	by Leif Johansson <leifj@it.su.se>
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions to 1:2:1 and 1:4:1
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* roken_rename.h (strdup): add
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: re do the roken-renaming properly
-
-2001-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add more functions to rename
-
-2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sl.h: proto
-
-	* sl.c (sl_command_loop): try to handle user pressing C-c
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libss_la_LDFLAGS): bump version to 1:2:1
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add dependencies for libss/libsl shared libraries
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump ss version to 1:1:1
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (yyerror): static-ize
-	* make_cmds.h (error_message, yylex): add prototypes
-	* lex.l: fix prototypes and kill warnings
-
-2000-05-24  Assar Westerlund  <assar@sics.se>
-
-	* ss.h (SS_ET_COMMAND_NOT_FOUND): add
-	* ss.c: check allocation and return some other error codes too
-
-2000-04-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add LIB_tgetent.  From Derrick J Brashear
-	<shadow@dementia.org>
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-03-07  Assar Westerlund  <assar@sics.se>
-
-	* sl.h (SL_BADCOMMAND): define
-	(sl_apropos): add prototype
-
-	* sl.c: mandoc-generation
-	(sl_apropos): stolen from arla
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump both versions to 0:1:0
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (name2number): not used here.  remove.
-
-Thu Apr  1 17:03:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* make_cmds.c: use getarg
-
-Tue Mar 23 14:36:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't rename
-
-Sun Mar 21 14:13:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't roken-rename
-
-Sat Mar 20 03:43:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: replace return with YYACCEPT
-
-Fri Mar 19 14:53:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add libss; add version-info
-
-Thu Mar 18 15:07:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: clean lex.c parse.c parse.h
-
-	* Makefile.am: install ss.h
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 15:01:01 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Tue Feb  9 23:45:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.in: add snprintf.o to make_cmds
-
-Sun Nov 22 10:46:23 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_command_loop): remove unused variable
-
-	* ss.c (ss_error): remove unused variable
-
-	* make_cmds.c: include err.h
-	(main): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Sun Sep 27 01:28:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* make_cmds.c: clean-up and simplification
-
-Mon May 25 02:54:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-	* Makefile.in: make symlink magic work
-
-Sun Apr 19 10:00:26 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:21:43 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Sat Mar 28 11:39:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_loop): s/2/1
-
-Sat Mar 21 00:46:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): check that there is at least one argument before
- 	calling sl_command
-
-Sun Mar  1 05:14:37 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): Fix general broken-ness.
-
-	* sl.c: Cleanup printing of help strings.
-
-Thu Feb 26 02:22:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:21 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Mon Feb 16 16:08:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: Some fixes for ss/mk_cmds.
-
-Sun Feb 15 05:12:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install libsl under the `libss' name too. Install
- 	mk_cmds, and ss.h.
-
-	* make_cmds.c: A mk_cmds clone that creates SL structures.
-
-	* ss.c: SS compatibility functions.
-
-	* sl.c: Move command line split to function `sl_make_argv'.
-
-Tue Feb  3 16:45:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c: Add sl_command_loop, that is the loop body of sl_loop.
-
-Mon Oct 20 01:13:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_help): actually use the `help' field of `SL_cmd'
-
diff --git a/crypto/heimdal/lib/sl/Makefile.am b/crypto/heimdal/lib/sl/Makefile.am
deleted file mode 100644
index 9c1b2dc..0000000
--- a/crypto/heimdal/lib/sl/Makefile.am
+++ /dev/null
@@ -1,63 +0,0 @@
-# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if do_roken_rename
-ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-endif
-
-AM_CPPFLAGS += $(ROKEN_RENAME)
-
-YFLAGS = -d
-
-include_HEADERS = sl.h
-
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 2:1:2
-libss_la_LDFLAGS = -version-info 1:6:1
-
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-
-dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
-nodist_libsl_la_SOURCES = $(ES)
-dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
-nodist_libss_la_SOURCES = $(ES)
-
-TESTS = test_sl
-check_PROGRAMS = $(TESTS)	
-
-# install these?
-
-bin_PROGRAMS = mk_cmds
-noinst_PROGRAMS = slc
-
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-
-slc_SOURCES = slc-gram.y slc-lex.l slc.h
-
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-
-CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-LDADD =						\
-	libsl.la				\
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-
-slc-lex.c: slc-gram.h
diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in
deleted file mode 100644
index 0814375..0000000
--- a/crypto/heimdal/lib/sl/Makefile.in
+++ /dev/null
@@ -1,1064 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(ssinclude_HEADERS) \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h slc-gram.c slc-gram.h slc-lex.c
-TESTS = test_sl$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1)
-bin_PROGRAMS = mk_cmds$(EXEEXT)
-noinst_PROGRAMS = slc$(EXEEXT)
-subdir = lib/sl
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libsl_la_DEPENDENCIES =
-dist_libsl_la_OBJECTS = sl.lo
-@do_roken_rename_TRUE@am__objects_1 = strtok_r.lo snprintf.lo \
-@do_roken_rename_TRUE@	strdup.lo strupr.lo getprogname.lo
-nodist_libsl_la_OBJECTS = $(am__objects_1)
-libsl_la_OBJECTS = $(dist_libsl_la_OBJECTS) $(nodist_libsl_la_OBJECTS)
-libsl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libsl_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
-libss_la_DEPENDENCIES =
-am__objects_2 = sl.lo
-dist_libss_la_OBJECTS = $(am__objects_2) ss.lo
-nodist_libss_la_OBJECTS = $(am__objects_1)
-libss_la_OBJECTS = $(dist_libss_la_OBJECTS) $(nodist_libss_la_OBJECTS)
-libss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libss_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_sl$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
-mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-mk_cmds_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_2)
-am_slc_OBJECTS = slc-gram.$(OBJEXT) slc-lex.$(OBJEXT)
-slc_OBJECTS = $(am_slc_OBJECTS)
-slc_LDADD = $(LDADD)
-slc_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-test_sl_SOURCES = test_sl.c
-test_sl_OBJECTS = test_sl.$(OBJEXT)
-test_sl_LDADD = $(LDADD)
-test_sl_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libsl_la_SOURCES) $(nodist_libsl_la_SOURCES) \
-	$(dist_libss_la_SOURCES) $(nodist_libss_la_SOURCES) \
-	$(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
-DIST_SOURCES = $(dist_libsl_la_SOURCES) $(dist_libss_la_SOURCES) \
-	$(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-ssincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(ssinclude_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(ROKEN_RENAME)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@do_roken_rename_TRUE@ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-include_HEADERS = sl.h
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 2:1:2
-libss_la_LDFLAGS = -version-info 1:6:1
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
-nodist_libsl_la_SOURCES = $(ES)
-dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
-nodist_libss_la_SOURCES = $(ES)
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-slc_SOURCES = slc-gram.y slc-lex.l slc.h
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-LDADD = \
-	libsl.la				\
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/sl/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/sl/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES) 
-	$(libsl_la_LINK) -rpath $(libdir) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS)
-libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES) 
-	$(libss_la_LINK) -rpath $(libdir) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) parse.c; \
-	else :; fi
-mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES) 
-	@rm -f mk_cmds$(EXEEXT)
-	$(LINK) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS)
-slc-gram.h: slc-gram.c
-	@if test ! -f $@; then \
-	  rm -f slc-gram.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) slc-gram.c; \
-	else :; fi
-slc$(EXEEXT): $(slc_OBJECTS) $(slc_DEPENDENCIES) 
-	@rm -f slc$(EXEEXT)
-	$(LINK) $(slc_OBJECTS) $(slc_LDADD) $(LIBS)
-test_sl$(EXEEXT): $(test_sl_OBJECTS) $(test_sl_DEPENDENCIES) 
-	@rm -f test_sl$(EXEEXT)
-	$(LINK) $(test_sl_OBJECTS) $(test_sl_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-ssincludeHEADERS: $(ssinclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(ssincludedir)" || $(MKDIR_P) "$(DESTDIR)$(ssincludedir)"
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(ssincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(ssincludedir)/$$f'"; \
-	  $(ssincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(ssincludedir)/$$f"; \
-	done
-
-uninstall-ssincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(ssincludedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(ssincludedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-	-rm -f slc-gram.c
-	-rm -f slc-gram.h
-	-rm -f slc-lex.c
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-ssincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man install-pdf \
-	install-pdf-am install-ps install-ps-am \
-	install-ssincludeHEADERS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-
-slc-lex.c: slc-gram.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/sl/lex.c b/crypto/heimdal/lib/sl/lex.c
deleted file mode 100644
index 57e6a7c..0000000
--- a/crypto/heimdal/lib/sl/lex.c
+++ /dev/null
@@ -1,1880 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 12
-#define YY_END_OF_BUFFER 13
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[54] =
-    {   0,
-        0,    0,   13,   11,    7,    8,    9,    6,   10,   10,
-       10,   10,   10,    6,   10,   10,   10,   10,   10,   10,
-        5,   10,   10,   10,   10,   10,   10,   10,   10,   10,
-       10,   10,   10,   10,   10,   10,   10,    2,   10,    3,
-       10,   10,   10,   10,   10,   10,   10,   10,   10,   10,
-        1,    4,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        1,    1,    1,    1,    6,    6,    6,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    6,    6,    6,
-        1,    1,    1,    1,    7,    1,    8,    9,   10,   11,
-
-       12,    6,    6,    6,   13,    6,   14,   15,   16,   17,
-       18,   19,   20,   21,   22,   23,   24,    6,   25,    6,
-        6,    6,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[26] =
-    {   0,
-        1,    1,    2,    1,    1,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3
-    } ;
-
-static yyconst flex_int16_t yy_base[57] =
-    {   0,
-        0,   24,   69,   70,   70,   70,   70,    0,    0,   50,
-       50,   54,   48,    0,    0,   48,   52,   42,    0,   45,
-        0,   36,   43,   41,   49,   44,   36,   35,   30,   24,
-       29,   18,   31,   18,   28,   22,   31,    0,   21,    0,
-       12,   21,   24,   14,   21,    0,    2,    4,    3,    0,
-        0,    0,   70,   48,   51,    3
-    } ;
-
-static yyconst flex_int16_t yy_def[57] =
-    {   0,
-       54,   54,   53,   53,   53,   53,   53,   55,   56,   56,
-       56,   56,   56,   55,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,    0,   53,   53,   53
-    } ;
-
-static yyconst flex_int16_t yy_nxt[96] =
-    {   0,
-        4,    5,    6,    7,    8,   15,   53,   53,   53,   10,
-       52,   11,   23,   24,   51,   50,   49,   53,   53,   53,
-       12,   53,   48,   13,    4,    5,    6,    7,    8,   47,
-       46,   45,   44,   10,   43,   11,   42,   41,   40,   39,
-       38,   37,   36,   35,   12,   34,   33,   13,    9,    9,
-        9,   14,   32,   14,   31,   30,   29,   28,   27,   26,
-       25,   22,   21,   20,   19,   18,   17,   16,   53,    3,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53
-
-    } ;
-
-static yyconst flex_int16_t yy_chk[96] =
-    {   0,
-        1,    1,    1,    1,    1,   56,    0,    0,    0,    1,
-       50,    1,   19,   19,   49,   48,   47,    0,    0,    0,
-        1,    0,   46,    1,    2,    2,    2,    2,    2,   45,
-       44,   43,   42,    2,   41,    2,   39,   37,   36,   35,
-       34,   33,   32,   31,    2,   30,   29,    2,   54,   54,
-       54,   55,   28,   55,   27,   26,   25,   24,   23,   22,
-       20,   18,   17,   16,   13,   12,   11,   10,    3,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53
-
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ECHO
-
-#include "make_cmds.h"
-#include "parse.h"
-
-RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 538 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 52 "lex.l"
-
-#line 693 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 54 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 70 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 53 "lex.l"
-{ return TABLE; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 54 "lex.l"
-{ return REQUEST; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 55 "lex.l"
-{ return UNKNOWN; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 56 "lex.l"
-{ return UNIMPLEMENTED; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 57 "lex.l"
-{ return END; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 58 "lex.l"
-;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 59 "lex.l"
-;
-	YY_BREAK
-case 8:
-/* rule 8 can match eol */
-YY_RULE_SETUP
-#line 60 "lex.l"
-{ lineno++; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 61 "lex.l"
-{ return getstring(); }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 62 "lex.l"
-{ yylval.string = strdup(yytext); return STRING; }
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 63 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 64 "lex.l"
-ECHO;
-	YY_BREAK
-#line 837 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 54 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 54 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 53);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 64 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int backslash = 0;
-    while((c = input()) != EOF){
-	if(backslash) {
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    x[i++] = c;
-	    backslash = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    backslash++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
-
diff --git a/crypto/heimdal/lib/sl/lex.l b/crypto/heimdal/lib/sl/lex.l
deleted file mode 100644
index b4f8a2c..0000000
--- a/crypto/heimdal/lib/sl/lex.l
+++ /dev/null
@@ -1,119 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ECHO
-
-#include "make_cmds.h"
-#include "parse.h"
-
-RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-command_table		{ return TABLE; }
-request			{ return REQUEST; }
-unknown			{ return UNKNOWN; }
-unimplemented		{ return UNIMPLEMENTED; }
-end			{ return END; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int backslash = 0;
-    while((c = input()) != EOF){
-	if(backslash) {
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    x[i++] = c;
-	    backslash = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    backslash++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.c b/crypto/heimdal/lib/sl/make_cmds.c
deleted file mode 100644
index c39be21..0000000
--- a/crypto/heimdal/lib/sl/make_cmds.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (c) 1998-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-#include <getarg.h>
-
-RCSID("$Id: make_cmds.c 15430 2005-06-16 19:25:45Z lha $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-FILE *c_file;
-
-extern void yyparse(void);
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char *table_name;
-
-static struct command_list *commands;
-
-void
-add_command(char *function, 
-	    char *help, 
-	    struct string_list *aliases, 
-	    unsigned flags)
-{
-    struct command_list *cl = malloc(sizeof(*cl));
-
-    if (cl == NULL)
-	err (1, "malloc");
-    cl->function = function;
-    cl->help = help;
-    cl->aliases = aliases;
-    cl->flags = flags;
-    cl->next = NULL;
-    if(commands) {
-	*commands->tail = cl;
-	commands->tail = &cl->next;
-	return;
-    }
-    cl->tail = &cl->next;
-    commands = cl;
-}
-
-static char *
-quote(const char *str)
-{
-    char buf[1024]; /* XXX */
-    const char *p;
-    char *q;
-    q = buf;
-    
-    *q++ = '\"';
-    for(p = str; *p != '\0'; p++) {
-	if(*p == '\n') {
-	    *q++ = '\\';
-	    *q++ = 'n';
-	    continue;
-	}
-	if(*p == '\t') {
-	    *q++ = '\\';
-	    *q++ = 't';
-	    continue;
-	}
-	if(*p == '\"' || *p == '\\')
-	    *q++ = '\\';
-	*q++ = *p;
-    }
-    *q++ = '\"';
-    *q++ = '\0';
-    return strdup(buf);
-}
-
-static void
-generate_commands(void)
-{
-    char *base;
-    char *cfn;
-    char *p, *q;
-
-    p = strrchr(table_name, '/');
-    if(p == NULL)
-	p = table_name;
-    else
-	p++;
-
-    base = strdup (p);
-    if (base == NULL)
-	err (1, "strdup");
-
-    p = strrchr(base, '.');
-    if(p)
-	*p = '\0';
-    
-    asprintf(&cfn, "%s.c", base);
-    if (cfn == NULL)
-	err (1, "asprintf");
-
-    c_file = fopen(cfn, "w");
-    if (c_file == NULL)
-	err (1, "cannot fopen %s", cfn);
-    
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <sl.h>\n");
-    fprintf(c_file, "\n");
-
-    {
-	struct command_list *cl, *xl;
-
-	for(cl = commands; cl; cl = cl->next) {
-	    for(xl = commands; xl != cl; xl = xl->next)
-		if(strcmp(cl->function, xl->function) == 0)
-		    break;
-	    if(xl != cl)
-		continue;
-	    /* XXX hack for ss_quit */
-	    if(strcmp(cl->function, "ss_quit") == 0) {
-		fprintf(c_file, "int %s (int, char**);\n", cl->function);
-		fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); 
-		continue;
-	    }
-	    fprintf(c_file, "void %s (int, char**);\n", cl->function);
-	    fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", 
-		    cl->function);
-	    fprintf(c_file, "{\n");
-	    fprintf(c_file, "  %s (argc, argv);\n", cl->function);
-	    fprintf(c_file, "  return 0;\n");
-	    fprintf(c_file, "}\n\n");
-	}
-
-	fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
-	for(cl = commands; cl; cl = cl->next) {
-	    struct string_list *sl;
-	    sl = cl->aliases;
-	    p = quote(sl->string);
-	    q = quote(cl->help);
-	    fprintf(c_file, "  { %s, _%s_wrap, %s },\n", p, cl->function, q);
-	    free(p);
-	    free(q);
-    
-	    for(sl = sl->next; sl; sl = sl->next) {
-		p = quote(sl->string);
-		fprintf(c_file, "  { %s },\n", p);
-		free(p);
-	    }
-	}
-	fprintf(c_file, "  { NULL },\n");
-	fprintf(c_file, "};\n");
-	fprintf(c_file, "\n");
-    }
-    fclose(c_file);
-    free(base);
-    free(cfn);
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    
-    yyparse();
-    
-    generate_commands();
-
-    if(numerror)
-	return 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.h b/crypto/heimdal/lib/sl/make_cmds.h
deleted file mode 100644
index 818e5e8..0000000
--- a/crypto/heimdal/lib/sl/make_cmds.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: make_cmds.h 8467 2000-06-27 02:36:56Z assar $ */
-
-#ifndef __MAKE_CMDS_H__
-#define __MAKE_CMDS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <roken.h>
-
-extern char *filename;
-extern char *table_name;
-extern int numerror;
-
-struct command_list {
-    char *function;
-    char *help;
-    struct string_list *aliases;
-    unsigned flags;
-    struct command_list *next;
-    struct command_list **tail;
-};
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-    struct string_list **tail;
-};
-
-void add_command(char*, char*, struct string_list*, unsigned);
-
-void error_message(const char *, ...)
-    __attribute__ ((format (printf, 1,2)));
-
-int yylex (void);
-
-#endif /* __MAKE_CMDS_H__ */
diff --git a/crypto/heimdal/lib/sl/parse.c b/crypto/heimdal/lib/sl/parse.c
deleted file mode 100644
index f79318d..0000000
--- a/crypto/heimdal/lib/sl/parse.c
+++ /dev/null
@@ -1,1724 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     TABLE = 258,
-     REQUEST = 259,
-     UNKNOWN = 260,
-     UNIMPLEMENTED = 261,
-     END = 262,
-     STRING = 263
-   };
-#endif
-/* Tokens.  */
-#define TABLE 258
-#define REQUEST 259
-#define UNKNOWN 260
-#define UNIMPLEMENTED 261
-#define END 262
-#define STRING 263
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "parse.y"
-
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $");
-
-static void yyerror (char *s);
-
-struct string_list* append_string(struct string_list*, char*);
-void free_string_list(struct string_list *list);
-unsigned string_to_flag(const char *);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 52 "parse.y"
-{
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-/* Line 193 of yacc.c.  */
-#line 169 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 182 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  15
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   37
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  13
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  7
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  16
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  40
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   263
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-      11,    12,     2,     2,    10,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     9,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     4,     6,     8,    11,    15,    27,    35,
-      43,    47,    50,    52,    56,    58,    62
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-      14,     0,    -1,    -1,    15,    -1,    16,    -1,    15,    16,
-      -1,     3,     8,     9,    -1,     4,     8,    10,     8,    10,
-      17,    10,    11,    18,    12,     9,    -1,     4,     8,    10,
-       8,    10,    17,     9,    -1,     6,     8,    10,     8,    10,
-      17,     9,    -1,     5,    17,     9,    -1,     7,     9,    -1,
-       8,    -1,    17,    10,     8,    -1,    19,    -1,    18,    10,
-      19,    -1,     8,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    65,    65,    66,    69,    70,    73,    77,    81,    85,
-      91,    95,   101,   105,   111,   115,   120
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "TABLE", "REQUEST", "UNKNOWN",
-  "UNIMPLEMENTED", "END", "STRING", "';'", "','", "'('", "')'", "$accept",
-  "file", "statements", "statement", "aliases", "flags", "flag", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,    59,
-      44,    40,    41
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    13,    14,    14,    15,    15,    16,    16,    16,    16,
-      16,    16,    17,    17,    18,    18,    19
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     0,     1,     1,     2,     3,    11,     7,     7,
-       3,     2,     1,     3,     1,     3,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       2,     0,     0,     0,     0,     0,     0,     3,     4,     0,
-       0,    12,     0,     0,    11,     1,     5,     6,     0,    10,
-       0,     0,     0,    13,     0,     0,     0,     0,     0,     8,
-       0,     9,     0,    16,     0,    14,     0,     0,    15,     7
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     6,     7,     8,    12,    34,    35
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -10
-static const yytype_int8 yypact[] =
-{
-      -3,     0,    10,    11,    12,    13,    21,    -3,   -10,    14,
-      15,   -10,     1,    16,   -10,   -10,   -10,   -10,    19,   -10,
-      20,    22,    23,   -10,    24,    11,    11,     3,     5,   -10,
-      -2,   -10,    27,   -10,    -5,   -10,    27,    28,   -10,   -10
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-     -10,   -10,   -10,    17,    -9,   -10,    -7
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-       1,     2,     3,     4,     5,    36,    23,    37,     9,    32,
-      19,    20,    29,    30,    31,    20,    27,    28,    10,    11,
-      13,    15,    14,    17,    16,    18,    21,    22,    23,    38,
-      24,     0,     0,    25,    26,    33,     0,    39
-};
-
-static const yytype_int8 yycheck[] =
-{
-       3,     4,     5,     6,     7,    10,     8,    12,     8,    11,
-       9,    10,     9,    10,     9,    10,    25,    26,     8,     8,
-       8,     0,     9,     9,     7,    10,    10,     8,     8,    36,
-       8,    -1,    -1,    10,    10,     8,    -1,     9
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     4,     5,     6,     7,    14,    15,    16,     8,
-       8,     8,    17,     8,     9,     0,    16,     9,    10,     9,
-      10,    10,     8,     8,     8,    10,    10,    17,    17,     9,
-      10,     9,    11,     8,    18,    19,    10,    12,    19,     9
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 6:
-#line 74 "parse.y"
-    {
-		    table_name = (yyvsp[(2) - (3)].string);
-		}
-    break;
-
-  case 7:
-#line 78 "parse.y"
-    {
-		    add_command((yyvsp[(2) - (11)].string), (yyvsp[(4) - (11)].string), (yyvsp[(6) - (11)].list), (yyvsp[(9) - (11)].number));
-		}
-    break;
-
-  case 8:
-#line 82 "parse.y"
-    {
-		    add_command((yyvsp[(2) - (7)].string), (yyvsp[(4) - (7)].string), (yyvsp[(6) - (7)].list), 0);
-		}
-    break;
-
-  case 9:
-#line 86 "parse.y"
-    {
-		    free((yyvsp[(2) - (7)].string));
-		    free((yyvsp[(4) - (7)].string));
-		    free_string_list((yyvsp[(6) - (7)].list));
-		}
-    break;
-
-  case 10:
-#line 92 "parse.y"
-    {
-		    free_string_list((yyvsp[(2) - (3)].list));
-		}
-    break;
-
-  case 11:
-#line 96 "parse.y"
-    {
-		    YYACCEPT;
-		}
-    break;
-
-  case 12:
-#line 102 "parse.y"
-    {
-		    (yyval.list) = append_string(NULL, (yyvsp[(1) - (1)].string));
-		}
-    break;
-
-  case 13:
-#line 106 "parse.y"
-    {
-		    (yyval.list) = append_string((yyvsp[(1) - (3)].list), (yyvsp[(3) - (3)].string));
-		}
-    break;
-
-  case 14:
-#line 112 "parse.y"
-    {
-		    (yyval.number) = (yyvsp[(1) - (1)].number);
-		}
-    break;
-
-  case 15:
-#line 116 "parse.y"
-    {
-		    (yyval.number) = (yyvsp[(1) - (3)].number) | (yyvsp[(3) - (3)].number);
-		}
-    break;
-
-  case 16:
-#line 121 "parse.y"
-    {
-		    (yyval.number) = string_to_flag((yyvsp[(1) - (1)].string));
-		    free((yyvsp[(1) - (1)].string));
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1469 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 129 "parse.y"
-
-
-static void
-yyerror (char *s)
-{
-    error_message ("%s\n", s);
-}
-
-struct string_list*
-append_string(struct string_list *list, char *str)
-{
-    struct string_list *sl = malloc(sizeof(*sl));
-    if (sl == NULL)
-	return sl;
-    sl->string = str;
-    sl->next = NULL;
-    if(list) {
-	*list->tail = sl;
-	list->tail = &sl->next;
-	return list;
-    }
-    sl->tail = &sl->next;
-    return sl;
-}
-
-void
-free_string_list(struct string_list *list)
-{
-    while(list) {
-	struct string_list *sl = list->next;
-	free(list->string);
-	free(list);
-	list = sl;
-    }
-}
-
-unsigned
-string_to_flag(const char *string)
-{
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/sl/parse.h b/crypto/heimdal/lib/sl/parse.h
deleted file mode 100644
index f7fef6d..0000000
--- a/crypto/heimdal/lib/sl/parse.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     TABLE = 258,
-     REQUEST = 259,
-     UNKNOWN = 260,
-     UNIMPLEMENTED = 261,
-     END = 262,
-     STRING = 263
-   };
-#endif
-/* Tokens.  */
-#define TABLE 258
-#define REQUEST 259
-#define UNKNOWN 260
-#define UNIMPLEMENTED 261
-#define END 262
-#define STRING 263
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 52 "parse.y"
-{
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-/* Line 1529 of yacc.c.  */
-#line 71 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/sl/parse.y b/crypto/heimdal/lib/sl/parse.y
deleted file mode 100644
index b08c193..0000000
--- a/crypto/heimdal/lib/sl/parse.y
+++ /dev/null
@@ -1,169 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $");
-
-static void yyerror (char *s);
-
-struct string_list* append_string(struct string_list*, char*);
-void free_string_list(struct string_list *list);
-unsigned string_to_flag(const char *);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-
-%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
-%token <string> STRING
-%type <number> flag flags
-%type <list> aliases
-
-%%
-
-file		: /* */ 
-		| statements
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: TABLE STRING ';'
-		{
-		    table_name = $2;
-		}
-		| REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
-		{
-		    add_command($2, $4, $6, $9);
-		}
-		| REQUEST STRING ',' STRING ',' aliases ';'
-		{
-		    add_command($2, $4, $6, 0);
-		}
-		| UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
-		{
-		    free($2);
-		    free($4);
-		    free_string_list($6);
-		}
-		| UNKNOWN aliases ';'
-		{
-		    free_string_list($2);
-		}
-		| END ';'
-		{
-		    YYACCEPT;
-		}
-		;
-
-aliases		: STRING
-		{
-		    $$ = append_string(NULL, $1);
-		}
-		| aliases ',' STRING
-		{
-		    $$ = append_string($1, $3);
-		}
-		;
-
-flags		: flag
-		{
-		    $$ = $1;
-		}
-		| flags ',' flag
-		{
-		    $$ = $1 | $3;
-		}
-		;
-flag		: STRING
-		{
-		    $$ = string_to_flag($1);
-		    free($1);
-		}
-		;
-
-
-
-%%
-
-static void
-yyerror (char *s)
-{
-    error_message ("%s\n", s);
-}
-
-struct string_list*
-append_string(struct string_list *list, char *str)
-{
-    struct string_list *sl = malloc(sizeof(*sl));
-    if (sl == NULL)
-	return sl;
-    sl->string = str;
-    sl->next = NULL;
-    if(list) {
-	*list->tail = sl;
-	list->tail = &sl->next;
-	return list;
-    }
-    sl->tail = &sl->next;
-    return sl;
-}
-
-void
-free_string_list(struct string_list *list)
-{
-    while(list) {
-	struct string_list *sl = list->next;
-	free(list->string);
-	free(list);
-	list = sl;
-    }
-}
-
-unsigned
-string_to_flag(const char *string)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/roken_rename.h b/crypto/heimdal/lib/sl/roken_rename.h
deleted file mode 100644
index 88ec0f8..0000000
--- a/crypto/heimdal/lib/sl/roken_rename.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 9842 2001-05-06 21:47:54Z assar $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _sl_strtok_r
-#endif
-#ifndef HAVE_SNPRINTF
-#define snprintf _sl_snprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _sl_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _sl_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _sl_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _sl_vasnprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _sl_vsnprintf
-#endif
-#ifndef HAVE_STRUPR
-#define strupr _sl_strupr
-#endif
-#ifndef HAVE_STRDUP
-#define strdup _sl_strdup
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/sl/sl.c b/crypto/heimdal/lib/sl/sl.c
deleted file mode 100644
index 8f604e8..0000000
--- a/crypto/heimdal/lib/sl/sl.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * Copyright (c) 1995 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sl.c 21160 2007-06-18 22:58:21Z lha $");
-#endif
-
-#include "sl_locl.h"
-#include <setjmp.h>
-
-static void
-mandoc_template(SL_cmd *cmds,
-		const char *extra_string)
-{
-    SL_cmd *c, *prev;
-    char timestr[64], cmd[64];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(getprogname(), '/');
-    if(p) p++; else p = getprogname();
-    strncpy(cmd, p, sizeof(cmd));
-    cmd[sizeof(cmd)-1] = '\0';
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(c = cmds; c->name; ++c) {
-/*	if (c->func == NULL)
-	    continue; */
-	printf(".Op Fl %s", c->name);
-	printf("\n");
-	
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    prev = NULL;
-    for(c = cmds; c->name; ++c) {
-	if (c->func) {
-	    if (prev)
-		printf ("\n%s\n", prev->usage);
-
-	    printf (".It Fl %s", c->name);
-	    prev = c;
-	} else
-	    printf (", %s\n", c->name);
-    }
-    if (prev)
-	printf ("\n%s\n", prev->usage);
-
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-SL_cmd *
-sl_match (SL_cmd *cmds, char *cmd, int exactp)
-{
-    SL_cmd *c, *current = NULL, *partial_cmd = NULL;
-    int partial_match = 0;
-
-    for (c = cmds; c->name; ++c) {
-	if (c->func)
-	    current = c;
-	if (strcmp (cmd, c->name) == 0)
-	    return current;
-	else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
-		 partial_cmd != current) {
-	    ++partial_match;
-	    partial_cmd = current;
-	}
-    }
-    if (partial_match == 1 && !exactp)
-	return partial_cmd;
-    else
-	return NULL;
-}
-
-void
-sl_help (SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c, *prev_c;
-
-    if (getenv("SLMANDOC")) {
-	mandoc_template(cmds, NULL);
-	return;
-    }
-
-    if (argc == 1) {
-	prev_c = NULL;
-	for (c = cmds; c->name; ++c) {
-	    if (c->func) {
-		if(prev_c)
-		    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-			    prev_c->usage ? "\n" : "");
-		prev_c = c;
-		printf ("%s", c->name);
-	    } else
-		printf (", %s", c->name);
-	}
-	if(prev_c)
-	    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-		    prev_c->usage ? "\n" : "");
-    } else { 
-	c = sl_match (cmds, argv[1], 0);
-	if (c == NULL)
-	    printf ("No such command: %s. "
-		    "Try \"help\" for a list of all commands\n",
-		    argv[1]);
-	else {
-	    printf ("%s\t%s\n", c->name, c->usage);
-	    if(c->help && *c->help)
-		printf ("%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		printf ("Synonyms:");
-		while (c->name && c->func == NULL)
-		    printf ("\t%s", (c++)->name);
-		printf ("\n");
-	    }
-	}
-    }
-}
-
-#ifdef HAVE_READLINE
-
-char *readline(char *prompt);
-void add_history(char *p);
-
-#else
-
-static char *
-readline(char *prompt)
-{
-    char buf[BUFSIZ];
-    printf ("%s", prompt);
-    fflush (stdout);
-    if(fgets(buf, sizeof(buf), stdin) == NULL)
-	return NULL;
-    buf[strcspn(buf, "\r\n")] = '\0';
-    return strdup(buf);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-#endif
-
-int
-sl_command(SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c;
-    c = sl_match (cmds, argv[0], 0);
-    if (c == NULL)
-	return -1;
-    return (*c->func)(argc, argv);
-}
-
-struct sl_data {
-    int max_count;
-    char **ptr;
-};
-
-int
-sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
-{
-    char *p, *begining;
-    int argc, nargv;
-    char **argv;
-    int quote = 0;
-    
-    nargv = 10;
-    argv = malloc(nargv * sizeof(*argv));
-    if(argv == NULL)
-	return ENOMEM;
-    argc = 0;
-
-    p = line;
-
-    while(isspace((unsigned char)*p))
-	p++;
-    begining = p;
-
-    while (1) {
-	if (*p == '\0') {
-	    ;
-	} else if (*p == '"') {
-	    quote = !quote;
-	    memmove(&p[0], &p[1], strlen(&p[1]) + 1);
-	    continue;
-	} else if (*p == '\\') {
-	    if (p[1] == '\0')
-		goto failed;
-	    memmove(&p[0], &p[1], strlen(&p[1]) + 1);
-	    p += 2;
-	    continue;
-	} else if (quote || !isspace((unsigned char)*p)) {
-	    p++;
-	    continue;
-	} else
-	    *p++ = '\0';
-	if (quote)
-	    goto failed;
-	if(argc == nargv - 1) {
-	    char **tmp;
-	    nargv *= 2;
-	    tmp = realloc (argv, nargv * sizeof(*argv));
-	    if (tmp == NULL) {
-		free(argv);
-		return ENOMEM;
-	    }
-	    argv = tmp;
-	}
-	argv[argc++] = begining;
-	while(isspace((unsigned char)*p))
-	    p++;
-	if (*p == '\0')
-	    break;
-	begining = p;
-    }
-    argv[argc] = NULL;
-    *ret_argc = argc;
-    *ret_argv = argv;
-    return 0;
-failed:
-    free(argv);
-    return ERANGE;
-}
-
-static jmp_buf sl_jmp;
-
-static void sl_sigint(int sig)
-{
-    longjmp(sl_jmp, 1);
-}
-
-static char *sl_readline(const char *prompt)
-{
-    char *s;
-    void (*old)(int);
-    old = signal(SIGINT, sl_sigint);
-    if(setjmp(sl_jmp))
-	printf("\n");
-    s = readline(rk_UNCONST(prompt));
-    signal(SIGINT, old);
-    return s;
-}
-
-/* return values: 
- * 0 on success,
- * -1 on fatal error,
- * -2 if EOF, or
- * return value of command */
-int
-sl_command_loop(SL_cmd *cmds, const char *prompt, void **data)
-{
-    int ret = 0;
-    char *buf;
-    int argc;
-    char **argv;
-	
-    ret = 0;
-    buf = sl_readline(prompt);
-    if(buf == NULL)
-	return -2;
-
-    if(*buf)
-	add_history(buf);
-    ret = sl_make_argv(buf, &argc, &argv);
-    if(ret) {
-	fprintf(stderr, "sl_loop: out of memory\n");
-	free(buf);
-	return -1;
-    }
-    if (argc >= 1) {
-	ret = sl_command(cmds, argc, argv);
-	if(ret == -1) {
-	    printf ("Unrecognized command: %s\n", argv[0]);
-	    ret = 0;
-	}
-    }
-    free(buf);
-    free(argv);
-    return ret;
-}
-
-int 
-sl_loop(SL_cmd *cmds, const char *prompt)
-{
-    void *data = NULL;
-    int ret;
-    while((ret = sl_command_loop(cmds, prompt, &data)) >= 0)
-	;
-    return ret;
-}
-
-void
-sl_apropos (SL_cmd *cmd, const char *topic)
-{
-    for (; cmd->name != NULL; ++cmd)
-        if (cmd->usage != NULL && strstr(cmd->usage, topic) != NULL)
-	    printf ("%-20s%s\n", cmd->name, cmd->usage);
-}
-
-/*
- * Help to be used with slc.
- */
-
-void
-sl_slc_help (SL_cmd *cmds, int argc, char **argv)
-{
-    if(argc == 0) {
-	sl_help(cmds, 1, argv - 1 /* XXX */);
-    } else {
-	SL_cmd *c = sl_match (cmds, argv[0], 0);
- 	if(c == NULL) {
-	    fprintf (stderr, "No such command: %s. "
-		     "Try \"help\" for a list of commands\n",
-		     argv[0]);
-	} else {
-	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
-		fake[0] = argv[0];
-		(*c->func)(2, fake);
-		fprintf(stderr, "\n");
-	    }
-	    if(c->help && *c->help)
-		fprintf (stderr, "%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		int f = 0;
-		fprintf (stderr, "Synonyms:");
-		while (c->name && c->func == NULL) {
-		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
-		    f = 1;
-		}
-		fprintf (stderr, "\n");
-	    }
-	}
-    }
-}
diff --git a/crypto/heimdal/lib/sl/sl.h b/crypto/heimdal/lib/sl/sl.h
deleted file mode 100644
index 8798ee8..0000000
--- a/crypto/heimdal/lib/sl/sl.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl.h 17948 2006-08-28 14:16:43Z lha $ */
-
-#ifndef _SL_H
-#define _SL_H
-
-#define SL_BADCOMMAND -1
-
-typedef int (*cmd_func)(int, char **);
-
-struct sl_cmd {
-  char *name;
-  cmd_func func;
-  char *usage;
-  char *help;
-};
-
-typedef struct sl_cmd SL_cmd;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void sl_help (SL_cmd *, int argc, char **argv);
-int  sl_loop (SL_cmd *, const char *prompt);
-int  sl_command_loop (SL_cmd *cmds, const char *prompt, void **data);
-int  sl_command (SL_cmd *cmds, int argc, char **argv);
-int sl_make_argv(char*, int*, char***);
-void sl_apropos (SL_cmd *cmd, const char *topic);
-SL_cmd *sl_match (SL_cmd *cmds, char *cmd, int exactp);
-void sl_slc_help (SL_cmd *cmds, int argc, char **argv);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _SL_H */
diff --git a/crypto/heimdal/lib/sl/sl_locl.h b/crypto/heimdal/lib/sl/sl_locl.h
deleted file mode 100644
index a7bc843..0000000
--- a/crypto/heimdal/lib/sl/sl_locl.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl_locl.h 19517 2006-12-27 20:27:00Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <ctype.h>
-
-#include <roken.h>
-
-#include <sl.h>
diff --git a/crypto/heimdal/lib/sl/slc-gram.c b/crypto/heimdal/lib/sl/slc-gram.c
deleted file mode 100644
index 1ab243b..0000000
--- a/crypto/heimdal/lib/sl/slc-gram.c
+++ /dev/null
@@ -1,2275 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     LITERAL = 258,
-     STRING = 259
-   };
-#endif
-/* Tokens.  */
-#define LITERAL 258
-#define STRING 259
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "slc-gram.y"
-
-/*
- * Copyright (c) 2004-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <err.h>
-#include <ctype.h>
-#include <limits.h>
-#include <getarg.h>
-#include <vers.h>
-#include <roken.h>
-
-#include "slc.h"
-extern FILE *yyin;
-extern struct assignment *assignment;
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 54 "slc-gram.y"
-{
-	char *string;
-	struct assignment *assignment;
-}
-/* Line 193 of yacc.c.  */
-#line 162 "slc-gram.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 175 "slc-gram.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  6
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   7
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  8
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  4
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  6
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  12
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   259
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     5,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     6,     2,     7,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     5,     8,    10,    14
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-       9,     0,    -1,    10,    -1,    11,    10,    -1,    11,    -1,
-       3,     5,     4,    -1,     3,     5,     6,    10,     7,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    67,    67,    73,    78,    81,    90
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "LITERAL", "STRING", "'='", "'{'", "'}'",
-  "$accept", "start", "assignments", "assignment", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,    61,   123,   125
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,     8,     9,    10,    10,    11,    11
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     1,     2,     1,     3,     5
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       0,     0,     0,     2,     4,     0,     1,     3,     5,     0,
-       0,     6
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     2,     3,     4
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -5
-static const yytype_int8 yypact[] =
-{
-      -1,     1,     4,    -5,    -1,    -3,    -5,    -5,    -5,    -1,
-       0,    -5
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-      -5,    -5,    -4,    -5
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-       7,     8,     1,     9,     6,    10,     5,    11
-};
-
-static const yytype_uint8 yycheck[] =
-{
-       4,     4,     3,     6,     0,     9,     5,     7
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     9,    10,    11,     5,     0,    10,     4,     6,
-      10,     7
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 2:
-#line 68 "slc-gram.y"
-    {
-			assignment = (yyvsp[(1) - (1)].assignment);
-		}
-    break;
-
-  case 3:
-#line 74 "slc-gram.y"
-    {
-			(yyvsp[(1) - (2)].assignment)->next = (yyvsp[(2) - (2)].assignment);
-			(yyval.assignment) = (yyvsp[(1) - (2)].assignment);
-		}
-    break;
-
-  case 5:
-#line 82 "slc-gram.y"
-    {
-			(yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
-			(yyval.assignment)->name = (yyvsp[(1) - (3)].string);
-			(yyval.assignment)->type = a_value;
-			(yyval.assignment)->lineno = lineno;
-			(yyval.assignment)->u.value = (yyvsp[(3) - (3)].string);
-			(yyval.assignment)->next = NULL;
-		}
-    break;
-
-  case 6:
-#line 91 "slc-gram.y"
-    {
-			(yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
-			(yyval.assignment)->name = (yyvsp[(1) - (5)].string);
-			(yyval.assignment)->type = a_assignment;
-			(yyval.assignment)->lineno = lineno;
-			(yyval.assignment)->u.assignment = (yyvsp[(4) - (5)].assignment);
-			(yyval.assignment)->next = NULL;
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1397 "slc-gram.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 101 "slc-gram.y"
-
-char *filename;
-FILE *cfile, *hfile;
-int error_flag;
-struct assignment *assignment;
-
-
-static void
-ex(struct assignment *a, const char *fmt, ...)
-{
-    va_list ap;
-    fprintf(stderr, "%s:%d: ", a->name, a->lineno);
-    va_start(ap, fmt);
-    vfprintf(stderr, fmt, ap);
-    va_end(ap);
-    fprintf(stderr, "\n");
-}
-
-
-
-static int
-check_option(struct assignment *as)
-{
-    struct assignment *a;
-    int seen_long = 0;
-    int seen_short = 0;
-    int seen_type = 0;
-    int seen_argument = 0;
-    int seen_help = 0;
-    int seen_default = 0;
-    int ret = 0;
-
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "long") == 0)
-	    seen_long++;
-	else if(strcmp(a->name, "short") == 0)
-	    seen_short++;
-	else if(strcmp(a->name, "type") == 0)
-	    seen_type++;
-	else if(strcmp(a->name, "argument") == 0)
-	    seen_argument++;
-	else if(strcmp(a->name, "help") == 0)
-	    seen_help++;
-	else if(strcmp(a->name, "default") == 0)
-	    seen_default++;
-	else {
-	    ex(a, "unknown name");
-	    ret++;
-	}
-    }
-    if(seen_long == 0 && seen_short == 0) {
-	ex(as, "neither long nor short option");
-	ret++;
-    }
-    if(seen_long > 1) {
-	ex(as, "multiple long options");
-	ret++;
-    }
-    if(seen_short > 1) {
-	ex(as, "multiple short options");
-	ret++;
-    }
-    if(seen_type > 1) {
-	ex(as, "multiple types");
-	ret++;
-    }
-    if(seen_argument > 1) {
-	ex(as, "multiple arguments");
-	ret++;
-    }
-    if(seen_help > 1) {
-	ex(as, "multiple help strings");
-	ret++;
-    }
-    if(seen_default > 1) {
-	ex(as, "multiple default values");
-	ret++;
-    }
-    return ret;
-}
-
-static int
-check_command(struct assignment *as)
-{
-	struct assignment *a;
-	int seen_name = 0;
-	int seen_function = 0;
-	int seen_help = 0;
-	int seen_argument = 0;
-	int seen_minargs = 0;
-	int seen_maxargs = 0;
-	int ret = 0;
-	for(a = as; a != NULL; a = a->next) {
-		if(strcmp(a->name, "name") == 0)
-			seen_name++;
-		else if(strcmp(a->name, "function") == 0) {
-			seen_function++;
-		} else if(strcmp(a->name, "option") == 0)
-			ret += check_option(a->u.assignment);
-		else if(strcmp(a->name, "help") == 0) {
-			seen_help++;
-		} else if(strcmp(a->name, "argument") == 0) {
-			seen_argument++;
-		} else if(strcmp(a->name, "min_args") == 0) {
-			seen_minargs++;
-		} else if(strcmp(a->name, "max_args") == 0) {
-			seen_maxargs++;
-		} else {
-			ex(a, "unknown name");
-			ret++;
-		}
-	}
-	if(seen_name == 0) {
-		ex(as, "no command name");
-		ret++;
-	}
-	if(seen_function > 1) {
-		ex(as, "multiple function names");
-		ret++;
-	}
-	if(seen_help > 1) {
-		ex(as, "multiple help strings");
-		ret++;
-	}
-	if(seen_argument > 1) {
-		ex(as, "multiple argument strings");
-		ret++;
-	}
-	if(seen_minargs > 1) {
-		ex(as, "multiple min_args strings");
-		ret++;
-	}
-	if(seen_maxargs > 1) {
-		ex(as, "multiple max_args strings");
-		ret++;
-	}
-	
-	return ret;
-}
-
-static int
-check(struct assignment *as)
-{
-    struct assignment *a;
-    int ret = 0;
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "command")) {
-	    fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	if(a->type != a_assignment) {
-	    fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	ret += check_command(a->u.assignment);
-    }
-    return ret;
-}
-
-static struct assignment *
-find_next(struct assignment *as, const char *name)
-{
-    for(as = as->next; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static struct assignment *
-find(struct assignment *as, const char *name)
-{
-    for(; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static void
-space(FILE *f, int level)
-{
-    fprintf(f, "%*.*s", level * 4, level * 4, " ");
-}
-
-static void
-cprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(cfile, level);
-    vfprintf(cfile, fmt, ap);
-    va_end(ap);
-}
-
-static void
-hprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(hfile, level);
-    vfprintf(hfile, fmt, ap);
-    va_end(ap);
-}
-
-static void gen_name(char *str);
-
-static void
-gen_command(struct assignment *as)
-{
-    struct assignment *a, *b;
-    char *f;
-    a = find(as, "name");
-    f = strdup(a->u.value);
-    gen_name(f);
-    cprint(1, "    { ");
-    fprintf(cfile, "\"%s\", ", a->u.value);
-    fprintf(cfile, "%s_wrap, ", f);
-    b = find(as, "argument");
-    if(b)
-	fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
-    else
-	fprintf(cfile, "\"%s\", ", a->u.value);
-    b = find(as, "help");
-    if(b)
-	fprintf(cfile, "\"%s\"", b->u.value);
-    else
-	fprintf(cfile, "NULL");
-    fprintf(cfile, " },\n");
-    for(a = a->next; a != NULL; a = a->next)
-	if(strcmp(a->name, "name") == 0)
-	    cprint(1, "    { \"%s\" },\n", a->u.value);
-    cprint(0, "\n");
-}
-
-static void
-gen_name(char *str)
-{
-    char *p;
-    for(p = str; *p != '\0'; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-}
-
-static char *
-make_name(struct assignment *as)
-{
-    struct assignment *lopt;
-    struct assignment *type;
-    char *s;
-
-    lopt = find(as, "long");
-    if(lopt == NULL)
-	lopt = find(as, "name");
-    if(lopt == NULL)
-	return NULL;
-    
-    type = find(as, "type");
-    if(strcmp(type->u.value, "-flag") == 0)
-	asprintf(&s, "%s_flag", lopt->u.value);
-    else
-	asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
-    gen_name(s);
-    return s;
-}
-
-
-static void defval_int(const char *name, struct assignment *defval)
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = %s;\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = 0;\n", name);
-}
-static void defval_string(const char *name, struct assignment *defval) 
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = NULL;\n", name);
-}
-static void defval_strings(const char *name, struct assignment *defval)
-{
-    cprint(1, "opt.%s.num_strings = 0;\n", name);
-    cprint(1, "opt.%s.strings = NULL;\n", name);
-}
-
-static void free_strings(const char *name)
-{
-    cprint(1, "free_getarg_strings (&opt.%s);\n", name);
-}
-
-struct type_handler {
-    const char *typename;
-    const char *c_type;
-    const char *getarg_type;
-    void (*defval)(const char*, struct assignment*);
-    void (*free)(const char*);
-} type_handlers[] = {
-	{ "integer",
-	  "int",
-	  "arg_integer",
-	  defval_int,
-	  NULL
-	},
-	{ "string",
-	  "char*",
-	  "arg_string",
-	  defval_string,
-	  NULL
-	},
-	{ "strings",
-	  "struct getarg_strings",
-	  "arg_strings",
-	  defval_strings,
-	  free_strings
-	},
-	{ "flag",
-	  "int",
-	  "arg_flag",
-	  defval_int,
-	  NULL
-	},
-	{ "-flag",
-	  "int",
-	  "arg_negative_flag",
-	  defval_int,
-	  NULL
-	},
-	{ NULL }
-};
-
-static struct type_handler *find_handler(struct assignment *type)
-{
-    struct type_handler *th;
-    for(th = type_handlers; th->typename != NULL; th++)
-	if(strcmp(type->u.value, th->typename) == 0)
-	    return th;
-    ex(type, "unknown type \"%s\"", type->u.value);
-    exit(1);
-}
-
-static void
-gen_options(struct assignment *opt1, const char *name)
-{
-    struct assignment *tmp;
-
-    hprint(0, "struct %s_options {\n", name);
-
-    for(tmp = opt1; 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type;
-	struct type_handler *th;
-	char *s;
-	
-	s = make_name(tmp->u.assignment);
-	type = find(tmp->u.assignment, "type");
-	th = find_handler(type);
-	hprint(1, "%s %s;\n", th->c_type, s);
-	free(s);
-    }
-    hprint(0, "};\n");
-}
-
-static void
-gen_wrapper(struct assignment *as)
-{
-    struct assignment *name;
-    struct assignment *arg;
-    struct assignment *opt1;
-    struct assignment *function;
-    struct assignment *tmp;
-    char *n, *f;
-    int nargs = 0;
-
-    name = find(as, "name");
-    n = strdup(name->u.value);
-    gen_name(n);
-    arg = find(as, "argument");
-    opt1 = find(as, "option");
-    function = find(as, "function");
-    if(function)
-	f = function->u.value;
-    else
-	f = n;
-    
-       
-    if(opt1 != NULL) {
-	gen_options(opt1, n);
-	hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
-    } else {
-	hprint(0, "int %s(void*, int, char **);\n", f);
-    }
-
-    fprintf(cfile, "static int\n");
-    fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
-    fprintf(cfile, "{\n");
-    if(opt1 != NULL)
-	cprint(1, "struct %s_options opt;\n", n);
-    cprint(1, "int ret;\n");
-    cprint(1, "int optidx = 0;\n");
-    cprint(1, "struct getargs args[] = {\n");
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct assignment *lopt = find(tmp->u.assignment, "long");
-	struct assignment *sopt = find(tmp->u.assignment, "short");
-	struct assignment *aarg = find(tmp->u.assignment, "argument");
-	struct assignment *help = find(tmp->u.assignment, "help");
-
-	struct type_handler *th;
-	
-	cprint(2, "{ ");
-	if(lopt)
-	    fprintf(cfile, "\"%s\", ", lopt->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(sopt)
-	    fprintf(cfile, "'%c', ", *sopt->u.value);
-	else
-	    fprintf(cfile, "0, ");
-	th = find_handler(type);
-	fprintf(cfile, "%s, ", th->getarg_type);
-	fprintf(cfile, "NULL, ");
-	if(help)
-	    fprintf(cfile, "\"%s\", ", help->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(aarg)
-	    fprintf(cfile, "\"%s\"", aarg->u.value);
-	else
-	    fprintf(cfile, "NULL");
-	fprintf(cfile, " },\n");
-    }
-    cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
-    cprint(1, "};\n");
-    cprint(1, "int help_flag = 0;\n");
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-
-	struct assignment *defval = find(tmp->u.assignment, "default");
-
-	struct type_handler *th;
-	
-	s = make_name(tmp->u.assignment);
-	th = find_handler(type);
-	(*th->defval)(s, defval);
-	free(s);
-    }
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	s = make_name(tmp->u.assignment);
-	cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
-	free(s);
-    }
-    cprint(1, "args[%d].value = &help_flag;\n", nargs++);
-    cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
-    cprint(2, "goto usage;\n");
-
-    {
-	int min_args = -1;
-	int max_args = -1;
-	char *end;
-	if(arg == NULL) {
-	    max_args = 0;
-	} else {
-	    if((tmp = find(as, "min_args")) != NULL) {
-		min_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "min_args is not numeric");
-		    exit(1);
-		}
-		if(min_args < 0) {
-		    ex(tmp, "min_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	    if((tmp = find(as, "max_args")) != NULL) {
-		max_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "max_args is not numeric");
-		    exit(1);
-		}
-		if(max_args < 0) {
-		    ex(tmp, "max_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	}
-	if(min_args != -1 || max_args != -1) {
-	    if(min_args == max_args) {
-		cprint(1, "if(argc - optidx != %d) {\n", 
-		       min_args);
-		cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
-		cprint(2, "goto usage;\n");
-		cprint(1, "}\n");
-	    } else {
-		if(max_args != -1) {
-		    cprint(1, "if(argc - optidx > %d) {\n", max_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-		if(min_args != -1) {
-		    cprint(1, "if(argc - optidx < %d) {\n", min_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-	    }
-	}
-    }
-    
-    cprint(1, "if(help_flag)\n");
-    cprint(2, "goto usage;\n");
-
-    cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", 
-	   f, opt1 ? "&opt": "NULL");
-    
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return ret;\n");
-
-    cprint(0, "usage:\n");
-    cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, 
-	   name->u.value, arg ? arg->u.value : "");
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return 0;\n");
-    cprint(0, "}\n");
-    cprint(0, "\n");
-}
-
-char cname[PATH_MAX];
-char hname[PATH_MAX];
-
-static void
-gen(struct assignment *as)
-{
-    struct assignment *a;
-    cprint(0, "#include <stdio.h>\n");
-    cprint(0, "#include <getarg.h>\n");
-    cprint(0, "#include <sl.h>\n");
-    cprint(0, "#include \"%s\"\n\n", hname);
-
-    hprint(0, "#include <stdio.h>\n");
-    hprint(0, "#include <sl.h>\n");
-    hprint(0, "\n");
-
-
-    for(a = as; a != NULL; a = a->next)
-	gen_wrapper(a->u.assignment);
-
-    cprint(0, "SL_cmd commands[] = {\n");
-    for(a = as; a != NULL; a = a->next)
-	gen_command(a->u.assignment);
-    cprint(1, "{ NULL }\n");
-    cprint(0, "};\n");
-
-    hprint(0, "extern SL_cmd commands[];\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    p = strrchr(filename, '/');
-    if(p)
-	strlcpy(cname, p + 1, sizeof(cname));
-    else
-	strlcpy(cname, filename, sizeof(cname));
-    p = strrchr(cname, '.');
-    if(p)
-	*p = '\0';
-    strlcpy(hname, cname, sizeof(hname));
-    strlcat(cname, ".c", sizeof(cname));
-    strlcat(hname, ".h", sizeof(hname));
-    yyparse();
-    if(error_flag)
-	exit(1);
-    if(check(assignment) == 0) {
-	cfile = fopen(cname, "w");
-	if(cfile == NULL)
-	  err(1, "%s", cname);
-	hfile = fopen(hname, "w");
-	if(hfile == NULL)
-	  err(1, "%s", hname);
-	gen(assignment);
-	fclose(cfile);
-	fclose(hfile);
-    }
-    fclose(yyin);
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/sl/slc-gram.h b/crypto/heimdal/lib/sl/slc-gram.h
deleted file mode 100644
index 1d50c2a..0000000
--- a/crypto/heimdal/lib/sl/slc-gram.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     LITERAL = 258,
-     STRING = 259
-   };
-#endif
-/* Tokens.  */
-#define LITERAL 258
-#define STRING 259
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 54 "slc-gram.y"
-{
-	char *string;
-	struct assignment *assignment;
-}
-/* Line 1529 of yacc.c.  */
-#line 62 "slc-gram.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/sl/slc-gram.y b/crypto/heimdal/lib/sl/slc-gram.y
deleted file mode 100644
index 7d9fadc..0000000
--- a/crypto/heimdal/lib/sl/slc-gram.y
+++ /dev/null
@@ -1,764 +0,0 @@
-%{
-/*
- * Copyright (c) 2004-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <err.h>
-#include <ctype.h>
-#include <limits.h>
-#include <getarg.h>
-#include <vers.h>
-#include <roken.h>
-
-#include "slc.h"
-extern FILE *yyin;
-extern struct assignment *assignment;
-%}
-
-%union {
-	char *string;
-	struct assignment *assignment;
-}
-
-%token <string> LITERAL
-%token <string> STRING
-%type <assignment> assignment assignments
-
-%start start
-
-%%
-
-start		: assignments
-		{
-			assignment = $1;
-		}
-		;
-
-assignments	: assignment assignments
-		{
-			$1->next = $2;
-			$$ = $1;
-		}
-		| assignment
-		;
-
-assignment	: LITERAL '=' STRING
-		{
-			$$ = malloc(sizeof(*$$));
-			$$->name = $1;
-			$$->type = a_value;
-			$$->lineno = lineno;
-			$$->u.value = $3;
-			$$->next = NULL;
-		}
-		| LITERAL '=' '{' assignments '}'
-		{
-			$$ = malloc(sizeof(*$$));
-			$$->name = $1;
-			$$->type = a_assignment;
-			$$->lineno = lineno;
-			$$->u.assignment = $4;
-			$$->next = NULL;
-		}
-		;
-
-%%
-char *filename;
-FILE *cfile, *hfile;
-int error_flag;
-struct assignment *assignment;
-
-
-static void
-ex(struct assignment *a, const char *fmt, ...)
-{
-    va_list ap;
-    fprintf(stderr, "%s:%d: ", a->name, a->lineno);
-    va_start(ap, fmt);
-    vfprintf(stderr, fmt, ap);
-    va_end(ap);
-    fprintf(stderr, "\n");
-}
-
-
-
-static int
-check_option(struct assignment *as)
-{
-    struct assignment *a;
-    int seen_long = 0;
-    int seen_short = 0;
-    int seen_type = 0;
-    int seen_argument = 0;
-    int seen_help = 0;
-    int seen_default = 0;
-    int ret = 0;
-
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "long") == 0)
-	    seen_long++;
-	else if(strcmp(a->name, "short") == 0)
-	    seen_short++;
-	else if(strcmp(a->name, "type") == 0)
-	    seen_type++;
-	else if(strcmp(a->name, "argument") == 0)
-	    seen_argument++;
-	else if(strcmp(a->name, "help") == 0)
-	    seen_help++;
-	else if(strcmp(a->name, "default") == 0)
-	    seen_default++;
-	else {
-	    ex(a, "unknown name");
-	    ret++;
-	}
-    }
-    if(seen_long == 0 && seen_short == 0) {
-	ex(as, "neither long nor short option");
-	ret++;
-    }
-    if(seen_long > 1) {
-	ex(as, "multiple long options");
-	ret++;
-    }
-    if(seen_short > 1) {
-	ex(as, "multiple short options");
-	ret++;
-    }
-    if(seen_type > 1) {
-	ex(as, "multiple types");
-	ret++;
-    }
-    if(seen_argument > 1) {
-	ex(as, "multiple arguments");
-	ret++;
-    }
-    if(seen_help > 1) {
-	ex(as, "multiple help strings");
-	ret++;
-    }
-    if(seen_default > 1) {
-	ex(as, "multiple default values");
-	ret++;
-    }
-    return ret;
-}
-
-static int
-check_command(struct assignment *as)
-{
-	struct assignment *a;
-	int seen_name = 0;
-	int seen_function = 0;
-	int seen_help = 0;
-	int seen_argument = 0;
-	int seen_minargs = 0;
-	int seen_maxargs = 0;
-	int ret = 0;
-	for(a = as; a != NULL; a = a->next) {
-		if(strcmp(a->name, "name") == 0)
-			seen_name++;
-		else if(strcmp(a->name, "function") == 0) {
-			seen_function++;
-		} else if(strcmp(a->name, "option") == 0)
-			ret += check_option(a->u.assignment);
-		else if(strcmp(a->name, "help") == 0) {
-			seen_help++;
-		} else if(strcmp(a->name, "argument") == 0) {
-			seen_argument++;
-		} else if(strcmp(a->name, "min_args") == 0) {
-			seen_minargs++;
-		} else if(strcmp(a->name, "max_args") == 0) {
-			seen_maxargs++;
-		} else {
-			ex(a, "unknown name");
-			ret++;
-		}
-	}
-	if(seen_name == 0) {
-		ex(as, "no command name");
-		ret++;
-	}
-	if(seen_function > 1) {
-		ex(as, "multiple function names");
-		ret++;
-	}
-	if(seen_help > 1) {
-		ex(as, "multiple help strings");
-		ret++;
-	}
-	if(seen_argument > 1) {
-		ex(as, "multiple argument strings");
-		ret++;
-	}
-	if(seen_minargs > 1) {
-		ex(as, "multiple min_args strings");
-		ret++;
-	}
-	if(seen_maxargs > 1) {
-		ex(as, "multiple max_args strings");
-		ret++;
-	}
-	
-	return ret;
-}
-
-static int
-check(struct assignment *as)
-{
-    struct assignment *a;
-    int ret = 0;
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "command")) {
-	    fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	if(a->type != a_assignment) {
-	    fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	ret += check_command(a->u.assignment);
-    }
-    return ret;
-}
-
-static struct assignment *
-find_next(struct assignment *as, const char *name)
-{
-    for(as = as->next; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static struct assignment *
-find(struct assignment *as, const char *name)
-{
-    for(; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static void
-space(FILE *f, int level)
-{
-    fprintf(f, "%*.*s", level * 4, level * 4, " ");
-}
-
-static void
-cprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(cfile, level);
-    vfprintf(cfile, fmt, ap);
-    va_end(ap);
-}
-
-static void
-hprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(hfile, level);
-    vfprintf(hfile, fmt, ap);
-    va_end(ap);
-}
-
-static void gen_name(char *str);
-
-static void
-gen_command(struct assignment *as)
-{
-    struct assignment *a, *b;
-    char *f;
-    a = find(as, "name");
-    f = strdup(a->u.value);
-    gen_name(f);
-    cprint(1, "    { ");
-    fprintf(cfile, "\"%s\", ", a->u.value);
-    fprintf(cfile, "%s_wrap, ", f);
-    b = find(as, "argument");
-    if(b)
-	fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
-    else
-	fprintf(cfile, "\"%s\", ", a->u.value);
-    b = find(as, "help");
-    if(b)
-	fprintf(cfile, "\"%s\"", b->u.value);
-    else
-	fprintf(cfile, "NULL");
-    fprintf(cfile, " },\n");
-    for(a = a->next; a != NULL; a = a->next)
-	if(strcmp(a->name, "name") == 0)
-	    cprint(1, "    { \"%s\" },\n", a->u.value);
-    cprint(0, "\n");
-}
-
-static void
-gen_name(char *str)
-{
-    char *p;
-    for(p = str; *p != '\0'; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-}
-
-static char *
-make_name(struct assignment *as)
-{
-    struct assignment *lopt;
-    struct assignment *type;
-    char *s;
-
-    lopt = find(as, "long");
-    if(lopt == NULL)
-	lopt = find(as, "name");
-    if(lopt == NULL)
-	return NULL;
-    
-    type = find(as, "type");
-    if(strcmp(type->u.value, "-flag") == 0)
-	asprintf(&s, "%s_flag", lopt->u.value);
-    else
-	asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
-    gen_name(s);
-    return s;
-}
-
-
-static void defval_int(const char *name, struct assignment *defval)
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = %s;\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = 0;\n", name);
-}
-static void defval_string(const char *name, struct assignment *defval) 
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = NULL;\n", name);
-}
-static void defval_strings(const char *name, struct assignment *defval)
-{
-    cprint(1, "opt.%s.num_strings = 0;\n", name);
-    cprint(1, "opt.%s.strings = NULL;\n", name);
-}
-
-static void free_strings(const char *name)
-{
-    cprint(1, "free_getarg_strings (&opt.%s);\n", name);
-}
-
-struct type_handler {
-    const char *typename;
-    const char *c_type;
-    const char *getarg_type;
-    void (*defval)(const char*, struct assignment*);
-    void (*free)(const char*);
-} type_handlers[] = {
-	{ "integer",
-	  "int",
-	  "arg_integer",
-	  defval_int,
-	  NULL
-	},
-	{ "string",
-	  "char*",
-	  "arg_string",
-	  defval_string,
-	  NULL
-	},
-	{ "strings",
-	  "struct getarg_strings",
-	  "arg_strings",
-	  defval_strings,
-	  free_strings
-	},
-	{ "flag",
-	  "int",
-	  "arg_flag",
-	  defval_int,
-	  NULL
-	},
-	{ "-flag",
-	  "int",
-	  "arg_negative_flag",
-	  defval_int,
-	  NULL
-	},
-	{ NULL }
-};
-
-static struct type_handler *find_handler(struct assignment *type)
-{
-    struct type_handler *th;
-    for(th = type_handlers; th->typename != NULL; th++)
-	if(strcmp(type->u.value, th->typename) == 0)
-	    return th;
-    ex(type, "unknown type \"%s\"", type->u.value);
-    exit(1);
-}
-
-static void
-gen_options(struct assignment *opt1, const char *name)
-{
-    struct assignment *tmp;
-
-    hprint(0, "struct %s_options {\n", name);
-
-    for(tmp = opt1; 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type;
-	struct type_handler *th;
-	char *s;
-	
-	s = make_name(tmp->u.assignment);
-	type = find(tmp->u.assignment, "type");
-	th = find_handler(type);
-	hprint(1, "%s %s;\n", th->c_type, s);
-	free(s);
-    }
-    hprint(0, "};\n");
-}
-
-static void
-gen_wrapper(struct assignment *as)
-{
-    struct assignment *name;
-    struct assignment *arg;
-    struct assignment *opt1;
-    struct assignment *function;
-    struct assignment *tmp;
-    char *n, *f;
-    int nargs = 0;
-
-    name = find(as, "name");
-    n = strdup(name->u.value);
-    gen_name(n);
-    arg = find(as, "argument");
-    opt1 = find(as, "option");
-    function = find(as, "function");
-    if(function)
-	f = function->u.value;
-    else
-	f = n;
-    
-       
-    if(opt1 != NULL) {
-	gen_options(opt1, n);
-	hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
-    } else {
-	hprint(0, "int %s(void*, int, char **);\n", f);
-    }
-
-    fprintf(cfile, "static int\n");
-    fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
-    fprintf(cfile, "{\n");
-    if(opt1 != NULL)
-	cprint(1, "struct %s_options opt;\n", n);
-    cprint(1, "int ret;\n");
-    cprint(1, "int optidx = 0;\n");
-    cprint(1, "struct getargs args[] = {\n");
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct assignment *lopt = find(tmp->u.assignment, "long");
-	struct assignment *sopt = find(tmp->u.assignment, "short");
-	struct assignment *aarg = find(tmp->u.assignment, "argument");
-	struct assignment *help = find(tmp->u.assignment, "help");
-
-	struct type_handler *th;
-	
-	cprint(2, "{ ");
-	if(lopt)
-	    fprintf(cfile, "\"%s\", ", lopt->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(sopt)
-	    fprintf(cfile, "'%c', ", *sopt->u.value);
-	else
-	    fprintf(cfile, "0, ");
-	th = find_handler(type);
-	fprintf(cfile, "%s, ", th->getarg_type);
-	fprintf(cfile, "NULL, ");
-	if(help)
-	    fprintf(cfile, "\"%s\", ", help->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(aarg)
-	    fprintf(cfile, "\"%s\"", aarg->u.value);
-	else
-	    fprintf(cfile, "NULL");
-	fprintf(cfile, " },\n");
-    }
-    cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
-    cprint(1, "};\n");
-    cprint(1, "int help_flag = 0;\n");
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-
-	struct assignment *defval = find(tmp->u.assignment, "default");
-
-	struct type_handler *th;
-	
-	s = make_name(tmp->u.assignment);
-	th = find_handler(type);
-	(*th->defval)(s, defval);
-	free(s);
-    }
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	s = make_name(tmp->u.assignment);
-	cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
-	free(s);
-    }
-    cprint(1, "args[%d].value = &help_flag;\n", nargs++);
-    cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
-    cprint(2, "goto usage;\n");
-
-    {
-	int min_args = -1;
-	int max_args = -1;
-	char *end;
-	if(arg == NULL) {
-	    max_args = 0;
-	} else {
-	    if((tmp = find(as, "min_args")) != NULL) {
-		min_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "min_args is not numeric");
-		    exit(1);
-		}
-		if(min_args < 0) {
-		    ex(tmp, "min_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	    if((tmp = find(as, "max_args")) != NULL) {
-		max_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "max_args is not numeric");
-		    exit(1);
-		}
-		if(max_args < 0) {
-		    ex(tmp, "max_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	}
-	if(min_args != -1 || max_args != -1) {
-	    if(min_args == max_args) {
-		cprint(1, "if(argc - optidx != %d) {\n", 
-		       min_args);
-		cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
-		cprint(2, "goto usage;\n");
-		cprint(1, "}\n");
-	    } else {
-		if(max_args != -1) {
-		    cprint(1, "if(argc - optidx > %d) {\n", max_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-		if(min_args != -1) {
-		    cprint(1, "if(argc - optidx < %d) {\n", min_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-	    }
-	}
-    }
-    
-    cprint(1, "if(help_flag)\n");
-    cprint(2, "goto usage;\n");
-
-    cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", 
-	   f, opt1 ? "&opt": "NULL");
-    
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return ret;\n");
-
-    cprint(0, "usage:\n");
-    cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, 
-	   name->u.value, arg ? arg->u.value : "");
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return 0;\n");
-    cprint(0, "}\n");
-    cprint(0, "\n");
-}
-
-char cname[PATH_MAX];
-char hname[PATH_MAX];
-
-static void
-gen(struct assignment *as)
-{
-    struct assignment *a;
-    cprint(0, "#include <stdio.h>\n");
-    cprint(0, "#include <getarg.h>\n");
-    cprint(0, "#include <sl.h>\n");
-    cprint(0, "#include \"%s\"\n\n", hname);
-
-    hprint(0, "#include <stdio.h>\n");
-    hprint(0, "#include <sl.h>\n");
-    hprint(0, "\n");
-
-
-    for(a = as; a != NULL; a = a->next)
-	gen_wrapper(a->u.assignment);
-
-    cprint(0, "SL_cmd commands[] = {\n");
-    for(a = as; a != NULL; a = a->next)
-	gen_command(a->u.assignment);
-    cprint(1, "{ NULL }\n");
-    cprint(0, "};\n");
-
-    hprint(0, "extern SL_cmd commands[];\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    p = strrchr(filename, '/');
-    if(p)
-	strlcpy(cname, p + 1, sizeof(cname));
-    else
-	strlcpy(cname, filename, sizeof(cname));
-    p = strrchr(cname, '.');
-    if(p)
-	*p = '\0';
-    strlcpy(hname, cname, sizeof(hname));
-    strlcat(cname, ".c", sizeof(cname));
-    strlcat(hname, ".h", sizeof(hname));
-    yyparse();
-    if(error_flag)
-	exit(1);
-    if(check(assignment) == 0) {
-	cfile = fopen(cname, "w");
-	if(cfile == NULL)
-	  err(1, "%s", cname);
-	hfile = fopen(hname, "w");
-	if(hfile == NULL)
-	  err(1, "%s", hname);
-	gen(assignment);
-	fclose(cfile);
-	fclose(hfile);
-    }
-    fclose(yyin);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/slc-lex.c b/crypto/heimdal/lib/sl/slc-lex.c
deleted file mode 100644
index d89b39c..0000000
--- a/crypto/heimdal/lib/sl/slc-lex.c
+++ /dev/null
@@ -1,1877 +0,0 @@
-
-#line 3 "slc-lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 7
-#define YY_END_OF_BUFFER 8
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[14] =
-    {   0,
-        0,    0,    8,    7,    6,    3,    2,    7,    5,    1,
-        4,    1,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    1,    1,    1,    1,    1,    1,
-        1,    5,    1,    1,    6,    1,    7,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        8,    1,    1,    1,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        1,    1,    1,    1,    6,    1,    9,    9,    9,    9,
-
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    8,    1,    8,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[10] =
-    {   0,
-        1,    1,    1,    1,    1,    2,    1,    1,    2
-    } ;
-
-static yyconst flex_int16_t yy_base[15] =
-    {   0,
-        0,    0,   12,   13,   13,   13,   13,    6,   13,    0,
-       13,    0,   13,    8
-    } ;
-
-static yyconst flex_int16_t yy_def[15] =
-    {   0,
-       13,    1,   13,   13,   13,   13,   13,   13,   13,   14,
-       13,   14,    0,   13
-    } ;
-
-static yyconst flex_int16_t yy_nxt[23] =
-    {   0,
-        4,    5,    6,    7,    4,    4,    8,    9,   10,   12,
-       11,   13,    3,   13,   13,   13,   13,   13,   13,   13,
-       13,   13
-    } ;
-
-static yyconst flex_int16_t yy_chk[23] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,   14,
-        8,    3,   13,   13,   13,   13,   13,   13,   13,   13,
-       13,   13
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "slc-lex.l"
-#line 2 "slc-lex.l"
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */
-
-#undef ECHO
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "slc.h"
-#include "slc-gram.h"
-unsigned lineno = 1;
-
-static void handle_comment(void);
-static char * handle_string(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 513 "slc-lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 55 "slc-lex.l"
-
-#line 668 "slc-lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 14 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 13 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 56 "slc-lex.l"
-{
-			  yylval.string = strdup ((const char *)yytext);
-			  return LITERAL;
-			}
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 60 "slc-lex.l"
-{ yylval.string = handle_string(); return STRING; }
-	YY_BREAK
-case 3:
-/* rule 3 can match eol */
-YY_RULE_SETUP
-#line 61 "slc-lex.l"
-{ ++lineno; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 62 "slc-lex.l"
-{ handle_comment(); }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 63 "slc-lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 64 "slc-lex.l"
-;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 65 "slc-lex.l"
-ECHO;
-	YY_BREAK
-#line 790 "slc-lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 14 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 14 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 13);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 65 "slc-lex.l"
-
-
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     error_flag++;
-}
-
-void
-yyerror (char *s)
-{
-    error_message("%s\n", s);
-}
-
-static void
-handle_comment(void)
-{
-    int c;
-    int start_lineno = lineno;
-    int level = 1;
-    int seen_star = 0;
-    int seen_slash = 0;
-    while((c = input()) != EOF) {
-	if(c == '/') {
-	    if(seen_star) {
-		if(--level == 0)
-		    return;
-		seen_star = 0;
-		continue;
-	    }
-	    seen_slash = 1;
-	    continue;
-	}
-	if(seen_star && c == '/') {
-	    if(--level == 0)
-		return;
-	    seen_star = 0;
-	    continue;
-	}
-	if(c == '*') {
-	    if(seen_slash) {
-		level++;
-		seen_star = seen_slash = 0;
-		continue;
-	    } 
-	    seen_star = 1;
-	    continue;
-	}
-	seen_star = seen_slash = 0;
-	if(c == '\n') {
-	    lineno++;
-	    continue;
-	}
-    }
-    if(c == EOF)
-	error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
-{
-    char x[1024];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while((c = input()) != EOF){
-	if(quote) {
-	    x[i++] = '\\';
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    return strdup(x);
-}
-
-int
-yywrap () 
-{
-     return 1;
-}
-
diff --git a/crypto/heimdal/lib/sl/slc-lex.l b/crypto/heimdal/lib/sl/slc-lex.l
deleted file mode 100644
index b810b12..0000000
--- a/crypto/heimdal/lib/sl/slc-lex.l
+++ /dev/null
@@ -1,164 +0,0 @@
-%{
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */
-
-#undef ECHO
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "slc.h"
-#include "slc-gram.h"
-unsigned lineno = 1;
-
-static void handle_comment(void);
-static char * handle_string(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-%%
-[A-Za-z][-A-Za-z0-9_]*	{
-			  yylval.string = strdup ((const char *)yytext);
-			  return LITERAL;
-			}
-"\""			{ yylval.string = handle_string(); return STRING; }
-\n			{ ++lineno; }
-\/\*			{ handle_comment(); }
-[={}]			{ return *yytext; }
-[ \t]			;
-%%
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     error_flag++;
-}
-
-void
-yyerror (char *s)
-{
-    error_message("%s\n", s);
-}
-
-static void
-handle_comment(void)
-{
-    int c;
-    int start_lineno = lineno;
-    int level = 1;
-    int seen_star = 0;
-    int seen_slash = 0;
-    while((c = input()) != EOF) {
-	if(c == '/') {
-	    if(seen_star) {
-		if(--level == 0)
-		    return;
-		seen_star = 0;
-		continue;
-	    }
-	    seen_slash = 1;
-	    continue;
-	}
-	if(seen_star && c == '/') {
-	    if(--level == 0)
-		return;
-	    seen_star = 0;
-	    continue;
-	}
-	if(c == '*') {
-	    if(seen_slash) {
-		level++;
-		seen_star = seen_slash = 0;
-		continue;
-	    } 
-	    seen_star = 1;
-	    continue;
-	}
-	seen_star = seen_slash = 0;
-	if(c == '\n') {
-	    lineno++;
-	    continue;
-	}
-    }
-    if(c == EOF)
-	error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
-{
-    char x[1024];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while((c = input()) != EOF){
-	if(quote) {
-	    x[i++] = '\\';
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    return strdup(x);
-}
-
-int
-yywrap () 
-{
-     return 1;
-}
diff --git a/crypto/heimdal/lib/sl/slc.h b/crypto/heimdal/lib/sl/slc.h
deleted file mode 100644
index 2b05813..0000000
--- a/crypto/heimdal/lib/sl/slc.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc.h 13969 2004-06-21 19:10:59Z joda $ */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-struct assignment {
-    char *name;
-    enum { a_value, a_assignment } type;
-    union {
-	char *value;
-	struct assignment *assignment;
-    } u;
-    unsigned int lineno;
-    struct assignment *next;
-};
-
-extern char *filename;
-extern int error_flag;
-void error_message (const char *format, ...);
-int yylex(void);
-void yyerror (char *s);
-extern unsigned lineno;
diff --git a/crypto/heimdal/lib/sl/ss.c b/crypto/heimdal/lib/sl/ss.c
deleted file mode 100644
index f2f3cbc..0000000
--- a/crypto/heimdal/lib/sl/ss.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "sl_locl.h"
-#include <com_err.h>
-#include "ss.h"
-
-RCSID("$Id: ss.c 15429 2005-06-16 19:24:11Z lha $");
-
-struct ss_subst {
-    char *name;
-    char *version;
-    char *info;
-    ss_request_table *table;
-};
-
-static struct ss_subst subsystems[2];
-static int num_subsystems;
-
-int
-ss_create_invocation(const char *subsystem, 
-		     const char *version, 
-		     const char *info, 
-		     ss_request_table *table, 
-		     int *code)
-{
-    struct ss_subst *ss;
-
-    if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
-	*code = 17;
-	return 0;
-    }
-    ss = &subsystems[num_subsystems];
-    ss->name = ss->version = ss->info = NULL;
-    if (subsystem != NULL) {
-	ss->name = strdup (subsystem);
-	if (ss->name == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (version != NULL) {
-	ss->version = strdup (version);
-	if (ss->version == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (info != NULL) {
-	ss->info = strdup (info);
-	if (ss->info == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    ss->table = table;
-    *code = 0;
-    return num_subsystems++;
-}
-
-void
-ss_error (int idx, long code, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (subsystems[idx].name, code, fmt, ap);
-    va_end(ap);
-}
-
-void
-ss_perror (int idx, long code, const char *msg)
-{
-    ss_error(idx, code, "%s", msg);
-}
-
-int
-ss_execute_command(int idx, char **argv)
-{
-    int argc = 0;
-    int ret;
-
-    while(argv[argc++]);
-    ret = sl_command(subsystems[idx].table, argc, argv);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_execute_line (int idx, const char *line)
-{
-    char *buf = strdup(line);
-    int argc;
-    char **argv;
-    int ret;
-    
-    if (buf == NULL)
-	return ENOMEM;
-    sl_make_argv(buf, &argc, &argv);
-    ret = sl_command(subsystems[idx].table, argc, argv);
-    free(buf);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_listen (int idx)
-{
-    char *prompt = malloc(strlen(subsystems[idx].name) + 3);
-    if (prompt == NULL)
-	return ENOMEM;
-
-    strcpy(prompt, subsystems[idx].name);
-    strcat(prompt, ": ");
-    sl_loop(subsystems[idx].table, prompt);
-    free(prompt);
-    return 0;
-}
-
-int
-ss_list_requests(int argc, char **argv /* , int idx, void *info */)
-{
-    sl_help(subsystems[0 /* idx */].table, argc, argv);
-    return 0;
-}
-
-int
-ss_quit(int argc, char **argv)
-{
-    return 1;
-}
diff --git a/crypto/heimdal/lib/sl/ss.h b/crypto/heimdal/lib/sl/ss.h
deleted file mode 100644
index 15e1f88..0000000
--- a/crypto/heimdal/lib/sl/ss.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: ss.h 8294 2000-05-25 00:15:21Z assar $ */
-
-/* SS compatibility for SL */
-
-#ifndef __ss_h__
-#define __ss_h__
-
-#include <sl.h>
-
-typedef SL_cmd ss_request_table;
-
-int ss_create_invocation (const char *, const char *, const char*, 
-			  ss_request_table*, int*);
-
-void ss_error (int, long, const char*, ...);
-int ss_execute_command (int, char**);
-int ss_execute_line (int, const char*);
-int ss_list_requests (int argc, char**);
-int ss_listen (int);
-void ss_perror (int, long, const char*);
-int ss_quit (int argc, char**);
-
-#define SS_ET_COMMAND_NOT_FOUND (-1)
-
-#endif /* __ss_h__ */
diff --git a/crypto/heimdal/lib/sl/test_sl.c b/crypto/heimdal/lib/sl/test_sl.c
deleted file mode 100644
index 0610559..0000000
--- a/crypto/heimdal/lib/sl/test_sl.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "sl_locl.h"
-
-RCSID("$Id: test_sl.c 19555 2006-12-28 23:40:17Z lha $");
-
-struct {
-    int ok;
-    const char *line;
-    int argc;
-    const char *argv[4];
-} lines[] = {
-    { 1, "", 1, { "" } },
-    { 1, "foo", 1, { "foo" } },
-    { 1, "foo bar", 2, { "foo", "bar" }},
-    { 1, "foo bar baz", 3, { "foo", "bar", "baz" }},
-    { 1, "foobar baz", 2, { "foobar", "baz" }},
-    { 1, " foo", 1, { "foo" } },
-    { 1, "foo   ", 1, { "foo" } },
-    { 1, " foo  ", 1, { "foo" } },
-    { 1, " foo  bar", 2, { "foo", "bar" } },
-    { 1, "foo\\ bar", 1, { "foo bar" } },
-    { 1, "\"foo bar\"", 1, { "foo bar" } },
-    { 1, "\"foo\\ bar\"", 1, { "foo bar" } },
-    { 1, "\"foo\\\" bar\"", 1, { "foo\" bar" } },
-    { 1, "\"\"f\"\"oo\"\"", 1, { "foo" } },
-    { 1, "\"foobar\"baz", 1, { "foobarbaz" }},
-    { 1, "foo\tbar baz", 3, { "foo", "bar", "baz" }},
-    { 1, "\"foo bar\" baz", 2, { "foo bar", "baz" }},
-    { 1, "\"foo bar baz\"", 1, { "foo bar baz" }},
-    { 1, "\\\"foo bar baz", 3, { "\"foo", "bar", "baz" }},
-    { 1, "\\ foo bar baz", 3, { " foo", "bar", "baz" }},
-    { 0, "\\", 0, { "" }},
-    { 0, "\"", 0, { "" }}
-};
-
-int
-main(int argc, char **argv)
-{
-    int ret, i;
-
-    for (i = 0; i < sizeof(lines)/sizeof(lines[0]); i++) {
-	int j, rargc = 0;
-	char **rargv = NULL;
-	char *buf = strdup(lines[i].line);
-
-	ret = sl_make_argv(buf, &rargc, &rargv);
-	if (ret) {
-	    if (!lines[i].ok)
-		goto next;
-	    errx(1, "sl_make_argv test %d failed", i);
-	} else if (!lines[i].ok)
-	    errx(1, "sl_make_argv passed test %d when it shouldn't", i);
-	if (rargc != lines[i].argc)
-	    errx(1, "result argc (%d) != should be argc (%d) for test %d", 
-		 rargc, lines[i].argc, i);
-	for (j = 0; j < rargc; j++)
-	    if (strcmp(rargv[j], lines[i].argv[j]) != 0)
-		errx(1, "result argv (%s) != should be argv (%s) for test %d",
-		     rargv[j], lines[i].argv[j], i);
-    next:
-	free(buf);
-	free(rargv);
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog
deleted file mode 100644
index 6208232..0000000
--- a/crypto/heimdal/lib/vers/ChangeLog
+++ /dev/null
@@ -1,74 +0,0 @@
-2007-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: don't run local checks.
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: Update (c).
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* make-print-version.c: include <string.h>
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* make-print-version.c: Avoid creating a file called --version.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: fix spelling of build_HEADERZ
-
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add build_HEADERZ to EXTRA_DIST
-	
-2005-01-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: Happy New Year
-
-2004-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: add year 2004
-	
-2003-01-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: considerable clean up
-
-	* make-print-version.c: make VERSIONLIST a string instead of an
-	array of strings
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* Makefile.am (make_print_version_LDADD): do not hardcode -ldes,
-	use $(LIB_des)
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: add bug-report message
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: update year
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (make_print_version_LDADD): use = instead of += (be
-	nice to current automake)
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: 2001
-
-2001-01-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: remove -static turning this into a convenience
-	library
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make the library static and don't install it
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* make-print-version.c (heimdal_version, krb4_version): const-ize,
-	based on thorpej@netbsd.org's change to NetBSD
diff --git a/crypto/heimdal/lib/vers/Makefile.am b/crypto/heimdal/lib/vers/Makefile.am
deleted file mode 100644
index a3b6da6..0000000
--- a/crypto/heimdal/lib/vers/Makefile.am
+++ /dev/null
@@ -1,32 +0,0 @@
-# $Id: Makefile.am 21959 2007-10-16 13:25:59Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES		= print_version.h
-
-noinst_LTLIBRARIES	= libvers.la
-
-build_HEADERZ		= vers.h
-
-CHECK_LOCAL		= no-check-local
-
-noinst_PROGRAMS		= make-print-version
-
-if KRB4
-if KRB5
-## need to link with des here; otherwise, if krb4 is shared the link
-## will fail with unresolved references
-make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
-endif
-endif
-
-libvers_la_SOURCES	= print_version.c
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-
-EXTRA_DIST = $(build_HEADERZ)
diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in
deleted file mode 100644
index 4dbc9e0..0000000
--- a/crypto/heimdal/lib/vers/Makefile.in
+++ /dev/null
@@ -1,781 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21959 2007-10-16 13:25:59Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-noinst_PROGRAMS = make-print-version$(EXEEXT)
-subdir = lib/vers
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-libvers_la_LIBADD =
-am_libvers_la_OBJECTS = print_version.lo
-libvers_la_OBJECTS = $(am_libvers_la_OBJECTS)
-PROGRAMS = $(noinst_PROGRAMS)
-make_print_version_SOURCES = make-print-version.c
-make_print_version_OBJECTS = make-print-version.$(OBJEXT)
-am__DEPENDENCIES_1 =
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@	$(am__DEPENDENCIES_1) \
-@KRB4_TRUE@@KRB5_TRUE@	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libvers_la_SOURCES) make-print-version.c
-DIST_SOURCES = $(libvers_la_SOURCES) make-print-version.c
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CLEANFILES = print_version.h
-noinst_LTLIBRARIES = libvers.la
-build_HEADERZ = vers.h
-CHECK_LOCAL = no-check-local
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
-libvers_la_SOURCES = print_version.c
-EXTRA_DIST = $(build_HEADERZ)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/vers/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/vers/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libvers.la: $(libvers_la_OBJECTS) $(libvers_la_DEPENDENCIES) 
-	$(LINK)  $(libvers_la_OBJECTS) $(libvers_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-make-print-version$(EXEEXT): $(make_print_version_OBJECTS) $(make_print_version_DEPENDENCIES) 
-	@rm -f make-print-version$(EXEEXT)
-	$(LINK) $(make_print_version_OBJECTS) $(make_print_version_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c
deleted file mode 100644
index 6601b04..0000000
--- a/crypto/heimdal/lib/vers/make-print-version.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make-print-version.c 18765 2006-10-21 17:37:32Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef KRB5
-extern const char *heimdal_version;
-#endif
-#ifdef KRB4
-extern const char *krb4_version;
-#endif
-#include <version.h>
-
-int
-main(int argc, char **argv)
-{
-    FILE *f;
-    if(argc != 2)
-	return 1;
-    if (strcmp(argv[1], "--version") == 0) {
-	printf("some version");
-	return 0;
-    }
-    f = fopen(argv[1], "w");
-    if(f == NULL)
-	return 1;
-    fprintf(f, "#define VERSIONLIST \"");
-#ifdef KRB5
-    fprintf(f, "%s", heimdal_version);
-#endif
-#ifdef KRB4
-#ifdef KRB5
-    fprintf(f, ", ");
-#endif
-    fprintf(f, "%s", krb4_version);
-#endif
-    fprintf(f, "\"\n");
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c
deleted file mode 100644
index 325f3fa..0000000
--- a/crypto/heimdal/lib/vers/print_version.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *package_list = VERSIONLIST;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(*package_list == '\0')
-	package_list = "no version information";
-    fprintf(stderr, "%s (%s)\n", progname, package_list);
-    fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska H�gskolan\n");
-    fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
-}
diff --git a/crypto/heimdal/lib/vers/vers.h b/crypto/heimdal/lib/vers/vers.h
deleted file mode 100644
index c079103..0000000
--- a/crypto/heimdal/lib/vers/vers.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: vers.h 8513 2000-07-01 19:47:36Z assar $ */
-
-#ifndef __VERS_H__
-#define __VERS_H__
-
-void print_version(const char *);
-
-#endif /*  __VERS_H__ */
author	stas <stas@FreeBSD.org>	2011-09-29 05:23:57 +0000
committer	stas <stas@FreeBSD.org>	2011-09-29 05:23:57 +0000
commit	f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c (patch)
tree	cf5b65423910d126fddaaf04b885d0de3507d692 /crypto/heimdal/lib
parent	51b6601db456e699ea5d4843cbc7239ee92d9c13 (diff)
download	FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.zip FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.tar.gz